At Qorden AI, we prioritize the privacy and security of our users’ data. Qorden AI is a cutting-edge B2B speech analytics platform designed to help businesses derive actionable insights from customer interactions. Through advanced artificial intelligence capabilities, Qorden AI provides real-time and post-call analysis, including sentiment detection, keyword tracking, and emotion analysis, enabling companies to enhance customer engagement, improve service quality, and support data-driven decision-making.

Qorden AI offers three deployment options: (1) on-premises installation, (2) customer-managed cloud environments, and (3) Qorden AI’s managed cloud. In the first two deployment models, Qorden AI does not access or process customer data as all data resides within customer-controlled environments. In the third model, Qorden AI’s access is strictly limited to operational metadata and log files required for platform functionality, and no direct access to customer databases is granted unless explicitly authorized for support purposes.

As a company operating within the Dubai International Financial Centre (DIFC) jurisdiction, Qorden AI is committed to fully complying with the DIFC Data Protection Laws. This Privacy Policy outlines how we collect, use, and protect personal data in line with the principles, rights, and obligations defined under DIFC law.

This Privacy Policy aims to inform users of the types of personal data we collect, the purposes for which we process this data, and the measures we take to protect it. We believe in maintaining transparency in our data processing practices and empowering our users to make informed choices regarding their personal data. This policy provides guidance on users’ rights under the DIFC Data Protection Law and details the procedures for exercising those rights with Qorden AI.

1. Scope of the Privacy Policy

This Privacy Policy applies to all users of Qorden AI’s services, encompassing both our cloud-based and on-premises solutions. The policy governs how we collect, process, and protect personal data across all functions of Qorden AI’s speech analytics platform, including, but not limited to, customer interaction analysis, sentiment detection, emotion analysis, and keyword tracking.

The scope of this policy extends to all data processing activities carried out by Qorden AI to deliver insights and analytics for customer engagement and operational enhancement. This Privacy Policy provides a comprehensive view of how Qorden AI manages and protects the data it handles, ensuring compliance with the DIFC Data Protection Law and transparency for all users engaging with our services.

Qorden AI provides flexibility in deployment, allowing customers to install the platform on-premises, within their own cloud environment, or on Qorden AI’s managed cloud.

In on-premises or customer cloud deployments, Qorden AI does not have access to customer databases. Any support provided in these scenarios is limited to configuration assistance and does not involve direct data handling.

In Qorden AI-managed cloud deployments, access to customer data is restricted to metadata and interaction logs required for operational support.

2. Data Collection & Usage
3. Types of Data Collected

The data collected by Qorden AI is contingent on the deployment model chosen by the customer:

On-Premises or Customer Cloud Deployments. Qorden AI does not collect or access customer database content. Configuration data may be collected for troubleshooting and support, with explicit customer consent.

Qorden AI-Managed Cloud. Qorden AI may access operational metadata and interaction logs necessary to ensure platform functionality and address service-related issues.

2. Purpose of Data Collection

Qorden AI processes the data collected for the following purposes:

• Service Delivery. To provide users with speech analytics features, including real-time and post-call analysis, sentiment detection, and keyword tracking.
• Customer Engagement and Operational Improvement. To assist businesses in improving customer engagement and refining operational efficiency through actionable insights from analytics.
• Compliance and Security. To ensure compliance with applicable laws and protect Qorden AI, its users, and their data from unauthorized access or misuse.
• Platform Optimization and Troubleshooting. To monitor and optimize the functionality of our services, ensuring a seamless and reliable user experience.

1. Lawful Basis for Processing

Qorden AI processes personal data under the following lawful bases as defined by DIFC Data Protection Law:

• User Consent. For data collected with explicit user consent, especially sensitive data such as voice recordings and interaction metadata.
• Legitimate Interest. For data processing necessary for the provision of Qorden AI’s core services, ensuring business improvement, and operational effectiveness. Qorden AI commits to balancing its legitimate interests with user privacy rights.
• Legal Obligations. For processing required to meet legal and regulatory compliance, including data protection obligations under DIFC law.

