Privacy Policy

Effective starting: June 2, 2025

1. Our data protection obligations

We are committed to protecting your personal data and respecting your privacy rights. Exec X AI Ltd ("Exec X AI"), a company registered in the Dubai International Financial Centre with company number 10474, acts as the data controller for the personal data we process about you.As a data controller, we are obliged to comply with applicable data protection laws, including the Dubai International Financial Centre's Data Protection Law No. 5 of 2020.

This privacy policy explains how we collect, use, store, and protect your personal data when you interact with our services, apply for employment with us, or engage with us as a client or business partner. We are committed to processing your personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

Exec X AI acts as a Data Controller when it collect your email address and name in response to emails you send to hello@exec-x.ai.

2. Who we are and how to contact us

Data Controller: Exec X AI Ltd
Company Registration Number: 10474
Registered Address: Unit IH-00-VZ-01-FL-244, Level 1, Innovation Hub, Dubai International Financial Centre
Email: hello@exec-x.ai

3. Data protection officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance and to act as a point of contact for data protection matters.

Data Protection Officer: Khaled Shivji
Email: hello@exec-x.ai

You can contact our DPO if you have any questions about our data protection practices, wish to exercise your data protection rights, or have concerns about how we handle your personal data.

4. Information we collect and how we use it

We collect and process various types of personal data depending on your relationship with us. The categories of personal data we may collect include:

4.1 Recruitment and employment data
When you apply for a position with Exec X AI, or during the course of your employment, we may collect and process the following personal data:

- Contact Details: including your name, address, telephone number, and personal email address
- Date of birth: for identity verification and right to work confirmation
- Identification documents: a copy of the photo page from your passport(s), driving licences, other photo identification
- Employment history: including job applications, employment references, and details of secondary employment
- Education history: including qualifications, certificates, and academic records
- Right to work information: documentation demonstrating your legal right to work in the relevant jurisdiction
- Criminal conviction data: details of any criminal convictions where legally permitted and relevant to the role, including Disclosure and Barring Service (DBS), Access NI, or Disclosure Scotland checks

We use this information for the following purposes:
- To assess your suitability for employment
- To verify your identity and right to work
- To conduct pre-employment screening and background checks where legally permitted
- To maintain employment records and fulfill our legal obligations as an employer
- To communicate with you throughout the recruitment process
- To comply with health and safety requirements
- To administer payroll, benefits, and other employment-related matters

4.2 Client and Business Partner Data

When you engage with us as a client or business partner, we may collect and process:

- Contact information: including names, job titles, business addresses, telephone numbers, and business email addresses
- Professional information: including company details, role descriptions, and areas of expertise
- Communication records: including correspondence, meeting notes, and call records
- Financial information: including billing details, payment information, and transaction records
- Project information: including details of services provided, project outcomes, and performance metrics

We use this information for:
- Providing our consulting and advisory services
- Managing client relationships and communications
- Processing payments and maintaining financial records
- Improving our services and developing new offerings
- Complying with legal and regulatory requirements
- Marketing our services (where you have consented or we have a legitimate interest)

4.3. Website and Digital Communications Data

When you visit our website or interact with our digital communications, we may collect:

- Technical information: including IP addresses, browser types, device information, and operating systems
- Usage data: including pages visited, time spent on our website, and navigation patterns
- Communication preferences: including newsletter subscriptions and marketing preferences
- Cookies and similar technologies: as described in our cookies policy

We use this information to:
- Provide and improve our website functionality
- Analyse website usage and performance
- Deliver relevant content and communications
- Ensure website security and prevent fraud
- Comply with legal obligations

4.4. Marketing and Communications Data

With your consent or where we have a legitimate interest, we may collect and process:

- Contact preferences: including communication channels and frequency preferences
- Marketing data: including responses to marketing campaigns and engagement metrics
- Event participation: including attendance at webinars, conferences, and other events
- Professional interests: including areas of expertise and industry focus

We use this information to:
- Send you relevant marketing communications and updates
- Invite you to events and webinars
- Provide you with industry insights and thought leadership content
- Improve our marketing effectiveness and customer experience

5. Legal basis for processing your data

5.1 Consent

We rely on your consent for:
- Marketing communications and newsletters
- Non-essential cookies and tracking technologies
- Certain types of data sharing with third parties
- Processing special category data where required

Where we rely on consent, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

5.2 Contract

We process your personal data where it is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes:
- Processing employment contracts and related obligations
- Delivering consulting and advisory services to clients
- Managing client relationships and service delivery
- Processing payments and maintaining financial records

