AION SENTIA LTD
Address: Office D131, 2905, Floor 29, Sky Tower, Shams
Abu Dhabi, Abu Dhabi, Al Reem Island, United
Arab Emirates
E-mail address: compliance@aionsentia.com

In accordance with Section 47 of the DP Regulations, AION SENTIA has appointed a Commissioner of Data Protection who can be contacted via email at compliance@aionsentia.com

Technical browsing data
This category of Data includes IP addresses or domain names of the computers used by users who connect to the Website, the browser type and version, the operating system language, URI (Uniform Resource Identifier) addresses of the requested resources, the time and date of the request, the method used to submit the request to the server, the size of the file obtained in response, requested URLs and pages visited, the numerical code indicating the status of the response given by the server (success, error, etc.), as well as other parameters related to the user’s operating system and IT environment.
This information is not collected to be associated with identified individuals; however, due to its nature, it could allow users to be identified through processing and correlation with data held by third parties, particularly in cases involving suspected cybercrimes targeting the Website. These data are used exclusively to:

• ensure the proper functioning and security of the site;
• conduct aggregated and anonymous statistical analyses on website usage;
• fulfil any legal obligations or requests from competent authorities.

Unless required for exceptional cases involving cybercrime investigations, the Data is retained for the time strictly necessary to achieve the above-mentioned purposes, in accordance with Section 4(1)(e) of the Data Protection Regulations 2021.

Data voluntarily provided via contact forms
By filling out the online forms available on the Website or by voluntarily sending communications to the official email addresses of AION SENTIA, users may provide personal data such as:

• first and last name;
• email address;
• phone number (if requested);
• name of the organization they belong to;
• job title or role;
• content of the messages sent or requests submitted;

These data are processed by AION SENTIA solely for the purpose of:
• responding to information requests;
• managing communications or subscriptions to services;
• providing technical support or assistance with the Website’s content.

Cookies
The Website uses technical cookies necessary for navigation and to ensure the platform functions correctly. Additionally, with the user’s explicit consent, analytical and third-party cookies may be used to collect aggregated information about the browsing experience and interaction with the Website’s content.
The processing of personal data through analytical and third-party tracking cookies is based on the user’s consent, pursuant to Section 6(1)(a) of the Data Protection Regulations 2021. This consent is obtained through the cookie banner displayed upon the user’s first visit to the Website.
For further information on the types of cookies used, their purposes, retention periods, and how to manage or withdraw consent, please consult the Website’s Cookie Policy, available at the following link: https://aionsentia.com/cookie-policy/

Profiling and pseudonymisation
At present, AION SENTIA does not use automated user profiling systems through the Website.
Should advanced tracking or profiling systems be implemented in the future for statistical analysis or to enhance the user experience, AION SENTIA commits to applying pseudonymisation techniques and appropriate security measures in line with the principles of integrity and confidentiality as set forth in Section 30(1)(b) of the Data Protection Regulations 2021, ensuring that personal data cannot be attributed to a specific data subject without the use of additional separately stored information.
Any profiling or advanced tracking activities will be carried out in full compliance with applicable regulations and only with the user’s informed consent, in accordance with Section 6(1)(a) of the Data Protection Regulations 2021. Users will also retain the right to withdraw their consent at any time, without affecting the lawfulness of the previous processing.

AION SENTIA may provide links to other websites or online resources operated by third parties. With regard to privacy safeguards and the processing of personal data collected by such websites (including social media platforms, where applicable), please refer to the respective privacy policies of these websites. AION SENTIA cannot be held responsible in any way for the processing of personal data carried out by third-party websites or pages.

In accordance with the principle set out in Section 4 (1)(e) of the Data Protection Regulations 2021, AION SENTIA retains the Data only for as long as is strictly necessary to achieve the declared purposes and in compliance with applicable regulatory requirements.

The processing is carried out in compliance with the principles of data minimization, integrity, and confidentiality, as provided for in Section 43 (2)(d), and Section 30 (1)(b) of the Data Protection Regulations 2021.

Personal data collected through the website www.aionsentia.com are processed exclusively by personnel authorized by AION SENTIA, who act under the direct authority of the Data Controller and in compliance with the principles of confidentiality, integrity, and data minimization as outlined in Section 43 (2)(d), and Section 30 (1)(b) of the Data Protection Regulations 2021. Authorized personnel are trained regarding confidentiality obligations and security measures to be adopted during processing activities, and operate in accordance with the purposes outlined in this Privacy Policy and the regulatory provisions in force at ADGM.

Personal data collected through the website www.aionsentia.com may be disclosed and processed by third parties acting as independent data controllers, such as, by way of example, public authorities, supervisory authorities, regulatory bodies, law enforcement agencies, and public or private entities (e.g., legal, tax consultants, auditors) where necessary to comply with legal obligations, pursuant to orders from competent authorities under Section 5 (1)(c) and (e) of the Data Protection Regulations 2021, or for the exercise and protection of AION SENTIA’s rights.

Furthermore, the data may be processed on behalf of AION SENTIA by third parties acting as data processors, who receive appropriate operational instructions in compliance with Sections 26 and 27 of the Data Protection Regulations 2021. These include IT service providers, website developers and maintainers, hosting providers, and technical support services. Such processors are selected from entities that provide adequate guarantees of compliance with applicable regulations and ensure the implementation of appropriate technical and organizational measures to protect personal data.

The Company is based in the United Arab Emirates, within the ADGM jurisdiction, and processes personal data in accordance with the Data Protection Regulations 2021.