In scenarios where support or troubleshooting requires temporary access to customer data, explicit written authorization is obtained from the customer, and access is strictly monitored to ensure compliance with DIFC standards. Metadata processed in Qorden AI-managed cloud deployments includes anonymized operational logs and system interaction data, utilized solely for performance monitoring and service optimization.

3. Data Processing
4. Processing Methods

Qorden AI processes data through both real-time and post-call analytics to provide businesses with meaningful insights into customer interactions. Our processing methods include:

• On-Premises and Customer Cloud. Data processing activities are fully managed within the customer’s environment. Qorden AI provides tools and configuration support without direct access to or processing of the underlying data.
• Qorden AI-Managed Cloud. Limited processing of metadata or interaction logs is conducted to facilitate operational support. Direct access to customer data is not required or undertaken unless explicitly requested for troubleshooting.

All processing activities are conducted in a secure environment, with stringent measures to ensure data accuracy and integrity as required under DIFC Data Protection Law.

2. Data Transfers

In cases where data processing involves cross-border transfers, Qorden AI adheres strictly to DIFC’s data transfer regulations. If data needs to be transferred outside the DIFC jurisdiction, Qorden AI ensures compliance with DIFC data protection requirements by:

• Using Adequate Safeguards. Implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent measures, to protect data when transferred internationally.
• RestrictingTransfer Locations. Limiting transfers to jurisdictions with adequate data protection levels or obtaining explicit consent when transferring to countries with differing standards.
• Ensuring Data Security. Maintaining strict security protocols for data transmission to protect user information during cross-border processing.

1. Explicit Consent

Qorden AI ensures that users provide explicit consent for processing activities, especially where data transfers may occur outside of the DIFC. Explicit consent is obtained in the following ways:

• User Agreement. During registration or service onboarding, users are presented with clear, detailed information about the types of data collected, the purposes of processing, and any cross-border data transfers.
• Informed Consent for Sensitive Data. Users are required to review and agree to terms specifically related to the processing of sensitive data, such as voice recordings and interaction metadata, and any associated cross-border transfers.
• Opt-In Mechanism for Transfers. For data transfers to non-DIFC jurisdictions, users are provided with an opt-in option, ensuring their explicit consent to such transfers and their awareness of the associated risks and safeguards.

Qorden AI respects users’ rights to withdraw consent at any time, and our platform provides easy mechanisms to manage consent preferences, in compliance with DIFC Data Protection Law. For customers opting for Qorden AI-managed cloud deployments, explicit consent is obtained for accessing any metadata or operational data required for service management. Customers deploying on-premises or in their own cloud retain full control over their data, with no Qorden AI access unless specifically authorized for troubleshooting.

4. User Rights as per DIFC Law

Qorden AI is committed to upholding the data rights of users in compliance with the Dubai International Financial Centre (DIFC) Data Protection Law. Users are entitled to various rights regarding their personal data, ensuring transparency, control, and accountability in data processing activities. The following outlines users’ key rights and how they can exercise them with Qorden AI.

2. Access and Rectification

Users have the right to access their personal data held by Qorden AI and to request corrections if the data is inaccurate or incomplete. These rights are subject to the deployment model:

• On-Premises or Customer Cloud Deployments.Users should contact their organization directly, as Qorden AI does not have access to their personal data in these scenarios.
• Qorden AI-Managed Cloud Deployments.Users can submit requests to Qorden AI for data access or corrections, limited to metadata or operational data.

To exercise these rights:

• Data Access Requests.Users can request access to their personal data, and Qorden AI will provide a copy of the relevant data being processed, subject to verification of identity and legal limitations.
• Data Correction Requests.Users can request corrections to any inaccurate or outdated data. Qorden AI will process the request promptly and notify the user once completed.

1. Data Portability

Qorden AI supports the right to data portability, allowing users to transfer their data between controllers where applicable. The scope depends on the deployment model:

• On-Premises or Customer Cloud Deployments.Users should coordinate with their organization to facilitate portability.
• Qorden AI-Managed Cloud Deployments.Users can request:
• Export of Personal Data.Data provided in a structured, commonly used, and machine-readable format.
• Direct Transfer of Data.Qorden AI can transfer data directly to another controller, provided it is technically feasible and does not infringe on others’ rights or violate legal restrictions.

