1. Introduction

This Privacy Notice should be read in conjunction with our applicable Terms and Conditions (“T&Cs”), which set out the general rules for your use of our websites, platforms, and services. Together, the Privacy Notice and Terms and Conditions (T&Cs) form part of the overall agreement between you and Polynome regarding your interaction with our platforms and participation in our events or programmes. By using our websites, registering for our events, or engaging with our services, you acknowledge that you have read and understood this Privacy Notice and the relevant T&Cs.

2. Who We Are and How to Contact Us

This Privacy Notice applies to Polynome Events FZE and Intelligent Machines Consultancies L.L.C. (together “Polynome,” “we,” “our,” or “us”) and when you visit polynome.ai; machinescansee.ai; machinescanthink.ai.

Polynome is a UAE-based artificial intelligence and events company. We specialise in:

• AI education and awareness: providing executive programmes, workshops, and training to help organisations understand and adopt AI responsibly.
• Industry events and conferences: organising thought leadership events, forums, and exhibitions that bring together business leaders, researchers, policymakers, and innovators.
• Community building: creating spaces for professionals, developers, and academics to exchange knowledge on AI, digital transformation, and emerging technologies.

We combine expertise in AI technologies with event management to connect ideas, people, and solutions across the MENA region and globally.

If you have questions about this Privacy Notice or how we process your personal data, you can contact us at:
privacy@polynome.ai (privacy requests)
unsubscribe@polynome.ai (marketing opt-out)

We operate from:
Office 701, Arenco Tower, Al Safouh 2, Dubai, UAE
DED Commercial License No. 1101248
DWTC License No. 2740

Supervisory Authorities:
UAE PDPL: UAE Data Office – dataoffice.gov.ae

3. Personal Data We Collect

We may collect the following categories of personal data:

• Identity & Contact Data: name, email, phone, gender, nationality, residency, job title, organisation.
• Professional & Enrolment Data: years of experience, CV, photo, proficiency level, enrolment details.
• Compliance Data: passport or Emirates ID (only for regulatory or visa requirements).
• Account & Event Data: event participation, ticket preferences, login credentials.
• Marketing Data: newsletter sign-ups, survey responses, preferences.
• Technical Data: IP address, device identifiers, browser type, geolocation, site usage.
• Payment Data: billing address, transaction details (processed securely via third-party providers).
• AI/ML Data: any user-submitted data for educational purposes, research, or demo interactions is used solely for providing services and not for model training or fine-tuning.

4. How We Collect Your Data

We collect data:

• Directly from you: via forms, event registrations, brochure requests, contact forms, HubSpot forms, account creation, newsletters, or payments.
• Automatically: through website and cookie analytics tools (Google Analytics, LinkedIn Insight, HubSpot), and similar technologies.
• From third parties: such as LinkedIn, lead generation services, and event partners (ENotion Events, HubSpot).

5. How We Use Your Data

We use your data to:

• Deliver programmes, events, and related services.
• Manage event registration, ticketing, and payments.
• Communicate service updates, confirmations, and relevant programme information.
• Send marketing campaigns and newsletters (where consented).
• Analyse and improve website and campaign performance.
• Ensure platform security and prevent fraud.
• Comply with financial, tax, and regulatory obligations.

We do not use personal data for training AI models or making automated decisions with legal effect.

6. Legal Basis for Processing

See the matrix below.

Purpose–Legal Basis Matrix

Purpose

Examples of Processing

Legal Basis

Deliver services, programmes, and events.

Processing enrolments, event participation, and programme access

Contractual necessity – required to perform the contract (service provision)

Manage payments and ticketing.

Billing details, payment processing, issuing invoices/receipts

Contractual necessity – to complete transactions
Legal obligation – retention of financial records under UAE/commercial law

Compliance with visa and regulatory requirements

Collection of passports/Emirates ID for government filings

Legal obligation – compliance with UAE laws and event licensing/ticketing regulations

Communicate updates and confirmations.

