PRIVACY POLICY

---

www.neuralhorizonsai.com

Effective Date: 12/08/2026

Last Updated: 12/08/2026

Neural Horizons AI ("we," "our," "us," or "Company") is committed to protecting the privacy and personal data of our clients, website visitors, and business partners. This Privacy Policy describes how we collect, use, process, and safeguard personal data in accordance with applicable privacy laws, including the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), GCC regional data protection requirements, the European Union General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

As an AI consultancy specializing in digital transformation, asset management solutions, and AI-driven technologies, we handle various types of personal and business data. This policy applies to all our services, including consulting engagements, digital platform development, and AI analytics solutions.

This Privacy Policy applies to:

• All personal data processed by Neural Horizons AI in the UAE and GCC region
• Data subjects residing in or visiting the UAE and other GCC countries
• Cross-border data transfers involving UAE and GCC jurisdictions
• Our website www.neuralhorizonsai.com and related digital platforms
• All consulting services, AI solutions, and digital transformation projects
• Business partnerships and client relationships within the GCC region

Under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), we process personal data based on the following legal grounds:

• Consent: Where you have provided explicit consent for specific processing activities
• Contract Performance: For the performance of consulting contracts and service agreements
• Legal Obligation: To comply with UAE federal and emirate-level legal requirements
• Legitimate Interest: For business operations, security, and service improvement, where balanced against individual rights
• Vital Interests: To protect the vital interests of data subjects or other persons

We ensure compliance with data protection requirements across GCC member states, including specific regulations in Saudi Arabia, Kuwait, Qatar, Bahrain, and Oman, adapting our practices to meet varying regional requirements while maintaining consistent protection standards.

• Identity Information: Names, titles, Emirates ID numbers, passport details, nationalities
• Contact Information: Email addresses, phone numbers, business addresses, UAE residency details
• Professional Information: Company affiliations, job titles, professional licenses, business registration details
• Financial Information: Payment details, banking information, financial service credentials for asset management projects
• Technical Data: IP addresses, device information, system logs, usage patterns on our platforms

• Behavioral Data: User interaction patterns, system usage analytics, performance metrics
• Derived Insights: AI-generated analytics, predictive models, business intelligence outputs
• Communication Data: Email correspondence, meeting recordings (with consent), consultation notes

We collect personal data through the following channels:

• Direct interactions during consultation meetings and service delivery
• Website forms, contact requests, and digital platform usage
• Business cards, networking events, and professional conferences in the GCC region
• Third-party integrations and API connections for digital transformation projects
• Client-provided data for asset management and AI analytics services
• Cookies and tracking technologies on our website and digital platforms

• Service Delivery: Providing AI consulting, digital transformation, and asset management solutions
• Client Relationship Management: Managing ongoing client relationships and project communications
• Platform Operations: Operating and maintaining our digital platforms and AI tools
• Business Development: Identifying opportunities and developing business relationships in the GCC market

• Service Improvement: Enhancing our AI algorithms and consulting methodologies
• Compliance: Meeting UAE, GCC, and international regulatory requirements
• Security: Protecting against fraud, cyber threats, and unauthorized access
• Marketing: Communicating about relevant services and industry insights (with consent)

We may share personal data with the following categories of recipients:

• Service Providers: Cloud hosting providers, IT support, and technical service vendors
• Professional Advisors: Legal counsel, auditors, and compliance consultants
• Business Partners: Joint venture partners and strategic alliance members in the GCC region
• Regulatory Authorities: UAE Data Office, GCC regulatory bodies, and relevant government agencies

All third-party processors are required to:

• Enter into written data processing agreements compliant with UAE PDPL requirements
• Implement appropriate technical and organizational security measures
• Process personal data only for specified purposes and under our instructions
• Maintain confidentiality and restrict access to authorized personnel only

When transferring personal data outside the UAE, we ensure compliance with UAE PDPL Article 21 requirements by:

• Obtaining explicit consent for transfers to countries without adequate protection levels
• Implementing Standard Contractual Clauses approved by UAE authorities
• Ensuring recipient countries provide adequate data protection levels
• Conducting Data Protection Impact Assessments for high-risk transfers

For intra-GCC transfers, we:

• Assess the data protection framework of each destination GCC country
• Implement appropriate safeguards for cross-border processing
• Maintain records of all international transfers as required by regional regulations
• Ensure compliance with both origin and destination country requirements

For transfers to countries outside the GCC region, we rely on:

