Institutional Privacy Policy

1. Scope and Application

This Institutional Privacy Policy governs the collection, processing, storage, and protection of personal and institutional data by Connection™ LLC ("the Company"), a legal entity registered in the State of Qatar.

This policy applies to all data subjects who interact with the Company's platforms, services, and communication channels, including website visitors, institutional stakeholders, and engagement requestors.

2. Data Controller

Connection™ LLC, registered at Tornado Tower, Floor 16, West Bay, Doha, State of Qatar, acts as the data controller for all personal data processed through its platforms and services.

3. Categories of Data Collected

The Company collects the following categories of data through its engagement request forms and institutional communication channels: full name, organizational affiliation, role or title, email address, message content, and submission metadata (timestamp, language preference).

The Company does not collect sensitive personal data, biometric identifiers, or financial information through its public-facing platforms.

4. Legal Basis for Processing

Data processing is conducted on the following legal bases: legitimate institutional interest in responding to engagement requests; consent provided through voluntary form submission; and compliance with applicable laws and regulations of the State of Qatar.

5. Data Hosting and Sovereignty

The Company maintains a data hosting posture aligned with national sovereignty requirements. Data may be hosted within nationally controlled infrastructure or through certified cloud providers that comply with the data protection standards of the State of Qatar.

The Company does not transfer personal data to jurisdictions that lack adequate data protection frameworks without implementing appropriate safeguards.

6. Data Retention

Personal data is retained only for the duration necessary to fulfill the purpose for which it was collected. Engagement request data is retained for a period not exceeding twenty-four (24) months from the date of submission, after which it is securely deleted or anonymized.

7. Data Subject Rights

Data subjects may exercise the following rights by contacting the Company at info@connectionos.ai: right of access to personal data held; right to rectification of inaccurate data; right to erasure of personal data; and right to restriction of processing.

The Company will respond to all data subject requests within thirty (30) calendar days.

8. Security Measures

The Company implements technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. These measures include encrypted communications, role-based access controls, and audit logging.

9. Third-Party Processing

The Company may engage third-party service providers for email delivery and infrastructure operations. All third-party processors are subject to contractual obligations that ensure data protection standards consistent with this policy.

10. Amendments

The Company reserves the right to amend this policy. Material changes will be communicated through the Company's website. Continued use of the Company's platforms following such amendments constitutes acceptance of the revised policy.