Legal

Privacy & Cookie Policy

Last updated: April 2026 · Effective immediately

This policy applies to users from the European Union (GDPR), United Arab Emirates (PDPL — Federal Decree Law No. 45 of 2021), and all other jurisdictions. We are committed to full compliance with applicable data protection laws.

🇪🇺

European Union

GDPR — Regulation (EU) 2016/679

🇦🇪

United Arab Emirates

PDPL — Federal Decree Law No. 45/2021

🇱🇻

Baltic / EU

Baltic IT Club · Registration 40008252040

🌐

Global

Standard contractual clauses for data transfers

1. Who We Are

Data Controller:
Baltic IT Club · Registration No. 40008252040
Middle East Partner: Atelier 3D LLC · Dubai, UAE

Website: aistaffed.io
Contact: privacy@aistaffed.io
WhatsApp: +971 58 547 2595

2. What Data We Collect

2.1 Data You Provide Voluntarily

Information you share through our AI chatbot on the website
Your WhatsApp number when you initiate contact via our WhatsApp button
Business information you provide during consultations (company name, industry, needs)
Email address if you contact us directly

2.2 Data Collected Automatically

IP address and approximate location (country/city level)
Browser type and version
Pages visited and time spent on site
Referring URL (how you found us)
Device type (mobile/desktop)

2.3 Data We Do NOT Collect

We do not collect payment card data (payments processed by third-party providers)
We do not collect special category data (health, religion, political views)
We do not build advertising profiles
We do not sell your data to third parties

3. Legal Basis for Processing

Under GDPR Article 6 and UAE PDPL, we process your data based on:

Consent — when you interact with our chatbot or accept cookies
Legitimate interests — website analytics to improve our services
Contract performance — when we provide AI automation services to you
Legal obligation — when required by applicable law

4. Cookie Policy

We use cookies and similar technologies to operate and improve our website.

4.1 Essential Cookies

Required for the website to function. Cannot be disabled.

session — maintains your session state · Duration: session
cookie_consent — stores your cookie preferences · Duration: 1 year

4.2 Analytics Cookies (with consent)

Help us understand how visitors use our site. We use privacy-friendly analytics only.

_ga, _gid — Google Analytics (anonymised IP) · Duration: up to 2 years

4.3 Functional Cookies (with consent)

chat_state — remembers your chatbot progress · Duration: 7 days
lang_pref — remembers your language preference · Duration: 1 year

4.4 Third-Party Services

WhatsApp (Meta) — when you click our WhatsApp buttons, Meta's privacy policy applies
Google Fonts — typography loaded from Google servers

You can withdraw consent for non-essential cookies at any time by clicking "Cookie Settings" in our banner or by clearing your browser cookies. This will not affect the lawfulness of processing based on consent before withdrawal.

5. How We Use Your Data

To respond to your enquiries and provide our AI automation services
To communicate with you about your project via WhatsApp or email
To improve our website and services based on analytics
To comply with legal obligations
To send service-related communications (never marketing without consent)

6. Data Retention

Enquiry data — retained for 3 years from last contact
Client project data — retained for 7 years (legal/tax requirements)
Analytics data — retained for 26 months (Google Analytics default)
Cookie preferences — retained for 1 year
Data is deleted upon verified request or after retention period, whichever comes first

7. Your Rights

Under GDPR (EU users)

Right of access — request a copy of your personal data
Right to rectification — correct inaccurate data
Right to erasure — "right to be forgotten"
Right to restriction — limit how we process your data
Right to portability — receive your data in machine-readable format
Right to object — object to processing based on legitimate interests
Right to lodge a complaint — with your local supervisory authority

Under UAE PDPL (UAE users)

Right to access your personal data
Right to correct inaccurate data
Right to request deletion of data
Right to withdraw consent at any time
Right to be informed about data processing

To exercise any of these rights, contact us at privacy@aistaffed.io or via WhatsApp. We will respond within 30 days (GDPR) or 5 business days (PDPL).

8. International Data Transfers

Our services operate from the EU (Baltic IT Club) with a Middle East presence (Atelier 3D LLC, Dubai). Data may be processed in:

European Union — covered by GDPR
United Arab Emirates — covered by UAE PDPL
Other countries — via standard contractual clauses (SCCs) approved by the European Commission

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data including:

HTTPS encryption for all data in transit (TLS 1.3)
Access controls limiting who can access personal data
Regular security reviews of our systems
Incident response procedures for data breaches

10. Changes to This Policy

We may update this policy periodically. Material changes will be announced on our website with a new "Last updated" date. Continued use of our site after changes constitutes acceptance of the updated policy.

11. Contact & Complaints

Data Protection enquiries:
Email: privacy@aistaffed.io
WhatsApp: +971 58 547 2595

EU Supervisory Authority:
If you are in the EU and believe we have not addressed your concern satisfactorily, you have the right to lodge a complaint with your local Data Protection Authority.

UAE — UAE Data Office:
tdra.gov.ae