Privacy Policy

Last Updated: March 2026

1. Introduction and Legal Identity

This Privacy Policy ("Policy") governs the collection, processing, storage, use, disclosure, and protection of information by ThinkFirm Information Technology Consultancy L.L.C ("ThinkFirm," "the Company," "we," "us," or "our"), a Limited Liability Company duly incorporated and registered under the laws of the United Arab Emirates, holding a valid commercial license issued by the relevant licensing authority. ThinkFirm operates as a technology consulting, advisory, and professional services firm specializing in information technology consultancy, enterprise risk management, cybersecurity, artificial intelligence, data management, regulatory compliance, digital transformation, and related domains across the public and private sectors.

This Policy applies universally to all interactions with ThinkFirm, including but not limited to access to and use of our corporate websites, digital platforms, application programming interfaces (APIs), client portals, software-as-a-service (SaaS) applications, proprietary tools and dashboards, mobile applications, and any communications conducted through official channels such as [email protected], telephone, video conferencing, messaging platforms, postal correspondence, or in-person meetings. This Policy further extends to all data processed in connection with consultancy engagements, proposals, statements of work, contractual deliverables, and any pre-contractual or post-contractual interactions.

By accessing, using, or interacting with ThinkFirm in any capacity — whether as a current or prospective client, website visitor, partner, subcontractor, vendor, supplier, job applicant, event attendee, survey respondent, or otherwise — you expressly acknowledge and agree that data processing is an inherent, necessary, and unavoidable component of ThinkFirm's operations and service delivery model. You further agree that such processing may occur continuously, automatically, and without additional or individualized notice beyond what is provided in this Policy. This Policy is intended to be interpreted broadly and expansively to maximize operational flexibility, service excellence, and comprehensive legal protection for ThinkFirm and its stakeholders.

ThinkFirm is committed to responsible data stewardship and conducts its information processing activities in alignment with applicable UAE federal data protection legislation, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations, as well as any sector-specific regulations issued by the relevant free zone or regulatory authority under which ThinkFirm operates. Where ThinkFirm provides services to clients located in other jurisdictions, the Company may additionally consider the requirements of international data protection frameworks, including but not limited to the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK Data Protection Act 2018, and other applicable regional and national privacy laws, to the extent commercially reasonable and operationally practicable.

2. Scope and Applicability

This Policy applies comprehensively and without limitation to all individuals, legal entities, organizations, systems, automated agents, and third parties that interact with ThinkFirm, whether directly or indirectly, actively or passively, intentionally or incidentally. It governs all forms of engagement across all channels, including but not limited to digital interactions through websites, web applications, and APIs; electronic communications via email, instant messaging, video conferencing, and social media; telephonic interactions; physical interactions including office visits, meetings, conferences, and events; and automated system-level exchanges including API calls, webhook transmissions, log data, and machine-to-machine communications.

The scope of this Policy extends to all categories and classifications of data, including structured data (databases, spreadsheets, form submissions), unstructured data (emails, documents, images, audio and video recordings), semi-structured data (XML, JSON, log files), inferred data (analytics outputs, behavioral predictions, risk scores), generated data (AI-produced content, automated reports, algorithmic outputs), and derived data (aggregated statistics, benchmarking datasets, anonymized or pseudonymized information), regardless of format, encoding, storage medium, or method of transmission.

ThinkFirm reserves the absolute and unconditional right to apply this Policy to data obtained from any source whatsoever, including but not limited to direct user submissions, third-party platforms and integrations, publicly available datasets and registries, social media platforms and professional networks, analytics and advertising technology providers, government and regulatory databases, credit reporting agencies, industry data consortia, and indirectly acquired information obtained through cookies, tracking technologies, referral data, or data enrichment services. Users acknowledge that the scope of this Policy is intentionally expansive and comprehensive, designed to capture all conceivable data processing activities that ThinkFirm may undertake in the ordinary course of its business operations and strategic initiatives.

This Policy supersedes and replaces any prior privacy notices, data handling statements, or confidentiality representations made by ThinkFirm, whether written or oral, to the extent they conflict with the terms stated herein. In the event of any inconsistency between this Policy and any other agreement, contract, or understanding between the user and ThinkFirm, the terms of the specific contractual instrument shall prevail with respect to the subject matter of that agreement, while this Policy shall govern all matters not expressly addressed therein. Any ambiguity in interpretation shall be resolved in favor of ThinkFirm's rights to collect, process, and utilize data for its legitimate business purposes, without restriction or obligation beyond what is explicitly stated in this Policy.

