Privacy Policy for the “nuu one” Website

Effective: April 2, 2026

1. Data Controller

The entity responsible for data processing on this website is:

ELAR FZ-LLC

Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates

License No.: 47015928

Represented by: Elizaveta Benet and Armine Sarkisyan

Email: [email protected]

Data Protection Officer:

Currently not appointed. If the appointment of a Data Protection Officer is required by law, one will be appointed and published here.

EU Representative pursuant to Art. 27 GDPR (if required):

Not yet appointed. If the appointment of an EU representative is required, it will be appointed and published here.

2. General Information About the Website

(1) This website primarily serves to provide information about the “nuu one” mobile app and to redirect users to download/offer pages (e.g., Apple App Store/Google Play).

(2) As of now, we do not use any analytics or marketing tracking tools on the website.

3. Data Processing When Accessing the Website (Server Log Files)

(1) When you access the website, data transmitted by your browser to our server is processed for technical reasons, specifically:

- IP address,

- Date and time of access,

- Page/file accessed,

- Referrer URL,

- Information about the browser, operating system, and device.

(2) Purposes: Delivery of the website, ensuring stability and security (e.g., defense against attacks), error analysis.

(3) Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and functional operation of the website).

(4) The provision of the aforementioned data is technically necessary for the use of the website. Without this data, the website cannot be delivered.

(5) Retention period: 15 days. Data will only be stored for a longer period if this is necessary to investigate security incidents or to assert, exercise, or defend legal claims.

(6) Access authorization: Only administrators have access to log data; developers receive access—where necessary—via internal server access points.

4. Hosting, Infrastructure, Content Delivery Network (CDN)

(1) We use service providers for hosting, infrastructure, and the delivery/security of the website. As of the current status, these include in particular:

- Amazon Web Services (AWS),

- Google Firebase,

- Cloudflare (CDN/security services).

(2) These service providers may receive access to technical access data within the scope of data processing, to the extent necessary for the provision, maintenance, and security of the website.

(3) Transfers to third countries: Depending on the technical setup, data may be processed in countries outside the European Economic Area (e.g., through the use of global infrastructures) .

In such cases, we ensure—where necessary—appropriate safeguards in accordance with Chapter V of the GDPR (e.g., adequacy decision, EU Standard Contractual Clauses, and supplementary measures).

Information on how to obtain a copy of the appropriate safeguards is available upon request at [email protected].

5. Cookies and Similar Technologies

(1) As of now, we do not use marketing or analytics cookies.

(2) However, technically necessary cookies or comparable technologies (e.g., local storage) may be used, in particular:

- Security functions (e.g., defense against automated access/attacks; Cloudflare),

- Storage of language/locale selection.

(3) Legal basis for storage/retrieval on your device: Section 25(2) TDDDG, provided that the storage/access is strictly necessary to provide a digital service (the website) that you have expressly requested.

(4) To the extent that personal data is processed in connection with technically necessary cookies, this is done on the basis of Art. 6(1)(f) GDPR (legitimate interest in secure and functional operation) or Art. 6(1)(b) GDPR, insofar as the processing is necessary for the provision of the function you have requested.

6. Contacting Us

(1) When you contact us via email, we process the data you provide (e.g., email address, name, content of the message) to handle your inquiry.

(2) Legal basis: Article 6(1)(f) of the GDPR (legitimate interest in processing inquiries) or Article 6(1)(b) of the GDPR, provided the inquiry serves pre-contractual measures or contract fulfillment.

(3) Retention period: until the matter is fully resolved; beyond that, only if legal obligations exist or if necessary for legal defense.

7. Redirects to third-party providers (e.g., app stores)

If you are redirected to a third-party provider via a link on this website (e.g., Apple App Store, Google Play), the respective provider processes data under its own responsibility. The privacy policies of the respective provider apply.

8. Recipients

Depending on the specific technical configuration, recipients of data may include, in particular, our processors (hosting/infrastructure/CDN) as well as IT service providers in the areas of operation and maintenance.

9. Your Rights

Subject to the statutory requirements, you have the following rights in particular:

- Right of access (Art. 15 GDPR),

- Right to rectification (Art. 16 GDPR),

- Right to erasure (Art. 17 GDPR),

- Right to restriction of processing (Art. 18 GDPR),

- Data portability (Art. 20 GDPR),

- Objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

10. Automated Decision-Making/Profiling

Automated decision-making, including profiling as defined in Art. 22 GDPR, does not take place.

11. Data Security

We take appropriate technical and organizational measures to protect your data against loss, misuse, unauthorized access, and manipulation.

12. Changes to this Privacy Policy

We may update this Privacy Policy as necessary (e.g., in the event of changes to the website or legal requirements). The current version is available on the website.