top of page
Untitled design (2)_edited.png

Privacy Policy

1. Introduction

Welcome to the privacy statement of The Digital Address Hub (“DP”), a trade name of DIGITAL PLANET, a company registered in Abu Dhabi, United Arab Emirates (license no. CN- 8435632)) with operating office in Dubai Internet City, building 17, and its affiliated local partners (collectively, “we”, “us”). This statement explains how we process personal data when you use our services, websites and online portals.

We are committed to transparent data processing: what data we collect, for which purposes, how long we keep it, with whom we share it, and what rights you have.

Applicable frameworks
We comply with the EU General Data Protection Regulation (GDPR) and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL). Where these laws differ, we apply the most protective standard to your situation. Where conflicts exist, the version more protective of your rights prevails.

Roles
The Digital Address Hub acts as Data Controller for processing carried out under the DP brand. Our local partners operate as Processors under a written processor agreement. Scanning of envelopes and—only upon the customer’s explicit request—the contents, is performed on our behalf under strict instructions.

Locations & transfers
Our core platform and storage are hosted within the EU; certain support and compliance activities are performed in the UK, EU, and UAE. Where personal data is transferred internationally, we implement contractual, technical, and organizational safeguards to ensure a level of protection that is essentially equivalent to that of the GDPR.
 

2. Controller and Processor

Data Controller
Digital Address Hub is a trade name of DIGITAL PLANET, a company registered in Abu Dhabi, United Arab Emirates (license no. CN-8435632)with operating office in Dubai Internet City, Building 17. DIGITAL PLANET is the Data Controller for all personal data processed under the DP brand.

Local partners as Processors
Our local partners operate DP locations and may handle physical mail on behalf of customers. They act as independent service providers (Processors under contract with DP) solely for the limited purpose of receiving, scanning, and forwarding mail as instructed under a written Data Processing Agreement (DPA). Partners only have access to the following information:

  • the name of the customer (to identify incoming mail);

  • the unique postbox code or reference;

  • and, where applicable, the forwarding address provided by the customer.

 

They do not have access to payment data, ID documents, phone numbers, e-mail addresses or portal login details. Scans of envelopes (and, only on explicit customer request, of contents) are uploaded through an encrypted channel to our secure EU servers and automatically deleted from the local device immediately after upload.

Joint responsibility and sub-processing
Each partner processes data exclusively under our documented instructions and is contractually bound to strict confidentiality and data-deletion obligations. Where a partner engages a courier or shipping service for forwarding, those carriers act as independent controllers for the transport phase.

Applicable law
Digital Address Hub ensures that data-processing arrangements comply with both the EU GDPR and the UAE PDPL, applying whichever framework provides the higher level of protection.

Contact?
Questions about your personal data can be directed to info@digitaladdresshub.com

3. What data do we process and for what purpose?

3.1 Account, billing and payment data

When you register for our services, an account is created in our Portal. We process:

  • Identification data: first and last name, company name, address, e-mail address, telephone number;

  • Financial and payment data: billing address, payment method, subscription type, transaction ID, VAT number (if applicable);

  • Communication data: correspondence with our support team or via the Portal.

Purpose & legal basis

  • Performance of the contract (managing your account, processing payments, issuing invoices);

  • Legal obligation (retention of financial administration for 7 years under tax law);

  • Legitimate interest (fraud prevention and service improvement).

Payments via Stripe
Payments and invoicing are processed via Stripe. Certain payment details (name, e-mail, billing address, payment method, amount, IP address) are securely transmitted to Stripe to execute the transaction. For more information about Stripe’s role and data processing, see section 5.3 of this Privacy Statement.
 

3.2 The Digital PO Box (mail handling and forwarding)

For providing your Digital Address Hub, we process:

  • Postal address details: the address at which we receive mail on your behalf;

  • Information of addressees (if different from the account holder);

  • Scans of envelopes and—only upon your explicit request—of contents;

  • Forwarding information and shipping labels (if you request mail forwarding).

Purpose & legal basis

  • Performance of the contract (receiving, scanning, forwarding mail);

  • Legitimate interest (preventing fraud, verifying addresses, ensuring correct delivery);

  • Consent (for scanning contents of mail, when requested by you).

