Privacy Policy

1. Identity and Contact Details of the Controller

2. Categories of Personal Data Collected

3. Purposes of Processing

We process your personal data for the following specific purposes:

4. Legal Basis for Processing

Under UAE PDPL and GDPR, we process your personal data based on the following lawful bases:

• Consent: For marketing communications, non-essential cookies (analytics/marketing), and newsletters. You may withdraw consent at any time.
• Contractual Necessity: To perform services you have requested, respond to inquiries, and manage our business relationship.
• Legal Obligation: To comply with applicable laws, regulatory requirements, and legal processes.
• Legitimate Interests: For website security, fraud prevention, and service improvement—where these do not override your fundamental rights.

5. Recipients and Sharing of Personal Data

We do not sell, trade, or rent your personal information. We may share your data with:

6. Cross-Border Transfers and Protection Measures

As an international consulting business, your personal data may be transferred to and processed in:

• Germany (EU) — our registered headquarters
• United Arab Emirates — our operational base
• Other countries where our service providers operate

Protection Measures: We ensure all cross-border transfers comply with UAE PDPL and GDPR through:

• Transfers to EU/EEA countries covered by GDPR adequacy
• Standard Contractual Clauses (SCCs) for other transfers
• Data processing agreements with all third-party processors
• Technical and organizational security measures

7. Your Rights

Under UAE PDPL and GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Client/project records: 7 years after project completion (legal/regulatory requirements)
• Contact form inquiries: 2 years from last interaction, unless a business relationship is established
• Marketing consent records: Duration of consent plus 3 years for proof of consent
• Website analytics data: 26 months (anonymized thereafter)
• Cookie consent records: 1 year from consent date

Data is deleted or anonymized when no longer required unless retention is mandated by law.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (TLS/SSL) and at rest where applicable
• Access controls limiting data access to authorized personnel only
• Regular security assessments and monitoring
• Staff training on data protection and confidentiality
• Secure data processing agreements with all third-party providers

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any breaches in accordance with legal requirements.

10. Consent and Withdrawal

Where processing is based on consent (marketing, analytics cookies), your consent is:

• Voluntary and not a condition for accessing our core services
• Given through clear affirmative actions (cookie banner selections, form checkboxes)
• Withdrawable at any time

How to Withdraw Consent:

• Cookie consent: Click "Cookie Settings" in the website footer to update preferences
• Marketing emails: Use the unsubscribe link in any email
• Other consent: Email us at contact@neuralarchitects.ae

Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We categorize these as:

• Necessary Cookies: Essential for website functionality (no consent required)
• Analytics Cookies: Help us understand usage patterns (consent required)
• Marketing Cookies: Enable personalized advertising (consent required)

You can manage cookie preferences through the cookie banner on first visit or via "Cookie Settings" in the footer at any time.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal data.

13. Complaints and Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

• UAE Data Office — the supervisory authority under UAE PDPL
• Your local EU/EEA supervisory authority — if you are in the EU/EEA
• Der Landesbeauftragte für den Datenschutz Baden-Württemberg — as our registered office is in Germany

We encourage you to contact us first at contact@neuralarchitects.ae so we can address your concerns directly.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes:

• We will update the "Last updated" date at the top of this page
• For significant changes affecting your rights, we may notify you directly via email

We encourage you to review this policy periodically.

15. Contact Us

For questions about this Privacy Policy, to exercise your rights, or for data protection inquiries: