Privacy Policy

Future Thesis Lab Technologies Limited · Level 1, Innovation One, DIFC, Dubai, UAE · legal@ftlab.ai

Future Thesis Lab Technologies Limited ("FTLAB", "we", "us", "our") is incorporated in the Dubai International Financial Centre (DIFC) and operates as a research-led innovation platform. Our registered address is Level 1, Innovation One, DIFC, Dubai, UAE.

FTLAB is the data controller for personal data processed in connection with this website (ftlab.com) and our associated communications. Questions relating to data protection should be directed to legal@ftlab.ai.

We collect personal data only to the extent necessary and proportionate for the purposes described in this policy. The categories of data we may process include:

• —Identity data: name, company name, job title, professional background.
• —Contact data: email address, telephone number, postal address.
• —Communications data: the content of enquiries or messages submitted via contact forms or email.
• —Technical data: IP address, browser type and version, operating system, referring URLs, pages visited, and session duration — collected automatically when you use our website.
• —Usage data: information about how you interact with our content, including articles, white papers, and event registrations.
• —Event data: attendance records, session preferences, and dietary or accessibility requirements provided when registering for FTLAB events.
• —Marketing preferences: your stated preferences for receiving communications from us.

We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

We use personal data for the following purposes:

• —To respond to enquiries and provide information about FTLAB, our research, ventures, and services.
• —To send research publications, insights, white papers, and updates where you have consented or where we have a legitimate interest in keeping relevant contacts informed.
• —To manage registrations and attendance for FTLAB events, including Edition One and FTLAB Sessions.
• —To administer our website, improve its functionality, and analyse usage patterns to enhance user experience.
• —To maintain records required for legal, regulatory, or compliance purposes.
• —To detect, prevent, and investigate potential fraud, security incidents, or breaches of our terms.
• —To comply with obligations under applicable law, including DIFC Data Protection Law No. 5 of 2020.

We process personal data under one or more of the following legal bases as applicable under DIFC Data Protection Law No. 5 of 2020:

• —Consent: where you have given clear, specific consent — for example, subscribing to our research updates or newsletter.
• —Contractual necessity: where processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract.
• —Legitimate interests: where we have a legitimate interest in processing that is not overridden by your rights — for example, improving our services, sending relevant professional communications to contacts who have interacted with us, and maintaining the security of our systems.
• —Legal obligation: where processing is necessary to comply with a legal or regulatory requirement.

FTLAB does not sell or rent personal data to third parties. We may share data in the following circumstances:

• —Service providers: trusted third-party suppliers who process data on our behalf under contractual data processing agreements — including cloud hosting, analytics, email infrastructure, and event management platforms.
• —Professional advisers: lawyers, auditors, and accountants where necessary for compliance, corporate governance, or dispute resolution.
• —Regulatory authorities: the DIFC Commissioner of Data Protection, DFSA, or other competent authorities where required by applicable law.
• —Business transfers: in connection with a merger, acquisition, or sale of assets, where data may be transferred as part of that transaction subject to appropriate protections.

We require all third parties to maintain appropriate security measures and to use personal data only for the purposes for which it was shared.

FTLAB operates from Dubai (DIFC) and may work with service providers located in other jurisdictions. Where we transfer personal data outside the DIFC or the UAE, we ensure appropriate safeguards are in place — including standard contractual clauses, adequacy decisions, or binding corporate rules — as required by DIFC Data Protection Law No. 5 of 2020.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention principles are:

• —Enquiry and contact records: up to 3 years from the date of last contact, unless an ongoing relationship exists.
• —Event registration data: up to 2 years following the relevant event.
• —Marketing and newsletter data: until consent is withdrawn or 3 years from last engagement.
• —Financial and contractual records: as required by UAE and DIFC law, typically 7 years.
• —Website analytics and technical logs: up to 24 months in aggregated or pseudonymised form.

When data is no longer required, we securely delete or anonymise it.

Under DIFC Data Protection Law No. 5 of 2020, you have the following rights in relation to your personal data:

• —Right of access: to request a copy of the personal data we hold about you.
• —Right to rectification: to request correction of inaccurate or incomplete data.
• —Right to erasure: to request deletion of your data, subject to applicable legal obligations.
• —Right to restriction: to request that we limit how we use your data in certain circumstances.
• —Right to data portability: to receive your data in a structured, machine-readable format where technically feasible.
• —Right to object: to object to processing based on legitimate interests or for direct marketing.
• —Right to withdraw consent: to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to us at legal@ftlab.ai. We will respond within 30 days. You also have the right to lodge a complaint with the DIFC Commissioner of Data Protection.

We maintain appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, access controls, and regular security reviews of our systems and processes.

No method of transmission over the internet is entirely secure. While we take reasonable precautions, we cannot guarantee absolute security.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will update the "Updated" date at the top of this page. Material changes will be communicated where feasible. Continued use of ftlab.com after any update constitutes acceptance of the revised policy.