Barid - Everything important in one place

Last updated 29 April 2025

Terms and Conditions

If you have any questions or concerns about these Terms or the Application, please contact us at legal@barid.ae

1. ACCEPTANCE OF TERMS

1.1 By accessing or using the Application, you expressly agree to be bound by these Terms and any future amendments and additions to these Terms as published from time to time at Barid.ae or through the Application.

1.2 These Terms constitute a legally binding agreement between you and Barid Tech Ltd, a company registered in the Dubai International Financial Centre (DIFC), United Arab Emirates with company number [CL7956] and having its registered office at the DIFC.

2. DESCRIPTION OF SERVICE

2.1 The Application is a document delivery and management platform that enables users to send, receive, and manage various types of documents, including but not limited to payment receipts, invoices, letters, and other personal/business-related documents (collectively, "Documents").

2.2 Barid provides the Application to you for your personal or business use, subject to these Terms. We reserve the right to modify, suspend, or discontinue the Application or any part thereof at any time without notice.

3. ELIGIBILITY

3.1 By using the Application, you represent and warrant that you are at least 15 years old or have reached the age of majority in your jurisdiction, whichever is higher.

3.2 If you are using the Application on behalf of a company, organisation, or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms.

4. USER REGISTRATION AND ACCOUNT

4.1 To access and use certain features of the Application, you may be required to register for an account ("Account") by providing accurate and complete information as prompted by the registration form.

4.2 You are solely responsible for maintaining the confidentiality of your Account login credentials and for all activities that occur under your Account. You agree to immediately notify Barid of any unauthorised use of your Account or any other breach of security.

5. DOCUMENT DELIVERY AND MANAGEMENT

5.1 You acknowledge and agree that the Application is designed to facilitate the delivery and management of Documents, and Barid Tech Ltd does not have any control over the content, accuracy, or completeness of the Documents sent or received through the Application.

5.2 You are solely responsible for ensuring that the Documents you send or receive through the Application comply with all applicable laws, regulations, and third-party rights, including but not limited to intellectual property rights, privacy rights, and data protection laws.

5.3 Barid Tech Ltd reserves the right, but has no obligation, to review, monitor, or remove any Documents or content that it deems, in its sole discretion, to be in violation of these Terms or applicable laws and regulations.

6. FEES AND PAYMENT

6.1 The use of the Application may be subject to fees, as determined by Barid Tech Ltd from time to time. Barid reserves the right to modify or introduce new fees at any time, upon reasonable notice to you.

6.2 If you are required to pay fees for using the Application, you agree to provide accurate and complete billing information and to pay all fees in a timely manner. Failure to pay any fees may result in the suspension or termination of your access to the Application.

7. INTELLECTUAL PROPERTY

7.1 The Application, including but not limited to its software, design, graphics, text, images, and other materials, is the property of Barid Tech Ltd and its licensors and is protected by applicable intellectual property laws.

7.2 You acknowledge and agree that you do not acquire any ownership rights in the Application or any part thereof, and you shall not modify, reproduce, distribute, create derivative works from, or publicly display the Application or any part thereof without the prior written consent of Barid Tech Ltd.Body

8. THIRD-PARTY SERVICES AND LINKS

8.1 The Application may contain links to third-party websites, services, or resources ("Third-Party Services"). Barid Tech Ltd does not endorse or assume any responsibility for the content, privacy policies, or practices of any Third-Party Services.

8.2 Your use of Third-Party Services is at your own risk, and you are solely responsible for reviewing and complying with any applicable terms and conditions or privacy policies associated with such Third-Party Services.

9. PRIVACY

9.1 Barid Tech Ltd respects your privacy and handles your personal information in accordance with its Privacy Policy, which is incorporated into these Terms by reference.

9.2 By using the Application, you consent to the collection, use, and disclosure of your personal information as described in the Privacy Policy.

10. DISCLAIMERS AND LIMITATION OF LIABILITY

10.1 The Application is provided "as is" and "as available," without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement.

10.2 Barid does not warrant that the Application will be uninterrupted, secure, or error-free, or that any defects will be corrected.

10.3 To the maximum extent permitted by applicable law, Barid Tech shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or use, arising out of or in connection with the use or inability to use the Application, even if Barid has been advised of the possibility of such damages.

11. INDEMNIFICATION

11.1 You agree to indemnify, defend, and hold harmless Barid, its affiliates, officers, directors, employees, and agents from and against any and all claims, liabilities, damages, losses, and expenses, including reasonable attorneys' fees, arising out of or relating to your use of the Application, your violation of these Terms, or your violation of any rights of a third party.

12. TERMINATION

12.1 Barid Tech reserves the right, in its sole discretion, to terminate or suspend your access to the Application, with or without notice and for any reason, including but not limited to your violation of these Terms.

12.2 Upon termination or suspension of your access to the Application, your right to use the Application shall immediately cease.

13. GOVERNING LAW AND DISPUTE RESOLUTION

13.1 These Terms shall be governed by and construed in accordance with the laws of the Dubai International Financial Centre as issued and applicable in the Dubai International Financial Centre.

13.2 Any dispute arising out of or relating to these Terms or the use of the Application shall be subject to the exclusive jurisdiction of the Courts of the Dubai International Financial Centre.

13.3 Barid Tech complies with the Data Protection Law of the Dubai International Financial Centre relating to the processing of personal data.

14. MISCELLANEOUS

14.1 These Terms constitute the entire agreement between you and Barid Tech Ltd concerning the Application and supersede all prior or contemporaneous communications and proposals, whether oral or written.

14.2 If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect.

14.3 Barid Tech Ltd’s failure to enforce any right or provision of these Terms shall not be deemed a waiver of such right or provision.

14.4 You may not assign or transfer these Terms or any rights or obligations hereunder without the prior written consent of Barid Tech Ltd.