2. Right to Object

Users have the right to object to the processing of their personal data in specific circumstances, particularly in the following cases:

• Legitimate Interest Processing.If processing is based on Qorden AI’s legitimate interests, users can object if it impacts their rights or interests.
• Automated Decision-Making.Users can object to automated decision-making or profiling that significantly affects them. They may request human intervention or a review of the decision.

For on-premises or customer cloud deployments, users should address objections directly with their organization.

3. Withdrawal of Consent

Users have the right to withdraw their consent for data processing at any time. The withdrawal process varies by deployment model:

• On-Premises or Customer Cloud Deployments.Users should contact their organization to withdraw consent, as Qorden AI does not control the data.
• Qorden AI-Managed Cloud Deployments.Users can withdraw consent by contacting Qorden AI’s Data Protection Officer (DPO) or updating their account settings.

Effect of Withdrawal:

• Upon withdrawal, Qorden AI will cease processing the data for the purposes initially consented to, except where continued processing is required by law or necessary to fulfill ongoing contractual obligations.

1. How to Exercise Rights

To exercise these rights, users can contact Qorden AI’s DPO using the contact details provided in this policy. Qorden AI is committed to:

• Responding to rights requests promptly, generally within 30 days.
• Providing clear feedback on actions taken to uphold user rights.

5. Data Security Measures

Qorden AI is dedicated to ensuring the security and confidentiality of user data. To safeguard personal information, we have implemented a series of technical and organizational measures in line with DIFC Data Protection Law. Our security protocols are designed to protect against unauthorized access, data loss, and other risks, maintaining a secure environment for data processing.

2. Technical and Organizational Measures

Qorden AI has established robust security protocols to protect user data throughout its lifecycle, including:

• Encryption. We use advanced encryption technologies to protect personal data, both in transit and at rest, ensuring that unauthorized parties cannot access or decipher the data.
• Access Control. Access to user data is restricted to authorized personnel only, based on defined access levels aligned with job responsibilities. Multi-factor authentication and role-based access further protect sensitive information.
• Data Anonymization and Pseudonymization. Where possible, data is anonymized or pseudonymized to protect user identities, especially during analysis and reporting.
• Regular Audits and Testing. Qorden AI conducts regular security audits and vulnerability assessments to identify potential security gaps and enhance our defenses. Our systems undergo rigorous testing to ensure resilience against cyber threats.
• For on-premises and customer-managed cloud setups, customers are responsible for implementing and maintaining data security measures within their infrastructure.

1. Risk-Based Security

Qorden AI employs a risk-based approach to data security, assessing the sensitivity of personal data and implementing proportional safeguards. This approach includes:

• Data Sensitivity Evaluation. We categorize data based on its sensitivity, applying heightened protection measures to sensitive data, such as voice recordings and interaction metadata.
• Continuous Risk Monitoring. Our security team continuously monitors potential risks, ensuring that security measures evolve with new threats and industry standards.
• Incident Response Preparedness. Qorden AI has established protocols for responding to security incidents, allowing for quick and effective action in case of a potential breach.

1. Breach Notification

In the unlikely event of a data breach, Qorden AI is committed to notifying affected users and the DIFC Commissioner of Data Protection promptly, in compliance with DIFC requirements. Our breach notification process includes:

• On-Premises and Customer Cloud Deployments. As Qorden AI does not access or store customer data in these deployment models, data breach notifications within these environments remain the responsibility of the customer.
• Qorden AI-Managed Cloud Deployments. In case of a breach involving metadata or operational logs accessible to Qorden AI, affected customers and the DIFC Commissioner of Data Protection will be promptly notified.

For on-premises and customer-managed cloud deployments, Qorden AI is not responsible for security breaches arising within customer environments, as data remains fully under customer control. Qorden AI’s commitment to security aligns with our dedication to safeguarding user trust and maintaining compliance with DIFC Data Protection Law. We continuously review and improve our security practices to adapt to emerging threats and protect user data effectively.

For Qorden AI-managed cloud deployments, any breach involving operational metadata or interaction logs will trigger immediate notification to affected customers and the DIFC Commissioner of Data Protection, along with remedial actions.

