Privacy Notice

For the purposes of this Privacy Notice, the following terms shall have the meanings set out below.

• TENETWORKS / TENET.WORKS / we / us / our — The legal entities operating the tenet.works domain, registered across the UAE, UK, and India.
• Personal Data — Any information relating to an identified or identifiable natural person as defined under GDPR, UK GDPR, CCPA, UAE PDPL, and equivalent laws.
• Processing — Any operation performed on Personal Data, including collection, storage, use, disclosure, erasure, or destruction.
• Data Controller — TENETWORKS, which determines the purposes and means of Processing Personal Data.
• Data Processor — Any third party engaged by TENETWORKS to Process Personal Data on its behalf under contractual instruction.
• Data Subject — Any identified or identifiable individual whose Personal Data is Processed by or on behalf of TENETWORKS.
• Services — All design, engineering, strategy, motion, immersive, AI automation, and related digital services delivered by TENETWORKS.
• Website — tenet.works and any associated subdomains operated by TENETWORKS.
• Client — Any individual or legal entity engaging TENETWORKS for the delivery of Services.
• Subprocessor — Any third-party Data Processor engaged by TENETWORKS in connection with Personal Data Processing.
• Consent — A freely given, specific, informed, and unambiguous indication of agreement to Processing for specified purposes.

This Privacy Notice applies to all Personal Data processed by TENETWORKS in connection with use of the Website, engagement with Services, business development, and any other interaction with TENETWORKS's digital infrastructure.

TENETWORKS operates as a fully remote, digitally-native, cross-border service provider without physical office premises. Personal Data may be collected from, and transferred to, individuals located in any jurisdiction worldwide, subject to compliance with applicable local data protection laws.

Where applicable law in a specific jurisdiction confers additional rights or imposes additional obligations beyond those described herein, TENETWORKS shall apply the more protective standard to the extent reasonably practicable and legally required.

Your personal data belongs to you. TENETWORKS does not sell, trade, or monetize your information. You may request access or deletion at any time.

3.1 Identity and Contact Data

• Full name, professional title, company name, and business email address provided through contact forms, project enquiries, or direct communications.
• Phone number and preferred communication channels, where voluntarily provided.
• Correspondence records, including the content of emails, messages, and enquiries submitted to TENETWORKS.

3.2 Client and Contractual Data

• Information necessary for the execution of service agreements, including company registration details, billing addresses, invoicing information, and payment identifiers.
• Project briefs, creative assets, content materials, and feedback submitted by Clients in connection with Service delivery.
• Authorised representative identification for agreement execution purposes.

3.3 Technical and Device Data

• IP address, browser type and version, operating system, device type, screen resolution, and referral URL, collected automatically via server logs and analytics systems.
• Session data, page interaction data, scroll depth, click patterns, and approximate geographic location derived from IP address.
• Cookie identifiers and tracking technology data as described in the TENET.WORKS Cookie Policy.

3.6 Data We Do Not Collect

• TENETWORKS does not intentionally collect special categories of Personal Data (as defined under GDPR Article 9), including health, racial or ethnic origin, political opinions, religious beliefs, genetic or biometric data, or sexual orientation.
• TENETWORKS does not knowingly collect Personal Data from individuals under the age of 18.

TENETWORKS takes reasonable technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse.

• Contractual Necessity — Processing necessary for the performance of a contract, including delivery of Services, project management, invoicing, and client communications.
• Legitimate Interests — Processing necessary for business development communications, website optimisation, fraud prevention, cybersecurity measures, portfolio management, and internal administration.
• Consent — Processing based on freely given, specific, informed, and unambiguous consent, including for non-essential cookies and marketing communications. Consent may be withdrawn at any time.
• Legal Obligation — Processing necessary for compliance with applicable legal obligations, including tax and accounting requirements and responses to lawful requests from competent authorities.
• California (CCPA/CPRA) — TENETWORKS does not sell Personal Data of California residents. Processing is subject to the rights set forth in Section 09 below.
• UAE PDPL — Where Processing involves individuals located in the UAE, TENETWORKS complies with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

TENETWORKS processes Personal Data for the following specified, explicit, and legitimate purposes:

