Privacy Policy

Protocols Consulting
Last updated: 25 January 2026

This Privacy Policy explains how PROTOCODE CONSULTING – FZCO, operating commercially as Protocols Consulting (“Protocols”, “we”, “us”), collects, uses, stores and protects personal data of individuals who interact with us.

Protocols is a technology consulting firm specialised in the implementation of artificial intelligence solutions, process automation, system integrations, CRM platforms and cybersecurity, providing services to companies operating internationally.

1. Data Controller

Data Controller: PROTOCODE CONSULTING – FZCO
Jurisdiction: Dubai, United Arab Emirates (Free Zone – DSO)
Privacy Contact Email: [email protected]
(No dedicated telephone number is currently provided for privacy matters.)

2. Applicable Legal Framework

• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL).
• DIFC Data Protection Law No. 5 of 2020 (where applicable).
• EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) where applicable.

3. Scope of Application

• Website visitors
• Clients and prospective clients
• Suppliers, partners and collaborators
• Business and professional contacts
• Meeting, call, workshop and event participants
• Job candidates (where applicable)

4. Categories of Personal Data Processed

4.1 Identification and Contact Data

• First and last name
• Company and job title
• Email address
• Telephone number
• Country and city

4.2 Commercial and Contractual Data

• Communications exchanged with Protocols
• Proposals, contracts and scopes of work
• Administrative and billing-related information
• Project history, support requests and incidents

4.3 Technical and Usage Data

• IP address
• Browser and device type
• Access logs
• Website usage and analytics data

4.4 Project-Related Data Processing

In the context of automation, AI, CRM, integration or cybersecurity services, Protocols may process personal data on behalf of its clients strictly in accordance with contractual agreements and client instructions.

4.5 Sensitive Personal Data

Protocols does not routinely collect or process sensitive personal data. If required, enhanced legal and security safeguards will apply.

5. Source of the Data

• Directly from the data subject
• From the organisation the data subject represents
• From publicly available professional sources
• From client systems where Protocols acts as a data processor

6. Purposes of Processing and Legal Basis

• Handling enquiries and business communication — Legitimate interest / Pre-contractual measures
• Service delivery — Contract performance
• Administrative and financial management — Legal obligation
• B2B marketing communications — Legitimate interest / Consent
• System security and abuse prevention — Legitimate interest
• Legal compliance and claims management — Legal obligation

7. Cookies and Similar Technologies

Protocols uses cookies to ensure website functionality, improve user experience, and measure performance. Additional details are provided in our Cookie Policy.

8. Data Recipients

• Hosting, CRM, email and analytics service providers
• Legal, tax and audit advisors
• Public authorities where legally required
• Technical delivery partners

Protocols does not sell personal data.

9. Processing Roles

As Data Controller: For internal business, website and marketing data.

As Data Processor: When processing client data under a Data Processing Agreement (DPA).

10. International Data Transfers

International transfers are performed only where adequate protection exists or appropriate safeguards such as Standard Contractual Clauses are implemented.

11. Data Retention

Data is retained only for as long as necessary for contractual obligations, legal compliance, operational continuity and dispute resolution, after which it is deleted or anonymised.

12. Information Security

• Access control and role-based permissions
• Encrypted communication channels
• Backup and disaster recovery systems
• Internal security policies
• Staff confidentiality agreements

13. Data Subject Rights

You may request access, rectification, erasure, restriction, portability, or withdraw consent.

Requests should be sent to: [email protected]

14. Children’s Data

Protocols provides business services only and does not knowingly collect data from children.

15. Changes to This Policy

This Privacy Policy may be updated periodically. The latest version will always be available on our website.