Straits
Legal

Privacy Policy — Straits AI Consultancy

Effective date: 1 January 2025  ·  Last reviewed: January 2025

1. Who we are

Straits AI Consultancy Ltd ("Straits", "we", "us", "our") is an AI strategy and implementation consultancy registered and operating within the Dubai International Financial Centre (DIFC), Dubai, U.A.E. Our registered office is at PO Box 74977, Dubai AI Campus, Level 3, Innovation One Hub, DIFC, Dubai, U.A.E.

This Privacy Policy describes how we collect, use, store, share, and protect your personal data when you visit straits.ae, submit an enquiry, or engage us as a client.

2. Regulatory framework

We process personal data in accordance with:

  • DIFC Data Protection Law No. 5 of 2020 and its implementing regulations
  • UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
  • EU General Data Protection Regulation (GDPR), where applicable to data subjects located in the European Economic Area

3. Personal data we collect

We collect personal data only through the following channels:

  • Contact form submissions: name, email address, phone number, company name, and message content
  • Direct correspondence: information you provide when you email, call, or otherwise contact us
  • Client engagements: business contact information, professional background, and engagement-related data provided during a contracted consulting relationship

We do not use advertising pixels, third-party analytics trackers, behavioural profiling tools, or marketing automation platforms on this website. We do not set non-essential cookies.

4. Lawful basis for processing

We rely on the following lawful bases:

  • Contract performance: to deliver services you have engaged us for
  • Legitimate interests: to respond to enquiries and manage our business relationships, where those interests are not overridden by your rights
  • Legal obligation: to comply with applicable laws and regulatory requirements
  • Consent: where you have explicitly provided it (for example, to send you content you have requested)

5. How we use your personal data

We use the personal data we collect solely to:

  • Respond to your enquiry or request
  • Deliver and manage consulting services under a client agreement
  • Fulfil legal and regulatory obligations
  • Protect the security and integrity of our operations

We will never sell, rent, or share your personal data with third parties for marketing or advertising purposes.

6. Data sharing and third-party processors

We share personal data with third parties only where strictly necessary:

  • Service providers: our website hosting provider (Hostinger International Ltd) processes data solely to operate this website and is bound by appropriate data processing agreements
  • Email service: contact form notifications are sent via our domain email server hosted by Hostinger
  • Professional advisors: lawyers, accountants, and auditors who are subject to professional confidentiality obligations
  • Regulatory authorities: where required by applicable law or court order

All third-party processors are contractually required to protect personal data to the same standard as this Policy and applicable law.

7. International data transfers

Where personal data is transferred outside the DIFC or UAE, we ensure that adequate safeguards are in place — including standard contractual clauses, binding corporate rules, or adequacy decisions — consistent with the requirements of the DIFC Data Protection Law and GDPR.

8. Data retention

  • Contact form submissions: retained for a maximum of 24 months from receipt
  • Client engagement data: retained for the period required by applicable UAE law and our contractual obligations, typically 7 years from engagement close
  • Correspondence: retained for as long as reasonably necessary to manage the business relationship

On expiry of the relevant retention period, personal data is securely deleted or anonymised.

9. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

  • Encrypted data transmission (HTTPS/TLS)
  • Restricted access to personal data on a need-to-know basis
  • Hashed and bcrypt-protected credentials for system access
  • Regular review of security practices

10. Data breach response

In the event of a personal data breach, we will: (a) investigate and contain the breach promptly; (b) notify affected individuals and relevant supervisory authorities as required by applicable law; and (c) implement corrective actions to prevent recurrence.

11. Your rights

Under the DIFC Data Protection Law and GDPR (where applicable), you have the following rights:

  • Right of access: obtain a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data in certain circumstances
  • Right to restriction: request that we limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing
  • Right to lodge a complaint: with the DIFC Commissioner of Data Protection or another competent supervisory authority

To exercise any of these rights, contact us at contact@straits.ae. We will respond within 30 days.

12. Children's data

Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

13. Cookies

This website uses only a single session cookie to support the contact form's security (CSRF protection). This cookie is strictly necessary for the operation of the form, is not used for tracking or profiling, and expires when you close your browser. We do not use any analytics, advertising, or persistent tracking cookies.

14. Links to third-party websites

This website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites and encourage you to review their own privacy policies.

15. Changes to this policy

We review this Policy at least annually. Material changes will be communicated by updating the effective date above and, where appropriate, by posting a notice on this website. Continued use of our website or services after the effective date constitutes acceptance of the revised Policy.

16. Contact us

For questions, requests, or complaints relating to this Privacy Policy or your personal data, please contact:

Straits AI Consultancy Ltd
PO Box 74977, Dubai AI Campus
Level 3, Innovation One Hub
DIFC, Dubai, U.A.E.
contact@straits.ae
+971 55 676 2638