MOC26 — Motor, Outdoor, Camping

Legal

Data Protection Policy

This policy explains the safeguards JBCM Events LLC applies to personal data we process in connection with MOC26, in line with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations.

Last updated: 29 May 2026

1. Scope

This policy applies to all personal data processed by JBCM Events LLC ("we", "us") through the MOC26 website, registration and enquiry forms, accreditation systems, on-site operations and any third-party processors acting on our behalf.

2. Principles

We process personal data in accordance with the PDPL principles:

  • Lawfulness, fairness and transparency — we tell you what we collect and why.
  • Purpose limitation — data is collected for specified, explicit and legitimate purposes.
  • Data minimisation — we collect only what is necessary.
  • Accuracy — we take reasonable steps to keep data accurate and up to date.
  • Storage limitation — data is kept only as long as needed.
  • Integrity and confidentiality — data is protected against unauthorised access, loss or damage.
  • Accountability — we maintain records of processing and can demonstrate compliance.

3. Technical safeguards

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Personal data at rest is stored in encrypted databases hosted on infrastructure that complies with recognised international security standards.
  • Access to administrative systems requires authenticated sign-in and is restricted by role-based access controls.
  • Inputs to public forms are validated and sanitised on both client and server to prevent injection and cross-site scripting.
  • Audit logs record administrative access to personal data, sent communications and bulk email campaigns.
  • Email broadcasts are sanitised server-side before storage and before delivery.

4. Organisational safeguards

  • Staff and contractors with access to personal data are bound by written confidentiality obligations.
  • Access is granted on a least-privilege basis and reviewed periodically.
  • Third-party processors are appointed only under written data processing terms requiring equivalent safeguards.

5. Retention

  • Enquiry records: up to 24 months from submission, then deleted or anonymised.
  • Marketing contacts: retained until the contact unsubscribes or requests deletion.
  • Sent email logs: retained for 12 months for deliverability, compliance and dispute resolution.
  • Suppressed (unsubscribed or bounced) email addresses: retained indefinitely to ensure we do not contact you again.
  • Accounting and tax records: retained for the period required by UAE law.

6. Data subject requests

You may exercise any of your rights under the PDPL — access, correction, erasure, restriction, objection, portability or withdrawal of consent — by emailing privacy@moc-festival.com. We will respond within 30 calendar days, and may extend this period as permitted by the PDPL where a request is complex.

7. Personal data breach response

In the event of a personal data breach that is likely to result in a risk to the rights of data subjects, we will:

  • Notify the UAE Data Office without undue delay, and in any event in accordance with the timeframes set out in the PDPL.
  • Inform affected data subjects where the breach is likely to result in a high risk to their rights.
  • Document the facts of the breach, its effects and the remedial action taken.

8. International transfers

Where personal data is transferred outside the UAE, we rely on the adequacy mechanisms or appropriate safeguards permitted by Articles 22 and 23 of the PDPL.

9. Children

MOC26 is a family event. Where personal data relating to a child is collected (for example, on-site activity sign-ups), it is collected from and with the consent of the parent or legal guardian.

10. Contact

Data protection enquiries: privacy@moc-festival.com. See also our Privacy Policy and contact page.