Should personal data collected via the Website www.aionsentia.com be transferred outside the ADGM jurisdiction, AION SENTIA guarantees that such transfers will only occur to countries recognized as adequate by the Commissioner of Data Protection, pursuant to Sections 41 to 44 of the Data Protection Regulations 2021.
AION SENTIA has performed an adequacy assessment of third-party providers involved in hosting and technical support services to ensure that the safeguards required by ADGM regulations are also upheld outside the ADGM jurisdiction.
In particular, it is noted that, in accordance with the provisions of the ADGM Commissioner of Data Protection, the European Union is considered an adequate jurisdiction for the purposes of personal data transfers. Therefore, data transferred to providers or systems located within the European Union will be managed in compliance with the principles of lawfulness, fairness, transparency, and security established by the Data Protection Regulations 2021.
For transfers to countries that do not benefit from an adequacy decision, AION SENTIA will adopt appropriate safeguard measures, including approved standard contractual clauses, specific transfer impact assessments, and due diligence procedures on data recipients. These measures comply with applicable regulatory obligations to ensure the protection of personal data and full respect for data subjects’ rights, also in the destination countries.

For users residing in the United States, including but not limited to the states of California, Colorado, Virginia, Connecticut, and Utah, the processing of personal data may also be subject to U.S. data protection laws, such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), as well as any other applicable state or federal laws. In compliance with these regulations, AION SENTIA is committed to ensuring transparency, lawfulness, and security in the processing of personal data of U.S. users to enable the exercise of the rights provided under the applicable legislation.

For users residing within the European Economic Area (EEA), AION SENTIA processes personal data in accordance with the General Data Protection Regulation (GDPR) and relevant national data protection laws, by applying suitable technical and organizational safeguards to maintain a security level appropriate to the associated risks.

For users residing in third countries that are neither part of the EEA nor recognized as having an adequacy decision, such as the United Arab Emirates (outside the ADGM jurisdiction) or other countries, AION Sentia is committed to ensuring that international transfers of personal data are carried out based on appropriate safeguards. These may include the Standard Contractual Clauses approved by the European Commission or other legal bases provided under applicable regulations, whose aim is to guarantee an adequate level of data protection.

Users residing in such countries may exercise their rights related to the personal data processing by submitting a request to the following email address: __________.
The request should include the user’s jurisdiction of residence and the nature of the inquiry, so that AION SENTIA can provide requested assistance in compliance with the applicable regulations.

In accordance with the Data Protection Regulations 2021, particularly Sections 13 to 20, users can exercise the following rights at any time with regard to the personal data collected through the website www.aionsentia.com:

• Right of access (Art. 13): to obtain confirmation as to whether or not personal data concerning them is being processed and, if so, to receive a copy of such data;
• Right to rectification (Art. 14): to request the correction of inaccurate personal data or the completion of incomplete data;
• Right to erasure (Art. 15): to request the deletion of personal data in cases provided for by applicable law;
• Right to restriction of Processing (Art. 16): to obtain the restriction of processing under certain circumstances;
• Right to data portability (Art. 18): to receive the personal data provided in a structured, commonly used, and machine-readable format and to transmit such data to another controller, where technically feasible;
• Right to object (Art. 19): to object, on grounds relating to their particular situation, to the processing of their personal data;
• Right not to be subject to automated decision-making (Art. 20), where applicable.

In accordance with Section 8 (2)(a), if the processing is based on consent, the user may withdraw their consent at any time, without affecting the lawfulness of any processing carried out prior to such withdrawal.

At any point, users have the right to submit a complaint to the Commissioner of Data Protection at AION SENTIA should they consider that the processing of their personal data has been carried out in violation of the Data Protection Regulations 2021.

To exercise their rights, the user may send a written request to the email address: dpo@aionsentia.com. AION SENTIA is committed to responding to data subjects’ requests within the timeframes established by the DP Regulations and to ensuring the full exercise of users’ rights.

AION SENTIA implements appropriate technical and organizational measures to ensure the confidentiality, integrity, availability, and resilience of the personal data collected through the website www.aionsentia.com, in accordance with the security principles set forth by the DP Regulations 2021.
These measures are proportionate to the risk level, available technology, and implementation costs, and include, but are not limited to:

• encryption and pseudonymization of data in transit and data at rest;
• access control systems and authentication for authorized personnel;
• regular backups and system restoration testing;
• continuous network and system monitoring to detect unauthorized access;
• a structured process for managing and reporting data breaches, in compliance with the provisions of the Office of the Data Protection.

Furthermore, AION SENTIA maintains a record of processing activities, including the security measures adopted, as required by Sections 28 and 30 of the DP Regulations 2021, and periodically updates its security procedures.

In accordance with Section 32 of the Data Protection Regulations 2021, AION SENTIA has established internal procedures for handling data breaches.
In the event of a personal data breach that may present a risk to data subjects’ rights and freedoms, the company will notify the ADGM Office of Data Protection without undue delay, as required by applicable law.

If the breach poses a high risk to the rights and freedoms of the data subjects, AION SENTIA will also notify the data subjects without undue delay in compliance with Section 33(1) of the DP Regulation 2021. This communication will include crucial details about the breach and the measures taken to mitigate its potential effects.

This Privacy Policy is regularly updated. For this reason, the most recent update is indicated at the top of this document. If the user has already submitted personal data to the Company, they will be notified of any significant changes by appropriate means to ensure full transparency in data processing and complete protection of their rights.
Users are nonetheless encouraged to regularly check this document to stay informed of any updates.