We collect the data you give us to run your compliance audits and manage your account. We do not sell your data. We do not share it with third parties except Google Firebase (our infrastructure provider) and any manufacturer or Channel Partner organisation that manages your account. You can request deletion of your data at any time.
Venti Red FZ-LLC ("Venti Red", "we", "us", "our") operates the Z358 One compliance platform at z358one.com. We are the data controller for personal data processed through the Platform.
For data protection enquiries, contact us at: hello@ventired.ae
| Processing Activity | Legal Basis |
|---|---|
| Providing the Platform service | Contract Performance of contract (Terms and Conditions) |
| Account management and authentication | Contract Performance of contract |
| Sending service notifications and alerts | Contract Legitimate interest in service operation |
| Partner visibility (accountability data) | Consent Agreed at account activation; Legitimate interest of parent organisation |
| Product improvement and analytics (anonymised) | Legitimate interests Improving the service |
| Compliance with legal obligations | Legal obligation |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may object to processing based on legitimate interests at any time.
We do not use your data for automated decision-making that produces legal or similarly significant effects on you.
The Platform runs on Google Firebase (Google LLC, USA). Firebase handles authentication, database storage and hosting. Google processes data on our behalf under a Data Processing Agreement compliant with GDPR Standard Contractual Clauses. Data may be stored in Google's global data centres. See Google's privacy policy at policies.google.com/privacy.
If your account was created through a Channel Partner or Manufacturer, that organisation has access to your account status, licence expiry, and audit activity data within the Platform. This is a structural feature of the partner hierarchy disclosed at signup.
Where payment is made via Stripe, Stripe processes your payment data under its own privacy policy. Venti Red receives confirmation of successful payment only and does not store payment card details.
We may disclose your data to law enforcement, regulatory bodies or courts where we are legally required to do so, or where we reasonably believe disclosure is necessary to protect the rights, property or safety of Venti Red, our users or the public.
In the event of a merger, acquisition or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.
We do not sell, rent or trade your personal data to any third party.
Venti Red is based in the UAE. Your data may be stored on Google Firebase servers located outside the UAE, including within the European Economic Area, the United States and other countries.
Where data is transferred outside the UAE or EEA, we ensure appropriate safeguards are in place, including Google's Standard Contractual Clauses (for GDPR purposes) and compliance with UAE PDPL transfer requirements.
| Data Type | Retention Period |
|---|---|
| Active account data and audit records | For the duration of the active Licence, plus 90 days after termination |
| Account data after termination request | Deleted within 90 days of written deletion request |
| Technical logs and usage data | Up to 12 months |
| Financial records (payment confirmations) | 7 years (UAE legal requirement) |
| Anonymised aggregated analytics | Indefinitely (cannot identify individuals) |
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at hello@ventired.ae. We will respond within 30 days. We may ask you to verify your identity before acting on a request.
If you are in the EU/EEA and believe your rights have been violated, you have the right to lodge a complaint with your local supervisory authority.
The Platform uses browser local storage (not traditional cookies) to maintain your session and save your audit state between visits. This is strictly necessary for the Platform to function and does not require consent.
We do not use third-party advertising cookies, tracking pixels, or behavioural advertising technologies.
Firebase may use minimal functional cookies for authentication purposes. These are necessary for service operation.
We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure or destruction, including:
No system is completely secure. In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you and applicable supervisory authorities within the timeframes required by applicable law.
The Platform is intended for business use by adults. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.
We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or via the Platform at least 14 days before the changes take effect. The "Last reviewed" date at the top of this page will always reflect the most recent version.
For any privacy-related queries or to exercise your rights:
Venti Red FZ-LLC
Data Controller
Email: hello@ventired.ae
Platform: z358one.com
We take all privacy concerns seriously and will respond within 30 days.