5.3. Legal Obligation

We process your personal data where we have a legal obligation to do so, including:
- Compliance with employment law requirements
- Tax and accounting obligations
- Anti-money laundering, anti-terrorist financing and know your customer requirements
- Health and safety obligations
- Regulatory reporting requirements

5.4. Legitimate Interests

We may process your personal data where it is necessary for our legitimate interests or those of a third party, provided your fundamental rights and freedoms do not override those interests. Our legitimate interests include:
- Operating and improving our business
- Ensuring network and information security
- Preventing fraud and criminal activity
- Direct marketing to existing clients and prospects
- Maintaining business records and archives
- Defending legal claims and protecting our rights

5.5. Special Category Data

Where we process special category data (such as criminal conviction data for background checks), we rely on additional legal bases that comply with legislation, including:
- Explicit consent where required
- Employment law obligations
- Substantial public interest grounds
- Legal claims and judicial proceedings

6. How we share your personal data

We may share your personal data with the following categories of recipients:

6.1 Group Companies

We may share your personal data with companies wholly or partially owned by Exec X AI Ltd. This sharing enables us to:
- Provide integrated services across our group
- Share resources and expertise
- Maintain consistent data protection standards
- Deliver comprehensive solutions to our clients

All group companies are required to protect your personal data in accordance with this privacy policy and applicable data protection laws.

6.2 Employer of Record Services

If you have applied to work for Exec X AI, we may share your personal details with our employer of record (EOR) aggregated service.

7. International transfers of personal data

We may transfer your personal data to countries outside the Dubai International Financial Centre. When we do so, we ensure that appropriate safeguards are in place to protect your personal data.

7.1 Other International Transfers

Where we transfer personal data to other countries that do not have an adequacy decision, we implement appropriate safeguards, including:

- Standard contractual clauses approved by the relevant supervisory authorities
- Binding corporate rules where applicable
- Certification schemes and codes of conduct
- Specific derogations under data protection legislation where applicable

You can obtain copies of the safeguards we have in place for international transfers by contacting us using the details provided in this privacy policy.

8. How long we keep your personal data

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

8. How long we keep your personal data

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

8.1 General Retention Period

Unless otherwise specified, we will keep your personal data on file for one calendar year from the date of last interaction or the end of our relationship with you.

8.2 Specific Retention Periods

- Employment Records: We retain employment-related personal data for the duration of employment plus seven years after termination, or as required by applicable employment law
- Client Records: We retain client-related personal data for the duration of our engagement plus seven years after completion of services, or as required by applicable professional and regulatory obligations
- Financial Records: We retain financial and accounting records for seven years after the end of the relevant financial year, or as required by applicable tax and accounting laws
- Marketing Data: We retain marketing-related personal data until you withdraw consent or object to processing, or for three years from last interaction, whichever is earlier
- Legal Claims: We may retain personal data for longer periods where necessary to establish, exercise, or defend legal claims

8.3 Secure Disposal

When personal data is no longer required, we securely delete or destroy it in accordance with our data retention and disposal procedures. This includes both electronic and physical records to comply with applicable data protection laws, including the Dubai International Financial Centre's Data Protection Law No. 5 of 2020.

This privacy policy explains how we collect, use, store, and protect your personal data when you interact with our services, apply for employment with us, or engage with us as a client or business partner. We are committed to processing your personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

Exec X AI acts as a Data Controller when it collect your email address and name in response to emails you send to hello@exec-x.ai.

9. Your rights under data protection law


WYou have various rights in relation to your personal data under applicable data protection laws. These rights may vary depending on the legal basis for processing and the jurisdiction in which you are located.

9.1 Right of Access

You have the right to request access to the personal data we hold about you. This includes the right to obtain:

- Confirmation of whether we process your personal data
- A copy of your personal data
- Information about how we use your personal data
- Details of who we share your personal data with
- Information about international transfers
- Details of how long we keep your personal data

9.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. We will respond to such requests without undue delay and will notify any third parties to whom we have disclosed the data of any corrections made.