Data minimization by local partners:
Local partners only see the customer’s name, unique postbox code and—where applicable—forwarding address. They do not have access to payment data, ID documents, phone numbers or e-mail addresses. Scans are created and uploaded through an encrypted channel; local copies are automatically deleted within 24 hours after upload to our secure EU servers.

Data Processing Agreement (DPA)
When we scan mail that contains personal data of third parties, we act as a Processor on your behalf. In that case, our General Data Processing Agreement (DPA) applies. You can view and download the current version here on website
 

3.3 Identity Verification (KYC-Lite)

To maintain the integrity and security of our platform, we perform a basic identity verification (“KYC-Lite”) when you register for our services. This verification is not performed under any Anti-Money-Laundering (AML) or Counter-Terrorism-Financing (CTF) legislation, and The Digital Address Hub is not subject to AML/CTF regulatory obligations.

As part of this voluntary integrity check, we process only the minimum data required to confirm your identity:

  • Identity documents (e.g., passport, ID card, residence permit);

  • Proof of address, where applicable;

  • Verification status (valid/invalid), as returned by our provider.

No AML or sanctions screening:
We do not perform sanction-list checks, PEP checks, adverse-media screening, or any other AML-governed screening activities. The verification process solely confirms document authenticity and identity validity.

Verification provider:
We use SumSub Ltd (United Kingdom) as our identity-verification provider. SumSub processes your identity documents directly and returns only the verification result to us. All documents are stored on SumSub’s secure infrastructure and are not stored or copied on our systems. Access to the SumSub portal is strictly limited to authorised personnel, and appropriate safeguards apply to EU–UK transfers.

Purpose & legal basis:

  • Legitimate interest (fraud prevention, account integrity, preventing misuse of our platform);

  • Performance of contract (ensuring that the correct person registers and uses the Service).

Retention:
We do not store copies of identity documents on our servers. Verification data accessible via the SumSub portal is retained for a maximum of 12 months after account termination, unless a shorter period is configured or required for fraud-prevention review. After this period, access to verification data is removed or anonymised by our provider.
 

3.4 Support, communication and security

  • We may process messages sent via chat, WhatsApp or support e-mail for the purpose of customer service;

  • System and security logs are generated automatically when you access the Portal (login, IP address, browser type, timestamp) to detect misuse and ensure system integrity.

Legal basis: legitimate interest (maintaining secure and reliable services).
 

3.5 Data obtained indirectly

In some cases we receive data indirectly—for example when another customer forwards mail addressed to you. In such cases, we process that data solely to execute the requested service and do not use it for any other purpose.
 

3.6 Use of AI Systems (Chat, Voice Assistant & Service Improvement)

  • AI-assisted communication: We use Artificial Intelligence (“AI”) technologies to support our customer service channels, including our website chat assistant and our automated voice assistant for phone calls. These systems help us provide faster and more consistent responses.

  • Anonymisation and data minimisation: All conversations handled by AI may be stored in pseudonymised or anonymised form. These records are not linked to any identifiable customer account and are used exclusively for internal service improvement and for developing Retrieval-Augmented Generation (“RAG”) tools.

  • No personal data in model training: We ensure that AI systems do not receive or process personal data such as account details, payment information, ID documents, mail content, or any other identifiable information. OpenAI does not have access to customer records or internal systems.

  • Purpose limitation: AI data is used only for enhancing our service quality, improving response accuracy, and supporting internal assistant tools. It is never used for profiling, automated decision-making with significant effects, or any marketing purposes. AI data is never used for profiling, behavioural analysis or automated decision-making that produces legal or significant effects.

  • Automated Decision-Making: Our AI systems do not make decisions that produce legal or significant effects within the meaning of the GDPR, UK GDPR or UAE PDPL. AI tools provide automated suggestions only. All account decisions, compliance checks and service actions are performed by human staff.

  • Transparency in phone calls: When you call us, our AI voice assistant will clearly identify itself at the start of the call. By continuing the call, you consent to the use of AI for handling and transcribing the conversation.

  • Sub-processing: OpenAI acts as a technical sub-processor under strict confidentiality and data-protection terms. Appropriate safeguards ensure that no identifiable personal data is transmitted to AI systems.

