Privacy policy
Privacy policy
Privacy policy
Last updated:
27 February 2026
Last updated:
27 February 2026
Last updated:
27 February 2026
Introduction
The House of Alchemy DWC-LLC / The House of Alchemy (together, “The House of Alchemy”, “we”, “us”, “our”) is a UAE-based marketing and communications agency.
This Privacy Policy explains how we collect, use, disclose, transfer, and protect personal data when you:
visit or use our website
contact us (including by email, phone or social media)
engage us to provide services under a master services agreement and/or statement of work (“MSA”, “SOW”, “Services”)
otherwise interact with us
We process personal data in accordance with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and any implementing regulations, and any other applicable laws depending on the context.
If you do not agree with this Privacy Policy, please do not use our website or provide personal data to us.
Introduction
Introduction
The House of Alchemy DWC-LLC / The House of Alchemy (together, “The House of Alchemy”, “we”, “us”, “our”) is a UAE-based marketing and communications agency.
This Privacy Policy explains how we collect, use, disclose, transfer, and protect personal data when you:
visit or use our website
contact us (including by email, phone or social media)
engage us to provide services under a master services agreement and/or statement of work (“MSA”, “SOW”, “Services”)
otherwise interact with us
We process personal data in accordance with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and any implementing regulations, and any other applicable laws depending on the context.
If you do not agree with this Privacy Policy, please do not use our website or provide personal data to us.
The House of Alchemy DWC-LLC / The House of Alchemy (together, “The House of Alchemy”, “we”, “us”, “our”) is a UAE-based marketing and communications agency.
This Privacy Policy explains how we collect, use, disclose, transfer, and protect personal data when you:
visit or use our website
contact us (including by email, phone or social media)
engage us to provide services under a master services agreement and/or statement of work (“MSA”, “SOW”, “Services”)
otherwise interact with us
We process personal data in accordance with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and any implementing regulations, and any other applicable laws depending on the context.
If you do not agree with this Privacy Policy, please do not use our website or provide personal data to us.
Key definitions
Key definitions
Key definitions
Personal data: information relating to an identified or identifiable natural person
Processing: any operation performed on personal data (e.g., collection, storage, use, disclosure)
Controller: the party that determines the purposes and means of processing personal data
Processor: the party that processes personal data on a controller’s behalf
Personal data: information relating to an identified or identifiable natural person
Processing: any operation performed on personal data (e.g., collection, storage, use, disclosure)
Controller: the party that determines the purposes and means of processing personal data
Processor: the party that processes personal data on a controller’s behalf
Personal data: information relating to an identified or identifiable natural person
Processing: any operation performed on personal data (e.g., collection, storage, use, disclosure)
Controller: the party that determines the purposes and means of processing personal data
Processor: the party that processes personal data on a controller’s behalf
Our role: when we are Controller vs Processor
Our role
Our role: when we are Controller vs Processor
A. Website, marketing and business administration (we are Controller)
For personal data collected through our website and for our own business operations (e.g., responding to enquiries, marketing, supplier management, invoicing administration), we generally act as Controller.
B. Client project delivery (we may be Processor)
When we provide Services to a client, we may process personal data on the client’s behalf (e.g., customer lists, CRM extracts, interview transcripts, video content containing individuals). In these cases, the client is the Controller and we are the Processor, unless the parties specify otherwise in an SOW. This processing is governed by the relevant contract terms, including any data processing addendum or schedule.
A. Website, marketing and business administration (we are Controller)
For personal data collected through our website and for our own business operations (e.g., responding to enquiries, marketing, supplier management, invoicing administration), we generally act as Controller.
B. Client project delivery (we may be Processor)
When we provide Services to a client, we may process personal data on the client’s behalf (e.g., customer lists, CRM extracts, interview transcripts, video content containing individuals). In these cases, the client is the Controller and we are the Processor, unless the parties specify otherwise in an SOW. This processing is governed by the relevant contract terms, including any data processing addendum or schedule.
A. Website, marketing and business administration (we are Controller)
For personal data collected through our website and for our own business operations (e.g., responding to enquiries, marketing, supplier management, invoicing administration), we generally act as Controller.
B. Client project delivery (we may be Processor)
When we provide Services to a client, we may process personal data on the client’s behalf (e.g., customer lists, CRM extracts, interview transcripts, video content containing individuals). In these cases, the client is the Controller and we are the Processor, unless the parties specify otherwise in an SOW. This processing is governed by the relevant contract terms, including any data processing addendum or schedule.