14.5 Barid Tech Ltd may assign or transfer these Terms or any rights or obligations hereunder without your consent.

15. CHANGES TO TERMS AND CONDITIONS

15.1 Barid Tech reserves the right to modify or update these Terms at any time by posting the revised Terms on the Application or its website. Your continued use of the Application after any such modifications constitutes your acceptance of the revised Terms.

16. KNOW YOUR RIGHTS

As a user of the application you have certain rights that we want to clearly communicate. This section summarises important rights you maintain when using our application, though it does not replace or modify other sections of these Terms and Conditions.

32. Right to withdraw consent

Where the basis for the Processing of Personal Data is consent under Article 10(a) or under Article 11(1)(a), the Data Subject may withdraw consent at any time by notifying the Controller in accordance with Article 12(5). Where a Controller has not complied with Article 12(5) a Data Subject may notify the Controller by any reasonable means.
The right to withdraw consent is an absolute right available to a Data Subject if the basis for the Processing of the Data Subject’s Personal Data is consent under Article 10(a) or Article 11(a).
Upon the exercise of a Data Subject's right to withdraw consent, a Controller must comply with Article 22 and must cease Processing the Personal Data as soon as reasonably practicable, and ensure that any Processors do the same.

33. Rights to access, rectification and erasure of Personal Data

Upon request, a Data Subject has the right to obtain from a Controller without charge and within one (1) month of the request:

confirmation in writing as to whether or not Personal Data relating to him is being Processed and information at least as to the purposes of the Processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data are disclosed;
a copy of the Personal Data undergoing Processing, provided in an appropriate format, including but not limited to electronic form or hard copy format, and of any available information as to its source, including up-to-date information corresponding with the information requirements set out in Articles 29 and 30; and
subject to Article 33(4), the rectification of Personal Data unless it is not technically feasible to do so.

Subject to Article 33(3), the Data Subject has the right to require the Controller to erase the Data Subject's Personal Data where:

the Processing of the Personal Data is no longer necessary in relation to the purposes for which it was collected;
a Data Subject has withdrawn consent to the Processing where consent was the lawful basis for Processing and there is no other lawful basis, provided that in such circumstances the Controller must comply with Article 22;
the Processing is unlawful or the Personal Data is required to be deleted to comply with Applicable Law to which the Controller is subject; or
the Data Subject objects to the Processing and there is no overriding legitimate grounds for the Controller to continue with the Processing.

The Controller is only required to comply with a request by a Data Subject to erase Personal Data where:

one of the conditions in Article 33(2) applies; and
subject to Article 33(4), the Controller is not required to retain the Personal Data in compliance with Applicable Law to which it is subject or for the establishment or defence of legal claims.

Where rectification or erasure of Personal Data is not feasible for technical reasons, then the Controller is not in violation of this Law for failing to comply with a request for rectification or erasure of the Personal Data, in accordance with Articles 33(1)(c), 33(2)(a) or Article 33(2)(d) as applicable, if:

the Controller collected the Personal Data from the Data Subject; and
the information provided to the Data Subject under Article 29(1)(h)(ix) was explicit, clear and prominent with respect to the manner of Processing the Personal Data and expressly stated that rectification or erasure (as the case may be) of the Personal Data at the request of the Data Subject would not be feasible.

Where a Data Subject suffers adverse effects as a result of the inability of a Controller to rectify Personal Data and where the need for rectification was not caused by the Data Subject's own provision of inaccurate data, the Controller shall provide all reasonable assistance to the Data Subject to enable the Data Subject to take steps to mitigate the adverse effects.
A Controller shall direct all recipients and Processors to rectify or erase Personal Data where the respective right is properly exercised or to cease Processing and return or erase the Personal Data where the right to object is validly exercised. In such circumstances, Article 22 applies to the erasure of the Personal Data by both the Controller and the Processor.
If a Data Subject request under Article 33(1) is particularly complex, or requests are numerous, the Controller may send notice to the Data Subject, within one (1) month, to increase the period for compliance by a further two (2) months citing the reasons for the delay.
Subject to Article 33(9), where requests from a Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either:

charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
refuse to act on the request, providing written confirmation to the Data Subject reasons for the refusal.

A Controller shall maintain a register of instances where it relies on Articles 33(7) or 33(8), setting out the reasons for relying on those articles.
The Commissioner may inspect the register in Article 33(9) and may at any time request additional information or conduct an investigation, to determine whether the use of the variation or exemption under Articles 33(7) or Article 33(8) was validly applied by the Controller. The Commissioner’s determination, after considering representations from all persons affected by the request, is final and conclusive, subject to a validly lodged appeal under Article 63(1).
A Controller that contravenes Article 33(1) by invalidly relying on either of Articles 33(7) or 33(8) shall be subject to the remedies, liabilities and sanctions set out in Part 9.
If a Controller has reasonable doubts as to the identity of a Data Subject asserting a right under this Article 33, it may require the Data Subject to provide additional information sufficient to confirm the individual’s identity. In such cases, the time period for complying with the Data Subject request does not begin until the Controller has received information or evidence sufficient to reasonably identify that the person making the request is the Data Subject.
Where a Controller complies with a request under Article 33(1)(b) it shall not disclose the Personal Data of other individuals in a way that may infringe their rights under Applicable Law and the Controller may redact or otherwise obscure Personal Data relating to such other individuals. Where the Data Subject's request is received by electronic means, and unless otherwise requested by the Data Subject, the information may be provided in a commonly used electronic form.
The information to be supplied pursuant to a request under this Article 33 must be supplied by reference to the data in question at the time the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request.
Without derogating from the requirements on DIFC Bodies as set out in Article 65(2), a Controller may restrict, wholly or partly, the provision of information to the Data Subject under Article 33(1) to the extent that and for so long as the restriction is, having regard to the fundamental rights and legitimate interests of the Data Subject, a necessary and proportionate measure to:

avoid obstructing an official or legal inquiry, investigation or procedure;
avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
protect public security;
protect national security; or
protect the rights of others.