• Service Delivery — Managing, executing, and delivering design, engineering, strategy, motion, immersive, and AI automation Services to Clients.
• Client Communications — Responding to enquiries, managing project correspondence, sending project updates, invoicing, and coordinating Service-related matters.
• Contract Administration — Drafting, executing, and managing service agreements, statements of work, non-disclosure agreements, and related contractual instruments.
• Payment Processing — Processing invoices, tracking payment obligations, and managing financial records through compliant third-party payment infrastructure.
• Website Operation and Improvement — Analysing website traffic patterns, user behaviour, and technical performance to optimise the Website's functionality, accessibility, and user experience.
• Business Development and Marketing — Sending relevant communications about Services, capabilities, case studies, or industry insights to prospects and Clients, subject to applicable consent or legitimate interest requirements.
• Legal and Regulatory Compliance — Meeting obligations under applicable laws, responding to regulatory enquiries, maintaining legally required records, and enforcing contractual rights.
• Security and Fraud Prevention — Detecting, investigating, and preventing unauthorised access, cyber threats, fraudulent activity, and abuse of the Website or Services.
• Portfolio and Case Study Use — Displaying completed work in TENETWORKS's portfolio, subject to applicable confidentiality provisions and Client consent where required.
• AI-Assisted Operations — Utilising AI-based tools for internal content generation, operational efficiency, and creative production workflows. No Personal Data of Clients is used to train third-party AI models without explicit consent.

Some services (for example, analytics) may collect data on our behalf. We ensure these services adhere to strict privacy standards.

6.1 Transfer Mechanisms

• Transfers of Personal Data from the EEA or UK to third countries are made pursuant to adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other lawful transfer mechanisms.
• Transfers of Personal Data subject to UAE PDPL are conducted in accordance with applicable UAE cross-border transfer requirements.
• Where Personal Data originates from jurisdictions with specific transfer restrictions, TENETWORKS implements appropriate safeguards proportionate to the risk.

6.2 Transfer Destinations

• Personal Data may be transferred to and processed in the UAE, UK, India, US, and other jurisdictions where TENETWORKS's Subprocessors maintain infrastructure, subject to appropriate transfer safeguards.
• TENETWORKS does not transfer Personal Data to jurisdictions subject to comprehensive international sanctions without independent legal assessment.

Data Subjects may request further information regarding specific transfer mechanisms by contacting privacy@tenet.works.

Personal data is retained only as long as necessary for the purposes outlined here or as required by law.

• Cloud Infrastructure and Hosting Providers — Server infrastructure, CDNs, and managed hosting environments used to operate the Website and deliver Services.
• Analytics Platforms — Privacy-respecting web analytics tools used to understand Website traffic, user behaviour, and performance metrics, subject to applicable cookie consent requirements.
• Email and Communication Systems — Cloud-based email, project management, and collaboration platforms used to manage Client communications and internal coordination.
• Payment and Invoicing Infrastructure — Third-party payment processors and invoicing platforms used to facilitate financial transactions.
• AI and Automation Tools — AI-assisted platforms used for internal content creation, workflow automation, design assistance, and operational efficiency.
• Legal, Tax, and Compliance Advisors — Professional advisors engaged in connection with legal, tax, and regulatory compliance obligations.
• Cybersecurity Vendors — Providers of security monitoring, vulnerability assessment, and threat detection services.

A list of current Subprocessors is available upon written request to privacy@tenet.works.

TENETWORKS utilises artificial intelligence and machine learning tools in connection with its internal operations, creative production workflows, and Service delivery. The following disclosures apply:

• Access, correct, or delete your data.
• Opt out of marketing communications.
• AI-generated outputs used in Service deliverables are subject to human review and quality assurance processes before delivery to Clients.
• Where automated decision-making has a significant legal or similarly significant effect on any Data Subject, TENETWORKS shall notify the Data Subject and provide appropriate human review mechanisms in accordance with GDPR Article 22.
• TENETWORKS does not engage in automated individual decision-making with legally significant effects without human oversight, informed consent, or a recognised legal basis under applicable law.

TENET may update this Privacy Notice. The latest version date is shown above.