3. Information We Collect

ThinkFirm collects, receives, generates, and processes a wide spectrum of information necessary to support its operational, strategic, analytical, and service delivery functions. The categories of information collected are extensive and include, but are not limited to, the following:

This encompasses full legal names, preferred names, titles and honorifics, email addresses (personal and professional), telephone numbers (mobile, office, and direct lines), physical mailing addresses, organizational names and affiliations, job titles and functional roles, department and division information, seniority levels, professional certifications and credentials, LinkedIn profile URLs, and other professional identifiers. For job applicants, this may additionally include curriculum vitae, educational history, employment history, salary expectations, visa and work authorization status, and references.

Technical data collected through automated means may include Internet Protocol (IP) addresses (both IPv4 and IPv6), device fingerprints and unique device identifiers (including IDFA, GAID, and IMEI where applicable), browser type, version, and configuration, operating system type and version, screen resolution and display settings, installed plugins and extensions, language and locale preferences, network metadata including ISP information and connection type, referring URLs and exit pages, HTTP headers, and system interaction timestamps with millisecond precision.

Browsing activity, page views, scroll depth, click patterns, mouse movements and hover interactions, session duration and frequency, navigation paths, search queries entered on ThinkFirm properties, form field interactions (including partial or abandoned submissions), file download activity, video and media consumption patterns, engagement metrics across email communications (open rates, click-through rates, forwarding activity), event attendance and participation data, webinar registration and viewing behavior, and any other interaction patterns captured through cookies, web beacons, pixels, JavaScript tags, or similar tracking technologies.

All communications sent to ThinkFirm — including emails to [email protected] or any other ThinkFirm email address, attachments of any file type, email headers and metadata (sender, recipients, timestamps, subject lines, message IDs), chat transcripts, voice call recordings and transcriptions, video conference recordings and transcriptions, meeting notes, and any documents, presentations, or materials shared during the course of communications or engagements — may be stored, indexed, analyzed, and retained in accordance with this Policy.

ThinkFirm may generate and process derived or inferred data, including but not limited to risk scores and risk classifications, predictive analytics outputs, behavioral profiles and segmentation data, propensity models, sentiment analysis results, engagement scoring, lead scoring, AI-generated insights and recommendations, pattern recognition outputs, anomaly detection flags, and natural language processing extractions. Users acknowledge that data collection may occur continuously, passively, and through automated systems, and may include information not explicitly or knowingly provided by the user but inferred, calculated, or generated through analysis, aggregation, or algorithmic processing of other collected data points.

ThinkFirm deploys cookies (first-party and third-party, session and persistent), web beacons, tracking pixels, JavaScript tags, local storage objects, ETags, and similar technologies across its digital properties. These technologies collect information about browsing behavior, device characteristics, and user preferences to enable essential site functionality, analyze usage patterns, optimize performance, deliver personalized content and experiences, support marketing and advertising activities, and facilitate fraud detection and security monitoring. Essential cookies required for basic site operation are deployed without separate consent. Analytics, functional, and marketing cookies may be deployed based on user preferences where technically and legally required.

4. Purpose of Data Processing

ThinkFirm processes information for a comprehensive range of purposes aligned with its business operations, strategic objectives, technological capabilities, and commitment to service excellence. The specific purposes for which data may be processed include, but are not expressly limited to, the following categories:

Delivering, managing, and administering information technology consultancy, cybersecurity advisory, risk management, regulatory compliance, AI enablement, and digital transformation services; onboarding new clients and managing ongoing client relationships; preparing proposals, statements of work, and engagement letters; managing project timelines, deliverables, and milestones; generating reports, assessments, recommendations, and other professional deliverables; facilitating communication between ThinkFirm personnel and clients; managing invoicing, billing, accounts receivable, and financial reconciliation; and providing post-engagement support, maintenance, and follow-up services.

Performing cybersecurity monitoring, threat intelligence gathering, vulnerability assessment, penetration testing support, incident detection and response, security information and event management (SIEM) operations, distributed denial-of-service (DDoS) mitigation, malware analysis, phishing detection and prevention, access anomaly detection, and security posture assessment for both ThinkFirm infrastructure and client environments as part of contracted services.

Conducting research and development activities to create new products, platforms, methodologies, frameworks, and service offerings; benchmarking performance against industry standards and best practices; developing white papers, case studies, thought leadership materials, and industry reports; testing and validating new technologies, tools, and processes; and contributing to the advancement of knowledge in ThinkFirm's domains of expertise.