Where the provision of information to a Data Subject under Article 33(1) is restricted in accordance with Article 33(15), a Controller must inform the Data Subject in writing without undue delay:

that the provision of information has been restricted;
of the reasons for the restriction;
of the Data Subject’s right to lodge a complaint with the Commissioner under Article 60; and
of the Data Subject’s right to apply to the Court under Article 63.

Article 33(16)(a) and (b) do not apply to the extent that complying with them would undermine the purpose of the restriction.

34. Right to object to Processing

A Data Subject has the right to:

object at any time on reasonable grounds relating to his particular situation to Processing of Personal Data relating to him where such Processing is carried out on the basis that:

it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in a Controller; or
it is necessary for the purposes of the legitimate interests, where applicable, of a Controller or of a Third Party; and

be informed before Personal Data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object to such disclosures or uses, subject to any provision of this Law that does not permit disclosure; and
where Personal Data is Processed for direct marketing purposes, object at any time to such Processing, including Profiling to the extent that it is related to such direct marketing.

Where there is a justified objection, Processing initiated by a Controller shall no longer include that Personal Data, and Article 22 shall apply with respect to such Personal Data. An objection under Article 34(1)(a) is deemed justified unless the Controller can demonstrate compelling grounds for such Processing that overrides the interests, rights of a Data Subject or that the circumstances in Article 34(3) apply.
If a Controller collected Personal Data from a Data Subject and the Controller can demonstrate that the information provided to the Data Subject under Article 29(1)(h)(ix) was explicit, clear and prominent with respect to the manner of Processing the Personal Data and expressly stated that it would not be possible to implement an objection to the Processing at the request of the Data Subject, then the Controller may continue Processing the Personal Data in the same manner, subject to this Law in all other respects.
A Controller shall, no later than its first communication to a Data Subject, explicitly bring to the attention of the Data Subject in clear language that is prominent and separate from other communications or information, the rights referred to in Article 34(1).

35. Right to restriction of Processing

Subject to Article 35(3), a Data Subject shall have the right to require a Controller to restrict Processing to the extent that any of the following circumstances apply:

the accuracy of the Personal Data is contested by the Data Subject, for a period allowing the Controller to verify the accuracy of the Personal Data;
the Processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of its use instead;
the Controller no longer needs the Personal Data for the purposes of the Processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
the Data Subject has objected to Processing pursuant to Article 34 pending verification of whether the legitimate grounds of the Controller override those of the Data Subject.

If a Controller lifts the period of restriction it shall inform the Data Subject in writing.
Where Article 35(1) applies, the only Processing that may continue to be conducted without the consent of the Data Subject is:

storage of the Personal Data concerned;
Processing of the Personal Data for the establishment, exercise or defence of legal claims;
Processing for the protection of the rights of another person; and
Processing for reasons of Substantial Public Interest.

36. Controller's obligation to notify

The Controller shall communicate any rectification or erasure of Personal Data or Processing restriction carried out in accordance with Articles 33, 34 and 35 to each recipient to whom the Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. A Controller shall inform the Data Subject about those recipients if a Data Subject requests it.

37. Right to data portability

A Data Subject shall have the right to receive Personal Data that he has provided to a Controller in a structured, commonly used and machine-readable format where the Processing is:

based on the Data Subject's consent or the performance of a contract; and
carried out by automated means.

The purpose of Article 37(1) is to enable ready portability between Controllers if so required by the Data Subject, and the Data Subject shall have the right to have the Personal Data transmitted directly from the Controller to whom the request is made to any other person, where technically feasible.
A Controller is not required to provide or transmit any Personal Data where doing so would infringe the rights of any other natural person.

38. Automated individual decision-making, including Profiling

A Data Subject shall have the right to object to any decision based solely on automated Processing, including Profiling, which produces legal consequences concerning him or other seriously impactful consequences and to require such decision to be reviewed manually.
Article 38(1) shall not apply if the decision is:

necessary for entering into, or performance of, a contract between a Data Subject and a Controller;
authorised by Applicable Law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject's rights; or
based on the Data Subject's explicit consent.

DIFC law concerning fraud, counter-terrorism, money laundering, and tax-evasion monitoring and prevention which requires Processing of Personal Data that produces legal consequences concerning a Data Subject is regarded as falling within Article 38(2)(b).
Article 38(2) does not apply if the Data Subject in question is a minor (by reference to the legal age of majority in the United Arab Emirates from time to time).
A Controller may only rely on Articles 38(2)(a) and 38(2)(c) if it has implemented suitable measures to safeguard a Data Subject's rights which includes, at least, the ability for the Processing to be reviewed manually.
Decisions affecting a Data Subject may not be based solely on the automated Processing, including Profiling, of Special Categories of Personal Data unless:

the Data Subject has given explicit consent to the Processing of those Personal Data for such specific purposes; or
the Processing is necessary for reasons of Substantial Public Interest, on the basis of Applicable Law, is proportionate to the aim pursued, respects the principles of data protection and provides for suitable measures to safeguard the rights and interests of the Data Subject.

39. Non-discrimination

A Controller may not discriminate against a Data Subject who exercises any rights under this Part 6, including by:

denying any goods or services to the Data Subject;
charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
providing a less favourable level or quality of goods or services to the Data Subject; or
suggesting that the Data Subject will receive a less favourable price or rate for goods or services or a less favourable level or quality of goods or services.

Nothing in this Article 39 prohibits a Controller from charging a Data Subject a different price or rate, or from providing a different level or quality of goods or services, if that difference is objectively and reasonably directly related to the value provided by the Data Subject’s data.
Notwithstanding Article 39(1), a Controller may offer financial or non-financial incentives for the Processing of Personal Data provided that:

the terms of the incentive are clearly communicated;
the process for receiving the benefit of the incentive is clearly communicated, is transparent and does not require material additional effort or expense on the part of the Data Subject;
the nature of the Processing involved is clearly communicated;
the Processing complies in all respects with this Law; and
it complies with Article 39(4).

