Legal
Privacy Policy
We take your privacy seriously. This policy explains exactly what data we collect, how we use it, and your rights.
We take your privacy seriously. This policy explains exactly what data we collect, how we use it, and your rights.
The Golden Key ("we," "us," or "our") is an AI automation agency based in Dubai, United Arab Emirates, providing AI consulting, system design, and automation implementation services to businesses across the UAE and internationally.
For the purposes of UAE Federal Decree-Law No. 45 of 2021 (PDPL) and, where applicable, the EU GDPR, we are the data controller responsible for personal data collected through our Website and in connection with the provision of our services. This means we determine the purposes and means by which personal data is processed.
Where we process personal data on behalf of our clients (for example, when operating AI systems that interact with their customers), we act as a data processor on the client's instructions, and the client is the data controller for that data. Those processing activities are governed by a separate Data Processing Agreement.
For all data protection enquiries, including rights requests, please contact us at: hello@thegoldenkey.tech.
We do not intentionally collect or process special categories of personal data (sensitive data) as defined under the UAE PDPL and GDPR, including data revealing racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, health data, or sexual orientation. Please do not submit such information through our Website or in communications with us.
| Collection Method | Data Collected | Purpose |
|---|---|---|
| Website contact form | Name, email, phone, company, industry, message | Responding to enquiries and booking AI Audits |
| Google Analytics 4 | Usage data, device info, anonymised IP | Website performance and user experience analysis |
| Meta Pixel (Facebook/Instagram) | Page views, events, conversion actions | Advertising effectiveness and audience measurement |
| Google Ads Tag | Conversion events, click identifiers | Ad campaign performance and conversion tracking |
| WhatsApp Business | Phone number, message content | Client communication and enquiry management |
| Email correspondence | Email address, message content | Client communication, support, and relationship management |
| Cookies and local storage | Session tokens, preference data | Website functionality and analytics |
We process your personal data only where we have a valid lawful basis to do so. The lawful bases we rely upon — under the UAE PDPL (Federal Decree-Law No. 45 of 2021) and, where applicable, the EU GDPR (Article 6) — are as follows:
| Lawful Basis | When We Rely On It |
|---|---|
| Performance of a Contract | When processing is necessary to deliver services you have engaged us for, or to take pre-contractual steps at your request (e.g. preparing a proposal) |
| Legitimate Interests | For website analytics, security monitoring, business development communications with existing and prospective business clients, fraud prevention, and improving our services — where our interests are not overridden by your privacy rights. We carry out a balancing test when relying on this basis. |
| Consent | For marketing emails and newsletters (where you have explicitly opted in), and for non-essential cookies (analytics and advertising trackers). You may withdraw consent at any time without affecting the lawfulness of prior processing. |
| Legal Obligation | Where processing is required to comply with applicable UAE law, regulatory requirements, court orders, or tax obligations |
Where we rely on Legitimate Interests, you have the right to object to such processing at any time. We will honour your objection unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.
We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects on you, except as described in Section 10.
We use the following third-party tools to operate our business. Each has its own privacy policy governing their independent data practices:
| Tool / Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google Analytics 4 | Website analytics and performance monitoring | Anonymised usage data, device information | policies.google.com/privacy |
| Google Ads | Digital advertising and conversion tracking | Conversion events, click identifiers | policies.google.com/privacy |
| Meta Business Suite (Facebook/Instagram Ads) | Advertising, audience targeting, and campaign measurement | Website events via Meta Pixel | facebook.com/privacy/policy |
| OpenAI / Anthropic / Google AI | Powering AI systems developed for clients (under client data processing agreements) | Client operational data per service agreement only | Per provider's DPA |
| WhatsApp Business API (Meta) | Client and prospect communications | Phone numbers, message content | whatsapp.com/legal/privacy-policy |
| CRM platforms (e.g. HubSpot, Zoho) | Client relationship management and pipeline tracking | Contact details, interaction history | Per platform's privacy policy |
We require all third-party processors to maintain appropriate data protection standards. Where mandated by applicable law, we enter into Data Processing Agreements (DPAs) with these providers before sharing any personal data.
We do not sell, rent, or trade personal data to third parties for their own marketing purposes.
Our Website uses the Meta Pixel, operated by Meta Platforms, Inc. When you visit our Website, the Meta Pixel may record events such as page views, contact form submissions, and other interactions. This data is transmitted to Meta and may be used to: (a) measure the effectiveness of our advertising campaigns; (b) build audiences for targeted advertising on Facebook and Instagram; and (c) enable us to reach you or similar audiences with relevant ads on Meta platforms.
Meta may also use this data for its own purposes in accordance with Meta's Data Policy. You can review and manage your Meta advertising preferences at facebook.com/ads/preferences.
We use the Google Ads conversion tracking tag, which places a cookie on your device when you arrive at our Website via a Google Ad. This allows us to measure which ad campaigns result in enquiries or bookings. Google may use this data in accordance with Google's Privacy Policy. You can manage your Google advertising preferences at adssettings.google.com.