• Right of Access — The right to obtain confirmation as to whether TENETWORKS processes your Personal Data and, if so, to receive a copy of such data.
• Right to Rectification — The right to request correction of inaccurate or incomplete Personal Data held by TENETWORKS.
• Right to Erasure — The right to request deletion of your Personal Data where it is no longer necessary, subject to applicable legal retention obligations.
• Right to Restriction — The right to request restriction of Processing in specified circumstances.
• Right to Portability — The right to receive your Personal Data in a structured, commonly used, and machine-readable format, where technically feasible.
• Right to Object — The right to object to Processing based on legitimate interests, including direct marketing, at any time without justification.
• Right to Withdraw Consent — Where Processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior Processing.
• California Residents (CCPA/CPRA) — The right to know, delete, correct, opt out of sale or sharing, limit use of sensitive Personal Information, and non-discrimination for exercising rights. TENETWORKS does not sell or share Personal Information as defined under CCPA/CPRA.
• UAE Residents (PDPL) — Rights to be informed, access, correction, erasure, and objection in accordance with UAE Federal Decree-Law No. 45 of 2021.

To exercise any of the above rights, please submit a written request to privacy@tenet.works. TENETWORKS will respond within the timeframes required by applicable law.

For questions regarding your personal data:

• Client and Contractual Data — Retained for the duration of the engagement plus a minimum of six (6) years following completion or termination, or such longer period as required by applicable law.
• Prospect and Marketing Data — Retained for a period not exceeding three (3) years from last meaningful interaction, subject to earlier deletion upon opt-out or erasure request.
• Website Analytics Data — Retained in accordance with applicable cookie consent preferences and analytics platform settings, generally not exceeding twenty-six (26) months unless anonymised.
• Legal and Compliance Records — Retained for the period required by applicable legislation in each relevant jurisdiction.
• Correspondence Records — Retained for a period not exceeding three (3) years unless related to an active matter, dispute, or regulatory obligation.

Upon expiry of applicable retention periods, Personal Data is securely deleted, anonymised, or de-identified in accordance with TENETWORKS's internal data lifecycle management procedures.

TENETWORKS implements appropriate technical and organisational security measures designed to protect Personal Data against unauthorised access, destruction, loss, alteration, disclosure, or transfer.

• Encryption of Personal Data in transit using TLS/SSL and at rest using industry-standard encryption algorithms.
• Role-based access controls limiting access to Personal Data to authorised personnel with a legitimate operational need.
• Secure credential management and multi-factor authentication for internal systems handling Personal Data.
• Vendor and Subprocessor security assessments as part of the onboarding and ongoing review process.
• Incident response procedures enabling prompt identification, containment, and notification of Personal Data breaches within 72 hours under GDPR.
• Regular review of security measures proportionate to evolving threat landscapes and industry best practices.

No data transmission over the internet can be guaranteed completely secure. TENETWORKS cannot guarantee absolute security and shall not be liable for breaches beyond its reasonable control, provided it has implemented appropriate security measures.

TENETWORKS uses cookies and similar tracking technologies on the Website. A full description is set out in the TENET.WORKS Cookie Policy.

Where applicable law requires prior informed consent before setting non-essential cookies, TENETWORKS operates a consent management mechanism enabling Data Subjects to manage their cookie preferences.

The Website and Services of TENETWORKS are directed exclusively at business professionals and individuals who have reached the age of majority in their jurisdiction of residence (in any event, not less than 18 years of age). TENETWORKS does not knowingly collect Personal Data from minors.

If TENETWORKS becomes aware that Personal Data has been collected from a minor without parental consent, it will take immediate steps to delete such data. Any person with knowledge of such a collection should notify privacy@tenet.works.

Where TENETWORKS sends marketing communications to prospects or Clients, it does so on the basis of express consent where required by applicable law, or legitimate interests in communicating relevant services to existing business contacts, subject always to the right to object.

Every marketing communication includes a clear mechanism to opt out of future communications. Opt-out requests are processed within ten (10) business days of receipt.

TENETWORKS may update this Privacy Notice from time to time to reflect changes in applicable law, regulatory guidance, operational practices, or the scope of Services. Material changes will be communicated through the Website.

Continued use of the Website or engagement with TENETWORKS's Services following publication of an updated Privacy Notice constitutes acknowledgement of the updated terms to the extent permitted by applicable law.

This Privacy Notice is governed by the laws of the jurisdiction applicable to the relevant TENETWORKS entity through which Services are delivered. Nothing in this Notice limits Data Subjects' rights to file complaints with the relevant supervisory authority.

For all enquiries, requests, or complaints relating to the Processing of your Personal Data by TENETWORKS, or to exercise any of your rights described in this Notice, please contact:

TENETWORKS will acknowledge your request promptly and respond within the timeframe required by applicable law. If you are not satisfied with our response, you retain the right to lodge a complaint with the relevant supervisory authority.

For general enquiries: hello@tenet.works