A Data Subject shall have the right to withdraw without penalty from, and require the cessation of Processing carried out under, any incentive scheme at any time. Incentive schemes must not be coercive or unreasonable in nature with respect to the Processing of Personal Data, including where the incentive is based on probability or a competition where the chance of receiving the incentive is disproportionately low compared to the value of the Personal Data and the impact on the Data Subject’s rights.

40. Methods of exercising Data Subject rights

A Controller shall make available a minimum of two (2) methods (which may include but shall not be limited to post, telephone, email or an online form), which shall not be onerous, by which a Data Subject can contact the Controller to request to exercise his rights under this Part. If a Controller maintains a website, at least one (1) method of contact shall be available without charge via the website, without the need to submit data to create an account of any sort. At least one of the methods should correspond to the contact details provided under Article 29 or 30 as applicable.

The full text of Data Protection Law DIFC Law No.5 of 2020 can be found here.

Terms and Conditions

Barid Tech Ltd.

Company number: CL7956

Dubai, United Arab Emirates

Last updated 29 April 2025

Terms and Conditions

If you have any questions or concerns about these Terms or the Application, please contact us at legal@barid.ae

1. ACCEPTANCE OF TERMS

2. DESCRIPTION OF SERVICE

3. ELIGIBILITY

3.1 By using the Application, you represent and warrant that you are at least 15 years old or have reached the age of majority in your jurisdiction, whichever is higher.

3.2 If you are using the Application on behalf of a company, organisation, or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms.

4. USER REGISTRATION AND ACCOUNT

5. DOCUMENT DELIVERY AND MANAGEMENT

6. FEES AND PAYMENT

7. INTELLECTUAL PROPERTY

8. THIRD-PARTY SERVICES AND LINKS

9. PRIVACY

9.1 Barid Tech Ltd respects your privacy and handles your personal information in accordance with its Privacy Policy, which is incorporated into these Terms by reference.

9.2 By using the Application, you consent to the collection, use, and disclosure of your personal information as described in the Privacy Policy.

10. DISCLAIMERS AND LIMITATION OF LIABILITY

10.2 Barid does not warrant that the Application will be uninterrupted, secure, or error-free, or that any defects will be corrected.

11. INDEMNIFICATION

12. TERMINATION

12.2 Upon termination or suspension of your access to the Application, your right to use the Application shall immediately cease.

13. GOVERNING LAW AND DISPUTE RESOLUTION

13.1 These Terms shall be governed by and construed in accordance with the laws of the Dubai International Financial Centre as issued and applicable in the Dubai International Financial Centre.

13.2 Any dispute arising out of or relating to these Terms or the use of the Application shall be subject to the exclusive jurisdiction of the Courts of the Dubai International Financial Centre.

13.3 Barid Tech complies with the Data Protection Law of the Dubai International Financial Centre relating to the processing of personal data.

14. MISCELLANEOUS

14.2 If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect.

14.3 Barid Tech Ltd’s failure to enforce any right or provision of these Terms shall not be deemed a waiver of such right or provision.

14.4 You may not assign or transfer these Terms or any rights or obligations hereunder without the prior written consent of Barid Tech Ltd.

14.5 Barid Tech Ltd may assign or transfer these Terms or any rights or obligations hereunder without your consent.

15. CHANGES TO TERMS AND CONDITIONS

16. KNOW YOUR RIGHTS

32. Right to withdraw consent

Where the basis for the Processing of Personal Data is consent under Article 10(a) or under Article 11(1)(a), the Data Subject may withdraw consent at any time by notifying the Controller in accordance with Article 12(5). Where a Controller has not complied with Article 12(5) a Data Subject may notify the Controller by any reasonable means.
The right to withdraw consent is an absolute right available to a Data Subject if the basis for the Processing of the Data Subject’s Personal Data is consent under Article 10(a) or Article 11(a).
Upon the exercise of a Data Subject's right to withdraw consent, a Controller must comply with Article 22 and must cease Processing the Personal Data as soon as reasonably practicable, and ensure that any Processors do the same.

33. Rights to access, rectification and erasure of Personal Data

Upon request, a Data Subject has the right to obtain from a Controller without charge and within one (1) month of the request:

confirmation in writing as to whether or not Personal Data relating to him is being Processed and information at least as to the purposes of the Processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data are disclosed;
a copy of the Personal Data undergoing Processing, provided in an appropriate format, including but not limited to electronic form or hard copy format, and of any available information as to its source, including up-to-date information corresponding with the information requirements set out in Articles 29 and 30; and
subject to Article 33(4), the rectification of Personal Data unless it is not technically feasible to do so.

Subject to Article 33(3), the Data Subject has the right to require the Controller to erase the Data Subject's Personal Data where:

the Processing of the Personal Data is no longer necessary in relation to the purposes for which it was collected;
a Data Subject has withdrawn consent to the Processing where consent was the lawful basis for Processing and there is no other lawful basis, provided that in such circumstances the Controller must comply with Article 22;
the Processing is unlawful or the Personal Data is required to be deleted to comply with Applicable Law to which the Controller is subject; or
the Data Subject objects to the Processing and there is no overriding legitimate grounds for the Controller to continue with the Processing.

The Controller is only required to comply with a request by a Data Subject to erase Personal Data where:

one of the conditions in Article 33(2) applies; and
subject to Article 33(4), the Controller is not required to retain the Personal Data in compliance with Applicable Law to which it is subject or for the establishment or defence of legal claims.

Where rectification or erasure of Personal Data is not feasible for technical reasons, then the Controller is not in violation of this Law for failing to comply with a request for rectification or erasure of the Personal Data, in accordance with Articles 33(1)(c), 33(2)(a) or Article 33(2)(d) as applicable, if:

the Controller collected the Personal Data from the Data Subject; and
the information provided to the Data Subject under Article 29(1)(h)(ix) was explicit, clear and prominent with respect to the manner of Processing the Personal Data and expressly stated that rectification or erasure (as the case may be) of the Personal Data at the request of the Data Subject would not be feasible.