Service updates, programme information, event reminders

Contractual necessity – to provide the agreed service

Marketing & newsletters

Sending campaigns, offers, and newsletters

Consent – opt-in only; withdrawal available anytime

Analytics & service improvement

Website analytics, campaign measurement, usage patterns

Legitimate interests – ensuring service quality and relevance (with balancing test)

Security & fraud prevention

Access controls, monitoring, and security logs

Legitimate interests – protecting systems and data integrity

Legal, accounting, and tax compliance

Retaining transaction records, disclosing to regulators

Legal obligation

Limited profiling for segmentation

Differentiating between executives, researchers, and developers for campaign relevance

Legitimate interests – expected in B2B context; opt-out available

User rights handling

Responding to DSARs (access, erasure, portability, etc.)

Legal obligation

7. Data Sharing and Disclosure

We do not sell or rent your personal data. However, we may share personal data with carefully selected third parties for the purposes described in this Privacy Notice.

Service Providers and Vendors

We share personal data with trusted service providers who perform services on our behalf, including:

• Hosting & Infrastructure: Framer (website hosting).
• Analytics & Tracking: Google Analytics, LinkedIn Insight Tag, Meta Pixel, HubSpot analytics.
• CRM & Marketing Automation: HubSpot (lead capture, contact management, email campaigns).
• Event Management: ENotion Events.
• Payment Providers: Stripe.
• Professional Advisers: legal, accounting, auditing, and compliance advisers.

All vendors are subject to contractual data protection obligations to safeguard personal data and use it only for the purposes specified by us.

Business Partners and Affiliates

We may share personal data with:

• Event partners, sponsors, and collaborators where events, educational programmes, or initiatives are jointly organised.
• Resellers or distribution partners (if engaged) to facilitate ticket sales or programme promotion.

Legal and Regulatory Disclosures

We may disclose personal data to regulators, courts, or law enforcement agencies where required by applicable law or valid legal process. Examples include compliance with the UAE Department of Culture and Tourism ticketing requirements, tax authorities, or supervisory regulators.

Business Transfers

In the event of a merger, acquisition, reorganisation, divestiture, dissolution, or sale of assets, we may transfer personal data to the acquiring or successor entity.

In such cases, we will ensure that the new entity continues to honour the commitments described in this Privacy Notice.

Where required by law, you will be notified in advance of such transfer and allowed to exercise your rights regarding your personal data.

8. International Data Transfers

We operate in the United Arab Emirates but work with global service providers. This means your personal data may be transferred to, stored in, or accessed from countries outside your place of residence, including the European Union, the United States, and other jurisdictions.

Where we do so, we ensure that:

• Transfers comply with applicable MENA data protection laws;
• Contractual protections and confidentiality agreements are in place; and
• Data is handled securely with appropriate technical and organisational safeguards.

If a regulator (e.g., in Saudi Arabia or Oman) requires pre-approval for an international transfer, we will comply with this requirement before processing occurs.

Key Vendors and Transfer Mechanisms

• HubSpot – CRM, email marketing, automation; Locations: EU, USA; Safeguards: EU SCCs with supplementary safeguards (encryption, access controls).
• Google (Google Analytics, Google Ads) – Analytics, marketing; Locations: Global (including USA); Safeguards: EU SCCs + data minimisation, IP anonymisation, and supplementary safeguards.
• LinkedIn (Insight Tag, Ads) – Marketing and analytics; Locations: Global (including USA); Safeguards: EU SCCs + platform safeguards.
• Meta (Facebook/Instagram, Meta Pixel) – Advertising and retargeting; Locations: Global (including USA); Safeguards: EU SCCs + platform safeguards.
• ENotion Events – Event management and ticketing; Locations: EU, USA; Safeguards: EU SCCs (where required) and contractual data protection terms.
• Stripe – Secure payments; Locations: EU, UK, USA; Safeguards: Adequacy (EEA/UK), where available, plus SCCs for transfers to the US.
• Framer – Website hosting; Location: EU; Safeguards: Data hosted in the EU; transfers outside the EU are subject to SCCs.
• Professional advisers (auditors, lawyers, consultants) – Legal, compliance, audit; Locations: UAE and international; Safeguards: Transfers made under confidentiality agreements and SCCs where required.

We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information.

9. Data Retention

CRM data: 24 months after last interaction.

Event data: event lifecycle + 2 years.

Payment data: 5–7 years (UAE law).

Marketing data: until consent is withdrawn or inactive (6–12 months cleanup).

Analytics data: vendor defaults (e.g., Google Analytics = 26 months).

