Data Protection and GDPR Compliance Policy

Explicit Consent for Data Processing

This policy is rooted in the principle of explicit consent for the processing of personal data. By opting to utilise the services provided by Bullo, users unequivocally acknowledge and provide their consent for the processing of their personal data, strictly adhering to the stipulations detailed within this policy. It is fundamentally understood that the ability to access and make use of our services is inherently conditional upon such consent. To ensure clarity and transparency, explicit consent involves a clear affirmative action or indication of agreement to the processing of personal data. It is not to be inferred from silence, pre-ticked boxes, or inactivity.

Data Processing Details

We engage in the processing of personal data that is furnished at the time of registration. This encompasses an array of information including, but not limited to, names, contact details, and other personal identifiers. The processing of this data is pivotal for the provision of our services, facilitating effective communication, and tailoring user experience. The specifics of the processing activities, including the nature of the data being processed, the purpose of the processing, and the legal basis for the processing, are thoroughly documented and regularly reviewed to ensure ongoing compliance with applicable legal and regulatory requirements.

Right to Withdraw Consent

Users retain the unassailable right to withdraw their consent regarding data processing at any given time. This can be enacted by submitting a formal withdrawal request to Upon receipt of such a request, Bullo will cease the processing of the user's personal data for the purposes to which the consent was originally granted, unless there is another legal ground for the processing. The implications of withdrawing consent will be clearly communicated to the user, ensuring that they are fully informed about the potential consequences of their decision.

Data Subject Rights Information

In strict adherence to the GDPR, users are endowed with a suite of rights pertaining to their personal data. These rights encompass the ability to access, rectify, erase, or object to the processing of their personal data. Moreover, users have the right to data portability, the right to restrict processing, and the right to be informed about any automated decision-making or profiling based on their data. Requests to exercise these rights can be directed to, where they will be addressed with utmost diligence and in compliance with the stipulated time frames.

Data Protection Officer Contact

For any inquiries directly related to data protection or privacy concerns, users are encouraged to reach out to our Data Protection Officer (DPO) or the designated team at The DPO is tasked with overseeing compliance with data protection laws, acting as a point of contact for data subjects and supervisory authorities, and providing guidance on data protection impact assessments and other related matters.

Data Retention Policy

Personal data is retained exclusively for the duration that is deemed necessary for fulfilling the purposes for which the data was initially collected, or for as long as is mandated by law, in strict accordance with GDPR regulations. Our data retention policies and procedures are designed to ensure that personal data is not kept longer than necessary, taking into account the legal, regulatory, and operational requirements.

Third-Party Data Sharing and Cross-Border Data Transfers

Our operations involve collaboration with various partners within the Bullo Platform, such as third-party liquidity providers, including those located in the United Arab Emirates and the European Union. In certain instances, data may be transferred across borders to other regions and jurisdictions to bolster our services. Such activities are conducted in full compliance with GDPR standards, ensuring that appropriate safeguards, such as standard contractual clauses or adequacy decisions, are in place to secure and protect personal information during such transfers.

CRM Integration

To enhance the efficiency and quality of our interactions with users, personal data is meticulously integrated into a leading Customer Relationship Management (CRM) system. This integration is governed by stringent data protection protocols, ensuring that the data is handled and processed in a manner that upholds the principles of data protection by design and data protection by default.

Privacy Policy Accessibility

Our comprehensive data handling practices are elaborately detailed in our Privacy Policy, which is readily accessible at Users are encouraged to review this document to gain a profound understanding of how their personal data is managed, the measures in place to protect their data, and the ways in which they can exercise their rights under the GDPR.

Complaint Procedure

Users who are served by our UAE entity of the Bullo Platform Ecosystem are entitled to lodge a complaint with the UAE Data Office, instituted under Federal Decree-Law No. 44/2021, should they believe that their data protection rights have been infringed. This complaint procedure is in place to ensure that users have a formal and structured avenue to address and resolve any concerns or grievances related to data processing activities.

This policy articulates Bullo's unwavering commitment to upholding the highest standards in data protection and compliance with GDPR. We deeply value the trust our users place in us and are resolutely committed to ensuring the security, confidentiality, and integrity of your data.

For further clarification or any inquiries regarding this policy, please feel free to reach out to our Bullo Compliance Team at

Bullo Compliance Team