1. Introduction
Metamorphosis Educational Technology Solutions (“we,” “our,” “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website metamorphosis.ae and use our services in compliance with UAE Federal Law No. 45 of 2021 on Personal Data Protection and other applicable GCC regulations.
2. Data Controller Information
Data Controller:
Metamorphosis Educational Technology Solutions
METAMORPHOSIS , Office #G 53B , DTEC, Dubai Silicon Oasis
UAE
Email: info@metamorphosis.ae
Phone: +971 55 3499578
3. Information We Collect
3.1 Personal Data You Provide to Us
Contact Information: Name, email address, phone number, job title, institution name
Professional Information: Department, role, educational institution details
Communication Data: Messages, inquiries, support requests
Business Information: Billing details, contract information
Account Credentials: Username and password for our client portals
3.2 Data Collected Automatically
Technical Data: IP address, browser type, device information, operating system
Usage Data: Pages visited, time spent, navigation patterns, referral sources
Cookies and Tracking Technologies: See Section 9 for details
3.3 Data from Educational Institutions (Our Clients)
When implementing our solutions for educational institutions, we may process:
Student Data: Enrollment information, academic records (only as directed by institution)
Faculty Data: Teaching assignments, course materials
Administrative Data: Institutional policies, operational information
Technical Data: System usage logs, performance metrics
4. How We Use Your Information
4.1 Business Operations
Provide and maintain our services
Process transactions and manage accounts
Send administrative information
Respond to inquiries and provide support
Manage our relationship with you
4.2 Marketing and Communications (with your consent)
Send newsletters and promotional materials
Notify about new services or features
Invite to events and webinars
Conduct market research and surveys
4.3 Legal and Compliance
Comply with legal obligations
Protect our rights and property
Prevent fraud and ensure security
Respond to lawful requests from authorities
4.4 Service Improvement
Analyze usage patterns
Develop and improve our services
Conduct research and analytics
Ensure service quality and performance
5. Legal Basis for Processing
We process your personal data based on:
Consent: When you have given explicit consent
Contract Performance: To fulfill our contractual obligations
Legal Obligation: To comply with UAE laws and regulations
Legitimate Interests: For our legitimate business interests, balanced with your rights
6. Data Sharing and Disclosure
6.1 Third-Party Service Providers
We may share data with:
Technology Partners: Moodle, Zoho, Koha (for integration purposes)
Cloud Hosting Providers: Regional GCC data centers
Payment Processors: Secure payment gateways
Analytics Providers: Google Analytics, with anonymized data
6.2 Educational Institutions
When providing services to educational institutions, data processing is governed by:
Service Level Agreements (SLAs)
Data Processing Agreements (DPAs)
Institutional policies and consents
6.3 Legal Requirements
We may disclose information:
To comply with UAE laws and regulations
In response to lawful requests from authorities
To protect our rights and safety
In connection with business transfers
6.4 International Transfers
We prioritize regional data storage in GCC data centers. Any international transfers will:
Comply with UAE data protection laws
Implement appropriate safeguards
Obtain necessary consents
Use UAE-approved transfer mechanisms
7. Data Security
7.1 Security Measures
We implement appropriate technical and organizational measures:
Encryption: Data in transit and at rest using AES-256 encryption
Access Controls: Role-based access, multi-factor authentication
Network Security: Firewalls, intrusion detection systems
Regular Audits: Security assessments and penetration testing
Employee Training: Regular data protection training
7.2 Incident Response
72-hour notification requirement for data breaches
Incident response plan in place
Regular backup and recovery procedures
Continuous security monitoring
8. Data Retention
8.1 Retention Periods
Client Data: Duration of contract + 7 years for legal compliance
Prospect Data: 2 years from last contact (with consent renewal)
Website Analytics: 26 months
Financial Records: 10 years as per UAE commercial law
Employee Data: Duration of employment + 10 years
8.2 Data Deletion
Upon expiry of retention periods, data is:
Securely deleted from active systems
Anonymized for statistical purposes
