Privacy Policy
Effective Date: 22 February 2026 | Last Updated: 22 February 2026
Ai Hemaya ("Ai Hemaya", "we", "us", or "our") is committed to protecting the privacy and security of all personal data we receive, in full compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). This Privacy Policy explains how we collect, use, store, share and protect your information when you visit our website (aihemaya.com), use our services, or otherwise interact with us.
By accessing our website or providing personal data to us, you acknowledge that you have read, understood and agree to be bound by this Privacy Policy. If you do not agree, please do not use our website or provide us with your personal data.
1. Data Controller
The data controller responsible for your personal data is:
Ai Hemaya
Bin Dasmal Building, Office 1-475
Sheikh Zayed Road, Dubai, UAE
Email: info@aihemaya.com
2. Information We Collect
2.1 Information You Provide Directly
When you contact us through our website, submit a form, or correspond with us, we may collect:
- Full name
- Email address
- Phone number
- Company or organisation name
- Job title or role
- Service interest selections
- Any additional information you voluntarily provide in free-text fields
2.2 Information Collected Automatically
When you visit our website, we may automatically collect certain technical data, including:
- IP address (anonymised where required by law)
- Browser type, version, and language preferences
- Operating system and device type
- Referring website URL
- Pages visited, time spent, and clickstream data
- Date and time of access
- Screen resolution and viewport size
2.3 Cookies and Tracking Technologies
We use cookies and similar technologies (e.g., Google Analytics) to analyse website traffic and improve user experience. You can control cookie preferences through your browser settings. We do not use cookies for targeted advertising. See Section 10 for more details.
3. Legal Basis for Processing
In accordance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and where applicable, international data protection regulations, we process your personal data based on one or more of the following legal grounds:
- Consent: Where you have given clear, affirmative consent for us to process your personal data for a specific purpose (e.g., submitting a contact form).
- Contractual Necessity: Where processing is necessary for the performance of a contract with you, or to take pre-contractual steps at your request.
- Legitimate Interest: Where processing is necessary for our legitimate business interests (e.g., improving our services, website analytics, fraud prevention), provided those interests are not overridden by your rights.
- Legal Obligation: Where processing is required to comply with applicable laws, regulations, or legal proceedings.
4. How We Use Your Information
We use collected personal data strictly for the following purposes:
- To respond to your enquiries and provide requested information about our services
- To assess project feasibility and prepare proposals
- To deliver, maintain and improve our services
- To send service-related communications (not marketing, unless you opt in)
- To comply with legal obligations and enforce our agreements
- To analyse website usage and improve performance, security and user experience
- To detect, prevent and address fraud, security incidents, or technical issues
We do not sell, rent, or trade your personal data to third parties for marketing purposes. We never have and never will.
5. Data Sharing and Disclosure
We may share your personal data only in the following limited circumstances:
- Service Providers: Trusted third-party vendors who assist us in operating our website and delivering services (e.g., hosting providers, form processors, analytics tools). These providers are contractually bound to process data only on our behalf and in compliance with this policy.
- Legal Requirements: When disclosure is required by applicable law, regulation, legal process, subpoena, or governmental request.
- Protection of Rights: When disclosure is necessary to protect our rights, safety, or property, or that of our clients, employees, or the public.
- Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.
- With Your Consent: In any other circumstance, only with your explicit prior consent.
We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law.
6. International Data Transfers
Your personal data may be transferred to and processed in countries other than the United Arab Emirates, including countries within the European Economic Area (EEA) and the United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by relevant data protection authorities
- Binding corporate rules or equivalent measures
By providing your personal data, you acknowledge and consent to such transfers to the extent permitted by applicable law.
7. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Specifically:
- Contact form submissions: Retained for up to 24 months from the date of last interaction, unless a business relationship is established.
- Client project data: Retained for the duration of the engagement plus 7 years thereafter, as required for legal and contractual obligations.