Developing, training, fine-tuning, validating, and deploying artificial intelligence and machine learning models, including supervised and unsupervised learning algorithms, natural language processing (NLP) models, computer vision systems, recommendation engines, predictive analytics models, generative AI systems, and reinforcement learning agents; generating insights, forecasts, and predictions that support decision-making, automation, and innovation across ThinkFirm's operations and client engagements.

Ensuring compliance with applicable federal, local, and international laws and regulations, including UAE data protection legislation, anti-money laundering (AML) and know-your-customer (KYC) requirements, sanctions screening, tax reporting obligations, employment and labor law compliance, intellectual property protections, and industry-specific regulatory mandates; managing audits, investigations, and regulatory inquiries; and maintaining records as required by law or prudent business practice.

Managing internal business operations including human resources, talent acquisition and retention, employee training and development, performance management, vendor and supplier management, procurement, facilities management, corporate governance, financial planning and analysis, strategic planning, mergers and acquisitions due diligence, and enterprise resource planning; optimizing system performance, infrastructure capacity, and resource allocation; and conducting business continuity and disaster recovery planning and testing.

Users acknowledge that data may be used for any legitimate business purpose, including commercial, analytical, operational, and strategic applications. The purposes described herein are illustrative and non-exhaustive, and ThinkFirm reserves the right to expand, modify, or refine its data processing activities at its sole and absolute discretion without prior notice, provided such activities remain within the bounds of applicable law.

5. Data Sharing and Disclosure

ThinkFirm may share, disclose, transfer, license, or otherwise make available information to a wide range of internal and external parties as necessary, appropriate, or advantageous to support its operations, service delivery, and business objectives. The categories of recipients include, but are not limited to, the following:

Information may be shared with ThinkFirm employees, officers, directors, managers, contractors, temporary staff, secondees, and interns on a need-to-know basis in connection with their roles and responsibilities. Data may also be shared with affiliated entities, subsidiaries, parent companies, group companies, joint ventures, and any successor entities as part of normal business operations, intercompany service arrangements, or corporate governance activities.

ThinkFirm engages a range of third-party service providers to support its operations, including but not limited to cloud hosting and infrastructure providers (including Amazon Web Services, Microsoft Azure, Google Cloud Platform, and similar services), software-as-a-service (SaaS) application providers, managed security service providers (MSSPs), cybersecurity technology vendors, analytics and business intelligence platforms, customer relationship management (CRM) systems, enterprise resource planning (ERP) systems, email and communication platforms, payment processing and billing services, marketing automation tools, survey and feedback platforms, legal and accounting firms, recruitment agencies, and travel management companies. These providers may process data on ThinkFirm's behalf under contractual arrangements that include confidentiality and data protection obligations.

Data may be disclosed to courts, tribunals, arbitration panels, regulatory bodies, law enforcement agencies, tax authorities, government ministries, free zone authorities, financial intelligence units, securities regulators, data protection authorities, and any other governmental or quasi-governmental entity where such disclosure is required by law, regulation, court order, subpoena, or other legal process; where ThinkFirm reasonably believes disclosure is necessary to protect its legal rights, enforce its agreements, investigate potential violations, prevent fraud or other illegal activity, or protect the safety and security of any person; or where ThinkFirm determines, in its sole judgment, that voluntary disclosure is appropriate or advisable under the circumstances.

In the event of any merger, acquisition, consolidation, joint venture, divestiture, reorganization, restructuring, dissolution, liquidation, asset sale, equity sale, change of control, financing, or similar corporate transaction, ThinkFirm may disclose, transfer, or assign information as part of due diligence, transaction execution, post-closing integration, or ongoing business operations. Users acknowledge that the acquiring entity or successor may continue to process data in accordance with this Policy or its own privacy policy.

ThinkFirm may share information with its external legal counsel, auditors, accountants, tax advisors, insurance providers, actuaries, management consultants, and other professional advisors in connection with the provision of professional advice, risk management, dispute resolution, or compliance activities.

While ThinkFirm implements reasonable contractual, technical, and organizational safeguards when sharing data with third parties, it does not and cannot guarantee the confidentiality, integrity, availability, or security of data once it has been disclosed to or is under the control of third parties. Users acknowledge and accept that ThinkFirm assumes no liability whatsoever for how third parties handle, process, store, secure, or protect such data after it has been disclosed, and that disclosure may occur without prior individualized notice where necessary, legally required, or operationally justified.