9.3. Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances, including:

- The personal data is no longer necessary for the original purpose
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The personal data has been unlawfully processed
- Deletion is required for compliance with a legal obligation

9.4. Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, including:

- You contest the accuracy of the personal data
- The processing is unlawful but you prefer restriction to deletion
- We no longer need the data but you require it for legal claims
- You have objected to processing pending verification of our legitimate grounds

9.5. Right to Object

You have the right to object to processing of your personal data in certain circumstances, including:

- Processing based on legitimate interests
- Direct marketing (including profiling for marketing purposes)
- Processing for scientific, historical, or statistical purposes

9.6. Right to Data Portability

Where we process your personal data based on consent or contract using automated means, you have the right to:

- Receive your personal data in a structured, commonly used, and machine-readable format
- Transmit your personal data to another controller without hindrance
- Have your personal data transmitted directly to another controller where technically feasible

9.7. Right to Withdraw Consent

Where we process your personal data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

9.8. Exercising Your Rights

To exercise any of these rights, please contact us using the details provided in this privacy policy. We will respond to your request without undue delay and in any event within one month of receipt. In complex cases, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

We may request additional information to verify your identity before responding to your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

10. Automated decision-making and profiling

We may use automated decision-making processes, including profiling, in certain circumstances. This involves making decisions about you using technology without human intervention.

If we do engage in such processing, we will provide you with meaningful information about the logic involved, the significance, and the envisaged consequences of such processing, and you will have the right to obtain human intervention, express your point of view, and contest the decision.

11. Criminal background checks

Where legally permitted and relevant to the role or engagement, we may use your personal data to conduct criminal background checks. This may include:

- Disclosure and Barring Service (DBS) checks in the United Kingdom
- Access NI checks in Northern Ireland
- Disclosure Scotland checks in Scotland
- Equivalent background checks in other jurisdictions where you may be employed

We will only conduct such checks where:

- It is legally permitted under applicable law
- It is necessary and proportionate for the role or engagement
- We have a lawful basis for processing the data
- You have been informed of the check and its scope

The results of background checks will be processed in accordance with applicable law and will only be used for the specific purposes for which they were obtained. We will retain such information only for as long as necessary and in accordance with our retention policy.


12. Cookies and similar technologies

What are cookies

Cookies are small text files placed on your device when you visit a website. They help websites function efficiently and provide information about how users interact with the site. Cookies allow our website to recognise your device and remember information about your preferences or past actions.

How we use cookies

We use cookies for several purposes:
- Essential cookies are necessary for basic website functionality and cannot be disabled. These include cookies that enable secure areas, form submission, and basic navigation features. These cookies do not require your consent as they are essential for services you have requested.

- Performance cookies collect information about how you use our website, such as which pages you visit and how long you spend on each page. This helps us understand user behaviour and improve our website. All information is aggregated and anonymised.

- Functionality cookies remember your preferences and settings to provide a personalised experience when you return to our website. These may include language preferences, display settings, and other customisation options.

- Marketing cookies deliver relevant content based on your interests and browsing behaviour. These cookies require your explicit consent and help us understand which services and content are most relevant to different users.

Types of cookies we use

By duration:
•Session cookies are temporary and deleted when you close your browser
•Persistent cookies remain on your device for a specified period or until manually deleted

By origin:
•First-party cookies are set directly by our website
•Third-party cookies are set by external services we use, such as analytics providersManaging your cookie preferences
You can control cookies through your browser settings. Most browsers allow you to:
•View cookies stored on your device
•Delete existing cookies
•Block cookies from specific websites
•Set preferences for accepting cookies

Please note that disabling certain cookies may affect website functionality and your user experience.

Third-party services

We may use third-party services such as Google Analytics to collect website usage information. These services have their own privacy policies and cookie practices. We ensure appropriate data processing agreements are in place with all third-party providers.

Your rights

You have the right to:
•Withdraw consent for non-essential cookies at any time
•Access information about cookies we use
•Request deletion of cookie data where technically feasible
•Lodge complaints about our cookie practices

13. Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you by:
‍
- Posting the updated policy on our website with a new effective date
- Sending you an email notification if you have provided us with your email address
- Providing notice through our services or other appropriate means

We encourage you to review this privacy policy periodically to stay informed about how we protect your personal data. Your continued use of our services after any changes to this privacy policy will constitute your acceptance of such changes.

14. How to contact us and how to file complaints

If you have any questions, concerns, or complaints about this privacy policy or our data protection practices, please contact us using the following details:
Email: hello@exec-x.ai
Data Protection Officer: Khaled Shivji
DPO Email: hello@exec-x.ai

We take all privacy concerns seriously and will investigate any complaints promptly and thoroughly. We aim to respond to all enquiries within one month of receipt.

14.1 Right to Complain to Supervisory Authorities

If you are not satisfied with our response to your complaint or believe that we are processing your personal data in a way that is not lawful, you have the right to lodge a complaint with the relevant supervisory authority. The supervisory authority you can complain to may depend on where you live, where you work, or where you believe the infringement took place.

For complaints in the DIFC: DIFC Commissioner of Data Protection, Dubai International Financial Centre Authority, Level 14, The Gate Building | Telephone: +971 4 362 2222 | Email: commissioner@dp.difc.ae