Privacy policy
Introduction

This Privacy Policy (“Policy”) outlines how Alumni Hub (“Platform”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal data collected from users (“you” or “your”) when using our website and services. The Platform, a company registered in the Dubai International Financial Centre (DIFC), provides consultancy services to corporate clients (“Clients”) in various jurisdictions, assisting them in identifying and engaging appropriate service providers (“Service Providers”). These service providers may be legal entities or individuals (“Contractors”).

By accessing or using our website and services, you consent to the collection, use, and disclosure of your personal data in accordance with this Policy.

1. Data Collection

We collect and process personal data to provide our services effectively. The types of data we collect include:

• Corporate Information: Legal name of the company, business address, corporate registration details, and other relevant corporate identifiers for Clients.
• Contact Information: Name, email address, phone number, and job title of individuals representing our Clients and Contractors.
• Service-Related Data: Information related to the consultancy services provided, including project specifications, business needs, and relevant professional qualifications of Contractors.
• Personal Data of Contractors (Individuals): In cases where the Contractor is an individual (i.e., a natural person), we may collect personal data including name, contact details, work history, skills, professional qualifications, references, and other relevant professional information.
• Website Usage Data: We collect information about how you interact with our website, including IP addresses, browser type, and usage data through cookies or similar technologies (see Section 8 on cookies).

2. Use of Personal Data

We use the personal data collected for the following purposes:

• To provide consultancy services to our Clients, including identifying and recommending suitable Contractors.
• To facilitate communication between Clients and Contractors.
• To assess the suitability of Contractors for specific engagements, including verifying professional qualifications and references.
• To improve and customize our services and the website based on user preferences.
• To comply with applicable legal obligations or respond to lawful requests from government authorities.
• To protect the legal rights and interests of the Platform.

3. Legal Basis for Processing

We process personal data on the following legal grounds:

• Contractual Necessity: Processing necessary to fulfill our contractual obligations with Clients or Contractors.
• Legitimate Interests: Processing required for the purposes of our legitimate business interests, such as improving our services, vetting Contractors, safeguarding the security of our platform, and promoting business growth.
• Legal Compliance: Processing necessary for compliance with our legal and regulatory obligations.

4. Data Sharing

We may share your personal data in the following situations:

• With Clients: We may share relevant data about Contractors (including individuals) with our Clients in connection with the consultancy services we provide, including their professional qualifications, experience, and other relevant personal data required for the project.
• With Contractors: We may share Client-related data with Contractors to facilitate the engagement process and ensure successful project delivery.
• Third-Party Service Providers: We may share your personal data with third-party service providers who assist us in operating our business, such as IT service providers, legal advisors, and payment processors.
• Legal Compliance: We may disclose personal data to comply with applicable laws, regulations, or legal proceedings, or in response to valid requests by regulatory authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of our assets, personal data may be transferred as part of the business transaction.

5. International Data Transfers

As a company operating in DIFC, UAE, we may transfer personal data to jurisdictions outside the DIFC, including countries that may not provide the same level of data protection as your home jurisdiction. In such cases, we will take appropriate measures to ensure the security and confidentiality of your personal data, in compliance with applicable legal requirements, such as the use of standard contractual clauses (SCCs) or other lawful data transfer mechanisms.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Once the data is no longer necessary, we will securely delete or anonymize it.

7. Data Security

We implement reasonable technical and organizational measures to safeguard your personal data from unauthorized access, loss, misuse, or disclosure. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we take all necessary precautions to protect personal data, we cannot guarantee the absolute security of your information.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files that are stored on your device when you visit our site. You can control the use of cookies through your browser settings, but disabling cookies may affect your ability to use certain features of our website.

9. Your Rights

Depending on applicable data protection laws, you may have the following rights:

• The right to access and request a copy of your personal data.
• The right to correct inaccurate or incomplete personal data.
• The right to request the deletion of your personal data under certain conditions.
• The right to object to the processing of your personal data or request a restriction of such processing.
• The right to data portability, where applicable.

To exercise your rights, please contact us using the contact details provided below.

10. Mitigation of Risks

No Guarantee of Contractor Performance: The Platform’s role is limited to providing consultancy services, including identifying and recommending Contractors to Clients. We do not guarantee the performance, suitability, or quality of the services provided by Contractors. The Platform is not liable for any disputes, damages, or claims arising from the engagement of a Contractor by a Client, nor do we assume any responsibility for the actions, omissions, or failures of Contractors.

Accuracy of Information Provided: While the Platform takes reasonable measures to verify the information provided by Contractors, including qualifications, references, and experience, we cannot guarantee the completeness or accuracy of such information. The responsibility for independently verifying the suitability and qualifications of a Contractor rests solely with the Client.

Limitation of Liability: The Platform disclaims any liability for indirect, incidental, or consequential damages arising from the use of our services, including but not limited to lost profits, business interruption, or loss of data, whether such damages arise in contract, tort (including negligence), or otherwise. The Platform’s total liability in any matter related to our services is limited to the amount of fees paid by the Client for the specific consultancy services giving rise to the claim.

Data Subject Responsibilities: Contractors providing personal data to the Platform are responsible for ensuring that the data is accurate and up-to-date. The Platform assumes no liability for errors or misrepresentations made by Contractors in the information they provide.

Changes to Services: The Platform reserves the right to modify, suspend, or discontinue any part of our services at any time without prior notice. We are not responsible for any disruptions or consequences arising from such changes.

Governing Law and Jurisdiction: This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of the Dubai International Financial Centre (DIFC), without regard to its conflict of law provisions. All disputes shall be subject to the exclusive jurisdiction of the courts of DIFC.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or for other operational reasons. We encourage you to periodically review this page for the latest information on our privacy practices. Continued use of our website or services after any modifications to this Policy constitutes acceptance of such changes.

12. Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at:

AlumniHub
Unit GA-00-SZ-L1-RT-201, Level 1 Gate Avenue - South Zone, Dubai International Financial Centre.
Email: join@alumnihub.io

By using our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

13. Privacy Notice for European Union (EU) and European Economic Area (EEA) Users (GDPR Compliance)

If you are a resident of the European Union (EU) or the European Economic Area (EEA), the following additional provisions apply to your personal data under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

13.1 Data Controller

For the purposes of the GDPR, [Platform Name] acts as the Data Controller when collecting and processing your personal data. Our contact details are:

AlumniHub
Unit GA-00-SZ-L1-RT-201, Level 1 Gate Avenue - South Zone, Dubai International Financial Centre
Email: join@alumnihub.io

13.2 Legal Bases for Processing Personal Data

Under GDPR, we must have a valid legal basis to process your personal data. The legal bases for processing personal data, as outlined in Article 6 of the GDPR, may include:

• Contractual Necessity: We process personal data to perform contractual obligations related to our consultancy services or to take steps at the request of the data subject before entering into a contract.
• Legitimate Interests: We may process your personal data where it is necessary for our legitimate business interests, provided that such interests are not overridden by your fundamental rights and freedoms.
• Consent: In certain circumstances, we may seek your consent for specific processing activities, such as marketing communications. You have the right to withdraw your consent at any time.
• Legal Obligation: We may process personal data to comply with legal obligations, including those related to accounting, taxation, and regulatory requirements.

13.3 Data Subject Rights

As an EU/EEA resident, you are entitled to specific rights regarding your personal data under the GDPR. These rights include:

• Right of Access: You have the right to request access to your personal data and to receive information about how we process it.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
• Right to Erasure (“Right to be Forgotten”): You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data.
• Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another data controller, where technically feasible.
• Right to Object: You have the right to object to the processing of your personal data in certain cases, including for direct marketing purposes or based on our legitimate interests.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU or EEA if you believe that your data protection rights have been violated. You can contact the relevant supervisory authority in your country of residence.

To exercise any of these rights, please contact us at the details provided above.

13.4 International Data Transfers

We may transfer your personal data to countries outside the EU/EEA, including the United Arab Emirates (DIFC), which may not provide the same level of data protection as the GDPR. In such cases, we will ensure that appropriate safeguards are in place, such as the use of standard contractual clauses (SCCs), approved by the European Commission, or other lawful mechanisms under GDPR, to protect your personal data during the transfer.

13.5 Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. After the retention period expires, your personal data will be securely deleted or anonymized, unless further processing is required by law or for legitimate business purposes.

13.6 Automated Decision-Making and Profiling

We do not engage in any automated decision-making or profiling that produces legal effects concerning you or similarly affects you, as defined under GDPR Article 22.

13.7 Consent for Direct Marketing

If you are an EU/EEA resident, we will obtain your consent before sending any direct marketing communications to you, in compliance with the GDPR and applicable local laws. You may opt out of receiving such communications at any time by following the unsubscribe instructions provided in the communication or by contacting us directly.

This section is designed to comply with the additional requirements of the GDPR and to inform users in the EU/EEA of their specific rights and protections regarding personal data. If you have any further questions about how we process personal data in accordance with the GDPR, please contact us using the information provided in this Privacy Policy.

14. Privacy Notice for Users from the United Kingdom (UK) and California (CCPA Compliance)

This section provides additional information for users residing in the United Kingdom (UK) and the State of California, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

14.1 Privacy Notice for UK Residents

In addition to the provisions outlined in this Privacy Policy, users from the UK are entitled to the rights under the UK GDPR and the Data Protection Act 2018.

