Privacy Policy

1. Our data protection obligations

We are committed to protecting your personal data and respecting your privacy rights. SAIL UKS02 Ltd ("S.AI.L"), a company registered in England and Wales with company number 16535629, acts as the data controller for the personal data we process about you

As a data controller, we are obliged to comply with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR), the United Kingdom's Data Protection Act 2018 and UK GDPR, and the Dubai International Financial Centre's Data Protection Law No. 5 of 2020

This privacy policy explains how we collect, use, store, and protect your personal data when you interact with our services, apply for employment with us, or engage with us as a client or business partner. We are committed to processing your personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability

2. Who we are and how to contact us

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance and to act as a point of contact for data protection matters

4. Information we collect and how we use it

4.1 Recruitment and Employment Data

When you apply for a position with S.AI.L, or during the course of your employment, we may collect: contact details, date of birth, identification documents, employment history, education history, right to work information, and criminal conviction data where legally permitted.

4.2 Client and Business Partner Data

When you engage with us as a client or business partner, we may collect: contact information, professional information, communication records, financial information, and project information.

4.3 Website and Digital Communications Data

When you visit our website or interact with our digital communications, we may collect: technical information, usage data, communication preferences, and cookies as described in our Cookie Policy.

4.4 Marketing and Communications Data

With your consent or where we have a legitimate interest, we may collect: contact preferences, marketing data, event participation records, and professional interests.

5. Legal basis for processing your data

We process your personal data on the following legal bases: consent (for marketing and non-essential cookies); contract (for employment and service delivery); legal obligation (for tax, AML/KYC, and employment law compliance); legitimate interests (for business operations, security, and fraud prevention); and explicit consent or employment law for special category data including criminal conviction data.

6. How we share your personal data

We may share your personal data with: group companies (including parent company Exec X AI Ltd); RemoFirst, Inc. (employer of record services); Pipedrive, Inc. (CRM); professional service providers including legal advisors, accountants, IT providers, and payment processors; regulatory and legal authorities; and business transfer recipients in the event of a merger or acquisition.

7. International transfers of personal data

We transfer personal data to: RemoFirst, Inc. (United States, adequacy or data bridge basis); Exec X AI Ltd (DIFC, adequacy basis); Pipedrive, Inc. (United States, adequacy or data bridge basis). Where no adequacy decision exists, we rely on standard contractual clauses or other appropriate safeguards.

8. How long do we keep your personal data

General retention: one calendar year from last interaction, unless otherwise specified. Employment records: duration of employment plus seven years. Client records: engagement duration plus seven years. Financial records: seven years. Marketing data: until consent withdrawn or three years from last interaction, whichever is earlier.

9. Your rights under data protection law

You have the right of access, rectification, erasure, restriction of processing, objection, data portability, and withdrawal of consent. To exercise any of these rights, contact us at compliance@execxai.com. We will respond within one month of receipt.

10. Automated decision making and profiling

We may use automated tools for application screening, analytics, fraud detection, and marketing personalisation. All automated tools are subject to human oversight in accordance with our Responsible AI Policy.

11. Criminal background checks

Where legally permitted and relevant to the role, we may conduct DBS, Access NI, Disclosure Scotland, or equivalent checks. These are conducted only where legally permitted, necessary and proportionate, and with your prior knowledge.

12. Cookies and similar technologies

S.AI.L uses cookies to improve your experience, analyse site usage, and support marketing. For full details, see our Cookie Policy.

13. Changes to this privacy policy

We may update this privacy policy from time to time. Significant changes will be communicated via the website and, where appropriate, by email. Your continued use of our services constitutes acceptance of the updated policy.

14. How to contact us and how to file complaints

If you are not satisfied with our response, you may complain to the ICO (UK), your local EU supervisory authority, or the DIFC Commissioner of Data Protection.