These AI practices comply with the GDPR, UK GDPR, UAE PDPL and the transparency obligations of the EU AI Act.
 

4. Retention periods

We do not retain personal data longer than necessary for the purposes for which it was collected or to comply with applicable law. The following periods apply:

  • Financial and payment data (including Stripe transactions): 7 years (tax and accounting retention obligation).

  • ID data: ID verification data: retained for a maximum of 12 months after account termination (stored only in SumSub, not on our servers).

  • Account and communication data: retained for as long as necessary to provide the service. After termination of your account, these data are deleted within 12 months, unless a legal obligation requires longer retention.

  • Mail scans and uploaded images: encrypted files are stored on our EU servers for up to ninety (90) days after upload, or thirty (30) days after account termination, whichever occurs later. Local copies at partner locations are automatically deleted within twenty-four (24) hours after upload.

  • Support tickets and chat communication: retained for up to 24 months to handle follow-up questions and improve service quality.

  • System and security logs: retained for up to 12 months for security monitoring and fraud prevention.

Automatic deletion and certification
Our platform provider operates under ISO 27001 and ISO 27701 certification. Automated procedures ensure that data is permanently deleted or anonymized once the retention period expires.
 

5. Sharing and transfer to third parties

We only share personal data with third parties when this is necessary for performing our services, fulfilling legal obligations, or when you have given explicit consent. We do not sell or rent personal data to third parties.
 

5.1 Sub-processors and platform providers

  • AgileGrowth Solution LLC-FZ (UAE) develops and maintains our Portal and acts as a technical sub-processor under our instructions.

  • SumSub Ltd (United Kingdom) performs ID verification on our behalf. Appropriate safeguards are implemented for EU–UK transfers.

  • Hosting of our databases and storage takes place within certified data centers in the EU (Amsterdam, Frankfurt).

Updates to sub-processors: We may occasionally add or replace sub-processors (for example, hosting or compliance providers). Any material change will be announced at least fourteen (14) days in advance via the Customer Portal or by e-mail. Customers who object to a change may terminate the affected service before the new sub-processor becomes active.
 

5.2 Local partners

  • Local partners operate scanning and forwarding locations under a signed Data Processing Agreement (DPA). They only have access to the customer’s name, postbox code and, if applicable, the forwarding address. They never have access to payment or ID data.

  • All scanning and uploading are encrypted; local copies are automatically deleted within 24 hours after upload.
     

5.3 Payments and invoicing (Stripe)

We use Stripe Payments Europe Ltd (Ireland) and its affiliate Stripe Payments Middle East LLC (UAE) for payment processing and invoicing. Stripe may process your name, e-mail, billing address, payment method and IP address to execute transactions and comply with financial regulations. Stripe acts as an independent data controller for these operations. See Stripe’s Privacy Policy for details.
 

5.4 Mail forwarding carriers

When physical mail is forwarded, we share the necessary shipment details with postal or courier services. These carriers act as independent controllers for the delivery process.
 

5.5 International data transfers

Some processing activities are performed in the UK and UAE. In such cases we apply contractual, technical and organizational safeguards (including EU Standard Contractual Clauses, encryption and restricted access) to ensure an equivalent level of protection to that of the GDPR.
 

5.6 Legal obligations

We may share data with competent authorities (e.g. tax, customs or judicial authorities) when legally required to do so under EU or UAE law.
 

5.7 No commercial use

We do not disclose personal data for marketing, advertising or profiling purposes to any third party outside Digital Address Hub group.
 

6. Newsletters and marketing

6.1 Transactional and system e-mails

We send essential system e-mails (such as payment confirmations, password resets, and service updates) to perform our contract with you. These messages are sent automatically via our e-mail service provider Postmark (ActiveCampaign LLC, USA) or its EU sub-processor. Such e-mails are not considered marketing and cannot be unsubscribed from, as they are required for account administration.
 

6.2 Newsletters and community updates

  • Business customers (B2B): we may occasionally inform you about related services or partner opportunities, based on our legitimate interest in maintaining customer relationships. You can opt out at any time via the unsubscribe link.