6. Third-Party Sharing & Data Processors

Qorden AI may engage third-party service providers to support the delivery, maintenance, and enhancement of our platform. We take strict measures to ensure that all third-party processors comply with DIFC Data Protection Law requirements, providing transparent information to users regarding these partnerships and safeguarding their data.

Third-Party Processors in On-Premises/Customer Cloud Deployments – No third-party processors are involved as all data processing is managed within the customer-controlled environment.

Third-Party Processors in Qorden AI-Managed Cloud Deployments – Qorden AI may engage secure and DIFC-compliant service providers for operational support. These processors have no access to customer database content and operate solely under Qorden AI’s supervision.

1. Third-Party Processors
   
   To effectively operate Qorden AI’s platform and deliver our services, we may engage various categories of third-party processors, including but not limited to:

• Cloud Service Providers. We utilize secure cloud infrastructure providers for data storage and processing. These providers are selected based on their ability to offer robust security measures and compliance with DIFC data protection standards.
• Analytics and Monitoring Services. Qorden AI may use third-party services to monitor platform performance and ensure service reliability, with data shared only as needed for performance analytics and operational insights.
• Technical Support and Maintenance Providers. Certain technical functions, such as troubleshooting and platform maintenance, may involve third-party support. These providers operate under strict contractual agreements to ensure data confidentiality and adherence to DIFC compliance.

Data sharing with third-party service providers is applicable only for Qorden AI-managed cloud deployments. On-premises or customer cloud deployments involve no third-party access unless authorized by the customer for specific support activities. All third-party processors engaged by Qorden AI are subject to comprehensive due diligence processes to verify their compliance with DIFC data protection laws. Each provider operates under a contractual agreement that includes data protection obligations aligned with Qorden AI’s standards and DIFC requirements.

2. Data Sharing with Public Authorities

Qorden AI may, on occasion, receive lawful requests for data from government or regulatory authorities. Our response to these requests is guided by Article 28 of the DIFC Data Protection Law, ensuring the protection of user data while complying with legal obligations. Our procedures include:

• Verification of Requests. We assess and verify each data request to ensure it is lawful, necessary, and relevant to the scope of the investigation. We only disclose data when a legitimate basis is confirmed.
• Minimization of Data Disclosure. Qorden AI is committed to data minimization, sharing only the data strictly necessary to fulfill a specific, lawful request. Wherever feasible, we notify users of such disclosures unless legally prohibited.
• Record Keeping. Qorden AI maintains detailed records of all data sharing with public authorities, ensuring transparency and accountability in our data handling practices.

By limiting data sharing to what is legally required and adhering to the principles of DIFC Data Protection Law, Qorden AI ensures that user privacy is preserved while meeting regulatory obligations.

7. Data Retention Policy

Qorden AI adheres to a data retention policy that ensures personal data is retained only as long as necessary to fulfill the purposes for which it was collected, in compliance with DIFC Data Protection Law. Our retention practices are guided by operational needs, legal obligations, and data minimization principles, balancing utility with user privacy.

2. Retention Timelines

Qorden AI defines retention timelines based on the deployment model and type of data collected:

• On-Premises or Customer Cloud Deployments:
• Configuration and Diagnostic Data.Retained only for the duration of troubleshooting or support tasks, and securely deleted immediately after resolution.
• Support Logs (if authorized). Retained for up to 30 days to enhance service response quality.
• Qorden AI-Managed Cloud Deployments:
• Personal Data.Retained for the duration of the user’s active engagement with the platform. Post-termination, data is retained for a limited period to comply with legal or contractual obligations and facilitate post-termination inquiries.
• Interaction Metadata and Logs.Retained for up to 12 months to support operational functionality and service quality improvement.
• Voice and Audio Data (if applicable).Retained for up to 12 months to allow clients access to historical insights, extendable with explicit user consent as per specific agreements.
• Technical and Usage Data.Retained for up to 12 months for performance monitoring and troubleshooting purposes.

3. Purpose-Based Retention

Retention timelines are established to meet the following objectives:

• Service and Operational Needs.Ensuring data is available to maintain platform functionality, support services, and optimize user experience.
• Compliance with Legal Obligations.Retaining data to comply with DIFC Data Protection Law, tax regulations, and other applicable requirements.
• Support and Troubleshooting.Allowing for diagnostic processes and enhancement of operational efficiency without compromising user privacy.
• Customer-Requested Data.Retention aligned with specific customer instructions for on-premises and cloud deployments, where applicable.

