Privacy Policy & GDPR

Timbl FZ-LLC, Commercial Licence number 98085, registered at Premises HD54B, In5 Tech, Dubai, UAE (“Timbl”, “we”, “us”, “our”) is committed to the highest standards of privacy and data protection compliance.

If you are a resident of the European Union, you are protected by and enjoy rights under the European Union’s General Data Protection Regulation 2016/679 (“GDPR”).

This privacy policy applies to personal information which is collected and/or used by Timbl in its capacity as a data controller and/or data processor as defined in the GDPR. Irrespective of your residency status, if Timbl uses your personally identifiable information (“PII”) then you have important rights which you can exercise, depending on how and why Timbl uses your information. If you have any questions about how we interact with your personal information, please contact

This Privacy Policy sets out how and why we collect, store, use, transfer and disclose information and how you may access your personal information and correct it. This Privacy Policy also explains the use of cookies on our mobile application, web services, and platforms known as ‘Timbl’, any other linked and related network, ecosystem, pages, content, features, products, and tools offered by us via any kind of digital platform (“Platform(s)”) For the purposes of the GPDR, the relevant legal entity is Timbl FZ-LLC and our nominated Data Protection Officer can be reached at (please include ‘Personal Data’ in the email subject).

Where do we collect information from?

We collect information, both general and personal, in a number of ways, as detailed in this Privacy Policy, which is derived from or accessed by three key groups:

  1. Consumers are individuals, chiefly those using the Platforms but may also comprise other categories such as event guests and job applicants. Timbl collects information including PII, demographics, web analytics, app analytics, and transactions.
  2. Merchants are using an app or a web site to view the Timbl Insights Platform (“TIP”), which runs on the Platforms, or to download data. Timbl collects merchants’ information such as outlet details, menus, consumer check-ins and consumer transactions. PII data may be included, depending on the End User Licence Agreement (EULA) in play during the capture of this data.
  3. Clients are accessing data relating to consumer behaviour across a range of merchants. PII data will never be included.

In the case of PII, we collect information only insofar as it is and remains necessary to fulfil the purpose of your interaction with us. We do not use or disclose PII other than as described in this Privacy Policy.

You may refuse to provide us with PII, and you may object to our collection of information, however this may impact your ability to use or benefit from our Platform, and our ability to provide you with support or assistance. You must not provide us with the personal information about another person unless you have first obtained that person’s prior consent to do so and you have told them their personal information will be handled in accordance with this Privacy Policy (including where to find it).

Timbl as a data controller

Timbl is a data controller in that it determines the purposes for which, and the way in which, personal data is collected and processed.

Use of the Platform requires acceptance of an end-user licence agreement (“EULA”) and any PII collected via these apps is governed as described within these EULAs.

In respect of personal information collected via this website and other web sites running on the Platform, your continued use of these websites constitutes your understanding of, and your agreement to, the practices described in this privacy policy and elsewhere on the websites as well as any subsequent updates.

Timbl as a data processor

Timbl may also be a data processor in that it deals with personal data provided by, and as instructed by, a data controller (e.g. a merchant) for specific purposes. In such cases, data is provided to us in strict confidence and subject to restrictive undertakings on its use and disclosure.

When do we collect data?

We collect information about you when you:

  • Use the website or app, or other aspect of the Platform
  • Use the Timbl Insights Platform (TIP)
  • Contact Timbl, whether or not you engage with Timbl for business purposes
  • Receive Timbl services
  • Apply for a job at Timbl
  • Visit the Timbl offices
  • Attend an event hosted or sponsored by Timbl
Why do we collect data?

Timbl is in the business of collecting data in order to make informed decisions for ourselves and on behalf of our merchants and clients.

For example, Timbl helps large organisations to understand market trends and make informed predictions on F&B consumption by certain demographic segments in specific markets at specific times.

Similarly, Timbl helps merchants to understand their customers and provide them with relevant and personalised experiences.

Timbl also uses data to analyse and improve how it delivers its services to each of its customer groups, to contact customers or prospective customers and to market to them.