Personal data we collect
Personal data we collect
Personal data we collect
We collect personal data that is necessary to operate our website, respond to you, and deliver Services.
A. Information you provide
name, job title, organisation, email address, phone number
the content of messages/enquiries you send us
information you provide during sales and onboarding (e.g., authorised contacts, billing contact details)
information provided during delivery of Services (which may include personal data about employees, customers, or other individuals)
B. Website and device information
When you visit our website, we may collect technical data such as:
IP address, approximate location (e.g., country/city), browser type, device identifiers, operating system
pages visited, links clicked, time spent, and referring pages
C. Social media and third-party platforms
If you interact with us through third-party platforms, we may receive information you make available (subject to your settings and that platform’s policies).
Sensitive data
We do not request sensitive personal data via our website forms and ask that you do not share it unless necessary and we have agreed appropriate safeguards.
Children
Our website and Services are intended for professional / business audiences. We do not knowingly collect personal data from children via our website.
We collect personal data that is necessary to operate our website, respond to you, and deliver Services.
A. Information you provide
name, job title, organisation, email address, phone number
the content of messages/enquiries you send us
information you provide during sales and onboarding (e.g., authorised contacts, billing contact details)
information provided during delivery of Services (which may include personal data about employees, customers, or other individuals)
B. Website and device information
When you visit our website, we may collect technical data such as:
IP address, approximate location (e.g., country/city), browser type, device identifiers, operating system
pages visited, links clicked, time spent, and referring pages
C. Social media and third-party platforms
If you interact with us through third-party platforms, we may receive information you make available (subject to your settings and that platform’s policies).
Sensitive data
We do not request sensitive personal data via our website forms and ask that you do not share it unless necessary and we have agreed appropriate safeguards.
Children
Our website and Services are intended for professional / business audiences. We do not knowingly collect personal data from children via our website.
We collect personal data that is necessary to operate our website, respond to you, and deliver Services.
A. Information you provide
name, job title, organisation, email address, phone number
the content of messages/enquiries you send us
information you provide during sales and onboarding (e.g., authorised contacts, billing contact details)
information provided during delivery of Services (which may include personal data about employees, customers, or other individuals)
B. Website and device information
When you visit our website, we may collect technical data such as:
IP address, approximate location (e.g., country/city), browser type, device identifiers, operating system
pages visited, links clicked, time spent, and referring pages
C. Social media and third-party platforms
If you interact with us through third-party platforms, we may receive information you make available (subject to your settings and that platform’s policies).
Sensitive data
We do not request sensitive personal data via our website forms and ask that you do not share it unless necessary and we have agreed appropriate safeguards.
Children
Our website and Services are intended for professional / business audiences. We do not knowingly collect personal data from children via our website.
How we use personal data (Controller processing)
How we use personal data
How we use personal data (Controller processing)
Where we act as Controller, we use personal data for:
responding to enquiries and communicating with you
sales and relationship management, including preparing proposals and SOWs
delivering Services where relevant to the engagement (e.g., project communications with client contacts)
website analytics and improvement
marketing communications where permitted by law and/or with your consent (you can opt out at any time)
administration and operations, including invoicing administration, recordkeeping, and supplier management
legal and compliance purposes, including establishing, exercising or defending legal claims and protecting rights and security
We do not sell personal data.
Where we act as Controller, we use personal data for:
responding to enquiries and communicating with you
sales and relationship management, including preparing proposals and SOWs
delivering Services where relevant to the engagement (e.g., project communications with client contacts)
website analytics and improvement
marketing communications where permitted by law and/or with your consent (you can opt out at any time)
administration and operations, including invoicing administration, recordkeeping, and supplier management
legal and compliance purposes, including establishing, exercising or defending legal claims and protecting rights and security
We do not sell personal data.
Where we act as Controller, we use personal data for:
responding to enquiries and communicating with you
sales and relationship management, including preparing proposals and SOWs
delivering Services where relevant to the engagement (e.g., project communications with client contacts)
website analytics and improvement
marketing communications where permitted by law and/or with your consent (you can opt out at any time)
administration and operations, including invoicing administration, recordkeeping, and supplier management
legal and compliance purposes, including establishing, exercising or defending legal claims and protecting rights and security
We do not sell personal data.
