Privacy & Cookie Policy

Registered address:

Empowrd AI
Building A1, Dubai Digital Park
Dubai Silicon Oasis
Dubai, United Arab Emirates

2.1 Information you provide to us directly

We may collect the following when you contact us, submit an enquiry, purchase a service or engage with us professionally:

• Identity and contact data: name, email address, phone number
• Business information: company name, job title, sector
• Transaction data: payment and billing information where applicable
• Communication data: any personal information included in messages, forms, emails or other correspondence you send us

2.2 Information we collect automatically when you use our website

• Technical data: IP address, browser type and version, operating system, device type
• Usage data: pages visited, time spent on the site, links clicked, referring website
• Cookie and tracking data: see Section 7 for full details

2.3 Information we receive from third parties

We may receive information about you from social media platforms, analytics providers, marketing platforms, referral partners or other integrated service providers, where you have given appropriate permission or where the transfer is otherwise lawful.

We do not collect special category data, such as health, ethnicity, religion or political opinions, unless you provide it voluntarily in connection with a specific service and we have a clear lawful basis for processing it.

Our core commitment

We do not make final decisions about individuals solely through automated means where those decisions may have legal, employment, financial, reputational or similarly significant effects, without appropriate human review and accountability. This applies regardless of which legal framework governs the processing.

Where AI contributes to a decision that may affect you:

• You will be informed that AI has been used where this is material
• A qualified human reviews the output before any significant decision is finalised
• You may request an explanation of how AI contributed to an outcome
• You may request human review of any AI-assisted decision
• You may contest an outcome where AI has materially influenced it

Under UK law, UK GDPR as amended by the DUAA, effective 5 February 2026

The Data (Use and Access) Act 2025 replaced Article 22 UK GDPR with new Articles 22A to 22D. Under the current UK framework, the prohibition on solely automated decision-making is specifically engaged where significant decisions are based entirely or partly on special category data, such as health information, ethnicity, religion or political opinions.

Where this applies, we will:

• Ensure a human reviews the decision before it is final
• Provide you with a meaningful explanation of how the AI contributed
• Give you the right to contest the outcome and request human review

For significant automated decisions that do not involve special category data, we apply equivalent safeguards as a matter of policy.

Under EU law, EU GDPR and EU AI Act

The EU continues to apply Article 22 EU GDPR, under which solely automated decisions with legal or similarly significant effects remain restricted unless specific conditions are met.

From 2 December 2027, subject to formal adoption of the EU Digital Omnibus provisional agreement reached on 7 May 2026, the EU AI Act introduces additional obligations for high-risk AI systems used in employment, recruitment, worker management, performance assessment and related contexts.

Where Empowrd AI deploys or advises on AI systems that may qualify as high-risk under the EU AI Act, we assess and apply the obligations set out in Chapter III of the Act. Full details are in our AI Transparency Statement.

Service providers

We work with trusted third-party providers who process personal data on our behalf, including hosting and infrastructure providers, CRM and communication platforms, analytics providers, payment processors, and marketing tools. We ensure these providers are subject to appropriate data processing agreements and adequate security standards.

Professional advisers

We may share personal data with legal, financial, insurance or audit advisers where necessary for the provision of professional services to us, under confidentiality obligations.

Legal and regulatory authorities

We may disclose personal data to law enforcement, regulators or courts where required or permitted by applicable law.

Business restructuring

In the event of a merger, acquisition, restructuring or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate contractual protections and notification to affected individuals where required.

Transfers from the UK

Under the Data (Use and Access) Act 2025, the test for UK international transfers is that the level of protection in the destination country must not be materially lower than that provided under UK law. Where we transfer personal data from the UK to third countries, we rely on one or more of the following:

• UK adequacy regulations for transfers to countries with an adequacy determination
• The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses
• Other appropriate safeguards as recognised by the ICO

Transfers from the EEA

The European Commission renewed the UK's adequacy decision in December 2025, valid until 27 December 2031. Transfers of personal data from the EEA to the UK therefore benefit from adequacy status. For transfers from the EEA to other third countries, we rely on Standard Contractual Clauses or other mechanisms approved under EU GDPR.

Transfers involving the UAE

The UAE Federal Data Protection Law requires that personal data transferred outside the UAE is subject to appropriate protections. Where we transfer data from the UAE, we apply safeguards consistent with UAE FDPL requirements.

If you would like further information about the specific safeguards we use in relation to a particular transfer, please contact hello@empowrd.ai.

What are cookies?

Cookies are small files placed on your device when you visit a website. They allow the website to recognise your device and remember information about your visit. We also use similar technologies, including pixels, web storage, and tag-based scripts.

Types of technologies we use

Your choices

You can manage your cookie preferences at any time via our on-site consent banner. You can also adjust your browser settings to block or delete cookies, though this may affect how our website functions.

Please note: from 5 February 2026, the maximum penalty for PECR violations is aligned with UK GDPR levels, £17.5 million or 4% of global annual turnover, whichever is higher. We take our cookie compliance obligations seriously.

Under UK GDPR, as amended by the DUAA, and EU GDPR

• The right to be informed about how your personal data is used
• The right to access a copy of the personal data we hold about you
• The right to rectify inaccurate or incomplete personal data
• The right to erasure, "right to be forgotten", where we no longer have a lawful basis to retain your data
• The right to restrict processing in certain circumstances
• The right to data portability where processing is based on consent or contract and carried out by automated means
• The right to object to processing based on legitimate interests
• The right to withdraw consent at any time, without affecting the lawfulness of prior processing
• Rights in relation to automated decision-making, including the right to human review, a meaningful explanation, and the ability to contest the outcome where applicable

Under the EU AI Act

• The right to be informed when you are interacting with an AI system in certain contexts, Article 50, applying from 2 August 2026
• The right to receive a clear explanation of the main factors influencing a decision made by a high-risk AI system, where that decision has legal or similarly significant effects on you, Article 86, applying from 2 December 2027, subject to formal adoption of the EU Digital Omnibus

These rights apply when Empowrd AI acts as the relevant data controller. Refer to our AI Transparency Statement for further information about AI-specific rights and how to exercise them.

Under UAE Federal Data Protection Law

• The right to access your personal data
• The right to rectify inaccurate or incomplete data
• The right to request destruction of data where processing is no longer lawful or the purpose has been fulfilled
• The right to object to processing in certain circumstances

How to exercise your rights

Please submit your request in writing to hello@empowrd.ai. We may ask you to verify your identity before processing your request.

We will acknowledge your request promptly and respond within the timeframes required by applicable law, generally one calendar month under UK and EU GDPR, though we aim to respond sooner where possible.

Step 1, contact us directly

If you have a concern about how we have handled your personal data, please contact us first. Under the Data (Use and Access) Act 2025, from 19 June 2026, individuals in the UK have a statutory right to raise a data protection complaint directly with a controller.

Email: hello@empowrd.ai
Subject line: Data Protection Complaint

We will acknowledge your complaint within 30 days and provide a full response without undue delay.

Step 2, contact a supervisory authority

If you are not satisfied with our response, or if you prefer not to contact us first, you may raise a complaint with the relevant supervisory authority.