We may use remarketing features through Meta and Google to display our advertisements to visitors who have previously visited our Website. This is implemented through cookies and pixel technology. You can opt out via your browser's cookie settings, your Meta Ad Preferences, Google's Ad Settings, or through the Your Online Choices tool.
Where tracking cookies require your consent under applicable law, we will seek your consent before placing them. You may withdraw your consent or object to tracking at any time by: (a) adjusting your browser cookie settings; (b) using the opt-out links above; or (c) contacting us at hello@thegoldenkey.tech. Opting out of advertising cookies will not affect your ability to use our Website.
Cookies are small text files placed on your device by our Website. We use the following categories of cookies:
| Cookie Category | Purpose | Consent Required? | Typical Duration |
|---|---|---|---|
| Strictly Necessary | Essential Website functionality — navigation, session management, security. Cannot be disabled. | No (legitimate interest) | Session |
| Functional / Preference | Remembering your preferences (e.g. language, display settings) to personalise your experience | Yes | Up to 1 year |
| Analytics (Google Analytics 4) | Understanding how visitors use our Website — pages viewed, time on site, traffic sources — to improve content and performance | Yes | Up to 13 months |
| Advertising (Meta Pixel) | Measuring ad effectiveness, enabling remarketing and Custom Audiences on Facebook and Instagram | Yes | Up to 90 days |
| Advertising (Google Ads) | Conversion tracking and remarketing on the Google Display Network and Search | Yes | Up to 30 days |
You can manage cookie preferences through your browser settings (typically under Privacy or Settings). Most browsers allow you to block or delete cookies. Note that blocking strictly necessary cookies may impair Website functionality. For detailed instructions, refer to your browser's help documentation.
As a UAE-based business using global technology platforms, some personal data we collect may be transferred to, stored in, or processed in countries outside the United Arab Emirates. The UAE PDPL (Article 22) restricts cross-border transfers of personal data unless adequate protections are in place.
We ensure that any international transfer of personal data takes place only where one or more of the following conditions are met:
Specific international transfers include:
If you would like further information about the safeguards we have in place for any specific international transfer, please contact us at info@thegoldenkey.tech.
We do not make decisions about you that are based solely on automated processing — including profiling — that produce legal effects or similarly significant effects on you, without meaningful human involvement.
Where AI systems built for our clients interact with their customers (for example, AI chatbots that handle enquiries or qualify leads), those systems may use automated processing to personalise responses or recommend actions. In such cases, our clients (as data controllers) are responsible for ensuring appropriate safeguards and human oversight mechanisms are in place. We build these systems with transparency and human-review capabilities as standard.
We use website analytics data and advertising platform tools (Google, Meta) to build audience segments and measure campaign performance. This involves a form of profiling, but it does not produce significant decisions about individuals in our direct operations. You may opt out of this as described in Sections 7 and 8.
We do not sell, rent, or trade your personal data. We share personal data only in the following circumstances:
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law:
Upon expiry of the applicable retention period, we securely delete, anonymise, or pseudonymise personal data so that it can no longer be used to identify you.
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Our measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:
If you believe your personal data may have been compromised, please contact us immediately at info@thegoldenkey.tech.
Under UAE Federal Decree-Law No. 45 of 2021 (PDPL) — and, where applicable, the EU GDPR — you have the following rights with respect to your personal data:
Request a copy of the personal data we hold about you, along with information about how it is processed.
Request correction of inaccurate, incomplete, or outdated personal data without undue delay.
Request deletion of your personal data ("right to be forgotten") where it is no longer necessary for the purpose collected, or where you withdraw consent.
Request that we limit how we use your data — for example, while a dispute about accuracy is being resolved.
Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (where technically feasible).
Object to processing based on legitimate interests or for direct marketing purposes. Marketing objections will always be honoured.
Withdraw any previously given consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Not be subject to decisions based solely on automated processing that produce significant legal or similar effects, without human review.
To exercise any of these rights, please submit a written request to info@thegoldenkey.tech with sufficient detail to identify your request. We will respond within 30 calendar days. In complex cases we may extend this period by a further 30 days, with prior notice and explanation. We may request verification of your identity before processing any rights request to protect your data from unauthorised access.
We will not charge a fee for exercising your rights unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline the request.
Our Website and services are directed exclusively at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect, use, or store personal data from individuals under 18. If you believe we have inadvertently collected data from a child, please contact us immediately at info@thegoldenkey.tech and we will promptly delete such data.
We may update this Privacy Policy periodically to reflect changes in our data practices, the services we offer, applicable law, or guidance from supervisory authorities. When we make material changes, we will:
Continued use of our Website or services after the effective date of any update constitutes your acknowledgement of the revised policy. We encourage you to review this page periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We are committed to handling all privacy enquiries fairly, promptly, and transparently. We aim to resolve all concerns at first contact.
If you are not satisfied with our response, or if you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with the relevant supervisory authority:
We would always prefer the opportunity to address your concerns directly before you escalate to a supervisory authority. Please contact us first — we take all privacy feedback seriously.