Timbl may generate revenue – directly or indirectly – from the data it collects but will never disclose or share PII data beyond the bounds of any EULA that was in play during the capture of this data.

What information do we collect?

When you use our Platform, including any mobile applications (apps), you provide us with PII that may include your name, email address, phone number, and location.

For example, you may provide us with an email address to receive marketing material or updates about our services, a phone number so that we provide you with a one-time password (“OTP”) , or your name and payment information when you purchase a product or service.

While you use our Platforms, we collect general information of the sort that web browsers, servers and network operators typically make available, such as unique identifiers (e.g. persistent cookies, MAC addresses, device IDs, IMEI numbers), browser type and settings, location data, device type and settings, operating system, IP address, mobile network information including operator name and phone number and application version number, language preferences, crash reports, system activity, and the date, time and referral URL of each visitor request. This information helps us troubleshoot problems, understand how visitors use our Platforms, allocate and balance resources, and improve our products and services.

Some of this information could be personally-identifiable (that is they could be used to directly or indirectly identify you as an individual and natural person)—information like IP addresses, phone numbers, and unique identifiers. We treat such information in the same way that we treat all other personal information (such as your name), and will only use and disclose such personal information as described in this Privacy Policy.

As you use our Platform, we collect information about how you interact with our platform and how you use our services (your activity), such as the links that you click, content that you view, terms, products, and services that you search for, products that you buy, people you communicate or share information with, and how you interact with advertisements. We collect information about your activity to understand how you use and interact with our Platforms, and our partners’ products and services. This helps us and our partners to understand customer preferences, optimise our Platforms, allocate and balance resources, and improve our products and services.

How do we use information?

We collect information to enable you to receive the benefit of our Platforms and for our partners to optimise their service offerings.

Subject to this Privacy Policy and your data preferences, we may use the information we collect for some or all of the following purposes:

  • carry out our obligations and to provide you with agreed products and services;
  • establish, maintain and administer your access to our Platforms;
  • maintain, troubleshoot, and improve our Platforms;
  • develop new products and services;
  • if your preferences permit, to provide you with recommendations and personalised products and services;
  • measure performance of our Platforms;
  • secure and protect you, us, our Platforms;
  • meeting our legal, regulatory, and tax reporting obligations;
  • communicate with you about our Platforms, such as to notify of changes and updates, alert you to data or security breaches, and to provide you with customer support;
  • with your explicit consent, to create or distribute promotional and marketing material that is relevant to you;
  • for quality assurance and training purposes;
  • in the case of non-personally identifiable information only—or personal information only with your explicit consent—to promote and market ourselves, our products and services, and our websites (including any social media pages maintained or operated by us such as Facebook, Instagram, Snapchat, Twitter, YouTube etc); and
  • any other uses identified to you at the time of collecting your personal information or as reasonably contemplated by this Privacy Policy and our EULA, (“Purposes”).

Where the use of personal or PII is not necessary for any of the Purposes we will process PII using an automated process in such a way as to render it non-personally identifiable before use (pseudonymisation).

When we share your personal information with others, we will only do so via the Timbl Insights Platform which is secure and only available to Merchants who have agreed to our Venue Services Agreement.

PII we collect stays within the Timbl family, other than in the following circumstances:

  • when you give us explicit consent to share your data;
  • when we share it with our affiliates, partners, and other trusted organisations we work with;
  • when we share it with trusted external service providers and data processors such as data centres, web hosts, cloud storage and cloud software providers, customer support providers, payment processors, debt collectors, accountants, and insurers;
  • when we share it with prospective sellers or buyers of our business or assets; or
  • when we share it with regulators and other relevant parties for the purpose of legal or contractual compliance, reporting purposes, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or the rights of third parties or the public at large.

Timbl may also automatically collect personal information (through the use of Cookies or similar technologies, including your IP address, device identifier, browsing patterns on its websites, click stream data, and HTP protocol elements) to ensure the effective operation of our website or in order to align the presentation of our products or services more closely to your requirements (for example, processing information about your broad geographic location to serve you with a local version of this website). This tracking information is stored in an anonymous, aggregated and non-personal format, and is also used to understand and analyze trends, to administer the websites, and to learn about user behavior on the websites.