14.1.1 Legal Basis for Processing

The legal bases for processing personal data under the UK GDPR are the same as under the GDPR (as outlined in Section 13.2), including contractual necessity, legitimate interests, legal obligations, and, where applicable, consent.

14.1.2 Data Subject Rights under UK Law

UK residents are entitled to the same data subject rights as those described under GDPR in Section 13.3. These include the right to access, rectification, erasure, restriction of processing, data portability, objection to processing, and the right to withdraw consent at any time.

If you wish to exercise any of these rights, you can contact us at the details provided in this Privacy Policy.

14.1.3 International Data Transfers

For users in the UK, we may transfer your personal data to countries outside the UK, including the United Arab Emirates (DIFC). We will ensure appropriate safeguards are in place, such as standard contractual clauses (SCCs) approved by the UK’s Information Commissioner’s Office (ICO) or other legal mechanisms, to protect your data during transfers outside the UK.

14.1.4 Supervisory Authority in the UK

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

• Website: https://ico.org.uk/
• Phone: +44 303 123 1113

14.2 Privacy Notice for California Residents (CCPA/CPRA Compliance)

If you are a resident of California, this section of our Privacy Policy provides additional details on how we collect, use, and disclose your personal data in compliance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

14.2.1 Categories of Personal Information We Collect

Under the CCPA/CPRA, the types of personal data we collect fall into the following categories:

• Identifiers: Such as name, email address, postal address, IP address, and other similar identifiers.
• Commercial Information: Records of services provided, transactions, or engagement with our platform.
• Internet or Network Activity: Information on interactions with our website, including browsing history and IP addresses.
• Professional Information: Such as job titles, professional qualifications, and work history, particularly for Contractors.
• Geolocation Data: General location data based on your IP address.
• Inferences: Derived from your usage of our services and interactions with our platform.

14.2.2 Your Rights Under the CCPA/CPRA

As a California resident, you have the following rights under the CCPA/CPRA:

• Right to Know: You have the right to request information about the categories of personal information we have collected, the purposes for which we use it, and the third parties with whom it is shared.
• Right to Access: You can request a copy of the specific pieces of personal information we have collected about you over the past 12 months.
• Right to Delete: You can request the deletion of personal information we hold about you, subject to certain exceptions (e.g., where we need to retain the data to comply with legal obligations).
• Right to Correct: You have the right to request that we correct any inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing of Personal Data: We do not sell your personal data in the traditional sense. However, under the CPRA, you have the right to opt-out of the “sharing” of your personal information for cross-context behavioral advertising, where applicable.
• Right to Limit Use of Sensitive Personal Information: You may limit our use of any sensitive personal information that we collect, as defined under the CPRA.
• Right to Non-Discrimination: You have the right to not be discriminated against for exercising your privacy rights under the CCPA/CPRA.

To exercise any of these rights, please contact us using the contact details provided in this Privacy Policy. We will verify your identity before processing your request, which may require you to provide additional information.

14.2.3 Notice of Collection and Use of Personal Information

We collect personal information for the purposes described in Section 2 of this Privacy Policy, including providing our consultancy services, facilitating engagement between Clients and Contractors, and for internal business operations.

14.2.4 Data Sharing

We may share personal information with third-party service providers as described in Sections 4 and 14.2.1. However, we do not sell personal data as defined under CCPA, nor do we share personal data for cross-context behavioral advertising unless specifically noted.

14.2.5 Sensitive Personal Information

We do not collect or use “sensitive personal information” (as defined by the CPRA) for purposes beyond those that are strictly necessary for performing our services.

14.2.6 Designating an Authorized Agent

If you wish to exercise your rights under CCPA/CPRA through an authorized agent, you may do so by providing the agent with written permission to act on your behalf. We may require you to verify your identity directly with us before we process your request.

14.2.7 Do Not Track

Our website does not respond to “Do Not Track” signals. However, we offer users the ability to manage cookie preferences, as described in Section 8 of this Privacy Policy.

14.2.8 Retention of Personal Information

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. After the retention period expires, we will securely delete or anonymize the data.

14.2.9 Contact Information for California Residents

If you have any questions regarding your rights under the CCPA/CPRA or wish to exercise any of these rights, you can contact us at:

AlumniHub
Unit GA-00-SZ-L1-RT-201, Level 1 Gate Avenue - South Zone, Dubai International Financial Centre.
Email: join@alumnihub.io

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or for other operational reasons. We encourage you to periodically review this page for the latest information on our privacy practices. Continued use of our website or services after any modifications to this Policy constitutes acceptance of such changes.

This additional section is intended to provide clarity and ensure compliance with the UK GDPR, CCPA, and CPRA. If you are a resident of these jurisdictions and have any further questions, please do not hesitate to reach out to us for clarification.