6. Data Storage, Retention, and Transfer

ThinkFirm stores data across a variety of systems, environments, and architectures, including public cloud infrastructure (multi-region and multi-availability-zone deployments), private cloud environments, on-premise servers and data centers, hybrid cloud configurations, distributed storage systems, content delivery networks (CDNs), edge computing nodes, and third-party SaaS platforms. Data may be stored in both primary production environments and secondary disaster recovery, backup, and archival systems. Storage locations may span multiple jurisdictions globally, including but not limited to the United Arab Emirates, European Union member states, the United States, and other countries where ThinkFirm or its service providers maintain data processing infrastructure.

Data retention periods are determined on a case-by-case basis considering the following factors: the nature and sensitivity of the data; the purpose for which it was collected or generated; applicable legal, regulatory, and contractual retention obligations; statute of limitations periods for potential claims or disputes; audit and compliance requirements; legitimate business needs including historical analysis, trend identification, and institutional knowledge preservation; and the cost and feasibility of ongoing storage and maintenance. Retention periods may range from temporary session-level storage (minutes or hours) to extended retention measured in years, and in certain cases, data may be retained indefinitely where ThinkFirm determines that ongoing retention is warranted for legal, regulatory, business, or archival purposes.

Even where deletion is specifically requested by a user or required under applicable law, users acknowledge that complete and irrevocable destruction of all copies of data may not be technically feasible or commercially practicable. Residual copies may persist in encrypted backups, disaster recovery archives, system logs, audit trails, transaction records, email archives, database snapshots, and distributed file systems. ThinkFirm will make commercially reasonable efforts to honor valid deletion requests in accordance with applicable law, but does not warrant or guarantee the complete elimination of all data copies across all storage systems and media.

Data may be transferred, transmitted, or made accessible across international borders without geographic restriction, including transfers to jurisdictions that may not maintain data protection legislation equivalent to or as comprehensive as that of the user's country of residence or the country in which the data was originally collected. Such transfers may occur through direct server-to-server transmission, API-based data exchanges, cloud replication and synchronization, email transmission, file sharing platforms, remote access by personnel located in other jurisdictions, or any other technically viable mechanism. Where required by applicable law, ThinkFirm may implement appropriate transfer mechanisms such as standard contractual clauses (SCCs), binding corporate rules (BCRs), adequacy decisions, derogations for specific situations, or other legally recognized safeguards. Users acknowledge that ThinkFirm does not guarantee the specific geographic location of stored data at any given time, the duration for which data will be retained, or the complete and permanent deletion of data from all systems, and by interacting with ThinkFirm, users consent to the storage, retention, and international transfer of their data as described herein and expressly accept all associated risks.

7. Security Disclaimer

ThinkFirm implements a comprehensive suite of cybersecurity measures aligned with recognized industry standards and best practices, including but not limited to encryption of data in transit (TLS 1.2/1.3) and at rest (AES-256), role-based access controls (RBAC) and least-privilege principles, multi-factor authentication (MFA) for systems and applications, network segmentation and micro-segmentation, intrusion detection and prevention systems (IDS/IPS), web application firewalls (WAF), distributed denial-of-service (DDoS) protection, endpoint detection and response (EDR) solutions, security information and event management (SIEM) systems with continuous monitoring and alerting, vulnerability scanning and patch management programs, secure software development lifecycle (SSDLC) practices, regular penetration testing and red team exercises, data loss prevention (DLP) controls, physical security measures for facilities and data centers, and documented incident response and business continuity plans.

ThinkFirm maintains personnel security controls including background checks for employees with access to sensitive data, mandatory security awareness training, acceptable use policies, confidentiality and non-disclosure agreements, access reviews and recertification processes, and disciplinary procedures for policy violations. Third-party service providers with access to ThinkFirm data are subject to contractual security requirements and may be subject to periodic security assessments or audits.

Notwithstanding the foregoing security measures, users acknowledge and accept that no information security program, regardless of its sophistication, investment, or design, can provide absolute or guaranteed protection against all threats. Vulnerabilities, threats, and risks are inherent in all digital environments, networked systems, and electronic communications. Cyberattacks (including advanced persistent threats, zero-day exploits, ransomware, social engineering, and supply chain attacks), unauthorized access, data breaches, system failures, software defects, human error, natural disasters, and other adverse events may occur despite reasonable precautions and best-effort security measures.

