← Back to Home

Privacy Policy

Effective date: May 8, 2026
Last updated: May 8, 2026

1. Who we are

This Privacy Policy describes how MBR Making Better Rides ("MBR", "we", "our", or "us") collects, uses, shares, and protects personal data when you visit mbrme.com, contact us by phone, WhatsApp, email, or social media, or use our automotive services in Dubai, United Arab Emirates.

MBR is the data controller for the personal data described in this policy. We process personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL"), and, where applicable, the General Data Protection Regulation (EU 2016/679, the "GDPR") for visitors located in the European Economic Area or the United Kingdom.

2. Personal data we collect

2.1 Information you give us directly

We collect information you choose to provide when you contact us, request a quote, book a service, message us on WhatsApp, Instagram, Facebook, or email, or interact with the live-chat widget on our website. This typically includes:

  • Your name and how you prefer to be addressed
  • Phone number, WhatsApp number, and email address
  • Vehicle information (make, model, year, registration plate, VIN, mileage)
  • Description of the issue or service you are requesting
  • Photos, videos, voice notes, or documents you send us
  • Payment-related information you share to complete a transaction
  • Any other information you choose to share in your messages

2.2 Information collected automatically

When you visit our website we automatically collect limited technical information: IP address, browser type and version, operating system, referring page, time zone, language preference, pages viewed, and timestamps. This information is collected through cookies and similar technologies. See our Cookie Policy for details and your choices.

2.3 Information from messaging platforms

When you contact us through WhatsApp, Instagram, or Facebook, the platform shares with us information you have made available to it for business messaging: typically your display name, profile picture, the phone number or account ID you are messaging from, message content, and delivery metadata. We use the WhatsApp Business Platform (operated by Meta Platforms Ireland Limited) to receive and reply to WhatsApp messages. Your messages are encrypted in transit by Meta and delivered to our self-hosted contact platform. See Section 4.

2.4 Information generated by your service visit

When we service your vehicle we record information about the work performed: date and time, vehicle details, technician notes, parts and labour, photographs and videos taken at intake or during the work, inspection findings, quotes, approvals, invoices, and payment records. This information is stored in our garage management system (AutoRepairCloud) and our accounting system (QuickBooks Online).

3. How we use your personal data

We use personal data for the following purposes:

  • To respond to your enquiries, provide quotes, and book appointments
  • To deliver, manage, document, and invoice the automotive services you request
  • To keep a service history of your vehicle so future visits are faster and better informed
  • To send you transactional updates about your job (status, ready-for-pickup, quotes for approval)
  • To process payments and meet our financial-record-keeping obligations
  • To improve our website, services, and customer experience
  • To detect, prevent, and respond to fraud, abuse, or security incidents
  • To comply with legal, tax, regulatory, and accounting obligations
  • With your consent, to send you marketing communications you can withdraw at any time

Under the PDPL and GDPR, our lawful bases for processing are: your consent (for marketing and non-essential cookies), the performance of a contract or pre-contract steps (to deliver the services you request), our legitimate interests (to operate, secure, and improve our business in a way that does not override your rights), and legal obligations (tax and record-keeping).

4. Who we share your data with

We do not sell or rent your personal data. We share it only with the service providers that help us run our business, and only to the extent each provider needs to do its job. Our key processors are:

  • Meta Platforms Ireland Limited. WhatsApp Business Platform, Instagram, and Facebook Messenger, used to receive and reply to your messages on those channels.
  • Self-hosted contact platform (Chatwoot). Runs on infrastructure controlled by us in our region of operation; consolidates messages from WhatsApp, Instagram, Facebook, email, and the website chat widget into one inbox so we can respond and keep an internal record of your conversation.
  • AutoRepairCloud. Our garage management system, used to store customer, vehicle, repair-order, quote, and invoice records.
  • Intuit (QuickBooks Online). Our accounting system, used for invoicing, payments, and statutory financial records.
  • Google LLC / Google Ireland Limited. Google Workspace for our business email and document storage, and the Google Places and Maps APIs that power our reviews and location features.
  • Vercel Inc. Hosts the public website and serverless API endpoints.
  • Cloudflare Inc. Provides DNS, content delivery, and security for our domains.
  • Email delivery providers. Used to send transactional and contact-form email.
  • Professional advisers. Auditors, lawyers, and insurers, where required.
  • Authorities. Where required by law, court order, or to protect our or your rights, property, or safety.

Each of these providers acts as a processor or independent controller depending on the relationship; each is bound by appropriate contractual data-protection obligations.

5. International data transfers

Some of our service providers (notably Meta, Google, Intuit, Vercel, and Cloudflare) operate globally and may process personal data outside the United Arab Emirates, including in the European Economic Area, the United Kingdom, the United States, and other jurisdictions. Where this happens we rely on the safeguards each provider offers under applicable law, including standard contractual clauses, adequacy decisions, and equivalent mechanisms recognised under the PDPL and GDPR.

6. How long we keep your data

We keep personal data only as long as we need it for the purpose we collected it for:

  • Customer and vehicle records, repair orders, quotes, invoices: for the period required by UAE tax and commercial law (currently no less than five years from the end of the financial year), and longer where needed to support warranty claims or future service.
  • Conversations on WhatsApp, email, social, and web chat: retained in our self-hosted inbox for as long as the customer relationship is active and for a reasonable period afterwards to support follow-up service and dispute resolution.
  • Website analytics and cookie data: retained for the period set out in our Cookie Policy.
  • Marketing data: retained until you withdraw consent or we determine the data is no longer relevant.

When we no longer need your personal data we delete it or anonymise it.

7. Your rights

Subject to the PDPL, GDPR, and other applicable law, you have the right to:

  • Access the personal data we hold about you and obtain a copy
  • Correct personal data that is inaccurate or incomplete
  • Delete personal data where one of the legal grounds applies
  • Restrict or object to certain processing
  • Port the personal data you provided to another controller
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
  • Lodge a complaint with the UAE Data Office or, if applicable, your local supervisory authority

To exercise any of these rights, contact us using the details in Section 11. We will respond within the timeframe required by applicable law and may need to verify your identity before acting on your request.

8. Children

Our services are intended for adults. We do not knowingly collect personal data from children under the age of 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Security

We use technical and organisational measures appropriate to the risk to protect your personal data, including TLS encryption in transit, access controls, audit logging, encrypted backups, and least-privilege access to our internal systems. No method of transmission over the internet or storage is completely secure; we cannot guarantee absolute security but we work continuously to maintain appropriate safeguards.

10. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal obligations. When we do, we will revise the "Last updated" date at the top of this page. For material changes we will provide a more prominent notice (for example, by email or a banner on the website).

11. Contact us

For questions about this Privacy Policy, to exercise your rights, or to raise a privacy concern, contact us at:

MBR Making Better Rides

16 8 St, Al Quoz Industrial Fourth, Al Quoz, Dubai, United Arab Emirates

Email: info@mbrme.com

Phone: +971 56 501 5800

See also our Cookie Policy and Integrations Terms.