1. Deletion and Anonymization

At the end of retention periods:

• On-Premises or Customer Cloud Data.Responsibility for data deletion lies with the customer, as Qorden AI does not access the data.
• Qorden AI-Managed Cloud Data.Data is securely deleted or anonymized in accordance with industry best practices, ensuring it is no longer identifiable or recoverable.

1. Customer Responsibility

For on-premises and customer cloud deployments, customers are responsible for defining and implementing their data retention policies. Qorden AI offers guidance and configuration tools to support compliance with DIFC standards.

8. International Data Transfers

Qorden AI is committed to safeguarding personal data when transferring it across borders, ensuring compliance with DIFC Data Protection Law for all international data transfers. We recognize that cross-border transfers of personal data carry potential risks, and we implement robust measures to ensure data protection standards are maintained, even outside of the DIFC jurisdiction. Qorden AI maintains detailed documentation of all safeguards implemented during cross-border transfers, ensuring alignment with DIFC data protection requirements and facilitating compliance audits.

1. Cross-Border Transfers
   
   In some cases, Qorden AI may need to transfer personal data outside the DIFC jurisdiction to provide our services or to engage with third-party service providers. When data transfers occur, we ensure the following safeguards:

• Standard Contractual Clauses (SCCs). Where personal data is transferred to countries without equivalent data protection laws, Qorden AI uses Standard Contractual Clauses or other legally approved mechanisms to uphold DIFC-compliant data protection standards. These clauses are binding agreements that ensure any personal data transferred remains secure and protected.
• Adequate Jurisdictions. For transfers to jurisdictions with data protection laws recognized as adequate by the DIFC Commissioner of Data Protection, Qorden AI ensures compliance with any additional DIFC requirements to protect data integrity and user privacy.
• Data Minimization and Security Measures. Only the minimum data necessary for the purpose of the transfer is shared, and Qorden AI applies strict security protocols to ensure that the data remains secure throughout the transfer process.

2. User Consent for Transfers
   
   Qorden AI is committed to transparency in data transfer practices, especially regarding transfers to non-DIFC jurisdictions. We obtain explicit user consent where required, ensuring that users are fully informed of any associated risks and protections in place. Our consent mechanisms include:

• Clear Communication. During onboarding and at relevant points within the platform, users are provided with information about potential cross-border data transfers. This includes details about the data involved, the purpose of the transfer, and the safeguards we implement.
• Opt-In Consent for Non-DIFC Transfers. For transfers to jurisdictions outside of the DIFC without adequate data protection standards, Qorden AI requires users to opt-in explicitly. This ensures that users have a clear choice and can decide whether to consent to such transfers.
• Right to Withdraw Consent. Users have the right to withdraw their consent for international data transfers at any time. Qorden AI provides easy-to-access options for managing consent preferences and ensuring user control over data-sharing decisions.

Qorden AI’s commitment to compliance with DIFC cross-border data transfer requirements reflects our dedication to protecting user data integrity, regardless of geographic location. All international transfers are carried out with transparency and respect for user privacy.

9. Consent & Cookies Policy

Qorden AI is committed to obtaining clear and informed consent from users for data processing activities, particularly for non-essential data collection. Additionally, we are transparent about our use of cookies, providing users with control over their data preferences in compliance with DIFC Data Protection Law.

1. Consent Procedures
   
   To ensure user autonomy and transparency, Qorden AI employs specific procedures to obtain and manage user consent for data processing activities:

• Informed Consent for Data Collection. When users register or access our services, Qorden AI provides detailed information about the types of data we collect, the purposes for processing, and how data will be used. This information enables users to make an informed decision when giving consent.
• Granular Consent Options. Qorden AI offers users the ability to consent to specific types of data processing, particularly for non-essential purposes such as marketing or personalized analytics. Users can opt in or out of these processing activities separately, enhancing their control over personal data.
• Managing Consent Preferences. Users can easily manage and update their consent preferences within their account settings. Qorden AI ensures that users can change or withdraw consent at any time without impacting their access to core services.
• Explicit Consent for Sensitive Data. For processing sensitive data, such as voice recordings or data related to customer interactions, Qorden AI obtains explicit consent from users, informing them of the nature and purpose of the processing activities. Consent is obtained for processing operational metadata or logs necessary for platform management. No sensitive customer data is accessed without prior explicit authorization.