ThinkFirm expressly disclaims any and all guarantees, warranties, or representations regarding the absolute security, inviolability, or impenetrability of its systems, platforms, communications, or data storage infrastructure. ThinkFirm shall not be liable for any damages, losses, costs, expenses, or consequences of any kind arising from or related to security incidents, unauthorized access, data breaches, data corruption, data loss, service interruptions, or system compromises, except to the extent that such liability cannot be excluded under mandatory provisions of applicable law. Users accept full responsibility for the risks inherent in transmitting data to or through ThinkFirm and acknowledge that electronic transmissions may be intercepted, accessed, delayed, corrupted, or compromised by unauthorized third parties. ThinkFirm's security measures are provided on a commercially reasonable, best-effort basis and do not constitute a warranty, guarantee, or indemnity of protection, safety, or security.

8. User Rights and Limitations

Subject to applicable data protection laws, and in particular the provisions of UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations, users may have certain rights with respect to their personal data, including but not limited to: the right to request access to personal data held by ThinkFirm and to receive a copy of such data in a commonly used, machine-readable format; the right to request rectification or correction of inaccurate, incomplete, or outdated personal data; the right to request erasure or deletion of personal data under certain circumstances; the right to request restriction of processing in specific situations; the right to object to processing based on legitimate interests or direct marketing; the right to data portability, enabling the transfer of personal data to another controller; and the right to withdraw consent where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of the above rights, users must submit a verifiable written request to [email protected] specifying the nature of the request, the personal data concerned, and sufficient identifying information to enable ThinkFirm to verify the requester's identity and locate the relevant data. ThinkFirm may require additional documentation, identification, or verification steps to authenticate requests and prevent unauthorized access, disclosure, or deletion. Requests will be processed in accordance with applicable legal timeframes, and ThinkFirm will endeavor to respond within thirty (30) calendar days of receiving a complete and verified request, unless an extension is permitted under applicable law.

ThinkFirm reserves the right to limit, delay, refuse, or charge a reasonable fee for requests where permitted under applicable law, including where requests are manifestly unfounded, excessive, or repetitive; where compliance would adversely affect the rights and freedoms of other individuals; where data is required for the establishment, exercise, or defense of legal claims; where data retention is mandated by law or regulation; where data has been anonymized or aggregated such that it no longer constitutes personal data; where disclosure would compromise trade secrets, proprietary methodologies, or intellectual property; or where compliance would be technically infeasible or impose disproportionate burden. Certain categories of data, including derived analytics, AI-generated insights, anonymized and pseudonymized datasets, aggregated statistical data, and system-level records (logs, audit trails, security event records), may not be subject to user access, modification, or deletion requests. Users acknowledge that their rights are not absolute, that competing interests and legal obligations must be balanced, and that ThinkFirm retains sole discretion in determining how, when, and to what extent it will respond to data subject requests.

9. Email and Communication Policy

All communications sent to, received by, or transmitted through ThinkFirm systems and channels, including but not limited to those directed to [email protected] or any other ThinkFirm email address, are subject to comprehensive monitoring, recording, logging, indexing, storage, and analysis. This encompasses all forms of electronic communication, including email messages and their headers, metadata, and threading information; file attachments of any type, format, or size; calendar invitations and scheduling data; instant messaging and chat transcripts; voice call recordings, voicemails, and call detail records; video conference recordings, transcriptions, chat messages, and participant data; SMS and text messages; social media direct messages and interactions; and any documents, files, images, or other content shared through any ThinkFirm communication channel.

Communications and associated data may be used by ThinkFirm for any legitimate business purpose, including but not limited to: responding to inquiries and fulfilling requests; managing client relationships and project delivery; internal training, quality assurance, and performance evaluation; compliance monitoring, policy enforcement, and regulatory reporting; legal proceedings, dispute resolution, and evidence preservation; analytics, trend analysis, and business intelligence; artificial intelligence model training, fine-tuning, and validation, including natural language processing, sentiment analysis, and intent classification; security monitoring and threat detection; and any other purpose consistent with ThinkFirm's operational and strategic objectives.

ThinkFirm does not guarantee the confidentiality, privacy, or security of any communication transmitted to or through its systems. Communications may be accessed, reviewed, disclosed, or shared internally across ThinkFirm departments and personnel, or externally with third-party service providers, legal advisors, regulatory authorities, or other parties as described in Section 5 of this Policy. Users are strongly and unequivocally advised not to transmit sensitive, confidential, classified, proprietary, legally privileged, or trade secret information via email or other electronic communication channels unless such transmission is absolutely necessary, has been specifically authorized by an appropriate ThinkFirm representative, and is conducted through approved secure communication channels with appropriate encryption and access controls.