Legal/regulatory data: as long as required by the UAE or other applicable law.

When no longer needed, data is securely deleted or anonymised.

10. Your Rights

Depending on where you are located and which law applies to you, you have the following rights regarding your personal data:

Your Rights Explained

Right of Access: You can request a copy of the personal data we hold about you, along with details of how we use it.

Right to Rectification: You can ask us to correct or update inaccurate or incomplete data.

Right to Erasure (“Right to be Forgotten”): You can request deletion of your personal data where there is no lawful reason for us to continue holding it (e.g., where retention is required by tax or regulatory law, we may need to keep some records).

Right to Restriction of Processing: You can ask us to suspend processing of your data in certain circumstances (e.g., while accuracy is being verified).

Right to Data Portability: You can request your personal data in a structured, commonly used, and machine-readable format, and have it transferred to another controller where technically feasible.

Right to Object: You can object to the processing of your personal data carried out based on legitimate interests, including profiling. You may also object at any time to direct marketing.

Right to Withdraw Consent: Where we rely on consent (e.g., marketing, cookies), you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

Right not to be subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Right to Lodge a Complaint: You may complain to your local data protection regulator if you are not satisfied with our response. Contact details are provided in Section 1.

How to Exercise Your Rights

You may exercise your rights by contacting us at privacy@polynome.ai. For marketing opt-outs, you can also use the unsubscribe link in our emails or email unsubscribe@polynome.ai.

We will acknowledge your request within 7 days.

We will respond within 30 days, extendable by another 30 days where legally permitted (you will be informed if an extension is needed).

For security, we may need to verify your identity before acting on your request.

Limitations

Your rights are subject to certain exceptions. For example:

We may retain data where required by law (e.g., tax, accounting, regulatory).

We may refuse requests that are manifestly unfounded, repetitive, or excessive, in accordance with applicable laws.

11. Security

We take the security of your personal data seriously and apply appropriate technical and organisational measures to protect it against unauthorised access, use, alteration, or disclosure.

Technical Safeguards

Encryption: All websites and services use TLS/SSL encryption for data in transit; sensitive fields (e.g., payment details) are encrypted at rest by our vendors.

Access controls: Role-based permissions ensure only authorised staff with a business need can access personal data.

Multi-factor authentication (MFA): Required for access to our CRM (HubSpot), event platforms, and payment processors.

Secure hosting: Our hosting and infrastructure providers (e.g., Framer, HubSpot, Stripe) maintain ISO 27001, SOC 2, and PCI DSS certifications.

Monitoring & testing: Firewalls, vulnerability scans, and regular penetration testing are used to detect and prevent threats.

Data minimisation: Where possible, data is pseudonymised or anonymised for analytics and reporting.

Organisational Safeguards

Policies & training: Staff and contractors receive onboarding and regular training on data protection, confidentiality, and cybersecurity.

Vendor management: Third-party providers are subject to due diligence and data processing agreements (DPAs) to ensure compliance.

Access reviews: Permissions are reviewed regularly and revoked immediately upon role change or termination.

Incident response: We maintain a breach response plan that includes investigation, mitigation, documentation, and required notifications.

Breach Notification

We will notify affected individuals and authorities without undue delay where required by UAE or regional law.

12. Automated Decision-Making and Profiling

We use artificial intelligence (AI) and automated tools to enhance our services. However, we do not carry out any automated decision-making that produces legal effects or similarly significant consequences for individuals.

Automated Decision-Making

No fully automated decisions with legal effect are taken about you (e.g., credit scoring, automated approvals, or denial of services).

Where automation is used to support internal workflows (such as lead scoring, event waitlist management, or AI-powered content recommendations), human review is always involved before decisions with potential impact are made.

Profiling

We carry out limited profiling to better understand our audiences and tailor communications:

Segmentation: distinguishing between executives, researchers, students, and developers to ensure relevant outreach.

Engagement analytics: assessing interaction with our platforms (e.g., newsletters, events, website behaviour) to measure interest and improve user experience.

Campaign optimisation: using LinkedIn Insight Tag, Meta Pixel, and HubSpot analytics to measure the effectiveness of campaigns and deliver more relevant ads.

Safeguards

Right to object/opt-out: You can opt out of marketing-related profiling at any time by using cookie settings, unsubscribe links, or contacting privacy@polynome.ai.

