Privacy Policy
1. Who We Are
Salvone Technology Solutions DMCC (“Salvone”, “we”, “us”) is the data controller for personal data processed through this website (salvone.com) and our related services.
| Detail | Information |
|---|---|
| Registered name | Salvone Technology Solutions DMCC |
| Registered address | JLT Cluster P, DMCC, Dubai, United Arab Emirates |
| privacy@salvone.com | |
| Jurisdictions | UAE (Federal), DMCC Free Zone, United Kingdom |
This policy covers processing governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the UAE Federal Decree-Law No. 45/2021 (Personal Data Protection Law, “PDPL”), and the DIFC Data Protection Law No. 5 of 2020 where applicable.
2. Data We Collect
2.1 Data you provide
- Contact information — name, email address, phone number, organisation, job title (via contact forms or email)
- Enquiry details — message content, service interests, project requirements
- Assessment responses — answers submitted through our compliance checker, readiness assessment, or ROI calculator tools
2.2 Data collected automatically
- Device and browser data — IP address, browser type and version, operating system, screen resolution, language preference
- Usage data — pages visited, scroll depth, time on page, referral source, click events (collected via Google Analytics 4)
- Cookies and similar technologies — see Section 9
2.3 Data we do not collect
We do not collect or process patient health records, protected health information (PHI), special category data, or biometric data through this website. Our consultancy services may involve access to client systems containing such data, which is governed by separate data processing agreements.
3. How We Use Your Data
| Purpose | Data used |
|---|---|
| Respond to enquiries and provide quotes | Contact information, enquiry details |
| Deliver interactive tool results (compliance checker, ROI calculator, readiness assessment) | Assessment responses (processed client-side only) |
| Improve website performance and content | Usage data, device data |
| Send service updates (only with consent) | Email address |
| Comply with legal obligations | As required by applicable law |
| Protect our legitimate business interests | Usage data, device data |
4. Lawful Basis for Processing
4.1 Under UK GDPR (Article 6)
- Consent (Art. 6(1)(a)) — marketing communications, non-essential cookies
- Contractual necessity (Art. 6(1)(b)) — responding to your enquiry, delivering requested services
- Legitimate interests (Art. 6(1)(f)) — website analytics, security monitoring, service improvement. Our legitimate interest is improving our services and understanding how visitors use our site. We have balanced this against your rights and consider the impact to be minimal given the non-sensitive nature of the data.
- Legal obligation (Art. 6(1)(c)) — compliance with applicable tax, anti-money laundering, and regulatory requirements
4.2 Under UAE PDPL (Article 5)
- Consent (Art. 5) — primary basis; obtained through clear affirmative action (contact form submission, cookie acceptance)
- Contractual necessity (Art. 4(2)) — processing required to perform or prepare a contract at your request
- Legal obligation (Art. 4(3)) — compliance with UAE federal law
5. Who We Share Data With
We do not sell your personal data. We share data only with the following categories of recipients, under appropriate safeguards:
| Recipient | Purpose | Safeguard |
|---|---|---|
| EmailJS | Contact form delivery | Data processing terms |
| Google Analytics (GA4) | Website analytics | Standard contractual clauses, IP anonymisation |
| AI service providers (OpenAI, Anthropic, Google, OpenRouter) | AI assistant feature (user-initiated only) | No personal data transmitted; conversation context only |
| Professional advisers | Legal, accounting, audit | Professional duty of confidentiality |
| Law enforcement or regulators | When required by law | Legal obligation |
6. International Data Transfers
Salvone operates across the UAE and the UK. Your data may be transferred between these jurisdictions and to third-party service providers located outside these territories.
6.1 UK to non-UK transfers
Where we transfer personal data outside the UK, we rely on one of the following safeguards in accordance with UK GDPR Articles 44–49:
- UK adequacy regulations recognising the destination country
- UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses
- Binding corporate rules approved by the ICO
6.2 UAE cross-border transfers
Transfers of personal data outside the UAE are conducted in compliance with Articles 22–23 of the UAE PDPL, ensuring the recipient jurisdiction provides an adequate level of protection or that appropriate safeguards (such as standard contractual clauses or binding corporate rules) are in place.