  • Private customers (B2C): we send newsletters or promotional content only if you have given prior consent (opt-in). You can withdraw your consent at any time by clicking the unsubscribe link or by updating your settings in the Portal.
     

6.3 Personalization and statistics

We may include your first name in newsletters to personalize communication. We also record limited metrics (e.g., open and click rates) to measure effectiveness and avoid sending irrelevant messages. These metrics are stored in pseudonymized form and deleted after 12 months.
 

6.4 Opt-out and contact

You can unsubscribe from any newsletter at any time via the link at the bottom of each message or by contacting info@digitaladdresshub.com. We will update your preferences without delay.
 

7. Cookies and tracking

Our websites and portals use cookies and similar technologies (such as local storage and tracking pixels) to ensure proper operation, analyse usage and, where permitted, personalise content.
 

7.1 Categories of cookies

  • Essential cookies: required for the website and Portal to function (e.g. security, login session, language selection). These are placed without consent because they are technically necessary.

  • Analytical cookies: help us understand how visitors use our website (e.g. pages visited, time spent). We use these only with your prior consent or in anonymised form (IP anonymisation enabled).

  • Marketing and social media cookies: enable external services (e.g. YouTube, Meta, LinkedIn, Google Ads) or personalise marketing content. These are only placed after you have given explicit consent.
     

7.2 Consent management

When you first visit our website, you will see a cookie banner where you can choose which categories you allow. You can change or withdraw your consent at any time through the cookie settings link in the footer.
 

7.3 Third-party integrations

  • Google Analytics: used for anonymous usage statistics, only after consent.

  • Stripe: may place cookies or local storage items required for secure payment processing.

  • Postmark or Mailjet: may include tracking pixels in e-mails to measure open and click rates (see section 6).

  • Google reCAPTCHA: used on some forms to prevent spam; this may place functional cookies for security verification.
     

7.4 Cookie Statement

For a detailed overview of all cookies used (including names, purposes, providers and lifetimes), please refer to our separate Cookie Statement. This overview is updated regularly to reflect any changes.
 

8. Security of personal data

We take the protection of your personal data very seriously. Digital Address Hub and its suppliers apply strict technical and organisational measures in accordance with international standards (ISO 27001 and ISO 27701).

8.1 Technical and organisational measures

  • Encryption: all personal data is encrypted both in transit (SSL/TLS) and at rest in our databases and file storage. ID documents and mail scans are stored in encrypted form within the EU.

  • Access control: access to systems and data is strictly role-based and limited to authorised personnel who require it for their job. All access to sensitive data is logged and monitored.

  • Local partner uploads: mail scans are encrypted on the device before upload and automatically deleted locally after successful transfer (see section 3.2).

  • Infrastructure security: our servers are hosted in data centres with 24/7 surveillance, biometric access control and redundant power and network systems.
     

8.2 Privacy by design and audits

  • Our software is developed and maintained in line with “privacy by design and by default” principles. Only the minimum required personal data is processed.

  • Regular internal and external audits are conducted to verify the effectiveness of our security and privacy controls. Certification is reviewed annually by independent auditors.
     

8.3 Incident and data breach response

We maintain an incident response and data breach procedure. In the event of a personal data breach, we will:

  • Immediately isolate and investigate the incident;

  • Notify the competent supervisory authority (where legally required); and

  • Inform affected customers without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

 

8.4 Continuous improvement

Security measures are continuously updated to reflect technological developments and emerging risks. Our goal is to maintain a level of protection that meets or exceeds current international best practices.
 

9. Rights of Data Subjects

You have a number of rights regarding the processing of your personal data. We respect and facilitate these rights in accordance with the EU General Data Protection Regulation (GDPR) and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).
 

9.1 Overview of your rights

  • Right of access: to obtain confirmation whether we process your data and, if so, to receive a copy of it.

  • Right to rectification: to have inaccurate or incomplete data corrected or completed.

  • Right to erasure (“right to be forgotten”): to have personal data deleted when it is no longer needed or when processing is unlawful.

  • Right to restriction of processing: to request that processing be temporarily limited, for example during the verification of contested data.

  • Right to object: to processing based on our legitimate interests, or to direct marketing communications.