By initiating or participating in any form of communication with ThinkFirm, users expressly and irrevocably consent to the monitoring, recording, processing, storage, and potential dissemination of their communications and associated data as described in this Policy. ThinkFirm assumes no liability whatsoever for any consequences, damages, or losses arising from the submission, handling, storage, disclosure, or unauthorized access of communications, and users agree to hold ThinkFirm harmless in connection with any such events.

10. AI, Analytics, and Automated Processing

ThinkFirm utilizes a broad spectrum of advanced technologies to process, analyze, enrich, and derive value from collected information. These technologies include, but are not limited to: artificial intelligence (AI) systems encompassing narrow AI, general-purpose AI assistants, and task-specific AI agents; machine learning (ML) algorithms including supervised learning (classification, regression), unsupervised learning (clustering, dimensionality reduction, anomaly detection), semi-supervised learning, and reinforcement learning; deep learning architectures including neural networks, convolutional neural networks (CNNs), recurrent neural networks (RNNs), transformers, and large language models (LLMs); natural language processing (NLP) and natural language understanding (NLU) systems for text analysis, entity extraction, sentiment analysis, topic modeling, summarization, and translation; computer vision systems for image and document analysis; robotic process automation (RPA) for workflow automation; predictive analytics and forecasting models; prescriptive analytics and optimization engines; knowledge graphs and semantic reasoning systems; and business intelligence and data visualization platforms.

These technologies may be applied to generate a wide range of outputs, including but not limited to: risk scores and risk classifications; compliance gap assessments and remediation recommendations; threat intelligence reports and vulnerability assessments; predictive models for business performance, customer behavior, and market trends; automated document analysis, contract review, and regulatory mapping; chatbot and virtual assistant interactions; sentiment and opinion analysis of communications and content; anomaly detection and fraud identification alerts; resource optimization and capacity planning recommendations; benchmarking and competitive intelligence reports; and any other analytical, predictive, or generative outputs that support ThinkFirm's operations, service delivery, or client engagements.

In certain circumstances, ThinkFirm may employ automated decision-making processes, including profiling, that may produce legal effects or significantly affect individuals. Where such automated decision-making is employed, ThinkFirm will implement appropriate safeguards as required by applicable law, which may include the ability to request human intervention, the right to express one's point of view, and the right to contest the decision. Users may inquire about the existence of automated decision-making processes affecting them by contacting [email protected].

While ThinkFirm employs commercially reasonable efforts to ensure the reliability, accuracy, and validity of its AI systems, machine learning models, and analytical outputs, the Company does not and cannot guarantee the accuracy, completeness, timeliness, suitability, reliability, or fitness for any particular purpose of any technology-generated output. Users acknowledge that automated processing and AI systems may involve inherent limitations, statistical uncertainties, algorithmic biases (including training data biases, selection biases, and confirmation biases), model drift, adversarial vulnerabilities, hallucinations (in the case of generative AI), and other errors or shortcomings. ThinkFirm assumes no liability for any decisions made, actions taken, or consequences arising from reliance on AI-generated outputs, automated processes, or analytical results. All such outputs are provided for informational and advisory purposes only and should not be considered definitive, authoritative, exhaustive, or a substitute for independent professional judgment, due diligence, or legal advice.

11. Limitation of Liability

To the fullest extent permitted by applicable law, all services, systems, platforms, tools, deliverables, communications, and information provided by ThinkFirm are delivered on an "as is," "as available," and "with all faults" basis, without warranties, representations, or guarantees of any kind whatsoever, whether express, implied, statutory, or otherwise. ThinkFirm expressly disclaims all implied warranties, including without limitation the implied warranties of merchantability, fitness for a particular purpose, title, non-infringement, accuracy, reliability, completeness, timeliness, and quiet enjoyment. ThinkFirm makes no warranty that its services, platforms, or systems will be uninterrupted, error-free, secure, virus-free, or available at all times, or that defects will be identified or corrected within any specific timeframe.

To the maximum extent permitted by applicable law, ThinkFirm, its affiliates, subsidiaries, parent companies, officers, directors, employees, agents, contractors, partners, licensors, and service providers shall not be liable for any damages of any kind arising from, related to, or in connection with the use of, inability to use, or reliance upon ThinkFirm's services, systems, platforms, communications, deliverables, or information. This exclusion applies to all categories of damages, including without limitation: direct damages, indirect damages, incidental damages, consequential damages, special damages, punitive damages, exemplary damages, nominal damages, liquidated damages, and any other damages; as well as loss of data, loss of revenue, loss of profits, loss of business, loss of goodwill, loss of reputation, loss of anticipated savings, loss of opportunity, loss of use, business interruption, and cost of procurement of substitute services.