- Website analytics data: Retained in anonymised or aggregated form for up to 26 months.
When personal data is no longer required, we will securely delete or anonymise it.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption of data in transit (TLS/SSL) and at rest where applicable
- Access controls limiting data access to authorised personnel only
- Regular security assessments and vulnerability testing
- Secure data storage with reputable cloud infrastructure providers
- Employee training on data protection and information security
While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable law.
9. Your Rights
Under the UAE PDPL (Federal Decree-Law No. 45 of 2021) and, where applicable, other data protection laws based on your location, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where there is no compelling reason for its continued processing.
- Right to Restriction: Request restriction of processing in certain circumstances.
- Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. Under the UAE PDPL, consent must be freely given, informed, explicit and specific to the processing activity.
- Right to Lodge a Complaint: File a complaint with the UAE Data Office (established under Federal Decree-Law No. 44 of 2021) or, if applicable, your local data protection authority.
To exercise any of these rights, please contact us at info@aihemaya.com. In accordance with the UAE PDPL, we will respond to all legitimate requests within 30 days (or sooner where required by applicable law). We may need to verify your identity before processing your request.
10. Cookies
Our website may use the following categories of cookies:
- Strictly Necessary Cookies: Essential for website functionality. These cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics with IP anonymisation enabled).
We do not use advertising or marketing cookies. You may disable non-essential cookies through your browser settings at any time. Please note that disabling certain cookies may affect website functionality.
11. Third-Party Links
Our website may contain links to third-party websites or services (e.g., LinkedIn). We are not responsible for the privacy practices, content, or security of any third-party sites. We encourage you to review the privacy policies of any external site before providing personal data. Inclusion of a link does not imply endorsement of, or affiliation with, the linked site.
12. Children's Privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information. If you believe a minor has provided us with personal data, please contact us immediately.
13. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals based on data collected through this website.
14. Limitation of Liability
To the fullest extent permitted by applicable law:
Ai Hemaya, its directors, officers, employees, agents and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of our website or the processing of your personal data, including but not limited to loss of data, loss of profits, business interruption, or unauthorised access resulting from circumstances beyond our reasonable control.
Our total aggregate liability to you for any claim arising under or in connection with this Privacy Policy shall not exceed the amount you have paid to Ai Hemaya (if any) in the twelve (12) months preceding the event giving rise to the claim.
Nothing in this section shall exclude or limit liability that cannot be excluded or limited under applicable law.
15. Indemnification
By using our website and submitting personal data, you agree to indemnify, defend and hold harmless Ai Hemaya, its directors, officers, employees and agents from and against any claims, damages, losses, liabilities, costs or expenses (including reasonable legal fees) arising from your violation of this Privacy Policy, your misuse of our website, or any inaccurate or misleading information you provide.
16. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 (PDPL) and its executive regulations, as applicable in the Emirate of Dubai. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Dubai, UAE, unless otherwise required by applicable mandatory law (e.g., GDPR-related claims may be brought before the courts of the data subject's habitual residence).
17. Additional Rights for EEA / UK Residents
If you are located in the European Economic Area or the United Kingdom, you are entitled to the protections afforded by the General Data Protection Regulation (GDPR) and the UK GDPR, respectively. In addition to the rights set out in Section 9:
- We will only process your data when we have a lawful basis to do so (see Section 3).
- You have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, etc.).
- International transfers of your data will be protected by appropriate safeguards (see Section 6).
18. Additional Rights for California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to direct us not to do so.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
19. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon posting the revised policy on our website with an updated "Last Updated" date. We encourage you to review this page periodically. Your continued use of our website after changes are posted constitutes your acceptance of the updated policy.
20. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:
Ai Hemaya
Email: info@aihemaya.com
Address: Bin Dasmal Building, Office 1-475, Sheikh Zayed Road, Dubai, UAE
We aim to respond to all privacy-related enquiries within 30 days.
© 2026 Ai Hemaya. All rights reserved.