2. Cookies
   
   Qorden AI uses cookies to enhance user experience, improve platform performance, and gather insights into user interactions. We prioritize user choice and transparency by providing clear information about our use of cookies and allowing users to control their cookie preferences:

• Types of Cookies Used
• Essential Cookies. These cookies are necessary for the operation of the platform, enabling core functionalities such as user authentication and secure access. Essential cookies do not require user consent, as they are fundamental to service delivery.
• Performance and Analytics Cookies. Qorden AI uses performance cookies to analyze platform usage and optimize functionality. Analytics cookies help us understand user engagement, allowing us to improve services and address user needs.
• Marketing and Personalization Cookies. With user consent, Qorden AI may use cookies to deliver personalized content or targeted advertising, enhancing the relevance of our
• Opt-In and Opt-Out Options
• Consent for Non-Essential Cookies. Users are provided with the option to opt in to non-essential cookies, such as analytics and marketing cookies, upon their first visit to the platform. Qorden AI displays a clear and concise cookie consent banner that allows users to select their preferences.
• Cookie Management. Users can update their cookie preferences at any time through the platform’s settings or directly via the cookie banner. Qorden AI provides clear instructions on how users can disable cookies or adjust preferences within their browser settings if desired.

Qorden AI’s consent and cookie management practices align with DIFC Data Protection Law, ensuring that users retain control over their data while benefiting from an enhanced and personalized platform experience.

10. Contact Information & Complaints Process

Qorden AI is committed to addressing user concerns and ensuring compliance with DIFC Data Protection Law. Users are encouraged to reach out with any inquiries, complaints, or issues regarding data processing, and we provide dedicated support for these matters to uphold transparency and accountability.

1. DPO Contact
   
   Qorden AI has appointed a DPO to oversee data protection practices and ensure compliance with relevant legal standards. The DPO serves as the primary contact for all data-related inquiries and complaints and can assist users in understanding and exercising their rights under DIFC Data Protection Law. Users can reach the DPO as follows:

• Data Protection Officer Contact Information:

Email: [DPO’s email]

Address: Qorden AI Ltd., [Office Address]

Phone: [DPO’s phone number]

The DPO is available to respond to questions regarding data collection, processing, user rights, and data security. Users can contact the DPO directly for assistance with any concerns about their personal data.

2. Complaints Process 
   
   Qorden AI is committed to resolving user complaints fairly and promptly. If users believe their data rights have been violated or have any other concerns regarding data processing, they may follow these steps to file a complaint:

• Submit a Complaint. Users can submit a complaint by contacting the DPO via the contact information provided above. The complaint should include details of the issue, relevant account information, and any supporting documents to assist in investigating the matter.
• Acknowledgment and Investigation. Upon receiving a complaint, Qorden AI will acknowledge receipt and initiate an investigation. The DPO will review the complaint thoroughly and may contact the user for further information or clarification if necessary.
• Resolution and Response. Qorden AI aims to resolve complaints within 30 days of receiving them, as per DIFC guidelines. Users will be informed of the outcome of the investigation and any corrective actions taken to address the issue.
• Escalation to DIFC Commissioner. If users are unsatisfied with Qorden AI’s response or believe their complaint has not been adequately resolved, they may escalate the matter to the DIFC Commissioner of Data Protection. Qorden AI provides guidance on how users can approach the Commissioner if required.

Qorden AI values user trust and strives to maintain high standards of data protection compliance. We continuously review and improve our complaints process to ensure users receive timely and effective support for all data-related concerns.

11. Data Protection Impact Assessments (DPIA)

Qorden AI is committed to conducting Data Protection Impact Assessments (DPIAs) for processing activities that pose a high risk to user privacy. DPIAs are a vital part of our data protection strategy, allowing us to proactively assess and mitigate risks associated with data processing, particularly in alignment with DIFC Data Protection Law requirements.