Where a Data Subject suffers adverse effects as a result of the inability of a Controller to rectify Personal Data and where the need for rectification was not caused by the Data Subject's own provision of inaccurate data, the Controller shall provide all reasonable assistance to the Data Subject to enable the Data Subject to take steps to mitigate the adverse effects.
A Controller shall direct all recipients and Processors to rectify or erase Personal Data where the respective right is properly exercised or to cease Processing and return or erase the Personal Data where the right to object is validly exercised. In such circumstances, Article 22 applies to the erasure of the Personal Data by both the Controller and the Processor.
If a Data Subject request under Article 33(1) is particularly complex, or requests are numerous, the Controller may send notice to the Data Subject, within one (1) month, to increase the period for compliance by a further two (2) months citing the reasons for the delay.
Subject to Article 33(9), where requests from a Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either:

charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
refuse to act on the request, providing written confirmation to the Data Subject reasons for the refusal.

A Controller shall maintain a register of instances where it relies on Articles 33(7) or 33(8), setting out the reasons for relying on those articles.
The Commissioner may inspect the register in Article 33(9) and may at any time request additional information or conduct an investigation, to determine whether the use of the variation or exemption under Articles 33(7) or Article 33(8) was validly applied by the Controller. The Commissioner’s determination, after considering representations from all persons affected by the request, is final and conclusive, subject to a validly lodged appeal under Article 63(1).
A Controller that contravenes Article 33(1) by invalidly relying on either of Articles 33(7) or 33(8) shall be subject to the remedies, liabilities and sanctions set out in Part 9.
If a Controller has reasonable doubts as to the identity of a Data Subject asserting a right under this Article 33, it may require the Data Subject to provide additional information sufficient to confirm the individual’s identity. In such cases, the time period for complying with the Data Subject request does not begin until the Controller has received information or evidence sufficient to reasonably identify that the person making the request is the Data Subject.
Where a Controller complies with a request under Article 33(1)(b) it shall not disclose the Personal Data of other individuals in a way that may infringe their rights under Applicable Law and the Controller may redact or otherwise obscure Personal Data relating to such other individuals. Where the Data Subject's request is received by electronic means, and unless otherwise requested by the Data Subject, the information may be provided in a commonly used electronic form.
The information to be supplied pursuant to a request under this Article 33 must be supplied by reference to the data in question at the time the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request.
Without derogating from the requirements on DIFC Bodies as set out in Article 65(2), a Controller may restrict, wholly or partly, the provision of information to the Data Subject under Article 33(1) to the extent that and for so long as the restriction is, having regard to the fundamental rights and legitimate interests of the Data Subject, a necessary and proportionate measure to:

avoid obstructing an official or legal inquiry, investigation or procedure;
avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
protect public security;
protect national security; or
protect the rights of others.

Where the provision of information to a Data Subject under Article 33(1) is restricted in accordance with Article 33(15), a Controller must inform the Data Subject in writing without undue delay:

that the provision of information has been restricted;
of the reasons for the restriction;
of the Data Subject’s right to lodge a complaint with the Commissioner under Article 60; and
of the Data Subject’s right to apply to the Court under Article 63.

Article 33(16)(a) and (b) do not apply to the extent that complying with them would undermine the purpose of the restriction.

34. Right to object to Processing

A Data Subject has the right to:

object at any time on reasonable grounds relating to his particular situation to Processing of Personal Data relating to him where such Processing is carried out on the basis that:

it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in a Controller; or
it is necessary for the purposes of the legitimate interests, where applicable, of a Controller or of a Third Party; and

be informed before Personal Data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object to such disclosures or uses, subject to any provision of this Law that does not permit disclosure; and
where Personal Data is Processed for direct marketing purposes, object at any time to such Processing, including Profiling to the extent that it is related to such direct marketing.

Where there is a justified objection, Processing initiated by a Controller shall no longer include that Personal Data, and Article 22 shall apply with respect to such Personal Data. An objection under Article 34(1)(a) is deemed justified unless the Controller can demonstrate compelling grounds for such Processing that overrides the interests, rights of a Data Subject or that the circumstances in Article 34(3) apply.
If a Controller collected Personal Data from a Data Subject and the Controller can demonstrate that the information provided to the Data Subject under Article 29(1)(h)(ix) was explicit, clear and prominent with respect to the manner of Processing the Personal Data and expressly stated that it would not be possible to implement an objection to the Processing at the request of the Data Subject, then the Controller may continue Processing the Personal Data in the same manner, subject to this Law in all other respects.
A Controller shall, no later than its first communication to a Data Subject, explicitly bring to the attention of the Data Subject in clear language that is prominent and separate from other communications or information, the rights referred to in Article 34(1).

35. Right to restriction of Processing

Subject to Article 35(3), a Data Subject shall have the right to require a Controller to restrict Processing to the extent that any of the following circumstances apply:

the accuracy of the Personal Data is contested by the Data Subject, for a period allowing the Controller to verify the accuracy of the Personal Data;
the Processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of its use instead;
the Controller no longer needs the Personal Data for the purposes of the Processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
the Data Subject has objected to Processing pursuant to Article 34 pending verification of whether the legitimate grounds of the Controller override those of the Data Subject.

If a Controller lifts the period of restriction it shall inform the Data Subject in writing.
Where Article 35(1) applies, the only Processing that may continue to be conducted without the consent of the Data Subject is:

storage of the Personal Data concerned;
Processing of the Personal Data for the establishment, exercise or defence of legal claims;
Processing for the protection of the rights of another person; and
Processing for reasons of Substantial Public Interest.

36. Controller's obligation to notify

37. Right to data portability

A Data Subject shall have the right to receive Personal Data that he has provided to a Controller in a structured, commonly used and machine-readable format where the Processing is:

based on the Data Subject's consent or the performance of a contract; and
carried out by automated means.

