Privacy Policy

This Privacy Policy outlines the principles and practices of Red Dragon FZ-LLC ("Red Dragon", "we", "our", or "us") regarding the collection, use, storage, disclosure, and protection of personal, transactional, and business data in connection with the services we provide to merchants and their customers. This policy is written in accordance with applicable laws of the United Arab Emirates and relevant international data protection standards.

By accessing or using our services, including card terminals, online gateways, merchant dashboards, QR code and payment link tools, or any associated applications, platforms, or websites, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

1. Information We Collect

Red Dragon collects a variety of data in order to provide our services efficiently, securely, and in compliance with financial regulations. 

We collect personal information such as names, email addresses, telephone numbers, and Emirates ID or passport details from individuals representing the merchant. 

We also collect business-related data, including trade licences, commercial registration documents, VAT numbers, bank account details, and transactional records. 

Additionally, we may collect technical and behavioural data such as IP addresses, device identifiers, browser type, session logs, and platform usage statistics. 

Where applicable, we also collect customer payment data when transactions are processed via our payment infrastructure.

2. Methods of Data Collection

Data is collected directly from you during account registration, onboarding, document uploads, communications with our support or compliance teams, and usage of our payment systems. 

We also collect data automatically through cookies, web beacons, API integrations, tracking pixels, and other standard tracking technologies when you interact with our websites or dashboards.

 Information may also be obtained from third parties, such as financial institutions, fraud prevention databases, or regulatory bodies, where permitted by law or with your consent.

3. Purpose of Data Processing

Red Dragon processes data for a number of lawful and legitimate purposes. 

These include: verifying the identity and legitimacy of merchants; performing required due diligence under anti-money laundering (AML) and know-your-customer (KYC) obligations; processing and settling payment transactions; generating invoices and reconciliation reports; supporting technical service and customer support inquiries; improving our platform and service functionality; detecting and mitigating fraudulent or suspicious behaviour; enabling audits and internal risk assessments; and fulfilling obligations under applicable financial, tax, and regulatory frameworks in the UAE and internationally.

4. Legal Basis for Processing

The processing of personal and business data by Red Dragon is grounded in one or more of the following legal bases: the necessity to perform a contract (i.e., to deliver services under the Merchant Agreement); compliance with applicable legal obligations (including AML, tax, and licensing laws); the legitimate interests of Red Dragon or its partners in securing and optimising its services; and, where required, the explicit consent of the data subject, which may be withdrawn at any time subject to applicable law.

5. Data Sharing and Disclosure

Red Dragon does not sell personal or merchant data to third parties. However, we may disclose information to third parties where it is necessary to perform our services or comply with legal and regulatory requirements. Such parties may include acquiring banks, card schemes (e.g., Visa, Mastercard), fraud prevention services, regulatory agencies, auditors, hosting providers, technology partners, and legal advisers. All such parties are bound by confidentiality obligations and contractual requirements that ensure the secure and lawful use of shared data. Red Dragon may also disclose data if required by court order, government authority, or applicable law.

6. International Data Transfers

Where necessary for the fulfilment of payment processing or service delivery, Red Dragon may transfer data outside the UAE to jurisdictions that may not offer the same level of data protection. In such cases, we implement appropriate safeguards, including data transfer agreements, encryption, and due diligence of foreign service providers, in accordance with UAE data protection principles and international best practices. All cross-border transfers are limited to data strictly necessary for the purpose of the service.

7. Data Security and Storage

Red Dragon uses robust physical, administrative, and technological measures to safeguard your information. Data is stored in secure, access-controlled data centres and encrypted both in transit and at rest using industry-standard protocols. Access to systems and databases is restricted to authorised personnel with a legitimate operational need. We regularly audit our security systems and maintain business continuity and disaster recovery plans to mitigate risks of data loss, breach, or corruption.

8. Rights of Data Subjects

Data subjects, including individuals associated with merchant accounts, have certain rights in relation to their personal data, subject to legal and regulatory limitations. These rights include the right to request access to personal information, the right to request rectification of inaccurate or outdated data, the right to object to certain forms of data processing, and, where applicable, the right to request deletion of personal data that is no longer required. Requests should be submitted in writing via our designated contact method and will be responded to within a reasonable time frame in accordance with applicable law.

9. Data Retention

Red Dragon retains personal and transactional data for as long as it is necessary to provide services to the merchant and to comply with applicable legal, regulatory, and contractual obligations. This includes retention periods required under financial laws, anti-fraud frameworks, accounting rules, and licensing requirements. Once data is no longer needed for these purposes, it will be securely deleted or anonymised, subject to any lawful exceptions.

10. Cookies and Tracking Technologies

Our websites and dashboards may use cookies and similar tracking technologies to improve functionality, analyse performance, and deliver a better user experience. Cookies may be session-based or persistent and may be disabled through your browser settings. However, disabling cookies may affect the performance of certain features or prevent access to secure areas of the platform. By continuing to use our services, you consent to the use of such technologies unless explicitly opted out where possible.

11. Data Protection Contact

If you have questions about this privacy policy, wish to exercise your data rights, or have concerns regarding the handling of your personal or business data, you may contact our designated Data Protection Officer (DPO) at the following email address: support@reddragon.ae. We take all enquiries seriously and will respond in accordance with applicable legal requirements.

12. Changes to this Policy

Red Dragon may amend this Privacy Policy at any time to reflect changes in the law, industry standards, or company operations. We will notify you of material changes through our website or via email communication. Continued use of our services after such changes constitutes acceptance of the revised Privacy Policy.

Last updated: 2nd September 2025

Contact Us

‍Please send your feedback, comments, requests for technical support: support@reddragon.ae