Client project data (Processor processing)
Client project data
Client project data (Processor processing)
Where we process personal data on behalf of a client as Processor (or equivalent roles under applicable law), we will:
process personal data only on documented instructions from the client, including instructions relating to cross-border transfers
implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access
use subprocessors where necessary to deliver the Services and remain responsible for their performance (and where required by law, provide advance notice of material changes to subprocessors)
provide reasonable assistance to help the client respond to data subject requests and meet applicable breach notification and assessment obligations (taking into account the nature of processing and the information available to us)
notify the client without undue delay after becoming aware of a personal data breach relating to the Services
on termination of the Services involving personal data processing, delete or return personal data at the client’s request, unless retention is required by law
Where we process personal data on behalf of a client as Processor (or equivalent roles under applicable law), we will:
process personal data only on documented instructions from the client, including instructions relating to cross-border transfers
implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access
use subprocessors where necessary to deliver the Services and remain responsible for their performance (and where required by law, provide advance notice of material changes to subprocessors)
provide reasonable assistance to help the client respond to data subject requests and meet applicable breach notification and assessment obligations (taking into account the nature of processing and the information available to us)
notify the client without undue delay after becoming aware of a personal data breach relating to the Services
on termination of the Services involving personal data processing, delete or return personal data at the client’s request, unless retention is required by law
Where we process personal data on behalf of a client as Processor (or equivalent roles under applicable law), we will:
process personal data only on documented instructions from the client, including instructions relating to cross-border transfers
implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access
use subprocessors where necessary to deliver the Services and remain responsible for their performance (and where required by law, provide advance notice of material changes to subprocessors)
provide reasonable assistance to help the client respond to data subject requests and meet applicable breach notification and assessment obligations (taking into account the nature of processing and the information available to us)
notify the client without undue delay after becoming aware of a personal data breach relating to the Services
on termination of the Services involving personal data processing, delete or return personal data at the client’s request, unless retention is required by law
Lawful bases for processing (Controller processing)
Lawful bases for processing
Lawful bases for processing (Controller processing)
Where we act as Controller, we rely on lawful bases as required by applicable law, which may include:
contract necessity (to perform a contract or take steps at your request before contracting)
legitimate interests (to operate, secure, and improve our business and Services, balanced against your rights)
consent (e.g., for certain marketing or non-essential cookies)
legal obligation (to comply with applicable law)
Where we act as Controller, we rely on lawful bases as required by applicable law, which may include:
contract necessity (to perform a contract or take steps at your request before contracting)
legitimate interests (to operate, secure, and improve our business and Services, balanced against your rights)
consent (e.g., for certain marketing or non-essential cookies)
legal obligation (to comply with applicable law)
Where we act as Controller, we rely on lawful bases as required by applicable law, which may include:
contract necessity (to perform a contract or take steps at your request before contracting)
legitimate interests (to operate, secure, and improve our business and Services, balanced against your rights)
consent (e.g., for certain marketing or non-essential cookies)
legal obligation (to comply with applicable law)
Sharing personal data
Sharing personal data
Sharing personal data
We may share personal data with:
service providers that support our website and operations (e.g., hosting, email, IT, analytics, collaboration, project management, and storage providers)
subprocessors used to deliver Services (e.g., production partners, platforms and tools used to provide deliverables)
professional advisers (e.g., legal, accounting, audit, insurance)
authorities where required by law or to protect rights and security
We require service providers and subprocessors to protect personal data and only process it in accordance with applicable obligations.
We may share personal data with:
service providers that support our website and operations (e.g., hosting, email, IT, analytics, collaboration, project management, and storage providers)
subprocessors used to deliver Services (e.g., production partners, platforms and tools used to provide deliverables)
professional advisers (e.g., legal, accounting, audit, insurance)
authorities where required by law or to protect rights and security
We require service providers and subprocessors to protect personal data and only process it in accordance with applicable obligations.
We may share personal data with:
service providers that support our website and operations (e.g., hosting, email, IT, analytics, collaboration, project management, and storage providers)
subprocessors used to deliver Services (e.g., production partners, platforms and tools used to provide deliverables)
professional advisers (e.g., legal, accounting, audit, insurance)
authorities where required by law or to protect rights and security
We require service providers and subprocessors to protect personal data and only process it in accordance with applicable obligations.
Cookies and analytics
Cookies and analytics
Cookies and analytics
Our website uses cookies and similar technologies to operate and to understand website performance.
Essential cookies support core functionality
Analytics/performance cookies help us understand how visitors use our site (e.g., pages visited, time spent)
Where required, we will request consent for non-essential cookies. You can manage cookies via your browser settings. Blocking cookies may affect how the website functions.
