Legal

Privacy Policy

Effective date: 26 May 2026  ·  Last updated: 20 June 2026

This Privacy Policy explains how Matech L.L.C. ("Matech", "we", "us", or "our") collects, uses, discloses, and safeguards personal data when you visit matechpayment.com (the "Website") or otherwise interact with us. By using the Website you agree to the practices described below.

We comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), UK GDPR, the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Brazil's Lei Geral de Proteção de Dados (LGPD), and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Data Controller

The data controller responsible for your personal data is:

Matech L.L.C.
Sharjah Media City
Sharjah, United Arab Emirates
Email: contact@matechpayment.com

For privacy-related inquiries, requests to exercise your rights, or to contact our Data Protection point of contact, write to the email above with the subject line "Privacy Request".

2. What Data We Collect

2.1 Data you provide

  • Contact form submissions: name, email address, phone number (optional), and message content.
  • Direct correspondence: any information you choose to share when emailing or otherwise contacting us.

2.2 Data collected automatically

  • Technical data: IP address, browser type and version, device type, operating system, referring URL, pages visited, timestamps, and similar diagnostic data.
  • Behavioural analytics (Microsoft Clarity): session recordings, click and scroll heatmaps, page interaction events, and aggregated engagement metrics. Clarity may use cookies and similar technologies.
  • Search performance data (Google Search Console): aggregated query, impression, and click data relating to the Website's appearance in Google Search. This data is provided by Google and does not personally identify users.
  • Anti-abuse signals (Cloudflare Turnstile): challenge tokens and limited device/browser metadata used to verify that contact form submissions are not automated.

We do not knowingly collect special categories of personal data (e.g., health, biometric, political opinion, religious belief).

3. How We Use Your Data

  • To respond to your inquiries and provide requested information.
  • To create and manage a support request in our service desk (Jira Service Management) when you submit the contact form, so we can track and respond to your enquiry. The service desk sends you a confirmation and any follow-up updates relating to that request.
  • To send marketing or promotional emailsonly if you explicitly opt in via the marketing-consent checkbox on the contact form. We add you to our mailing list solely on that opt-in, and every marketing email contains a one-click unsubscribe link. You can withdraw this consent at any time (see Your Rights below). If you do not tick the box, you are not added to any marketing list.
  • To prevent fraud, spam, and abuse of our Website and services.
  • To analyse and improve Website performance, content, and user experience.
  • To measure and improve our search visibility and marketing effectiveness.
  • To comply with legal obligations and enforce our rights.

4. Legal Bases for Processing (GDPR / UK GDPR)

  • Consent (Art. 6(1)(a)): for non-essential analytics cookies (e.g., Microsoft Clarity) where required by law, and for sending marketing or promotional emails where you have explicitly opted in. You may withdraw consent at any time, including via the unsubscribe link in any marketing email.
  • Performance of a contract or pre-contractual steps (Art. 6(1)(b)): to respond to your contact requests.
  • Legitimate interests (Art. 6(1)(f)): to secure the Website, prevent abuse, and improve our services. You may object to this processing at any time.
  • Legal obligation (Art. 6(1)(c)): where we must process data to comply with applicable law.

5. Cookies & Similar Technologies

We use a minimal set of cookies and equivalent storage mechanisms. The categories are:

  • Strictly necessary — required for security and core functionality (e.g., Cloudflare Turnstile challenge tokens).
  • Analytics — Microsoft Clarity uses cookies and localStorage to identify returning sessions, measure engagement, and produce heatmaps. Where required by law, these are loaded only after you consent.
  • Third-party content (Google Maps) — the location map on our Contact page is embedded from Google Maps. It is not loaded automatically: it loads only when you click the map placeholder. Clicking sends your IP address, user-agent, and referrer to Google and may set Google cookies on your device. Your click is the consent for this; if you do not click, no data is sent to Google.

You can control cookies through your browser settings. Disabling cookies may impact certain Website functions.

6. Third-Party Processors & Sub-Processors

We share personal data with the following processors strictly for the purposes described in this Policy. Each processor is bound by a written data processing agreement and appropriate safeguards.

Processor Purpose Jurisdiction
Resend Marketing email delivery & mailing-list management (opt-in users only) USA
Atlassian (Jira Service Management) Support-request (service desk) creation & management for contact form enquiries, including request confirmation and follow-up notifications USA / Global
Cloudflare (Turnstile) Bot mitigation & form abuse prevention USA / Global
Microsoft Clarity Behavioural analytics, session recordings, heatmaps USA / EU
Google (Search Console) Search performance measurement & indexing USA / Global
Google (Maps) Location map embed on Contact page (loaded only on click) USA / Global
Vercel Website hosting & content delivery USA / Global
Webhook services Internal notification of new inquiries USA

7. International Transfers

Some of our processors are located outside the European Economic Area, the United Kingdom, or the United Arab Emirates. Where personal data is transferred internationally, we rely on adequacy decisions, Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or equivalent legal safeguards required by UAE PDPL and other applicable laws.

8. Data Retention

  • Contact form submissions: stored as a support request in our service desk (Jira Service Management), and — for opt-in users only — in our mailing-list provider (Resend), for as long as needed to respond to and follow up on your enquiry. We do not add a fixed expiry; instead, your data is deleted on request — see Your Rights below.
  • Email correspondence: retained for record-keeping and audit purposes, and deleted on request.
  • Microsoft Clarity data: retained per Microsoft's standard policy (typically up to 13 months).
  • Server logs & security data: retained for up to 12 months for security investigation.

We may retain data for longer where required by law or to establish, exercise, or defend legal claims.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — request deletion of your data.
  • Restriction — limit how we use your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time, without affecting prior lawful processing.
  • Non-discrimination (CCPA/CPRA) — we will not discriminate against you for exercising your rights.
  • Opt-out of sale/sharing (CCPA/CPRA) — we do not sell or share personal data for cross-context behavioural advertising.
  • Lodge a complaint with your supervisory authority (e.g., your local Data Protection Authority, the UK ICO, or the UAE Data Office).

To exercise any right, email contact@matechpayment.com. We respond within 30 days (extendable to 60 days for complex requests).

10. Security

We implement industry-standard technical and organisational measures to protect personal data, including TLS encryption in transit, restricted access controls, environment variable based secret management, server-side input validation, bot mitigation, and strict Content Security Policy headers. No transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Children's Privacy

The Website is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

12. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date above. We encourage you to review this page periodically.

14. Contact

Questions, complaints, or requests regarding this Policy or your personal data should be sent to:

Matech L.L.C. — Privacy
Sharjah Media City, Sharjah, UAE
Email: contact@matechpayment.com