Archived where legally required
9. Cookies and Tracking Technologies
9.1 Types of Cookies Used
Essential Cookies: Required for website functionality
Analytics Cookies: Google Analytics (anonymized)
Marketing Cookies: With explicit consent
Preference Cookies: Remember your settings
9.2 Cookie Management
Clear cookie banner on first visit
Granular consent options
Ability to modify preferences anytime
Browser settings can control cookies
10. Your Rights (UAE Data Protection Rights)
Under UAE Federal Law No. 45 of 2021, you have the right to:
10.1 Access and Information
Request access to your personal data
Receive information about how we process your data
Obtain a copy of your data in a structured format
10.2 Correction and Deletion
Request correction of inaccurate data
Request deletion of your data (right to be forgotten)
Withdraw consent at any time
10.3 Objection and Restriction
Object to processing of your data
Request restriction of processing
Opt-out of marketing communications
10.4 Data Portability
Receive your data in a machine-readable format
Transfer your data to another controller
10.5 Automated Decisions
Not be subject to decisions based solely on automated processing
Request human intervention in automated decisions
11. Exercising Your Rights
To exercise your rights, contact us at:
Email: info@metamorphosis.ae
Phone: +971553499578
Address: METAMORPHOSIS , Office #G 53B , DTEC, Dubai Silicon Oasis, UAE
We will:
Respond within 30 days (as per UAE law)
Verify your identity before processing requests
Provide information free of charge (unless excessive)
Explain any refusal with legal justification
12. Children’s Privacy
Our services are directed to educational institutions and professionals. We do not knowingly collect personal data from children under 18 without parental consent. Educational institutions are responsible for obtaining necessary consents for student data.
13. Links to Other Websites
Our website may contain links to:
Educational technology platforms (Moodle, Zoho, Koha)
Partner websites
Industry resources
We are not responsible for the privacy practices of third-party websites.
14. Educational Institution Responsibilities
When we provide services to educational institutions:
Institutions remain data controllers for their data
We act as data processors under DPAs
Institutions are responsible for:
Obtaining necessary consents
Complying with institutional policies
Managing data subject requests
Ensuring data accuracy
15. Updates to This Policy
We may update this policy to:
Reflect changes in our practices
Comply with legal requirements
Incorporate new technologies
Improve clarity and transparency
Notification of Changes:
Website notice of updates
Email notification for significant changes
Updated “Last Updated” date
Archived versions available upon request
16. Governing Law and Dispute Resolution
This Privacy Policy is governed by UAE law. Any disputes will be resolved through:
Negotiation and mediation first
UAE courts having jurisdiction
Compliance with UAE Data Protection Law
17. Contact Information
For privacy-related inquiries:
General Privacy Inquiries:
Email: info@metamorphosis.ae
Phone: +971553499578
Address: METAMORPHOSIS , Office #G 53B , DTEC, Dubai Silicon Oasis, UAE
18. Consent
By using our website and services, you acknowledge that:
You have read and understood this Privacy Policy
You consent to our data practices
You can withdraw consent at any time
You understand your rights under UAE law
Appendix A: Specific Processing Activities
A.1 Moodle Implementation
Data processed: User accounts, course materials, grades
Purpose: Learning management system operation
Legal basis: Contract performance, institutional consent
Retention: Duration of institutional contract
A.2 Library Management (Koha)
Data processed: Patron information, circulation records
Purpose: Library system operation
Legal basis: Institutional service provision
Retention: As per institutional policies
A.3 Campus Management (Zoho)
Data processed: Administrative records, financial data
Purpose: Institutional operations management
Legal basis: Contract performance
Retention: Contract period + legal requirements
A.4 Support Services
Data processed: Support tickets, system logs
Purpose: Technical support and maintenance
Legal basis: Legitimate interest, contract
Retention: 2 years from resolution
This Privacy Policy was last reviewed and updated to comply with UAE Federal Law No. 45 of 2021 on Personal Data Protection and reflects our commitment to protecting the privacy of educational institutions, their stakeholders, and our website visitors in the Middle East region.