When you use the Timbl app – or any other app running on the Timbl platform – we collect information about your location and what you are doing within the app, including all details of any transactions. In certain instances, Timbl may use IP addresses to help identify you when Timbl feels, in its sole discretion, that it is necessary to enforce compliance with this Privacy Policy, to protect its services, websites, systems, information, employees, business partners, subsidiaries, affiliates, users, customers or others, or when required by law or for law enforcement purposes.

Personal information by category Do we collect this? Do we disclose this for business purposes? Do we sell this?
Personally Identifiable Information (PII): such as real name, alias, unique personal identifier, online identifier, gender, date of birth, Internet Protocol (IP) address, email address, or other similar identifiers. YES NO NO
Customer records: such as paper and electronic customer records containing personal information, such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. NO NO NO
Protected classifications: such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information. NO NO NO
Purchase history & tendencies: such as commercial information, including transaction records of products or services purchased in participating merchant outlets, or other purchasing or consuming histories or tendencies, excluding any PII data. YES YES YES
Biometric information: such as physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. NO NO NO
Usage data: such as internet or other electronic network activity information, including, but not limited to, your precise geographical location (based on your device), browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement, excluding any PII data. YES YES YES
Audio visual: such as audio, electronic, visual, thermal, olfactory, or similar information. NO NO NO
Employment history: such as professional or employment-related information. NO NO NO
Profiles & inferences: such as inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes, excluding any PII data. YES YES YES
How long we hold PII

Timbl retains your personal information for the period of time required for the purposes for which it was collected, any compatible purposes which we subsequently establish, or any new purposes to which you subsequently consent, or to comply with legal, regulatory and Timbl policy requirements.

Your right of access

You may access and review any personal information we hold about you. On your specific request we will be able to, as soon as reasonably possible, provide you with some or all of (as requested) the following information, where available:

  • personal data about you that is in our possession or under our control and the source of such data;
  • the ways in which your personal data has been or may have been used or processed by us, including the logic behind any automated decisions (if applicable), during the two years preceding the date of the request;
  • the ways in which your personal data has been or may have been disclosed by us, and information on to whom or to which categories of recipients such data has been disclosed, during the two years preceding the date of the request;
  • how long we expect to hold on to your data, or if specific information is not available, the criteria we use to determine such a time period; and
  • the purpose of any use, processing, or disclosure.

However, we reserve the right not to provide you with your personal data or other related information if providing it could reasonably be expected to:

  • threaten the safety or physical or mental health of another individual;
  • cause immediate or grave harm to your safety, physical or mental health;
  • reveal personal data about another individual;
  • reveal the identity of an individual who has provided personal data about another individual and the individual providing the personal data does not consent to the disclosure of his identity; or
  • be contrary to national and public security, defence needs, or the national interest (including important economic, financial, monetary, budgetary and taxation matters).

If you wish to exercise your right of access, you should contact us at and we will respond to your request within 4 business days of the request being made. We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request.

We do not typically charge a fee for reasonable requests for access to your personal information. However, we may charge a reasonable fee, which will be notified to you before we move forward with the request, for time and cost in the following circumstances:

  • if an extended amount of time is required to collate and prepare material for you; and
  • if you wish to receive and we are able to provide hard copies or physical media (i.e. CDs, USB drives or other storage media).
Your right to rectification and erasure

Please contact us at as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete, up-to-date, no longer necessary for the purpose for which it was collected or processed, or lacks a valid legal ground for processing so that we can update your file accordingly.

Depending on the circumstance we may change, erase, or block from use any inaccurate, incomplete, or outdated information. We may require documentary proof or evidence for certain requests.

We will process any legitimate requests to correct inaccurate data as soon as practicable, and incomplete data within a reasonable time frame, and send the update personal data to other organisations to which the data was disclosed during the year preceding the date of the correction, unless it is impossible, involves disproportionate effort, the other organisations no longer require the corrected personal data for any legal or business purpose, or you otherwise agree that we do not need to resend the corrected information to any other organisation.

