Ayant-X

    Privacy Policy

    Last updated: January 2025

    1. Data Controller

    Ayant-X ("we," "us," or "our") is the data controller responsible for your personal data. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable data protection laws.

    Contact Details:

    Ayant-X

    Zalfa Building-Garhoud, 165

    Dubai, United Arab Emirates

    License Number: 1059331

    Email: [email protected]

    Phone: +971 50 882 6633

    2. Legal Basis for Processing

    Under Article 6 of the GDPR, we process your personal data based on the following legal grounds:

    • a)Consent (Art. 6(1)(a)): Where you have given explicit consent for specific processing activities, such as receiving marketing communications or newsletter subscriptions.
    • b)Contract Performance (Art. 6(1)(b)): Processing necessary to perform a contract with you or take pre-contractual steps at your request, including service delivery and client management.
    • c)Legal Obligation (Art. 6(1)(c)): Processing necessary for compliance with legal obligations, including tax, accounting, and regulatory requirements.
    • d)Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms. This includes business development, service improvement, and fraud prevention.

    3. Categories of Personal Data

    3.1 Data You Provide Directly

    • Identity data: full name, job title, company name
    • Contact data: email address, telephone number, business address
    • Business data: company URL, industry, business challenges, project requirements
    • Communication data: content of emails, messages, and meeting notes

    3.2 Data Collected Automatically

    • Technical data: IP address, browser type and version, operating system, device information
    • Usage data: pages visited, time spent on pages, navigation paths, referral sources
    • Cookie data: as described in Section 9 below

    4. Purposes of Processing

    We process your personal data for the following specific purposes:

    • To provide and manage our consulting services (Legal basis: Contract)
    • To respond to inquiries and schedule discovery calls (Legal basis: Contract/Legitimate Interest)
    • To send service-related communications (Legal basis: Contract)
    • To send marketing communications with your consent (Legal basis: Consent)
    • To improve our website and services (Legal basis: Legitimate Interest)
    • To comply with legal and regulatory obligations (Legal basis: Legal Obligation)
    • To establish, exercise, or defend legal claims (Legal basis: Legitimate Interest)

    5. Your Rights Under GDPR

    Under the GDPR, you have the following rights regarding your personal data:

    • a)Right of Access (Art. 15): Request a copy of your personal data and information about how it is processed.
    • b)Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
    • c)Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten") under certain circumstances.
    • d)Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
    • e)Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
    • f)Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling and direct marketing.
    • g)Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent.
    • h)Right to Lodge a Complaint: File a complaint with a supervisory authority if you believe your rights have been violated.

    To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

    6. Data Sharing and Third-Party Processors

    We do not sell, trade, or rent your personal data. We may share your data with:

    • Service Providers: Third-party processors who assist in our operations (e.g., calendar scheduling, email services, analytics). All processors are bound by Data Processing Agreements (DPAs) compliant with GDPR Article 28.
    • Legal Requirements: When required by law, court order, or regulatory authority.
    • Business Transfers: In connection with any merger, acquisition, or sale of assets, with appropriate safeguards.
    • With Your Consent: For any other purpose with your explicit consent.

    7. International Data Transfers

    Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place:

    • EU Commission adequacy decisions under GDPR Article 45
    • Standard Contractual Clauses (SCCs) approved by the EU Commission
    • Binding Corporate Rules where applicable
    • Your explicit consent for specific transfers

    8. Data Retention

    We retain personal data only as long as necessary for the purposes for which it was collected:

    • Client data: Duration of the business relationship plus 7 years for legal and tax purposes
    • Prospect data: Up to 3 years from last contact unless you request deletion earlier
    • Marketing data: Until you withdraw consent or object to processing
    • Website analytics: 26 months from collection

    Data is securely deleted or anonymized when no longer required.

    9. Cookies and Tracking Technologies

    We use cookies and similar technologies in accordance with GDPR and the ePrivacy Directive:

    9.1 Essential Cookies

    Necessary for website functionality. No consent required.

    9.2 Analytics Cookies

    Used to understand how visitors interact with our website. Require your consent.

    9.3 Marketing Cookies

    Used to deliver relevant advertisements. Require your explicit consent.

    You can manage cookie preferences through your browser settings or our cookie consent tool. Refusing non-essential cookies will not affect your access to our website.

    10. Data Security

    We implement appropriate technical and organizational measures to protect your personal data, including:

    • Encryption of data in transit and at rest
    • Access controls and authentication measures
    • Regular security assessments and updates
    • Staff training on data protection
    • Incident response procedures

    In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where required by GDPR Article 33 and 34.

    11. Automated Decision-Making

    We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you as described in GDPR Article 22. Any analytics or personalization we perform does not constitute automated decision-making with significant effects.

    12. Children's Privacy

    Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

    13. Changes to This Policy

    We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or website notice. We encourage you to review this policy periodically. The "Last updated" date indicates the latest revision.

    14. Contact and Complaints

    For any questions, requests, or complaints regarding this Privacy Policy or our data processing practices:

    Email: [email protected]

    Phone: +971 50 882 6633

    You also have the right to lodge a complaint with a data protection supervisory authority, particularly in the EU Member State of your residence, place of work, or where an alleged infringement of the GDPR occurred.