7. Data Retention
| Data category | Retention period |
|---|---|
| Contact form submissions | 24 months from last interaction, then deleted |
| Website analytics data | 14 months (GA4 default), then automatically deleted |
| Interactive tool responses | Session only (client-side processing, not stored on our servers) |
| Contractual and financial records | 7 years (UAE Commercial Transactions Law; UK HMRC requirements) |
| Cookie consent records | 12 months, then consent re-requested |
We review retention schedules annually. Data is securely deleted or anonymised when no longer needed for its stated purpose, in accordance with UK GDPR Article 5(1)(e) and UAE PDPL Article 5(1)(d).
8. Your Rights
8.1 Under UK GDPR
If you are in the UK or your data is processed under UK GDPR, you have the following rights:
- Access (Art. 15) — obtain a copy of your personal data and information about how it is processed
- Rectification (Art. 16) — correct inaccurate or incomplete data
- Erasure (Art. 17) — request deletion of your data (“right to be forgotten”)
- Restriction (Art. 18) — limit how we process your data in certain circumstances
- Portability (Art. 20) — receive your data in a structured, machine-readable format
- Object (Art. 21) — object to processing based on legitimate interests or direct marketing
- Automated decisions (Art. 22) — not be subject to decisions based solely on automated processing that significantly affect you
- Withdraw consent (Art. 7(3)) — withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
8.2 Under UAE PDPL
If you are in the UAE or your data is processed under the UAE PDPL, you have the following rights:
- Information (Art. 13) — be informed about how your data is processed before processing begins
- Access (Art. 14) — access your personal data held by us
- Rectification and erasure (Art. 15) — correct or delete your personal data
- Restriction (Art. 16) — restrict the processing of your data
- Stop processing (Art. 17) — request that we stop processing your data
- Object to automated decisions (Art. 18) — not be subject to decisions based solely on automated processing
- Portability (Art. 19) — receive your data in a commonly used electronic format
To exercise any of these rights, contact us at privacy@salvone.com. We will respond within 30 days (UK GDPR) or the timeframe prescribed by the UAE Data Office. We may ask you to verify your identity before acting on your request.
9. Cookies & Tracking Technologies
This section satisfies our obligations under the UK Privacy and Electronic Communications Regulations 2003 (PECR, Regulation 6) and the general consent principles of the UAE PDPL.
9.1 Essential cookies
These are strictly necessary for the website to function and do not require consent:
- Theme preference — stores your light/dark mode selection (localStorage)
- Service worker cache — enables offline functionality (salvone-v1)
9.2 Analytics cookies
We use Google Analytics 4 (GA4) to understand how visitors use our site. GA4 cookies are set only after you provide consent. Data collected includes page views, scroll depth, click events, and session duration. IP addresses are anonymised.
_ga— distinguishes users (expires: 2 years)_ga_*— maintains session state (expires: 2 years)
9.3 Managing cookies
You can withdraw consent or manage cookies at any time through your browser settings. Disabling cookies will not affect essential site functionality but may limit analytics and personalisation features.
10. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, as required by UK GDPR Article 32 and UAE PDPL Article 7. These include:
- HTTPS encryption (TLS 1.3) for all data in transit
- Access controls and authentication for internal systems
- Regular security reviews and vulnerability assessments
- Supplier due diligence and data processing agreements
- Staff data protection awareness training
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours (UK GDPR Art. 33) or as required by UAE PDPL Article 9, and will inform affected individuals where required.
11. Children’s Data
This website and our services are not directed at children under 13 (UK) or minors as defined under UAE law. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@salvone.com and we will delete the data promptly.
12. Complaints
If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority:
| Jurisdiction | Authority | Contact |
|---|---|---|
| United Kingdom | Information Commissioner’s Office (ICO) | ico.org.uk · Tel: 0303 123 1113 |
| UAE (Federal) | UAE Data Office | Established under UAE PDPL Art. 29 |
| DIFC | Commissioner of Data Protection | difc.ae |
We encourage you to contact us first at privacy@salvone.com so we can try to resolve your concern directly.
13. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where required by law, notify you by email or prominent website notice.
We recommend reviewing this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy, except where further consent is required by law.
14. Contact Us
For any questions about this privacy policy or to exercise your data protection rights:
- Email: privacy@salvone.com
- Post: Data Protection, Salvone Technology Solutions DMCC, JLT Cluster P, DMCC, Dubai, UAE