• European Commission adequacy decisions (for GDPR compliance)
• Standard Contractual Clauses and supplementary measures
• Binding Corporate Rules where applicable
• Explicit consent for specific transfer scenarios

In accordance with UAE regulations and best practices:

• Critical personal data of UAE residents is primarily stored within UAE-based data centers
• We utilize UAE-compliant cloud infrastructure providers with local presence
• Backup and disaster recovery systems maintain copies within the UAE where required
• We comply with sector-specific data localization requirements for financial services data

For other GCC countries, we:

• Assess and comply with country-specific data residency requirements
• Maintain regional data centers where mandated by local regulations
• Ensure cross-border access controls meet jurisdictional requirements
• Provide transparency regarding data storage locations

Under the UAE Personal Data Protection Law, you have the following rights:

• Right to Information: Receive clear information about data processing activities
• Right of Access: Obtain confirmation of processing and access to your personal data
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of personal data under specific circumstances
• Right to Restrict Processing: Limit how we process your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise your rights:

• Submit requests through our designated contact channels (see Section 16)
• Provide sufficient information to verify your identity
• Specify the right you wish to exercise and the relevant personal data
• We will respond within the timeframes required by applicable law (typically 30 days)

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, considering:

• UAE PDPL requirements for data minimization and storage limitation
• GCC regulatory requirements for record keeping
• Contractual obligations and business relationship duration
• Legal requirements for financial services and consulting records
• Legitimate business interests and statute of limitations periods

• Client Data: Duration of business relationship plus 7 years for financial records
• Marketing Data: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: 24 months from collection
• Communication Records: 5 years from last communication
• Security Logs: 12 months unless required for ongoing investigations

• Encryption: End-to-end encryption for data in transit and at rest
• Access Controls: Multi-factor authentication and role-based access systems
• Network Security: Firewalls, intrusion detection, and secure network protocols
• Data Loss Prevention: Automated monitoring and prevention of unauthorized data transfers
• Regular Backups: Encrypted backup systems with geographic redundancy

• Staff Training: Regular privacy and security awareness training for all personnel
• Access Management: Regular review and updating of access permissions
• Incident Response: Comprehensive data breach response procedures
• Vendor Management: Due diligence and ongoing monitoring of service providers
• Compliance Audits: Regular internal and external security assessments

• Essential Cookies: Necessary for website functionality and security
• Analytics Cookies: To understand website usage and improve user experience
• Functional Cookies: To remember user preferences and settings
• Marketing Cookies: To deliver relevant content and measure campaign effectiveness (with consent)

You can control cookies through:

• Browser settings to block or delete cookies
• Our cookie consent management system
• Opt-out mechanisms for third-party analytics services
• Direct contact with our privacy team for assistance

In accordance with UAE PDPL Article 19, we will:

• Notify the UAE Data Office within 72 hours of becoming aware of a qualifying data breach
• Provide detailed breach notifications including scope, affected individuals, and remedial measures
• Notify affected individuals without undue delay where there is high risk to their rights
• Maintain comprehensive records of all data breaches and response actions

We also comply with data breach notification requirements in other GCC countries and international jurisdictions where applicable, ensuring coordinated response across all relevant authorities.

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly and restrict future access.

Name: [DPO Name]

Email: privacy@neuralhorizonsai.com

Phone: [UAE Phone Number]

Address: [UAE Business Address]

Email: dataprotection@neuralhorizonsai.com

Website: www.neuralhorizonsai.com/privacy

UAE Data Office

Telecommunications and Digital Government Regulatory Authority

Website: www.tdra.gov.ae

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. Material changes will be communicated through:

• Prominent notice on our website
• Direct notification to registered users and clients
• Updated effective date at the top of this policy
• Email notification for significant changes affecting individual rights

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. For data subjects in other GCC countries, applicable local data protection laws will also apply alongside UAE law.

Any disputes arising from this Privacy Policy or our data processing activities will be subject to the exclusive jurisdiction of the competent courts in the United Arab Emirates, unless mandatory local jurisdiction rules apply.

If you believe we have not complied with this Privacy Policy or applicable data protection laws, you may:

• Contact our Data Protection Officer using the details provided above
• File a complaint with the UAE Data Office or relevant GCC regulatory authority
• Seek judicial remedies through competent courts
• Exercise any other rights available under applicable law

This Privacy Policy constitutes a legally binding agreement between Neural Horizons AI and data subjects. By using our services or providing personal data, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Neural Horizons AI
Digital Transformation & AI Consultancy
www.neuralhorizonsai.com