Privacy policy
This page is for transparency and is not legal advice. For your situation, consult a qualified lawyer or DPO.
This policy explains how we process personal data when you use our website and tools. We aim to comply with the UK GDPR, the EU GDPR (where applicable), and the UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL), in line with our role as operator of a Dubai-focused public website.
1. Who is responsible?
The data controller for this site is the operator of Based in Dubai, reachable at support@basedindubai.com for privacy requests.
2. What data we process
- Salary calculator (default use): Inputs you enter are processed in your browser session and on our server to return results. We do not require your name, email, or identity to use the calculator. We may store a short-lived session identifier and a CSRF token to secure forms and APIs.
- Anonymous salary submissions: If you choose to submit data via our community form, we store the fields you provide (e.g. job title, industry band, salary range, nationality region, household size, lifestyle, neighborhood). We do not ask for your name, employer, or email on that form. We store a one-way hash of your IP address (not the raw IP) to limit duplicate submissions and abuse.
- Job listings page: Curated links point to employers’ own sites or job boards. We do not receive your application data from those services. If you enquire about a sponsored or paid placement by email, we may process the business contact details you send to administer that relationship. Applying for a role remains between you and the employer or platform.
- Aggregated statistics: We may derive aggregate metrics (e.g. number of calculations, averages) from stored submissions and usage counters. These aggregates do not identify individuals.
- Technical logs: Our hosting environment and application may log technical events (e.g. errors, security events) on the server. Logs are kept for troubleshooting and security and are not used for marketing.
- Analytics (Google Analytics 4): We use Google Analytics to understand traffic and product usage. Google may process pseudonymous identifiers (e.g. cookie IDs) and usage data under its own terms. You can control cookies via your browser and use Google’s opt-out tools.
- Cookies and similar technologies: We use cookies (or local storage) necessary for security (e.g. session, CSRF) and, where enabled, analytics cookies as described above.
3. Purposes and legal bases (GDPR)
Depending on context, we rely on:
- Legitimate interests (Article 6(1)(f) GDPR): Operating and securing the website, preventing abuse, improving the tool, understanding aggregate usage, and storing hashed IPs for duplicate prevention—balanced against your rights.
- Consent (Article 6(1)(a) GDPR): Where required for non-essential cookies or analytics, we will rely on consent obtained through your cookie choices or applicable consent mechanisms.
- Contract / steps prior to contract (Article 6(1)(b)): Not typically applicable to a free calculator, but may apply if we introduce paid services in the future.
4. Retention
- Community salary submissions: retained while they remain useful for benchmarks unless we delete them earlier as part of maintenance or your request (see rights below).
- Session and security data: kept only as long as needed for the session or security purpose.
- Server logs: rotated or deleted according to hosting configuration and operational need.
- Analytics: governed by Google’s retention settings and our configuration.
5. Recipients and international transfers
We use service providers that may process data on our behalf (e.g. hosting on servers that may be located outside your country, Google for analytics). Where personal data is transferred from the UK or EEA to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses where required, in addition to provider terms.
6. Your rights (UK / EEA)
If GDPR applies to you, you may have the right to: access, rectification, erasure, restriction, objection, data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority (e.g. ICO in the UK, or your local EU authority).
Because anonymous submissions do not include an email, exercising some rights may require you to contact us with reasonable information to locate related records (e.g. approximate time of submission and fields used), subject to verification limits.
7. UAE PDPL
Users in the UAE may have rights under the PDPL regarding access, correction, restriction, and complaint to the UAE Data Office, where applicable. Contact us at the email above for requests.
8. Children
The site is intended for adults planning relocation or careers. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it where appropriate.
9. Security
We use technical and organisational measures appropriate to the risk, including HTTPS, access controls on servers, prepared statements for databases, CSRF protection on mutating requests, and hashing of IP addresses for submissions. No online service is perfectly secure.
10. Changes
We may update this policy from time to time. The “Last updated” date will change; continued use after changes constitutes acceptance where permitted by law.
11. Contact
Privacy questions: support@basedindubai.com