Privacy Policy – Stoian Co

Effective Date: 23 April 2025

1. Who We Are

Stoian GIS and AI Consulting L.L.C, trading as Stoian Co. (Stoian, we, our, or us) is a company registered in the United Arab Emirates under licence number 1477586 with its registered office at Office E‑39, Third Industrial Area, Al Quoz, Dubai, United Arab Emirates. We build location‑intelligence solutions. Protecting your privacy is core to our business.

2. Scope of this Policy

This Privacy Policy explains how we collect, use, disclose, store and protect personal data when you visit www.stoian.co (the Site), communicate with us, or engage our products and services (together, the Services). It also describes your choices and rights.

By accessing the Site or using the Services, you acknowledge that you have read and understood this Policy.

3. Personal Data We Collect

3.1 Information you provide to us

Contact details (name, business title, company, email address, telephone number)
Account credentials (username, password) when you create an account
Content of communications you send to us (enquiries, support requests, surveys)
Billing information (postal address, tax/VAT number) if you purchase Services

3.2 Information we collect automatically

Log data (IP address, browser type, operating system, referring URLs, pages visited, time spent)
Device identifiers
Cookies and similar technologies (see Section 4)

3.3 Information from third‑party sources

Public business information from professional networks or data providers

4. Cookies & Similar Technologies

We use first‑ and third‑party cookies, pixels and local storage to operate the Site, remember preferences, analyse traffic and serve marketing messages. You can manage cookies through your browser or our cookie banner. For full details see our Cookie Notice.

5. How We Use Personal Data

We process personal data to:
a) provide, operate and improve the Services;
b) respond to enquiries and provide customer support;
c) create, manage and secure user accounts;
d) send administrative or marketing communications;
e) generate leads and opportunities jointly with Esri and other partners;
f) comply with our legal obligations and enforce agreements;
g) protect the rights, property and safety of Stoian, our users or others.

6. Legal Bases for Processing

Where the EU or UK General Data Protection Regulation (GDPR), the UAE Federal Decree‑Law No. 45 of 2021 on the Protection of Personal Data (PDPL) or similar laws apply, our legal bases include:

Performance of a contract with you (Article 6(1)(b) GDPR / Article 4 PDPL)
Compliance with a legal obligation (Article 6(1)(c) GDPR / Article 5 PDPL)
Our legitimate interests in operating our business, provided these are not overridden by your fundamental rights (Article 6(1)(f) GDPR / Article 4 PDPL)
Your consent, where required, for example for certain cookies or direct marketing (Article 6(1)(a) GDPR / Article 6 PDPL)

7. Disclosure of Personal Data

We may share personal data with:

Trusted service providers (hosting, analytics, email, CRM, payment, legal, auditors) bound by confidentiality
Esri Inc. and its affiliates when you request contact via the Find a Partner form
Business partners when collaboration is necessary to deliver a joint solution
Public authorities, courts or regulators where required by law or to protect our rights
An acquiring entity in connection with a merger, acquisition or sale of assets, subject to appropriate safeguards

We do not sell personal data.

8. International Data Transfers

Your personal data may be transferred outside the UAE and the country where you reside. Where we export data, we rely on lawful mechanisms such as:

Adequacy decisions or equivalent regulations,
Standard Contractual Clauses approved by the European Commission or the UAE Data Office,
Your explicit consent.

9. Data Retention

We retain personal data as long as necessary for the purposes described above, including to meet legal, accounting or reporting requirements, after which it is securely deleted or anonymised.

10. Security

We implement technical and organisational measures aligned with ISO 27001 and NIST SP 800‑53 to protect data against unauthorised access, alteration, disclosure or destruction. However, no system is completely secure.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

Access and obtain a copy of your personal data
Rectify inaccurate or incomplete data
Erase or anonymise data (right to be forgotten)
Restrict or object to processing
Port your data to another controller
Withdraw consent at any time
Lodge a complaint with a supervisory authority

12. Exercising Your Rights

To exercise your rights, email us at privacy@stoian.co. We will respond within the timeframe required by applicable law (usually 30 days).

13. Children’s Privacy

Our Services are not directed to children under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, please contact us so we can delete it.

14. Links to Third‑Party Sites

Our Site may contain links to third‑party websites. We are not responsible for their privacy practices.

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via the Site or by email. The Effective Date at the top will show when the latest changes were made.