The purpose of Article 37(1) is to enable ready portability between Controllers if so required by the Data Subject, and the Data Subject shall have the right to have the Personal Data transmitted directly from the Controller to whom the request is made to any other person, where technically feasible.
A Controller is not required to provide or transmit any Personal Data where doing so would infringe the rights of any other natural person.

38. Automated individual decision-making, including Profiling

A Data Subject shall have the right to object to any decision based solely on automated Processing, including Profiling, which produces legal consequences concerning him or other seriously impactful consequences and to require such decision to be reviewed manually.
Article 38(1) shall not apply if the decision is:

necessary for entering into, or performance of, a contract between a Data Subject and a Controller;
authorised by Applicable Law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject's rights; or
based on the Data Subject's explicit consent.

DIFC law concerning fraud, counter-terrorism, money laundering, and tax-evasion monitoring and prevention which requires Processing of Personal Data that produces legal consequences concerning a Data Subject is regarded as falling within Article 38(2)(b).
Article 38(2) does not apply if the Data Subject in question is a minor (by reference to the legal age of majority in the United Arab Emirates from time to time).
A Controller may only rely on Articles 38(2)(a) and 38(2)(c) if it has implemented suitable measures to safeguard a Data Subject's rights which includes, at least, the ability for the Processing to be reviewed manually.
Decisions affecting a Data Subject may not be based solely on the automated Processing, including Profiling, of Special Categories of Personal Data unless:

the Data Subject has given explicit consent to the Processing of those Personal Data for such specific purposes; or
the Processing is necessary for reasons of Substantial Public Interest, on the basis of Applicable Law, is proportionate to the aim pursued, respects the principles of data protection and provides for suitable measures to safeguard the rights and interests of the Data Subject.

39. Non-discrimination

A Controller may not discriminate against a Data Subject who exercises any rights under this Part 6, including by:

denying any goods or services to the Data Subject;
charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
providing a less favourable level or quality of goods or services to the Data Subject; or
suggesting that the Data Subject will receive a less favourable price or rate for goods or services or a less favourable level or quality of goods or services.

Nothing in this Article 39 prohibits a Controller from charging a Data Subject a different price or rate, or from providing a different level or quality of goods or services, if that difference is objectively and reasonably directly related to the value provided by the Data Subject’s data.
Notwithstanding Article 39(1), a Controller may offer financial or non-financial incentives for the Processing of Personal Data provided that:

the terms of the incentive are clearly communicated;
the process for receiving the benefit of the incentive is clearly communicated, is transparent and does not require material additional effort or expense on the part of the Data Subject;
the nature of the Processing involved is clearly communicated;
the Processing complies in all respects with this Law; and
it complies with Article 39(4).

A Data Subject shall have the right to withdraw without penalty from, and require the cessation of Processing carried out under, any incentive scheme at any time. Incentive schemes must not be coercive or unreasonable in nature with respect to the Processing of Personal Data, including where the incentive is based on probability or a competition where the chance of receiving the incentive is disproportionately low compared to the value of the Personal Data and the impact on the Data Subject’s rights.

40. Methods of exercising Data Subject rights

The full text of Data Protection Law DIFC Law No.5 of 2020 can be found here.

Barid Tech Ltd.

Company number: CL7956

Dubai, United Arab Emirates

Terms and Conditions

Last updated 29 April 2025

Terms and Conditions

If you have any questions or concerns about these Terms or the Application, please contact us at legal@barid.ae

1. ACCEPTANCE OF TERMS

2. DESCRIPTION OF SERVICE

3. ELIGIBILITY

3.1 By using the Application, you represent and warrant that you are at least 15 years old or have reached the age of majority in your jurisdiction, whichever is higher.

3.2 If you are using the Application on behalf of a company, organisation, or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms.

4. USER REGISTRATION AND ACCOUNT

5. DOCUMENT DELIVERY AND MANAGEMENT

6. FEES AND PAYMENT

7. INTELLECTUAL PROPERTY

8. THIRD-PARTY SERVICES AND LINKS

9. PRIVACY

9.1 Barid Tech Ltd respects your privacy and handles your personal information in accordance with its Privacy Policy, which is incorporated into these Terms by reference.

9.2 By using the Application, you consent to the collection, use, and disclosure of your personal information as described in the Privacy Policy.

10. DISCLAIMERS AND LIMITATION OF LIABILITY

10.2 Barid does not warrant that the Application will be uninterrupted, secure, or error-free, or that any defects will be corrected.

11. INDEMNIFICATION

12. TERMINATION

12.2 Upon termination or suspension of your access to the Application, your right to use the Application shall immediately cease.

13. GOVERNING LAW AND DISPUTE RESOLUTION

13.1 These Terms shall be governed by and construed in accordance with the laws of the Dubai International Financial Centre as issued and applicable in the Dubai International Financial Centre.

13.2 Any dispute arising out of or relating to these Terms or the use of the Application shall be subject to the exclusive jurisdiction of the Courts of the Dubai International Financial Centre.

13.3 Barid Tech complies with the Data Protection Law of the Dubai International Financial Centre relating to the processing of personal data.

14. MISCELLANEOUS

14.2 If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect.

14.3 Barid Tech Ltd’s failure to enforce any right or provision of these Terms shall not be deemed a waiver of such right or provision.

14.4 You may not assign or transfer these Terms or any rights or obligations hereunder without the prior written consent of Barid Tech Ltd.

14.5 Barid Tech Ltd may assign or transfer these Terms or any rights or obligations hereunder without your consent.

15. CHANGES TO TERMS AND CONDITIONS

16. KNOW YOUR RIGHTS

32. Right to withdraw consent

Where the basis for the Processing of Personal Data is consent under Article 10(a) or under Article 11(1)(a), the Data Subject may withdraw consent at any time by notifying the Controller in accordance with Article 12(5). Where a Controller has not complied with Article 12(5) a Data Subject may notify the Controller by any reasonable means.
The right to withdraw consent is an absolute right available to a Data Subject if the basis for the Processing of the Data Subject’s Personal Data is consent under Article 10(a) or Article 11(a).
Upon the exercise of a Data Subject's right to withdraw consent, a Controller must comply with Article 22 and must cease Processing the Personal Data as soon as reasonably practicable, and ensure that any Processors do the same.