  • Right to data portability: to receive your data in a structured, commonly used and machine-readable format, and to transmit it to another controller.

  • Right to withdraw consent: when processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
     

9.2 Additional rights under UAE PDPL

  • Right to correction and updating: you may request correction of outdated or incomplete personal data at any time.

  • Right to restriction of automated processing: you have the right not to be subject to decisions based solely on automated processing that significantly affect you.

  • Right to lodge a complaint with the UAE Data Office: if you believe your rights have been infringed under the PDPL.
     

9.3 Exercising your rights

You can submit a request via the Portal or by contacting us at info@digitaladdresshub.com. For verification purposes, we may ask you to confirm your identity or provide additional information.

We will respond to your request within one month (GDPR standard) or within 30 calendar days (PDPL standard), whichever applies, and may extend this period once when necessary due to complexity or volume. If we are unable to fulfil a request (e.g. due to legal retention obligations), we will inform you of the reason.
 

9.4 Limitations

Please note that certain data cannot be deleted or restricted if we are legally required to retain it (for example, financial data subject to tax retention obligations or identity-verification records retained for fraud-prevention purposes). In such cases, access will be limited and the data securely archived until the applicable retention period expires.
 

10. Complaints and contact

10.1 Questions or concerns

If you have any questions about the way we process your personal data, or if you believe your privacy rights have been violated, please contact our Privacy Officer first via info@digitaladdresshub.com. We aim to respond to all inquiries and complaints within 30 calendar days.
 

10.2 Internal complaint handling

We investigate every complaint carefully and will inform you of the outcome and any measures taken. If the matter cannot be resolved internally, you may contact the competent data protection authority as described below.
 

10.3 Supervisory authorities

  • Within the European Union:
    Our designated EU representative under Article 27 GDPR is:
    Costabeheer
    Attn: EU Representative for Digital Address Hub
    Cambrils, Spain

    If you are located in the EU, you may also submit a complaint to the Agencia Española de Protección de Datos (AEPD), the national supervisory authority for data protection in Spain. We will cooperate with the AEPD and any other competent EU authority in resolving complaints.
     

10.4 Contact details

Privacy Officer – Digital Address Hub / DIGITAL PLANET
E-mail: info@digitaladdresshub.com
Postal address: P.O Box Number: 33556, Dubai, UAE
 

11. Changes to this Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our services, legal requirements, or internal procedures.
 

11.1 Publication and versioning

The most recent version of this Privacy Statement is always available at this page. Each version includes its publication date and version number for reference.
 

11.2 Notification of changes

  • Minor updates (e.g. clarifications or legal references) will take effect immediately upon publication.

  • Material changes (e.g. new purposes of processing, new categories of data, or changes to your rights) will be announced in advance via e-mail or a notification in the Portal.

We consider notifications sent to the e-mail address associated with your account or displayed in the Customer Portal as duly received and effective.

By continuing to use our services after the effective date of an updated Privacy Statement, you acknowledge that you have read and understood the new version.
 

12. Concluding remarks

  • Language: In case of discrepancies between this English version and any translations, the English version shall prevail. Translations are provided for convenience only and do not alter the meaning of the English version.

  • Governing Law: This Privacy Statement and any dispute arising from or related to it shall be governed by and construed in accordance with the laws of England and Wales. The competent courts of London shall have exclusive jurisdiction, without prejudice to mandatory consumer protection rights.

  • Legal framework: These privacy practices form part of Digital Address Hub General Terms & Conditions. For business customers who engage us to process personal data on their behalf, separate Data Processing Agreements (DPAs) apply. The current versions of these documents are available at this page and data processing page

  • Liability: The processing of personal data is governed by DP’s General Terms & Conditions and Data Processing Agreement, which define the respective responsibilities and liability limitations.

  • Commitment: We are committed to handling all personal data carefully, transparently and securely, in line with the principles of the GDPR and the UAE PDPL.

Do you have any questions?
Please contact us at info@digitaladdresshub.com or call +44 20 37 69 4391.

Thank you for the trust you place in us — we are dedicated to protecting your privacy in every step of our service.

This document forms part of Digital Address Hub Legal Framework.

Date: 01-11-2025

bottom of page