Privacy Policy
Last updated: March 2026 | Version 2.0
This policy applies to all personal data collected by OppSure Gulf Partners through this website, including our contact form, ROI Calculator, newsletter, and pricing assessment. It is written to comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), and the Saudi Arabia Personal Data Protection Law (KSA PDPL).
1. Who We Are (Data Controller)
OppSure Gulf Partners is the data controller responsible for the personal data collected on this website. We are a B2B sales development company providing outsourced cold calling and qualified lead generation services to businesses operating in the Gulf Cooperation Council (GCC) region.
Data Controller: OppSure Gulf Partners
Registered Address: Dubai, United Arab Emirates
Data Protection Contact: [email protected]
Phone: +971 (0) 4 XXX XXXX
For UK GDPR purposes, our UK representative can be contacted at the same email address above. We do not currently have a mandatory obligation to appoint a Data Protection Officer (DPO) under Article 37 UK/EU GDPR, as we do not carry out large-scale systematic monitoring of individuals or process special category data. However, our privacy contact above handles all data protection enquiries.
2. What Personal Data We Collect
We collect only the personal data that is necessary for the specific purpose for which it is collected (data minimisation principle). The table below sets out what we collect and why.
| Form / Source | Data Collected | Purpose |
|---|---|---|
| Contact Form | Name, email, phone, company, industry, company size, message | Respond to your enquiry and schedule a consultation |
| ROI Calculator | Name, email, deal size, meetings/month, close rate | Deliver your personalised ROI projection and follow up |
| Newsletter | Email address | Send weekly B2B sales insights and market intelligence |
| Pricing Fit Assessment | Name, email, assessment answers | Prepare a personalised service proposal |
| Website Analytics | IP address (anonymised), pages visited, browser type, referral source | Understand how visitors use the site and improve performance |
| Consent Records | Consent timestamp, hashed IP address | Demonstrate compliance with consent requirements (accountability) |
We do not collect any special category data (e.g. health, religion, political opinions) or data relating to criminal convictions.
3. Lawful Basis for Processing
Under UK GDPR Article 6 and EU GDPR Article 6, we must have a lawful basis for each processing activity. Under UAE PDPL and KSA PDPL, consent is the default basis unless an exemption applies. The table below sets out our lawful basis for each activity.
| Processing Activity | UK/EU GDPR Basis | UAE/KSA PDPL Basis |
|---|---|---|
| Responding to contact form enquiries | Consent (Art. 6(1)(a)) + Legitimate interests (Art. 6(1)(f)) | Consent / Performance of contract negotiation |
| ROI Calculator lead follow-up | Consent (Art. 6(1)(a)) | Consent |
| Newsletter marketing | Consent (Art. 6(1)(a)) | Consent |
| Pricing fit assessment follow-up | Consent (Art. 6(1)(a)) | Consent |
| Website analytics (anonymised) | Legitimate interests (Art. 6(1)(f)) — improving website performance | Legitimate purpose / anonymised data |
| Maintaining consent records | Legal obligation (Art. 6(1)(c)) — accountability under Art. 5(2) | Legal obligation |
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. To withdraw consent, email [email protected].
Where we rely on legitimate interests, we have carried out a balancing test and determined that our interests in improving our services and responding to business enquiries do not override your fundamental rights and freedoms, particularly given that we only contact individuals who have actively engaged with our website.
4. How We Use Your Personal Data
We use your personal data only for the specific purposes for which it was collected (purpose limitation principle). We will not use your data for any new purpose without notifying you and, where required, obtaining fresh consent. Specifically, we use your data to:
- Respond to your enquiry and schedule a sales consultation
- Deliver your personalised ROI projection from the calculator
- Send the OppSure newsletter to which you have subscribed
- Prepare and send a personalised service proposal following a fit assessment
- Maintain records of consent for regulatory accountability
- Analyse anonymised website usage to improve performance
- Comply with applicable legal obligations
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Our retention periods are as follows:
| Data Category | Retention Period | Reason |
|---|---|---|
| Contact form submissions | 3 years from submission | Sales follow-up cycle and potential contractual relationship |
| ROI Calculator leads | 3 years from submission | Sales follow-up cycle |
| Newsletter subscribers | Until unsubscribed + 1 year | Active subscription; 1 year post-unsubscribe for suppression list |
| Consent records | 6 years from consent | Legal accountability obligation under GDPR Art. 5(2) and UAE PDPL |
| Website analytics (anonymised) | 26 months | Standard analytics retention period |
After the applicable retention period, data is securely deleted from our database. You may request early deletion at any time — see Section 8 (Your Rights) below.