33. Rights to access, rectification and erasure of Personal Data

Upon request, a Data Subject has the right to obtain from a Controller without charge and within one (1) month of the request:

confirmation in writing as to whether or not Personal Data relating to him is being Processed and information at least as to the purposes of the Processing, the categories of Personal Data concerned, and the recipients or categories of recipients to whom the Personal Data are disclosed;
a copy of the Personal Data undergoing Processing, provided in an appropriate format, including but not limited to electronic form or hard copy format, and of any available information as to its source, including up-to-date information corresponding with the information requirements set out in Articles 29 and 30; and
subject to Article 33(4), the rectification of Personal Data unless it is not technically feasible to do so.

Subject to Article 33(3), the Data Subject has the right to require the Controller to erase the Data Subject's Personal Data where:

the Processing of the Personal Data is no longer necessary in relation to the purposes for which it was collected;
a Data Subject has withdrawn consent to the Processing where consent was the lawful basis for Processing and there is no other lawful basis, provided that in such circumstances the Controller must comply with Article 22;
the Processing is unlawful or the Personal Data is required to be deleted to comply with Applicable Law to which the Controller is subject; or
the Data Subject objects to the Processing and there is no overriding legitimate grounds for the Controller to continue with the Processing.

The Controller is only required to comply with a request by a Data Subject to erase Personal Data where:

one of the conditions in Article 33(2) applies; and
subject to Article 33(4), the Controller is not required to retain the Personal Data in compliance with Applicable Law to which it is subject or for the establishment or defence of legal claims.

Where rectification or erasure of Personal Data is not feasible for technical reasons, then the Controller is not in violation of this Law for failing to comply with a request for rectification or erasure of the Personal Data, in accordance with Articles 33(1)(c), 33(2)(a) or Article 33(2)(d) as applicable, if:

the Controller collected the Personal Data from the Data Subject; and
the information provided to the Data Subject under Article 29(1)(h)(ix) was explicit, clear and prominent with respect to the manner of Processing the Personal Data and expressly stated that rectification or erasure (as the case may be) of the Personal Data at the request of the Data Subject would not be feasible.

Where a Data Subject suffers adverse effects as a result of the inability of a Controller to rectify Personal Data and where the need for rectification was not caused by the Data Subject's own provision of inaccurate data, the Controller shall provide all reasonable assistance to the Data Subject to enable the Data Subject to take steps to mitigate the adverse effects.
A Controller shall direct all recipients and Processors to rectify or erase Personal Data where the respective right is properly exercised or to cease Processing and return or erase the Personal Data where the right to object is validly exercised. In such circumstances, Article 22 applies to the erasure of the Personal Data by both the Controller and the Processor.
If a Data Subject request under Article 33(1) is particularly complex, or requests are numerous, the Controller may send notice to the Data Subject, within one (1) month, to increase the period for compliance by a further two (2) months citing the reasons for the delay.
Subject to Article 33(9), where requests from a Data Subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Controller may either:

charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
refuse to act on the request, providing written confirmation to the Data Subject reasons for the refusal.

A Controller shall maintain a register of instances where it relies on Articles 33(7) or 33(8), setting out the reasons for relying on those articles.
The Commissioner may inspect the register in Article 33(9) and may at any time request additional information or conduct an investigation, to determine whether the use of the variation or exemption under Articles 33(7) or Article 33(8) was validly applied by the Controller. The Commissioner’s determination, after considering representations from all persons affected by the request, is final and conclusive, subject to a validly lodged appeal under Article 63(1).
A Controller that contravenes Article 33(1) by invalidly relying on either of Articles 33(7) or 33(8) shall be subject to the remedies, liabilities and sanctions set out in Part 9.
If a Controller has reasonable doubts as to the identity of a Data Subject asserting a right under this Article 33, it may require the Data Subject to provide additional information sufficient to confirm the individual’s identity. In such cases, the time period for complying with the Data Subject request does not begin until the Controller has received information or evidence sufficient to reasonably identify that the person making the request is the Data Subject.
Where a Controller complies with a request under Article 33(1)(b) it shall not disclose the Personal Data of other individuals in a way that may infringe their rights under Applicable Law and the Controller may redact or otherwise obscure Personal Data relating to such other individuals. Where the Data Subject's request is received by electronic means, and unless otherwise requested by the Data Subject, the information may be provided in a commonly used electronic form.
The information to be supplied pursuant to a request under this Article 33 must be supplied by reference to the data in question at the time the request is received, except that it may take account of any amendment or deletion made between that time and the time when the information is supplied, being an amendment or deletion that would have been made regardless of the receipt of the request.
Without derogating from the requirements on DIFC Bodies as set out in Article 65(2), a Controller may restrict, wholly or partly, the provision of information to the Data Subject under Article 33(1) to the extent that and for so long as the restriction is, having regard to the fundamental rights and legitimate interests of the Data Subject, a necessary and proportionate measure to:

avoid obstructing an official or legal inquiry, investigation or procedure;
avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
protect public security;
protect national security; or
protect the rights of others.

Where the provision of information to a Data Subject under Article 33(1) is restricted in accordance with Article 33(15), a Controller must inform the Data Subject in writing without undue delay:

that the provision of information has been restricted;
of the reasons for the restriction;
of the Data Subject’s right to lodge a complaint with the Commissioner under Article 60; and
of the Data Subject’s right to apply to the Court under Article 63.

Article 33(16)(a) and (b) do not apply to the extent that complying with them would undermine the purpose of the restriction.

