Legal

Privacy Policy

Effective Date: January 1, 2026

The Reach Foundation ("we", "us", "our") is the data controller for personal data collected through this platform, operating under the laws of the United Arab Emirates.

1. Data Controller Identity

The Reach Foundation ("we", "us", "our") is the data controller for personal data collected through this platform, operating under the laws of the United Arab Emirates.

3. Types of Data Collected

We collect the following categories of personal data:

  • Identity data: full name, email address, phone number, location
  • Application data: category-specific information, statement of need, supporting documents
  • Sensitive data (where applicable): medical information, legal case details, family status
  • Corporate data: company name, trade license, contact person, CSR budget information

2. Purpose of Data Processing

We collect and process personal data for the following purposes:

  • Evaluating and processing support applications across our six program pillars
  • Matching applicants with appropriate corporate sponsors
  • Managing corporate partnership inquiries and CSR programs
  • Generating anonymized impact reports for stakeholders
  • Complying with applicable UAE laws and regulations

4. Legal Basis for Processing

We process personal data based on:

  • Your explicit consent (provided via application form checkboxes)
  • Legitimate interest in operating our CSR programs
  • Compliance with UAE legal obligations

6. Data Localization

All personal data is stored and processed within the United Arab Emirates in compliance with the UAE PDPL. We do not transfer personal data outside the UAE without appropriate safeguards.

5. Third-Party Data Sharing

We may share data with:

  • Corporate sponsors (anonymized data only — no personal identifiers)
  • UAE government authorities (as required by law)
  • Service providers (under data processing agreements)

We never sell personal data to third parties.

7. Data Retention

We retain personal data for the following periods:

  • Approved applications: Duration of the program plus 3 years
  • Unapproved applications: Automatically deleted after 12 months
  • Corporate inquiry data: 2 years from last contact

8. Your Rights

Under the UAE PDPL, you have the following rights:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure (Right to be Forgotten)
Right to restrict processing
Right to data portability
Right to withdraw consent at any time

To exercise these rights, contact us at privacy@reachfoundation.ae

9. Beneficiary Data Protection

We implement additional safeguards for beneficiary data:

  • All beneficiary data shared with sponsors is fully anonymized
  • Impact reports use aggregate statistics without personal identifiers
  • Access to beneficiary records is restricted to authorized personnel with role-based access controls

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated via this page.