Effective: 1 May 2026 Last Updated: 18 May 2026 Version: 2.0
Table of Contents
- About This Policy
- Information We Collect
- How We Use Your Information
- Legal Bases for Processing
- AI Systems and Your Data
- Sharing Your Information
- International Transfers
- Cookies and Tracking
- Data Security
- Data Retention
- Your Rights
- Specific Regional Rights
- Children's Privacy
- Automated Decision-Making
- Third-Party Links
- Changes to This Policy
- Contact Us
- Complaints
01.About This Policy
Veritonix ("we", "us", "our", or "the Firm") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how Veritonix collects, uses, discloses, retains and protects personal information about visitors to our website, prospective clients, clients, and individuals who otherwise interact with us in the course of our business.
This Policy applies to:
- The website at veritonixsoftware.com and its sub-pages
- Communications with Veritonix through email, our inquiry form, or other channels
- Engagement-related processing where Veritonix acts as a data controller in respect of contact and relationship data
This Policy does not govern processing activities performed by Veritonix as a data processor on behalf of clients under specific engagement agreements; those activities are governed by the Data Processing Agreement (DPA) and other terms within the relevant engagement contract.
02.Information We Collect
Information you provide directly
- Contact information (name, email address, company name, telephone number, job title)
- The content of communications you send us (including the inquiry form, email correspondence, and similar)
- Information you provide during client engagement processes (contractual contacts, project stakeholders, billing contacts)
Information collected automatically
- IP address
- Browser type, language, and device information
- Pages visited, time spent on pages, and referring URLs
- Cookie and similar tracking-technology data (see our Cookie Policy)
Information from third parties
We do not routinely collect personal information about you from third parties. Where this occurs (for example, where a client provides contact details for additional stakeholders, or where information is obtained through publicly available business directories), we will identify the source on request.
03.How We Use Your Information
We use personal information for the following purposes:
- To respond to inquiries you submit through the website, by email, or through other channels
- To provide and administer services under engagement agreements with our clients
- To communicate with you about your engagement, including project status, scheduling, deliverables, and invoicing
- To operate, maintain, secure, and improve our website
- To comply with legal, regulatory, and contractual obligations
- To detect, investigate, and prevent fraud, abuse, or unauthorized access
- To establish, exercise, or defend legal claims
- For any other purpose disclosed at the time of collection or with your consent
04.Legal Bases for Processing
Where we are subject to data protection laws that require a legal basis for processing — including the EU General Data Protection Regulation, the UK General Data Protection Regulation, the UAE Federal Decree-Law No. 45 of 2021 concerning the Protection of Personal Data, and the DIFC Data Protection Law No. 5 of 2020 — we rely on the following bases:
- Consent — where you have given us specific consent to process your personal information for a particular purpose
- Performance of a contract — where processing is necessary to perform a contract with you or your employer, or to take steps at your request prior to entering into such a contract
- Legitimate interests — where processing is necessary for our legitimate interests, except where such interests are overridden by your rights and freedoms (for example, responding to inquiries, maintaining website security, or conducting client relationship management)
- Legal obligation — where processing is necessary to comply with a legal obligation to which we are subject
- Establishment, exercise, or defense of legal claims
You may obtain further information about our specific legal bases by contacting us at the address below.
05.AI Systems and Your Data
Veritonix is an AI engineering firm. We consider it essential to be explicit about how AI systems intersect with your personal information:
- We do not train models on website visitor data. Personal information collected through this website is not used as training, fine-tuning, or evaluation data for any AI model maintained by Veritonix.
- We do not pool data across clients. Where Veritonix processes personal information on behalf of a client as a data processor (under an engagement agreement), that information is segregated to the client's engagement and is not used for any other purpose, including for the development or improvement of services for other clients.
- AI processing in client engagements is governed by the engagement agreement. Any AI processing that involves your personal information in the course of a client engagement is governed by the relevant Data Processing Agreement, which specifies the purpose, scope, duration, security measures, and post-engagement disposition applicable to that processing.
- We do not engage in automated decision-making about visitors to this website. We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on you based on processing of your personal information by this website.
06.Sharing Your Information
We may share personal information in the following circumstances:
- With service providers — including hosting providers, email infrastructure providers, analytics providers (where consented), and similar third parties that process information on our behalf under written agreements requiring confidentiality and data protection
- In connection with legal obligations — where disclosure is required by law, court order, regulatory authority, or other legitimate legal request
- In connection with the exercise or defense of legal claims
- In connection with corporate transactions — including any merger, acquisition, asset sale, or reorganization
- With your consent — for any other purpose disclosed to you at the time of collection
We do not sell personal information to third parties, and we do not engage in advertising-based business models that depend on data sharing.
07.International Transfers
Veritonix is headquartered in the United Arab Emirates and operates internationally. Personal information that we collect may be transferred to, stored in, and processed in jurisdictions outside the country in which it was originally collected, including the UAE, the European Union, the United Kingdom, and other markets where we operate.