6. Data Sharing and Sub-Processors
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share data only with the following categories of recipients, and only to the extent necessary:
| Sub-Processor / Recipient | Purpose | Location |
|---|---|---|
| Manus AI (platform host) | Website hosting, database infrastructure, and notification delivery | USA / Global |
| Amazon Web Services (AWS S3) | Secure file storage | USA / Global |
| Legal authorities | Compliance with legal obligations or court orders | As required |
Where data is transferred to countries outside the UK, EU, UAE, or KSA, we ensure appropriate safeguards are in place. For transfers to the USA, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, which also satisfy UK GDPR transfer requirements under the International Data Transfer Agreement (IDTA) framework. For UAE and KSA cross-border transfers, we ensure the recipient country provides an adequate level of protection or that appropriate contractual safeguards are in place.
7. Cookies and Tracking Technologies
We use cookies and similar technologies on this website. Under UK PECR (Privacy and Electronic Communications Regulations), EU ePrivacy Directive, and UAE PDPL, we must obtain your consent before placing non-essential cookies on your device.
| Cookie Category | Description | Consent Required? |
|---|---|---|
| Essential / Strictly Necessary | Session management, security, authentication. Required for the website to function. | No — always active |
| Analytics | Anonymised usage statistics to understand how visitors use the site and improve performance. | Yes — requires consent |
You can manage your cookie preferences at any time via the cookie banner displayed on your first visit, or by adjusting your browser settings. Withdrawing consent for analytics cookies will not affect your ability to use the website.
8. Your Rights
Depending on your location, you have the following rights regarding your personal data. We will respond to all valid requests within 30 days (UK/EU GDPR), 30 days (UAE PDPL), or 30 days (KSA PDPL).
| Right | Description | Applicable Law |
|---|---|---|
| Right of Access | Request a copy of the personal data we hold about you | UK/EU GDPR, UAE PDPL, KSA PDPL |
| Right to Rectification | Request correction of inaccurate or incomplete data | UK/EU GDPR, UAE PDPL, KSA PDPL |
| Right to Erasure | Request deletion of your personal data ("right to be forgotten"). You can also submit a deletion request directly via our website. | UK/EU GDPR Art. 17, UAE PDPL, KSA PDPL |
| Right to Restrict Processing | Request that we limit how we use your data in certain circumstances | UK/EU GDPR |
| Right to Data Portability | Receive your data in a structured, machine-readable format | UK/EU GDPR, UAE PDPL |
| Right to Object | Object to processing based on legitimate interests or for direct marketing purposes | UK/EU GDPR Art. 21 |
| Right to Withdraw Consent | Withdraw consent at any time without affecting prior processing | UK/EU GDPR, UAE PDPL, KSA PDPL |
To exercise any of these rights, or to submit a data deletion request, please email [email protected] with the subject line "Data Subject Request" and include your name and the email address you used when submitting a form on our website. We will verify your identity before processing the request.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS (HTTPS)
- Database access restricted to authenticated server-side processes only
- IP addresses stored only as one-way cryptographic hashes (SHA-256) for consent audit purposes
- Access to the admin leads dashboard restricted to authenticated site owners only
- Regular security reviews of our hosting infrastructure
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by UK/EU GDPR Article 33 and UAE PDPL. Where the breach is likely to result in a high risk to you, we will also notify you directly.
10. Children's Privacy
Our services are directed exclusively at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a person under 18, we will delete it immediately. If you believe we may hold data about a child, please contact us at [email protected].
11. Right to Lodge a Complaint
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority:
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Your local EU Data Protection Authority (DPA)
- UAE: UAE Data Office — uaedataoffice.gov.ae
- Saudi Arabia: Saudi Data and Artificial Intelligence Authority (SDAIA) — sdaia.gov.sa
We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please reach out to us first at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email or by a prominent notice on our website. We encourage you to review this policy periodically.
13. Contact Us
For any questions about this Privacy Policy, to exercise your data subject rights, or to submit a data deletion request, please contact our privacy team:
Email: [email protected]
Subject line: "Data Subject Request" or "Privacy Enquiry"
Address: OppSure Gulf Partners, Dubai, United Arab Emirates
Response time: We aim to respond within 5 business days and will complete all valid requests within 30 days.