GDPR Policy

Effective Date: August 9, 2025

1. Introduction and Scope

This GDPR Policy outlines the commitment of The Emirates Insider (“we,” “us,” “our”) to the principles of the General Data Protection Regulation (EU) 2016/679. This policy is an extension of our main Privacy Policy and specifically addresses the rights and protections afforded to individuals within the European Economic Area (EEA).

The purpose of this policy is to explain how we, as a Data Controller, collect, process, and protect the personal data of individuals residing in the EEA who visit our website, [Your Website URL, e.g., www.xdukes.com] (the “Site”).

2. Data Controller Information

For the purpose of the GDPR, the Data Controller is: Entity: The Emirates Insider Contact Email for Data Protection: dpo@xdukes.com

Any inquiries regarding your personal data and your rights under GDPR should be directed to this contact.

3. Legal Basis for Processing Personal Data

We process personal data for various purposes, and we rely on the following legal bases to do so:

  • Consent: We will process your personal data when you have given us explicit consent to do so. This applies to activities such as subscribing to our newsletter, where you provide your email address voluntarily. You have the right to withdraw your consent at any time.
  • Legitimate Interests: We process some data based on our legitimate interests, provided that such processing shall not override your rights and freedoms. This includes:
    • Ensuring the security and functionality of our Site.
    • Analyzing website usage to improve our content and user experience (e.g., through analytics).
    • Responding to your inquiries and comments made via our contact forms or directly.
  • Legal Obligation: We may process your data where it is necessary for compliance with a legal obligation to which we are subject.

4. Your Data Protection Rights Under GDPR

If you are a resident of the EEA, you have the following data protection rights. We are committed to facilitating the exercise of these rights.

  1. a) The Right to Be Informed
    You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data. This GDPR Policy and our main Privacy Policy serve this purpose.
  2. b) The Right of Access
    You have the right to request a copy of the personal data we hold about you. Upon request, we will provide you with a copy of your data in an electronic format.
  3. c) The Right to Rectification
    You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.
  4. d) The Right to Erasure (The ‘Right to be Forgotten’)
    You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing. This right applies in certain circumstances, such as when the data is no longer necessary for the purpose it was originally collected for, or when you withdraw your consent.
  5. e) The Right to Restrict Processing
    You have the right to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your data, but may not use it further.
  6. f) The Right to Data Portability
    You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
  7. g) The Right to Object
    You have the right to object to certain types of processing, including processing for direct marketing and processing based on our legitimate interests.
  8. h) Rights in Relation to Automated Decision Making and Profiling
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Our Site does not currently engage in such automated decision-making.

5. How to Exercise Your Rights

To exercise any of the rights described above, please send a clear and specific request to our Data Protection contact at dpo@xdukes.com. We will respond to your request within one month of receipt. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

6. International Data Transfers

The Emirates Insider operates globally, and your data may be processed in and transferred to countries outside of the EEA, such as the United States, where our hosting servers may be located. We will take all necessary steps to ensure that your data is treated securely and in accordance with this GDPR Policy and that appropriate safeguards are in place. This may include using Standard Contractual Clauses approved by the European Commission.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

8. Lodging a Complaint

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with your local data protection authority (supervisory authority). You can find contact details for your country’s data protection authority on the European Commission’s website. However, we would appreciate the chance to deal with your concerns first, so please contact us at dpo@xdukes.com before approaching a supervisory authority.