1. Purpose of DPIAs. DPIAs enable Qorden AI to evaluate the impact of data processing activities on user privacy, ensuring compliance with data protection principles and minimizing potential risks. By conducting DPIAs, we assess the necessity and proportionality of processing activities, considering the rights and freedoms of individuals.
2. When DPIAs Are Conducted
   
   Qorden AI performs DPIAs for any new or significantly modified data processing operations that may result in high-risk impacts to personal data. These include, but are not limited to:

• Introduction of New Technologies. DPIAs are conducted when implementing new analytical tools or technologies, such as advanced AI algorithms, that may impact data privacy.
• Large-Scale Processing of Sensitive Data. For high-volume data processing, especially involving sensitive data like voice recordings and interaction metadata, Qorden AI assesses the potential privacy impacts and risks.
• Automated Decision-Making. When data is used in automated decision-making or profiling processes, DPIAs ensure these processes align with user rights under DIFC law.

3. DPIA Process
   
   The DPIA process at Qorden AI involves several stages to ensure a thorough evaluation of privacy risks and the implementation of effective mitigations:

• Assessment of Processing Necessity and Proportionality. Qorden AI evaluates the purpose of the data processing activity, its necessity, and its proportionality to ensure it serves legitimate business interests without infringing user privacy.
• Risk Identification and Analysis. We identify potential risks to data subjects’ rights and freedoms, particularly focusing on risks associated with data security, unauthorized access, and user privacy.
• Implementation of Mitigation Measures. Based on identified risks, Qorden AI establishes measures to minimize or eliminate potential privacy impacts. Mitigations may include enhancing security protocols, limiting data retention, or modifying data processing methods to align with best practices.
• Documentation and Approval. Each DPIA is thoroughly documented, including details of the identified risks, proposed mitigations, and any decisions made during the assessment process. DPIAs are reviewed and approved by Qorden AI’s Data Protection Officer (DPO) and relevant stakeholders.
• Periodic Review and Updates. Qorden AI reviews DPIAs periodically to ensure that the risk assessment remains accurate and that mitigation measures are still effective. Updates to DPIAs are conducted when significant changes occur in the processing environment or regulatory landscape.

By conducting DPIAs, Qorden AI fulfills its commitment to protecting user privacy and ensuring compliance with DIFC Data Protection Law. DPIAs are a key component of our privacy strategy, allowing us to proactively address risks and enhance user trust in our data handling practices.

12. Policy Updates

Qorden AI is committed to maintaining transparency and ensuring that our Privacy Policy reflects current regulatory requirements, industry standards, and operational practices. As privacy and data protection laws evolve, we regularly review and update our Privacy Policy to ensure ongoing compliance with DIFC Data Protection Law and to enhance user privacy protections.

1. Regular Review and Updates
   
   Qorden AI conducts periodic reviews of this Privacy Policy to align with any changes in data protection laws, especially DIFC regulations, and to incorporate improvements in our data management and protection practices. Updates may occur due to:

• Regulatory Changes. Amendments to DIFC Data Protection Law or other relevant legislation that impact how we process and protect personal data.
• Operational Changes. Adjustments in our data processing activities, new product features, or enhancements in our platform that affect data usage.
• Industry Standards. Adoption of new best practices or security measures to better protect user data and comply with evolving privacy standards.

2. User Notification of Policy Changes
   
   Qorden AI is dedicated to keeping users informed about significant changes to this Privacy Policy. When material changes are made, users will be notified promptly through one or more of the following methods:

• In-Platform Notifications. Users will receive a notification on the Qorden AI platform outlining the changes and providing a link to the updated policy.
• Email Notifications. For significant amendments, Qorden AI may send an email to registered users detailing the updates and explaining any impacts on their data rights.
• Policy Update Summary. A summary of changes will be provided at the beginning of the updated policy to ensure users can quickly identify key modifications.

3. Acceptance of Policy Changes
   
   By continuing to use Qorden AI’s platform after being notified of an updated Privacy Policy, users consent to the revised terms. We encourage users to review the Privacy Policy periodically to stay informed about how we protect their personal data.

Qorden AI’s commitment to regular policy updates ensures that our users have clear, up-to-date information about our data protection practices and can make informed decisions about their privacy.