34. Right to object to Processing

A Data Subject has the right to:

object at any time on reasonable grounds relating to his particular situation to Processing of Personal Data relating to him where such Processing is carried out on the basis that:

it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in a Controller; or
it is necessary for the purposes of the legitimate interests, where applicable, of a Controller or of a Third Party; and

be informed before Personal Data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object to such disclosures or uses, subject to any provision of this Law that does not permit disclosure; and
where Personal Data is Processed for direct marketing purposes, object at any time to such Processing, including Profiling to the extent that it is related to such direct marketing.

Where there is a justified objection, Processing initiated by a Controller shall no longer include that Personal Data, and Article 22 shall apply with respect to such Personal Data. An objection under Article 34(1)(a) is deemed justified unless the Controller can demonstrate compelling grounds for such Processing that overrides the interests, rights of a Data Subject or that the circumstances in Article 34(3) apply.
If a Controller collected Personal Data from a Data Subject and the Controller can demonstrate that the information provided to the Data Subject under Article 29(1)(h)(ix) was explicit, clear and prominent with respect to the manner of Processing the Personal Data and expressly stated that it would not be possible to implement an objection to the Processing at the request of the Data Subject, then the Controller may continue Processing the Personal Data in the same manner, subject to this Law in all other respects.
A Controller shall, no later than its first communication to a Data Subject, explicitly bring to the attention of the Data Subject in clear language that is prominent and separate from other communications or information, the rights referred to in Article 34(1).

35. Right to restriction of Processing

Subject to Article 35(3), a Data Subject shall have the right to require a Controller to restrict Processing to the extent that any of the following circumstances apply:

the accuracy of the Personal Data is contested by the Data Subject, for a period allowing the Controller to verify the accuracy of the Personal Data;
the Processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests the restriction of its use instead;
the Controller no longer needs the Personal Data for the purposes of the Processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
the Data Subject has objected to Processing pursuant to Article 34 pending verification of whether the legitimate grounds of the Controller override those of the Data Subject.

If a Controller lifts the period of restriction it shall inform the Data Subject in writing.
Where Article 35(1) applies, the only Processing that may continue to be conducted without the consent of the Data Subject is:

storage of the Personal Data concerned;
Processing of the Personal Data for the establishment, exercise or defence of legal claims;
Processing for the protection of the rights of another person; and
Processing for reasons of Substantial Public Interest.

36. Controller's obligation to notify

37. Right to data portability

A Data Subject shall have the right to receive Personal Data that he has provided to a Controller in a structured, commonly used and machine-readable format where the Processing is:

based on the Data Subject's consent or the performance of a contract; and
carried out by automated means.

The purpose of Article 37(1) is to enable ready portability between Controllers if so required by the Data Subject, and the Data Subject shall have the right to have the Personal Data transmitted directly from the Controller to whom the request is made to any other person, where technically feasible.
A Controller is not required to provide or transmit any Personal Data where doing so would infringe the rights of any other natural person.

38. Automated individual decision-making, including Profiling

A Data Subject shall have the right to object to any decision based solely on automated Processing, including Profiling, which produces legal consequences concerning him or other seriously impactful consequences and to require such decision to be reviewed manually.
Article 38(1) shall not apply if the decision is:

necessary for entering into, or performance of, a contract between a Data Subject and a Controller;
authorised by Applicable Law to which the Controller is subject and which also lays down suitable measures to safeguard the Data Subject's rights; or
based on the Data Subject's explicit consent.

DIFC law concerning fraud, counter-terrorism, money laundering, and tax-evasion monitoring and prevention which requires Processing of Personal Data that produces legal consequences concerning a Data Subject is regarded as falling within Article 38(2)(b).
Article 38(2) does not apply if the Data Subject in question is a minor (by reference to the legal age of majority in the United Arab Emirates from time to time).
A Controller may only rely on Articles 38(2)(a) and 38(2)(c) if it has implemented suitable measures to safeguard a Data Subject's rights which includes, at least, the ability for the Processing to be reviewed manually.
Decisions affecting a Data Subject may not be based solely on the automated Processing, including Profiling, of Special Categories of Personal Data unless:

the Data Subject has given explicit consent to the Processing of those Personal Data for such specific purposes; or
the Processing is necessary for reasons of Substantial Public Interest, on the basis of Applicable Law, is proportionate to the aim pursued, respects the principles of data protection and provides for suitable measures to safeguard the rights and interests of the Data Subject.

39. Non-discrimination

A Controller may not discriminate against a Data Subject who exercises any rights under this Part 6, including by:

denying any goods or services to the Data Subject;
charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
providing a less favourable level or quality of goods or services to the Data Subject; or
suggesting that the Data Subject will receive a less favourable price or rate for goods or services or a less favourable level or quality of goods or services.

Nothing in this Article 39 prohibits a Controller from charging a Data Subject a different price or rate, or from providing a different level or quality of goods or services, if that difference is objectively and reasonably directly related to the value provided by the Data Subject’s data.
Notwithstanding Article 39(1), a Controller may offer financial or non-financial incentives for the Processing of Personal Data provided that:

the terms of the incentive are clearly communicated;
the process for receiving the benefit of the incentive is clearly communicated, is transparent and does not require material additional effort or expense on the part of the Data Subject;
the nature of the Processing involved is clearly communicated;
the Processing complies in all respects with this Law; and
it complies with Article 39(4).

A Data Subject shall have the right to withdraw without penalty from, and require the cessation of Processing carried out under, any incentive scheme at any time. Incentive schemes must not be coercive or unreasonable in nature with respect to the Processing of Personal Data, including where the incentive is based on probability or a competition where the chance of receiving the incentive is disproportionately low compared to the value of the Personal Data and the impact on the Data Subject’s rights.

40. Methods of exercising Data Subject rights

The full text of Data Protection Law DIFC Law No.5 of 2020 can be found here.

Barid Tech Ltd.

Company number: CL7956

Dubai, United Arab Emirates

Terms and Conditions