Privacy Notice

Welcome to Advix!

We’re committed to protecting your privacy and handling your data transparently. This document explains how we collect, use, and safeguard your information when you work with us or visit our website.

Advix offers consulting services and is located at Dubai Silicon Oasis, DDP, Building A1 United Arab Emirates. If you have any questions about our privacy practices or this policy, please contact us at dpo@advix.com.

2. Information We Collect

We collect information to provide better services to all our clients. Here’s what we collect: Personal Information: Your name, contact details, and any other info you provide when you sign up for our services or communicate with us. Usage Data: Information on how you interact with our website, which helps us improve our services. Cookies: Small files placed on your device that allow us to remember your preferences. You can manage these through your browser settings.

3. Sensitive personal data

In certain circumstances, we may collect and process sensitive personal data, such as information related to an individual's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning an individual's sex life or sexual orientation.

We only collect and process sensitive personal data when: You have given your explicit consent for us to do so, which can be withdrawn at any time. It is necessary for the establishment, exercise, or defence of legal claims. It is necessary for the purposes of carrying out obligations and exercising specific rights under UAE labour laws. It is necessary for reasons of substantial public interest, based on UAE law. When we handle sensitive personal data, we implement additional technical and organisational measures to ensure a higher level of data protection and security. These measures may include: Restricting access to sensitive data on a need-to-know basis. Providing regular privacy and data protection training to employees handling sensitive data. Conducting Data Protection Impact Assessments (DPIAs) to identify and mitigate risks associated with sensitive data processing. Implementing strong encryption and pseudonymization techniques for sensitive data. Maintaining detailed records of all sensitive data processing activities. If you have any questions or concerns about how we handle sensitive personal data, please contact our Data Protection Officer at dpo@advix.com.

4. How We Use Your Data

Your data helps us: Provide, operate, and maintain our services Improve, personalise, and expand our services Understand and analyse how you use our services Develop new products, services, and features Communicate with you, either directly or through one of our partners, for customer service, updates, and other information related to our services, and for marketing purposes Send you emails Detect and prevent fraud

We do not sell your data. We may share information with third parties in the following situations: Service Providers: Companies that help us with our business activities, such as hosting services or customer service, under strict confidentiality agreements. Legal Requirements: If required by law or if we believe it’s necessary to protect our legal rights, interests, and the interests of others.

6. International Data Transfers

We may transfer your personal data to service providers, partners, or other third parties located outside of the United Arab Emirates for the purposes described in this Privacy Policy. When we transfer your personal data to recipients in other countries, we take appropriate measures to ensure that your personal data is adequately protected, regardless of the country to which it is transferred.

For transfers to countries that are not considered to provide an adequate level of data protection by the UAE's Data Protection Law, we rely on appropriate safeguards, such as: Standard Contractual Clauses (SCCs): We enter into data transfer agreements with third parties that incorporate the Standard Contractual Clauses approved by the UAE's data protection authority, which impose strict data protection obligations on the recipients of your personal data. Binding Corporate Rules (BCRs): If we transfer personal data within our group of companies, we rely on our approved Binding Corporate Rules, which ensure that all companies within our group maintain an adequate level of data protection. Other Legal Mechanisms: We may also rely on other legal mechanisms and safeguards, such as the recipient's adherence to an approved code of conduct or certification mechanism, or specific derogations provided for in the UAE's Data Protection Law. If you have any questions or concerns about the international transfer of your personal data, please contact our Data Protection Officer at dpo@advix.com.

## 7. Data Retention

We retain your personal information only for as long as necessary to provide you with our services and as described in this policy but no longer than 5 years for specific cases to comply with local laws such as UAE's Data Protection Law. We adhere to legal requirements and resolve disputes regarding that information.

8. Security of Your Data

We strive to protect your personal information but remind you that no method of transmission over the Internet or method of electronic storage is 100% secure.

9. Your Rights

Under the GDPR, MiCA and UAE's Data Protection Law, you have the right to access, update, or delete your personal information. You also have the right to restrict and object to certain processing of your data. If you wish to exercise any of these rights, please contact us.

10. Data Protection Officer

Advix has appointed a Data Protection Officer to oversee and ensure compliance with data protection laws and regulations, as well as our internal policies and procedures related to the protection of personal data. The Data Protection Officer's responsibilities include: Monitoring Advix's compliance with data protection laws, regulations, and internal policies, including conducting regular audits and assessments. Advising Advix and its employees on data protection obligations and best practices. Serving as the primary point of contact for data protection authorities and individuals (data subjects) regarding all issues related to the processing of personal data. Providing guidance and training to Advix employees on data protection policies, procedures, and requirements. Conducting Data Protection Impact Assessments (DPIAs) for high-risk data processing activities and providing recommendations to mitigate identified risks. Maintaining records of data processing activities and ensuring accountability for data protection practices. Investigating and responding to data protection incidents, such as potential data breaches or unauthorised access to personal data. You can contact our Data Protection Officer at dpo@advix.com with any questions, concerns, or requests related to the processing of your personal data or the exercise of your data protection rights.

11. Privacy by Design and Default

At Advix, we are committed to implementing appropriate technical and organisational measures to protect personal data and ensure compliance with data protection principles from the very beginning of our product and service development processes. We follow the principles of Privacy by Design and Privacy by Default.

Privacy by Design means that we consider data protection requirements and safeguards at every stage of the development life cycle, from the initial design phase to the final implementation and deployment. This includes: Conducting thorough Data Protection Impact Assessments (DPIAs) to identify and mitigate potential privacy risks. Implementing data minimization techniques to limit the collection and processing of personal data to what is strictly necessary. Incorporating privacy-enhancing technologies, such as encryption, anonymization, and pseudonymization, into our products and services. Designing systems and processes with privacy and security in mind, rather than treating them as an afterthought. Privacy by Default means that our products and services are configured to be as privacy-friendly as possible by default, without requiring individuals to take additional steps to protect their privacy. This includes: Setting privacy-friendly default settings for data collection, sharing, and retention. Limiting access to personal data on a need-to-know basis and enforcing strict access controls. Ensuring that personal data is only processed for specific, legitimate purposes and not further processed in a manner incompatible with those purposes. Providing clear and transparent information about our data processing activities, empowering individuals to make informed choices about their privacy. Our commitment to Privacy by Design and Default is an integral part of our overall data protection strategy and reflects our dedication to respecting individuals' privacy rights and upholding data protection principles throughout our operations.

12. Data Breach Notification

In the unlikely event of a data breach involving your personal information, we have procedures in place to promptly notify you and any applicable supervisory authorities as required by law. Our Data Breach Response Plan includes: Rapid identification and containment of the breach Risk assessment to evaluate the potential impact on individuals Prompt notification to affected individuals and authorities when legally required Implementation of additional security measures to prevent future breaches Should a breach occur, we will provide you with clear information about the nature of the breach, the types of data involved, and any steps you can take to protect yourself. We take data breaches seriously and will notify you without undue delay.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page.

14. Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at dpo@advix.com .