GDPR & UAE PDPL Consent Mechanisms Implementation Guide

For: Car Market Me Limited
Date: January 2025

1. Overview

This document outlines the consent mechanisms you need to implement on your Platform to comply with:

• UK General Data Protection Regulation (UK GDPR)
• Data Use and Access Act 2025
• UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL)

2. What is Valid Consent?

Under both UK GDPR and UAE PDPL, valid consent must be:

✅ Freely given – No coercion or consequences for refusing
✅ Specific – Separate consent for different processing purposes
✅ Informed – Clear information about what data is collected and why
✅ Unambiguous – Clear affirmative action (not pre-ticked boxes)
✅ Easily withdrawn – As easy to withdraw as it is to give

3. Where You Need Consent on Your Platform

3.1 Cookie Consent Banner

Required for: Non-essential cookies (analytics, marketing, tracking)

Implementation:

COOKIE CONSENT BANNER (appears on first visit) [X] Close We use cookies to improve your experience This website uses cookies to enhance functionality, analyze traffic, and provide personalized content. We need your consent to use non-essential cookies. [Customize Settings]  [Reject All]  [Accept All] Read our Cookie Policy | Privacy Policy

Customize Settings Panel:

Manage Cookie Preferences ☑ Strictly Necessary Cookies (Always Active)   Essential for website functionality. Cannot be disabled. ☐ Performance & Analytics Cookies   Help us understand how visitors use our website.   Examples: Google Analytics ☐ Functionality Cookies     Remember your preferences for enhanced experience.   Examples: Language settings, search preferences ☐ Marketing/Advertising Cookies   Show you relevant advertisements based on your interests.   Examples: [List your advertising partners] [Save Preferences]  [Reject All]  [Accept All]

Technical Requirements:

• Banner must appear BEFORE any non-essential cookies are set
• No pre-ticked boxes for non-essential cookies
• Must remember user’s choice for future visits
• Provide easy way to change preferences later (link in footer)
• Log consent decisions with timestamp

3.2 Dealer Account Registration Consent

Required for: Processing dealer business information

Implementation on Registration Form:

DEALER REGISTRATION FORM Business Information- Business Name: [_____________]- Contact Person: [_____________]- Email: [_____________]- Phone: [_____________]- Business Address: [_____________] Data Processing Consent ☐ I confirm that I have read and agree to the Privacy Policy and    Terms of Service ☐ I consent to Car Market Me processing my business information to:   • Create and manage my dealer account   • Display my business contact details on vehicle listings   • Send service-related communications about my account   • Comply with legal obligations ☐ I consent to receive marketing communications from Car Market Me   about new features, promotions, and industry news   (Optional – you can unsubscribe at any time) ☐ I confirm that I have the authority to provide this information    on behalf of my business [Register Account]

Required Elements:

• Separate checkboxes for different purposes
• Marketing consent must be optional
• Clear explanation of what data is used for
• Link to full Privacy Policy and Terms of Service
• Cannot pre-tick any boxes
• Account creation button only activates when mandatory consents are checked

3.3 Buyer Enquiry Form Consent

Required for: Sharing buyer contact information with dealers

Implementation on Vehicle Enquiry Form:

ENQUIRE ABOUT THIS VEHICLE [Vehicle Name/Details displayed] Your Information- Name: [_____________]- Email: [_____________]- Phone (optional): [_____________]- Message: [_____________________] Data Sharing Notice ☐ I understand and consent to my contact information (name, email,    and phone number if provided) being shared with [Dealer Name]    so they can respond to my enquiry about this vehicle ☐ I have read and agree to the Privacy Policy ☐ I consent to receive marketing communications from Car Market Me   (Optional – you can unsubscribe at any time) By clicking “Send Enquiry,” your information will be immediately shared with the dealer. [Send Enquiry]

Critical Requirements:

• Clear warning that information will be shared with dealer
• Display dealer name prominently
• Separate optional marketing consent
• Cannot submit without mandatory consents
• Immediate confirmation after submission

Confirmation Message After Submission:

✓ Enquiry Sent Successfully! Your information has been shared with [Dealer Name]. They will contact you directly at [user’s email] to respond to your enquiry. What happens next?- The dealer will contact you directly- We do not participate in your conversation- If you don’t hear back, you can contact them at [dealer contact] [Return to Search]  [View More Vehicles]

3.4 Newsletter/Marketing Consent (if applicable)

Implementation on Footer/Signup Form:

STAY UPDATED Subscribe to receive the latest vehicles and automotive news Email: [_____________] ☐ I consent to receive marketing emails from Car Market Me and    understand I can unsubscribe at any time [Subscribe] We respect your privacy. See our Privacy Policy.