Where we transfer personal information across borders, we implement appropriate safeguards consistent with applicable data protection laws, including:
- Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office
- Reliance on adequacy decisions where they have been issued
- Compliance with the cross-border data transfer provisions of UAE Federal Decree-Law No. 45 of 2021
- Other lawful transfer mechanisms permitted under applicable law
You may request information about the specific safeguards applied to transfers of your personal information by contacting us.
08.Cookies and Tracking Technologies
We use cookies and similar technologies on this website to provide essential functionality and, with your consent, to enable analytics, personalisation, and other features. For full detail — including a description of categories of cookies, your choices, and how to manage your preferences — please refer to our Cookie Policy.
09.Data Security
We maintain technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using current Transport Layer Security standards
- Access controls limiting personal information to authorized personnel on a need-to-know basis
- Regular review of security practices and infrastructure
- Documented incident response procedures
- Confidentiality obligations applicable to all personnel and contractors
No system can guarantee complete security. We commit to notify affected individuals and relevant authorities of any personal information breach in accordance with applicable law.
10.Data Retention
We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Specifically:
- Inquiry information is retained for the period reasonably necessary to respond to the inquiry, plus an additional period for record-keeping not normally exceeding 24 months from the date of last meaningful contact.
- Client engagement information is retained for the duration of the engagement and for an additional period as required by applicable law and as specified in the engagement agreement (typically six to ten years from engagement conclusion, depending on jurisdiction and engagement type).
- Website analytics information is retained for the period specified in our Cookie Policy.
- Information processed under a client Data Processing Agreement is retained in accordance with that agreement, and not beyond.
On expiry of the applicable retention period, personal information is securely deleted or anonymised.
11.Your Rights
Subject to applicable law, you may have the following rights in respect of your personal information:
- Access — to obtain confirmation of whether we process personal information about you, and to receive a copy of that information
- Correction — to request the correction of inaccurate or incomplete personal information
- Deletion — to request the deletion of personal information, subject to limitations under applicable law
- Restriction — to request the restriction of processing in certain circumstances
- Portability — to receive personal information in a structured, commonly used, machine-readable format, and to transmit it to another controller where technically feasible
- Objection — to object to processing based on legitimate interests, including for direct marketing purposes
- Withdraw consent — where processing is based on consent, you may withdraw that consent at any time
- Lodge a complaint with a competent supervisory authority
To exercise these rights, please contact us at the address below. We will respond within the timeframes required by applicable law (typically one month, with extensions permitted in complex cases).
12.Specific Regional Rights
United Arab Emirates (Federal Decree-Law No. 45 of 2021)
Data subjects in the UAE have rights of access, correction, deletion, restriction of processing, objection to automated decision-making, and the right to lodge complaints with the UAE Data Office.
European Union and United Kingdom (GDPR and UK GDPR)
Data subjects in the EU and UK have the rights described above. You may lodge complaints with your local supervisory authority. For Veritonix, absent EU establishment, the lead supervisory authority is the relevant national authority where the complainant resides.
DIFC (Data Protection Law No. 5 of 2020)
Where personal information is processed in the context of DIFC-based engagements, data subjects have additional rights under the DIFC Data Protection Law, including rights against automated decision-making and the right to lodge complaints with the DIFC Commissioner of Data Protection.
13.Children's Privacy
This website is not directed at children. Veritonix does not knowingly collect personal information from individuals under the age of eighteen. Where applicable law specifies a lower age threshold (for example, sixteen in the European Union), we apply the higher of the two as a matter of policy.
If you become aware that personal information of a minor has been provided to us, please contact us so we may delete it.
14.Automated Decision-Making
Veritonix does not engage in automated decision-making (including profiling) that produces legal or similarly significant effects on you based on processing of your personal information through this website.
In the course of client engagements, Veritonix may design or implement AI systems that perform automated processing for our clients. Such processing is performed under the data controller responsibilities of the client and is governed by the relevant engagement agreement and Data Processing Agreement.
15.Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party websites you visit.
16.Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this Policy. Where changes are material, we will provide additional notice by appropriate means.
Your continued use of our website after any change to this Policy constitutes your acceptance of the revised Policy.
17.Contact Us
Questions, comments, or requests about this Privacy Policy may be directed to:
Veritonix — Privacy
Meydan Grandstand, 6th Floor
Meydan Road, Nad AlSheba
Dubai, United Arab Emirates
Email: [email protected]
18.Complaints
You have the right to complain to a competent supervisory authority. The relevant authorities include:
- UAE Data Office — for matters arising under UAE Federal Decree-Law No. 45 of 2021
- DIFC Commissioner of Data Protection — for matters arising under DIFC Data Protection Law No. 5 of 2020
- Your local EU supervisory authority — for matters arising under the GDPR
- UK Information Commissioner's Office (ICO) — for matters arising under the UK GDPR and Data Protection Act 2018
We encourage you to contact us first so that we may address your concerns directly before escalation.