Human involvement: All significant business or service decisions involve human oversight, even where AI tools are used in support.

Transparency: We disclose categories of data used in profiling (identity, professional role, engagement behaviour). Sensitive data, such as passports and Emirates IDs, is never used for profiling or marketing purposes.

Explainability: If you request, we can explain how automated tools contribute to decisions that affect you and provide human review.

12A. Use of Artificial Intelligence (AI)

As an AI-focused organisation, we may use artificial intelligence and machine learning technologies in limited ways to deliver or enhance our services.

Service features: AI tools may be used to personalise content, improve event experiences, or provide educational demonstrations.

User submissions: If you choose to provide inputs for demos, research, or experimental features, these are used only for the stated purpose and are not used to train or fine-tune our AI models without your explicit consent.

Transparency and choice: You will always be informed when interacting with an AI-powered feature and, where consent is required, you may decline participation without losing access to our core services.

Safeguards: AI use is subject to human oversight, fairness assessments, and security measures to prevent misuse. We do not use AI in ways that have legal or similarly significant effects on individuals.

13. Marketing and Communications

We may use your personal data to keep you informed about our events, educational programmes, research opportunities, and AI-related services.

Channels of Communication

We may contact you via:

• Email: newsletters, campaign updates, invitations to events.
• Digital advertising: LinkedIn, Meta (Facebook/Instagram), Google Ads (subject to cookie consent).
• WhatsApp or SMS notifications: limited to reminders for registered events/programmes where you have provided your number.
• On-platform messages: if you create an account on one of our community or learning platforms.

Consent and Opt-In

We will only send direct marketing communications (such as newsletters or promotional campaigns) if you have actively opted in via our website, event registration forms, or HubSpot forms.

You are not required to consent to marketing to access our core services.

You may withdraw your consent at any time without detriment.

Personalisation & Profiling in Marketing

We may use limited profiling (see section on Automated Decision-Making & Profiling) to ensure communications are relevant to your role (e.g., executive, researcher, developer, student).

Campaign optimization may use third-party platforms (LinkedIn Insight Tag, Meta Pixel, HubSpot).

You can opt out of personalized advertising by adjusting your cookie preferences or your ad settings directly on these platforms.

Third-Party Marketing Platforms

We may use third-party providers to manage marketing activities, including:

• HubSpot (CRM, email marketing, campaign automation)
• LinkedIn Ads (campaign targeting, analytics)
• Meta Ads (Facebook/Instagram campaigns)
• Google Ads/Analytics (campaign optimisation, remarketing)

All such vendors process data under contractual agreements and in compliance with international transfer safeguards (see section on International Transfers).

Your Choices and Rights

Unsubscribe: every marketing email contains a clear “unsubscribe” link.

Contact us: you can also email unsubscribe@polynome.ai to opt out of all marketing.

Cookie settings: you may opt out of marketing cookies at any time via our cookie banner (“Manage Preferences”).

Right to object: under the PDPL and GDPR, you have the right to object at any time to the processing of your data for direct marketing purposes, including profiling.

No Unsolicited Marketing

We do not engage in cold outreach to individuals without a lawful basis for doing so. Business-to-business (B2B) outreach may occur using professional contact details (e.g., from LinkedIn or publicly available sources), provided that such use is permitted by law and subject to opt-out rights.

14. Children’s Privacy

Our services are intended for users aged 18 and above. We do not knowingly collect data from children.

15. General

This Privacy Notice represents the entire agreement between you and Polynome Events FZE and Intelligent Machines Consultancies L.L.C. regarding the collection, use, and disclosure of personal data through our websites and services. It supersedes and replaces all prior or contemporaneous communications, representations, or statements (whether oral or written) regarding privacy.

This Privacy Notice and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of the United Arab Emirates, without regard to conflict of law principles. You agree that the courts of Dubai, UAE, shall have exclusive jurisdiction to resolve any disputes arising in connection with this Privacy Notice or your use of our websites or services.

16. Updates to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

Notification of changes:

When material updates are made, we will post a clear notice on our website and update the “Last Updated” date at the top of this page.

If the changes significantly affect your rights or how we process your personal data, we will notify you directly (for example, by email, if we have your contact details).

We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information.