4. Consent Management Technical Requirements

4.1 Consent Recording System

You must maintain records of all consents, including:

For each consent, record:

• User identifier (email, account ID, or anonymous ID for cookie consent)
• What was consented to (specific purpose)
• When consent was given (date and time)
• How consent was given (which form/banner)
• Version of privacy policy/terms at time of consent
• IP address (optional but recommended)
• User’s location (for PDPL compliance)

Storage example structure:

Consent Record:- User ID: dealer@example.com– Consent Type: Account Registration- Purpose: Account Management, Marketing Communications- Given: 2025-01-15 10:30:00 GMT- Method: Registration Form v1.2- Privacy Policy Version: January 2025- IP Address: 192.168.1.1- Location: Dubai, UAE- Status: Active

4.2 Consent Withdrawal Mechanisms

Easy Withdrawal Methods Required:

1. Cookie Preferences:
   • “Cookie Settings” link in website footer
   • Takes user back to preference panel
   • Can change selections at any time
2. Marketing Communications:
   • “Unsubscribe” link in every marketing email
   • One-click unsubscribe process
   • Account settings page with toggle switches
3. Account Settings Page:

PRIVACY PREFERENCES Cookie SettingsCurrent setting: All cookies accepted[Change Cookie Preferences] Marketing Communications  ☐ Email newsletters and updates☐ New vehicle alerts☐ Promotional offers [Save Changes] Data Management- Download my data- Delete my account- View privacy policy

1. Contact-Based Withdrawal:
   • Email: info@carmarketmiddleeast.com
   • Subject: “Consent Withdrawal Request”
   • Process within 30 days (UK) / reasonable timeframe (UAE)

5. Special Considerations for UAE PDPL

5.1 Explicit Consent Requirements

UAE PDPL requires “explicit” consent for sensitive processing. For your platform:

Enhanced Consent Language for UAE Users:

☐ I explicitly consent and authorize Car Market Me Limited to:   • Collect and process my personal information as described   • Transfer my information to dealers located in [country]   • Store my information on servers located in the United Kingdom   • Process my information in accordance with the Privacy Policy I understand that I can withdraw this consent at any time by contacting info@carmarketmiddleeast.com

5.2 Cross-Border Transfer Consent

Since you’re UK-based serving UAE users:

For UAE Users, add this notice:

International Data Transfer Notice Your personal information will be transferred to and processed by Car Market Me Limited in the United Kingdom. The UK has adequate data protection standards. By providing consent above, you authorize this international transfer. For questions about international transfers, contact our Data Protection Officer at info@carmarketmiddleeast.com

6. Implementation Checklist

Phase 1: Immediate (Before Launch)

• [ ] Implement cookie consent banner
• [ ] Add consent checkboxes to dealer registration form
• [ ] Add consent checkboxes to buyer enquiry form
• [ ] Create consent logging system/database
• [ ] Add “Cookie Settings” link to footer
• [ ] Add Privacy Policy and Terms links to footer
• [ ] Test that forms cannot submit without mandatory consents

Phase 2: Within 30 Days

• [ ] Set up consent record storage and backup
• [ ] Implement unsubscribe functionality for marketing emails
• [ ] Create account settings page for preference management
• [ ] Set up automated consent receipt emails
• [ ] Document consent withdrawal process
• [ ] Train staff on handling consent withdrawal requests

Phase 3: Ongoing

• [ ] Review consent mechanisms quarterly
• [ ] Update consent forms when privacy policy changes
• [ ] Monitor consent rates and user feedback
• [ ] Keep consent records for 6+ years
• [ ] Update cookie list as new cookies are added

7. Example Email Templates

7.1 Dealer Registration Confirmation Email

Subject: Welcome to Car Market Me – Registration Confirmed Dear [Dealer Name], Thank you for registering with Car Market Me! Your account has been created and you can now start listing vehicles. Privacy & Consent Summary:✓ You consented to account management and service communications✓ You [did/did not] consent to marketing communications✓ Your data will be processed in accordance with our Privacy Policy You can update your preferences at any time by logging into your account settings or contacting us at info@carmarketmiddleeast.com Manage Your Privacy Preferences: [Link]Privacy Policy: [Link] Best regards,Car Market Me Team

7.2 Buyer Enquiry Confirmation Email

Subject: Your Vehicle Enquiry Has Been Sent Dear [Buyer Name], Your enquiry about [Vehicle] has been sent to [Dealer Name]. What We Shared:- Your name: [Name]- Your email: [Email]  – Your phone: [Phone if provided]- Your message The dealer will contact you directly to respond to your enquiry. Privacy Reminder:Your information was shared with your consent. If you have concerns about how the dealer handles your data, please contact them directly. Your Privacy Rights: [Link]Privacy Policy: [Link] Best regards,Car Market Me Team

8. Training for Your Team

Ensure your team understands:

1. What consent is and why it matters
   • Legal requirement under GDPR and UAE PDPL
   • Builds trust with users
   • Protects company from fines and legal issues
2. How to handle consent withdrawal requests
   • Respond within 1 business day acknowledging receipt
   • Process within 30 days (sooner if possible)
   • Confirm completion via email
   • No questions asked – cannot refuse withdrawal
3. What to do if someone complains
   • Listen and document the issue
   • Escalate to data protection lead
   • Investigate and respond within required timeframe

9. Documentation to Maintain

Keep records of:

• [ ] All consent forms and their versions
• [ ] All privacy policy versions
• [ ] Cookie policy versions
• [ ] Consent withdrawal requests and responses
• [ ] Data breach incidents (if any)
• [ ] Training records for staff
• [ ] Third-party processor agreements

10. Contact for Questions

For implementation questions or technical assistance:

Car Market Me Limited
Data Protection Lead
Email: info@carmarketmiddleeast.com
37 Borth Avenue, Offerton, Stockport, United Kingdom SK2 6AJ

External Resources:

• UK ICO: https://ico.org.uk
• UAE Data Office: https://tdra.gov.ae/en/DATA/home