In no event shall ThinkFirm's total cumulative liability to any user or third party for all claims arising from or related to this Policy, ThinkFirm's privacy practices, or any data processing activities described herein exceed the greater of: (a) the total fees paid by the user to ThinkFirm during the twelve (12) month period immediately preceding the event giving rise to the claim; or (b) one hundred United States dollars (USD $100.00). This limitation applies regardless of the theory of liability (whether in contract, tort, negligence, strict liability, warranty, or otherwise) and regardless of whether ThinkFirm has been advised of the possibility of such damages.

Users acknowledge and agree that they assume all risks associated with their interactions with ThinkFirm and that ThinkFirm shall not be held responsible for any adverse outcomes, losses, or damages arising from or related to such interactions. The limitations and exclusions of liability set forth in this section apply to the fullest extent permitted by applicable law, are fundamental elements of the basis of the bargain between users and ThinkFirm, shall apply regardless of the cause of action or the basis of the claim, and shall survive and continue in full force and effect following the termination, expiration, or conclusion of the user's relationship with ThinkFirm.

12. Indemnification

Users agree to fully, unconditionally, and irrevocably indemnify, defend, and hold harmless ThinkFirm, its parent companies, subsidiaries, affiliates, group companies, joint venture partners, successors, assigns, officers, directors, board members, employees, agents, contractors, subcontractors, consultants, advisors, licensors, service providers, and representatives (collectively, the "Indemnified Parties") from and against any and all claims, demands, actions, suits, proceedings (whether civil, criminal, administrative, or regulatory), investigations, liabilities, judgments, settlements, damages, losses, costs, and expenses of any nature whatsoever, including but not limited to reasonable legal fees, attorney costs, expert witness fees, court costs, arbitration fees, mediation costs, and all other costs of dispute resolution (collectively, "Losses"), arising from, related to, or in connection with:

(a) the user's access to, use of, or interaction with ThinkFirm's services, systems, platforms, communications, or information; (b) any breach, violation, or non-compliance with this Policy or any applicable law, regulation, or third-party right by the user; (c) any data, content, information, or materials submitted, uploaded, transmitted, or provided by the user to ThinkFirm; (d) any claims brought by third parties arising from or related to the user's actions, omissions, representations, data submissions, or misuse of ThinkFirm's systems or services; (e) any unauthorized access to or use of ThinkFirm's systems resulting from the user's failure to maintain adequate security over their own credentials, devices, or systems; and (f) any infringement, misappropriation, or violation of intellectual property rights, privacy rights, publicity rights, or other proprietary rights of any third party arising from the user's actions or submissions.

ThinkFirm reserves the right, at its sole discretion and at the user's expense, to assume exclusive defense and control of any matter subject to indemnification. Users agree to fully cooperate with ThinkFirm's defense and shall not settle any claim without ThinkFirm's prior written consent. The indemnification obligation applies regardless of the nature, basis, or theory of the claim and constitutes a continuing obligation that survives and remains in full force and effect following the termination, expiration, or conclusion of the user's relationship with ThinkFirm, for a period co-extensive with the applicable statutes of limitation. Users acknowledge that this indemnification clause is material, essential, and a fundamental condition of their engagement with ThinkFirm, and that ThinkFirm has entered into its arrangements with users in reliance upon this provision.

13. Policy Updates and Modifications

ThinkFirm reserves the unrestricted, unconditional, and absolute right to modify, amend, update, supplement, restate, or replace this Privacy Policy, in whole or in part, at any time and from time to time, at its sole and exclusive discretion, without prior notice to any user or other party. Modifications may be made for any reason, including but not limited to: reflecting changes in ThinkFirm's business operations, corporate structure, or service offerings; incorporating new or revised data processing activities; addressing evolving technological capabilities, industry standards, or best practices; responding to changes in applicable laws, regulations, regulatory guidance, or enforcement trends; implementing recommendations from privacy impact assessments, audits, or compliance reviews; or for any other reason ThinkFirm deems appropriate in its commercial judgment.