Right to object to the collection of personal data due to your personal situation

You may object to collection of specific personal data on limited grounds due to your personal situation. Please contact us at if you wish to make such a request, along with details of your personal situation and your reasons for objection. We will respond to all requests within a reasonable time frame. If we disallow your objection, we will inform you of our reasons for doing so.


We take all reasonable steps within our control to ensure that the personal information we hold about you is accurate.

We also take reasonable steps to ensure that the information is complete and up-to-date. However, we also rely on you to advise us of any changes to your personal information.

Protection of personal data

We take seriously the security of your data and will aim to take all steps that may be necessary to ensure that your personal information is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Although we aim to create a safe and secure environment by trying to limit access to the Platforms to legitimate users, we obviously cannot provide any guarantees that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal information.

We will inform you without undue delay unless the risk to your individual rights and freedoms is low—such as if the compromised data was well encrypted.

Please contact us at immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.

Retention of personal data

We will cease to retain documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the Purpose for which that personal data was collected or further processed is no longer being served by retention of the personal data.

Data transfers

Your information may be processed outside of the country where you live. Regardless of where we use, process, or store your data, we will comply with the protections set out in this Privacy Policy.


To make certain of our Platforms work properly, we sometimes place small data files called cookies on your device. Most well-known websites do this too.

A cookie is a small text file that a website stores on a visitor’s computer, and that the visitor’s browser provides tothe website each time the visitor returns. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences), so you don’t have to keep re-entering them whenever you come back to the Platforms or browse from one page to another.

Our Platforms use cookies to help us identify you from other users, track your usage of our Platforms, and your website access preferences. We do or may use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our Platforms. They include, for example, cookies that enable you to log into secure areas of our Platforms, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Platforms when they are using them. This helps us to improve the way our Platforms work, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our Platforms. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our Platforms, the pages you have visited and the links you have followed. We will use this information to make our Platforms and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You can control and/or delete cookies as you wish—for details, see You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our Platforms and some services and functionalities may not work.

You can easily accept or reject the cookies on our Platforms.

Business transfer

If we, or substantially all of our assets, were acquired, or in the event that we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge and agree that if such transfers occur, that any acquirer of our business may continue to use your personal information as set forth in this Privacy Policy.

Use of personal information for direct marketing

From time to time we may use the personal information we collect from you to identify particular products and services that we believe may be of interest to you.

We may then contact you to let you know about these products and services, new features and how they may benefit you, solicit your feedback, or just keep you up to date with what’s going on with us and our products and services and/or products

Direct marketing from us generally takes the form of an electronic marketing email. Where we use your personal information to send you marketing information by email, SMS, MMS or other electronic means we may do so with your express or deemed consent. Every directly addressed marketing contact sent or made by us will include a means by which you may unsubscribe (or opt out) of receiving further marketing information.

Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us. You can contact us at to make a request.

Links to third party websites

Our Platforms may contain links to and from third party websites.

If you click on such links, you do so at your own risk and subject to whatever privacy policy and/or website terms may govern the use of such websites. We have no control over, and are not responsible, nor liable for, the content, privacy practices or website terms of such websites or any information you provide to them.

You should read the privacy policy of these third parties to find out how they handle your personal information when you visit their websites.

Privacy complaints

If you believe that we have breached your privacy rights in any way, or you would like to discuss any issues about our Privacy Policy please contact us at All such enquiries or complaints will be taken seriously and will be handled as soon as reasonably practicable and/or make improvements to our systems and processes.

Privacy Policy changes

We may change our Privacy Policy from time to time, and in our sole discretion. We encourage you to frequently check our Platforms for any changes to our Privacy Policy. We will not reduce or diminish your rights under this Privacy Policy without your explicit consent. If any changes do not reduce or diminish your rights, your continued use of our Platforms, services, requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after any change in this Privacy Policy will constitute your acceptance of such change. If we make significant changes to this Privacy Policy, we will provide a more prominent notice of the changes, such as by emailing you.