DigiSkills Hub Ltd (“DigiSkills Hub”, “we”, “us”, “our”) provides AI‑powered micro‑learning content via the website digiskillshub.ai, mobile applications, and QR‑based access tools.
• UK establishment: 71‑75 Shelton Street, London WC2H 9JQ, United Kingdom
• UAE establishment: Office 1203, Dubai Silicon Oasis HQ, Dubai, United Arab Emirates
We act as the data controller for personal data collected through these channels.
This policy explains how we collect, use, share, store, and protect personal data when you:
visit our website or apps;
enrol in our training;
contact us; or
interact with our marketing or social media.
It applies to individuals in the United Kingdom, the UAE, and anywhere else we offer our services.
| Category | Examples | Source |
|---|---|---|
| Account Data | name, email, employer, role | provided by you |
| Usage Data | modules completed, quiz scores, time spent, device ID | collected automatically |
| Technical Data | IP address, browser type, cookie ID | collected automatically |
| Payment/Billing Data | invoicing contact, purchase records (no card data is stored on our servers) | provided by you / payment processor |
| Marketing Data | newsletter opt‑ins, event attendance | provided by you |
| Purpose | UK lawful basis (Art 6 UK GDPR) | UAE lawful basis (PDPL) |
|---|---|---|
| Deliver courses and track progress | Contract | Contract |
| Account management & support | Legitimate interests | Legitimate interests |
| Marketing (email, in‑app prompts) | Consent (opt‑in) | Consent |
| Analytics & service improvement | Legitimate interests (can opt‑out of cookies) | Legitimate interests |
| Legal, security & compliance | Legal obligation | Legal obligation |
Under the UK GDPR you must be able to demonstrate the lawful basis and inform the user before or at the point of collection ico.org.uk.
The UAE PDPL mirrors GDPR‑style bases but implementation guidance is still evolving muhami.ae.
1. Provide training content and record completion history.
2. Personalise learning paths and recommend new modules.
3. Monitor platform performance and prevent abuse.
4. Send service messages (e.g., password resets, course reminders).
5. Send optional newsletters or promotional offers if you have opted in.
6. Comply with legal duties and resolve disputes.
We use first‑party and selected third‑party cookies for analytics, session management and remembering your preferences.
UK visitors – we request consent for non‑essential cookies in line with PECR and UK ICO guidance ico.org.uk.
UAE visitors – the PDPL has no PECR‑equivalent cookie rule; however, we treat cookies that identify you as personal data and honour your browser’s “Do Not Track” or in‑app opt‑out settings muhami.ae.
See our Cookie Notice for details.
We share data only when necessary:
| Recipient | Reason | Safeguard |
|---|---|---|
| Cloud hosting & LMS providers | operate the platform | Data Processing Agreement (DPA) |
| Analytics vendors | usage metrics | Pseudonymisation and IP truncation |
| Payment gateways | subscription billing | PCI‑DSS compliance |
| Group companies & authorised resellers | customer support | intra‑group DPA |
| Regulators, courts, law enforcement | legal obligation | assessed case‑by‑case |
No personal data is sold to third parties.
UK → UAE or other non‑adequate countries: we rely on UK ICO‑approved International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses.
UAE → outside UAE: transfers follow PDPL Articles 22‑24; we only transfer to jurisdictions approved as “adequate” by the UAE Data Office or use Data Export Agreements muhami.ae.
We keep personal data only for as long as necessary:
| Data | Typical retention |
|---|---|
| Training records | 7 years after course completion (audit & certification) |
| Marketing opt‑in data | until you withdraw consent or after 3 years of inactivity |
| Billing records | 7 years (legal) |
| Support tickets | 2 years after closure |
We then delete or irreversibly anonymise the data.
We implement technical and organisational measures consistent with UK GDPR Art 32 and UAE PDPL Art 7‑8, including encryption in transit and at rest, least‑privilege access, regular penetration testing, and disaster‑recovery backups securiti.ai.
You have the rights to access, rectify, erase, restrict, object, data portability, and to lodge a complaint with the ICO (ico.org.uk). We will respond within one month (extendable by two months for complex requests) ico.org.uk.
Under PDPL Articles 13‑16 you may: access, port, correct, erase, restrict, object, and object to automated processing. We will respond within 30 days with a possible further 60‑day extension for complex requests dlapiperdataprotection.com.
To exercise any right, email us at info@digiskillshub.ae or use the in‑app privacy dashboard.
We use performance metrics to recommend new learning paths.
No decision producing legal or similarly significant effects is made without human review.
Our services are not directed to children under 16. If we learn that we have collected personal data from a child, we will delete it promptly.
We may update this policy from time to time. Material changes will be notified by email or prominent site banner at least 30 days in advance.
Last updated: 1 July 2025.
| Region | Contact | Supervisory authority |
|---|---|---|
| UK | info@digiskillshub.ae | Information Commissioner’s Office (ICO) |
| UAE | info@digiskillshub.ae | UAE Data Office |
If you are dissatisfied with our response, you may complain to the relevant authority above.
Replace placeholders (addresses, DPO details, cookie list) and ensure your contracts with processors include required clauses. After legal review, add the policy to /privacy and link prominently in your footer and any consent forms.
With these sections in place, digiskillshub.ai will present users—and regulators—with a clear, compliant statement of how you handle personal data across both the UK and UAE.
