1. Controller Identity
This Privacy Policy governs the processing of personal data by ClayDesk Infotech Solutions FZCO ("ClayDesk", "we", "us", "our"), a free-zone company incorporated under Dubai Integrated Economic Zones Authority (DIEZA), Trade License No. 87569.
| Field | Details |
|---|---|
| Legal Entity | ClayDesk Infotech Solutions FZCO |
| Trade License | 87569 — DIEZA / IFZA |
| Registered Address | IFZA Properties, DSO-IFZA, Dubai Silicon Oasis, Dubai, United Arab Emirates |
| Privacy Contact | privacy@claydesk.ai |
| General Enquiries | hello@claydesk.ai |
| Website | www.claydesk.ai |
2. Applicable Legal Framework
We comply with the following data protection frameworks:
- UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations
- EU General Data Protection Regulation (GDPR) — Regulation 2016/679, applied to data subjects located in the European Economic Area
- Dubai Electronic Transactions and Commerce Law (Law No. 2 of 2002)
- Any sector-specific regulations applicable to financial technology and e-invoicing services in the GCC
3. Personal Data We Collect
We collect and process the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Identity & Contact | Full name, business email, job title, company name, phone number | Consultation requests, account creation, communications |
| Usage Data | Pages visited, session duration, referrer URL, device/browser type, IP address (anonymised after collection) | Website analytics, performance monitoring |
| Communication Data | Email correspondence, contact form submissions, meeting notes | Responding to enquiries, service delivery |
| Assessment Responses | Answers to the Sovereignty Assessment tool and Mandate Tracker inputs | Generating your personalised report; no personal data is retained beyond your session unless you request a report by email |
| Marketing Preferences | Newsletter opt-in status, topic interests | Sending relevant editorial content and industry updates |
We do not collect special-category (sensitive) personal data such as health information, biometric data, or national identity numbers through this website.
4. Legal Basis for Processing
We rely on the following legal bases under UAE PDPL and GDPR:
- Contract performance — processing necessary to deliver services you have engaged us for
- Legitimate interests — website analytics, security monitoring, and improving our services (balanced against your interests and rights)
- Consent — newsletter subscriptions, non-essential cookies, and marketing communications (you may withdraw consent at any time)
- Legal obligation — compliance with UAE regulatory requirements, including financial record-keeping obligations under UAE commercial law
5. How We Use Your Data
- Responding to consultation requests and contact form submissions
- Delivering agreed advisory, implementation, or training services
- Sending the Sovereign Signals newsletter and editorial series (with your consent)
- Analysing website performance and user experience via Google Analytics 4 (anonymised IP)
- Improving our tools — the Sovereignty Assessment and Mandate Tracker
- Meeting anti-money laundering (AML) and Know Your Client (KYC) obligations for contracted engagements
- Protecting against fraud and unauthorised access
6. Cookies and Tracking Technologies
We use cookies and similar technologies. See our Cookie Policy for full details.
In summary:
- Strictly necessary cookies — session management, security (no consent required)
- Analytics cookies — Google Analytics 4 (GA4), Plausible Analytics (consent required)
- Marketing cookies — LinkedIn Insight Tag for conversion measurement (consent required)
You can manage cookie preferences at any time through the Cookie Preference Centre.
7. Third-Party Processors
We share data with the following processors, each bound by data processing agreements:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Google LLC (GA4) | Website analytics | USA / EEA | Standard Contractual Clauses; IP anonymisation enabled |
| Plausible Analytics | Privacy-first analytics | EU (Germany) | No personal data stored; GDPR compliant by design |
| LinkedIn Ireland | Insight Tag (conversion) | Ireland / USA | Standard Contractual Clauses; consent gated |
| Cal.com | Consultation booking | USA | Standard Contractual Clauses |
| Microsoft 365 | Email, document storage | UAE North / EEA | GDPR-aligned DPA; UAE data residency option selected |
We do not sell personal data to third parties. We do not use personal data for automated decision-making that produces legal or similarly significant effects.
8. International Data Transfers
Where personal data is transferred outside the UAE, we ensure adequate protection through one or more of:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognised by the UAE Data Office
- Binding Corporate Rules where applicable
- Your explicit consent, where other safeguards are not available
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Contact and enquiry records | 3 years from last interaction |
| Client engagement records | 7 years (UAE commercial law requirement) |
| Newsletter subscriber data | Until unsubscribe + 30 days |
| Website analytics data | 14 months (GA4 default), Plausible — rolling 2 years |
| Assessment tool session data | Session only (not persisted unless report emailed) |
10. Your Rights
Depending on your jurisdiction (UAE PDPL or EU GDPR), you have the following rights:
Request a copy of personal data we hold about you.
Correct inaccurate or incomplete data.
Request deletion ("right to be forgotten") where there is no legal basis to retain data.
Limit how we use your data while a dispute is resolved.
Receive your data in a structured, machine-readable format (GDPR, Article 20).
Object to processing based on legitimate interests or for direct marketing.
Withdraw any previously given consent at any time without affecting prior lawful processing.
Lodge a complaint with the UAE Data Office or your local supervisory authority.
To exercise any right, contact us at privacy@claydesk.ai. We will respond within 30 days (UAE PDPL) or one month (GDPR). We may ask you to verify your identity before processing the request.
11. Security Measures
We implement appropriate technical and organisational measures including:
- TLS 1.2+ encryption for all data in transit
- Access controls and role-based permissions for internal systems
- Regular security reviews aligned with our CISM-certified practices
- AWS infrastructure with SOC 2 and ISO 27001 certified data centres
- Staff training on data protection obligations
No method of transmission over the internet is 100% secure. We will notify affected individuals and relevant supervisory authorities in the event of a data breach where required by law.
12. Children's Data
Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected such data, we will delete it promptly. Contact privacy@claydesk.ai if you have concerns.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in law, our services, or how we handle data. We will indicate the "Last Updated" date at the top of this page. For material changes affecting your rights, we will notify active subscribers by email before the change takes effect.
14. Contact & Complaints
For privacy enquiries or to exercise your rights:
- Email: privacy@claydesk.ai
- Post: ClayDesk Infotech Solutions FZCO, IFZA Properties, DSO-IFZA, Dubai Silicon Oasis, Dubai, UAE
- UAE Data Office (supervisory authority): uaedataoffice.gov.ae