top of page

Privacy Policy

SolidFuture AI – Website Privacy Policy
Version 1.1 | Issued: 12 August 2025 | Next Review: 12 August 2026

1. Introduction

Your privacy matters to SolidFuture AI (SFAI Consultancy Limited). This privacy notice explains how we collect, store, use, and protect personal information when you visit secure.solidfuture.ai or any other SolidFuture AI website. It is designed to comply with the EU General Data Protection Regulation (Regulation EU 2016/679) and the Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020.

We maintain a comprehensive data-protection framework, including:

  • A Record of Processing Activities (ROPA) with lawful-basis mapping

  • Transfer Impact Assessments (TIAs) and Standard Contractual Clauses (SCCs) for cross-border transfers

  • Subject Access Request (SAR) procedure with defined timelines

  • Personal Data Breach Response Plan aligned with Articles 41–42 of the DIFC DP Law

  • Data Retention & Deletion Policy with automated deletion verification

2. Who We Are

Controller: SFAI Consultancy Limited, registered in Dubai International Financial Centre, trading as SolidFuture AI.
EU/UK representative: SFAI Sales Limited, United Kingdom.


Data Protection Officer: Ian Steven Upton | Email: dpo@solidfuture.ai

3. Scope of this Notice

This notice covers personal information collected through our public websites, contact forms, newsletters, events, social media channels, and online services provided to visitors, prospects, and clients. Employment-related processing is covered in our Internal Privacy Policy.

4. Personal Information We Collect

We collect only the information necessary to provide services and operate our website:

Screenshot 2025-10-15 at 1.06.33 PM.png

We do not process special category data unless strictly necessary and permitted by law, and then only under an applicable condition in DIFC Art. 11 / GDPR Art. 9.
 

5. Why We Use Your Information and Legal Bases

Under GDPR Art. 6 and DIFC Art. 10, we rely on:

  • Consent – e.g., for analytics cookies or newsletter subscriptions

  • Contract – e.g., to deliver a service you request or perform client onboarding

  • Legitimate Interests – e.g., to maintain security, improve the site, respond to inquiries

  • Legal Obligation – e.g., AML checks, statutory accounting

A full mapping of purposes, lawful bases, and retention periods is maintained in our ROPA and Lawful-Basis Matrix.

6. We Do Not Share Personal Information with Other Companies

We do not sell, rent, trade, or otherwise share personal data with independent third parties. Processors acting on our behalf operate only under written Controller–Processor agreements and cannot use your data for their own purposes.

7. Anonymisation and No Automated Decision-Making

We keep European Economic Area (EEA) data in EEA data centres and UAE/Middle East data in DIFC data centres.
Any transfer outside the originating region will:

  • Be subject to an approved safeguard such as SCCs or DIFC equivalent clauses

  • Have a documented Transfer Impact Assessment

  • Occur only with a lawful basis and, where required, your consent

9. How Long We Keep Your Information

We retain personal data only as long as needed for its purpose, following our Data Retention & Deletion Policy, which includes quarterly automated deletion jobs verified by the DPO.
Examples:

  • Website analytics: 26 months

  • Marketing contact data: 2 years of inactivity

  • Client contracts & financial records: 7 years

10. How We Protect Your Data

We apply:

  • Role-based access control (least privilege)

  • Multi-factor authentication

  • Encryption at rest and in transit

  • Continuous monitoring and logging

  • Annual penetration testing and independent audits

11. Cookies

Essential cookies are required for operation. Optional analytics cookies run only after you consent via our cookie banner. You can change or withdraw consent at any time.

12. Your Rights

You may request:

  • Access to your data

  • Correction or deletion

  • Restriction or objection to processing

  • Data portability

  • Withdrawal of consent

Requests follow our Subject Access Request Procedure, which includes:

  • Acknowledgement within 2 business days

  • Response within 30 calendar days after ID verification (extendable by law)

 

To exercise rights: submit our  SAR form or email sar@solidfuture.ai.

13. Complaints

You may contact:

  • Your local EEA data protection authority

  • UK ICO (for UK clients)

  • DIFC Commissioner of Data Protection (for UAE clients)

14. Changes to This Notice

We review this notice at least annually and publish updates on this page. Previous versions are archived.

Contact
Data Protection Officer – Ian Steven Upton
Email: dpo@solidfuture.ai | SAR form

bottom of page