Updated versions of this Policy will become effective immediately upon publication on ThinkFirm's website or other designated platform, unless a different effective date is specified in the updated Policy. The "Last Updated" date at the top of this Policy indicates the date of the most recent revision. Continued access to, use of, or interaction with ThinkFirm's services, systems, platforms, or communications following the publication of any modifications constitutes the user's binding acceptance of the revised terms and conditions. Where material changes are made that substantially alter ThinkFirm's data processing practices, ThinkFirm may, at its sole discretion and without obligation, provide additional notice through website banners, pop-up notifications, email communications, or other channels deemed appropriate.

Users bear sole and exclusive responsibility for periodically reviewing this Policy to remain informed of any changes, updates, or modifications. ThinkFirm assumes no obligation or duty to individually notify users of Policy updates, whether through email, push notification, postal mail, or any other means of communication. ThinkFirm shall not be liable for any consequences, damages, claims, or losses arising from a user's failure to review, read, or understand the current version of this Policy. Users are deemed to have constructive knowledge of the Policy as published on ThinkFirm's website at all times.

14. Governing Law and Jurisdiction

This Privacy Policy, and any dispute, claim, controversy, or matter arising out of, relating to, or in connection with this Policy (including its existence, validity, interpretation, performance, breach, or termination), shall be exclusively governed by, and construed and enforced in accordance with, the substantive and procedural laws of the United Arab Emirates, without regard to any conflict of law principles, choice of law rules, or provisions that would result in the application of the laws of any other jurisdiction. To the extent that specific data protection legislation enacted by a free zone authority or emirate-level authority is applicable to ThinkFirm's operations, such legislation shall supplement the governing law provisions of this Policy.

Any and all disputes, claims, or proceedings arising out of or in connection with this Policy shall be submitted to and resolved by the exclusive jurisdiction of the competent courts within the United Arab Emirates, including the courts of the relevant emirate in which ThinkFirm maintains its principal place of business or, where applicable, the courts of the relevant free zone judicial authority. Users irrevocably and unconditionally submit to the exclusive jurisdiction of such courts and irrevocably waive any objection to such jurisdiction on the grounds of inconvenient forum, improper venue, lack of personal jurisdiction, or any similar ground. Users further agree that service of process may be effected by any method permitted under applicable UAE law or procedural rules.

ThinkFirm expressly reserves the right to initiate legal proceedings, seek injunctive relief, or pursue other remedies in any jurisdiction worldwide that it deems appropriate, necessary, or advantageous to protect its rights, interests, intellectual property, confidential information, or reputation. Users acknowledge that ThinkFirm may seek concurrent relief in multiple jurisdictions where necessary, and that judgments or orders obtained in one jurisdiction may be enforced in other jurisdictions in accordance with applicable international conventions, bilateral treaties, and local enforcement procedures. Nothing in this Policy limits ThinkFirm's right to take any action in any court or tribunal of competent jurisdiction, nor shall the commencement of proceedings in one or more jurisdictions preclude ThinkFirm from commencing proceedings in any other jurisdiction, whether concurrently or otherwise, to the extent permitted by applicable law.

15. Contact Information

For any inquiries, requests, complaints, or communications regarding this Privacy Policy, ThinkFirm's data handling practices, the exercise of data subject rights, or any other privacy-related matter, users may contact the Company through the following channel:

ThinkFirm Information Technology Consultancy L.L.C
Email: [email protected]
Subject Line: Privacy Inquiry — [Brief Description of Request]

To facilitate the efficient handling of inquiries, users are encouraged to include the following information in their communications: full legal name, organization name (if applicable), email address associated with any ThinkFirm account or prior interaction, a clear and specific description of the inquiry or request, any relevant reference numbers, dates, or supporting documentation, and the specific right or action being requested (if submitting a data subject rights request).

ThinkFirm will make commercially reasonable efforts to acknowledge receipt of inquiries within five (5) business days and to provide a substantive response within thirty (30) calendar days, subject to the complexity of the request, operational constraints, internal review and approval processes, identity verification requirements, and any extensions permitted under applicable law. Complex requests, requests involving large volumes of data, or requests requiring coordination with third parties may require additional processing time, and users will be notified of any expected delays along with the reason for the extension.

All communications sent to ThinkFirm, including those submitted in connection with privacy inquiries or data subject rights requests, may be recorded, stored, logged, and processed in accordance with the terms of this Policy, including the provisions of Section 9 (Email and Communication Policy). Users acknowledge and agree that contacting ThinkFirm does not create any attorney-client relationship, fiduciary duty, contractual obligation, or guarantee of response, resolution, or specific outcome, and that all interactions with ThinkFirm remain subject to the terms, conditions, limitations, and disclaimers outlined in this Policy and any applicable agreements between the user and ThinkFirm.