Our website uses cookies and similar technologies to operate and to understand website performance.
Essential cookies support core functionality
Analytics/performance cookies help us understand how visitors use our site (e.g., pages visited, time spent)
Where required, we will request consent for non-essential cookies. You can manage cookies via your browser settings. Blocking cookies may affect how the website functions.
Our website uses cookies and similar technologies to operate and to understand website performance.
Essential cookies support core functionality
Analytics/performance cookies help us understand how visitors use our site (e.g., pages visited, time spent)
Where required, we will request consent for non-essential cookies. You can manage cookies via your browser settings. Blocking cookies may affect how the website functions.
International data transfers
International transfers
International data transfers
We are based in the UAE, but our service providers and subprocessors may process or store personal data in other countries.
Where cross-border transfer mechanisms are required by applicable law, we will implement appropriate safeguards (for example, contractual clauses) as needed.
We are based in the UAE, but our service providers and subprocessors may process or store personal data in other countries.
Where cross-border transfer mechanisms are required by applicable law, we will implement appropriate safeguards (for example, contractual clauses) as needed.
We are based in the UAE, but our service providers and subprocessors may process or store personal data in other countries.
Where cross-border transfer mechanisms are required by applicable law, we will implement appropriate safeguards (for example, contractual clauses) as needed.
Data security
Data security
Data security
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, loss, misuse, or alteration. No system is completely secure, but we take reasonable steps to maintain a level of security appropriate to the nature of the personal data processed.
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, loss, misuse, or alteration. No system is completely secure, but we take reasonable steps to maintain a level of security appropriate to the nature of the personal data processed.
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, disclosure, loss, misuse, or alteration. No system is completely secure, but we take reasonable steps to maintain a level of security appropriate to the nature of the personal data processed.
Data retention
Data retention
Data retention
We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy, including to provide the website and Services and to comply with legal and recordkeeping obligations.
Where we act as Processor, deletion/return is handled in accordance with the relevant contract terms and client instructions (and we may retain personal data where required by law).
We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy, including to provide the website and Services and to comply with legal and recordkeeping obligations.
Where we act as Processor, deletion/return is handled in accordance with the relevant contract terms and client instructions (and we may retain personal data where required by law).
We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy, including to provide the website and Services and to comply with legal and recordkeeping obligations.
Where we act as Processor, deletion/return is handled in accordance with the relevant contract terms and client instructions (and we may retain personal data where required by law).
Your rights
Your rights
Your rights
Depending on applicable law and your relationship with us, you may have rights to:
access your personal data
correct inaccurate or incomplete data
request deletion in certain circumstances
object to or restrict processing in certain circumstances
withdraw consent (where processing is based on consent)
request portability (where applicable)
lodge a complaint with a competent authority
If we act as Processor for your data, we may need to refer your request to the relevant client (Controller) or assist them in responding.
Depending on applicable law and your relationship with us, you may have rights to:
access your personal data
correct inaccurate or incomplete data
request deletion in certain circumstances
object to or restrict processing in certain circumstances
withdraw consent (where processing is based on consent)
request portability (where applicable)
lodge a complaint with a competent authority
If we act as Processor for your data, we may need to refer your request to the relevant client (Controller) or assist them in responding.
Depending on applicable law and your relationship with us, you may have rights to:
access your personal data
correct inaccurate or incomplete data
request deletion in certain circumstances
object to or restrict processing in certain circumstances
withdraw consent (where processing is based on consent)
request portability (where applicable)
lodge a complaint with a competent authority
If we act as Processor for your data, we may need to refer your request to the relevant client (Controller) or assist them in responding.
14. Third-party websites and embedded content
14. Third-party sites
14. Third-party websites and embedded content
Our website may include links to third-party websites or embedded content (e.g., YouTube, social media). Third parties may collect personal data via their own technologies. Their processing is governed by their privacy policies, not ours.
Our website may include links to third-party websites or embedded content (e.g., YouTube, social media). Third parties may collect personal data via their own technologies. Their processing is governed by their privacy policies, not ours.
Our website may include links to third-party websites or embedded content (e.g., YouTube, social media). Third parties may collect personal data via their own technologies. Their processing is governed by their privacy policies, not ours.
Contact us
Contact us
Contact us
If you have questions about this Privacy Policy or wish to exercise your rights, contact:
Email: hello@thehouseofalchemy.co
If you have questions about this Privacy Policy or wish to exercise your rights, contact:
Email: hello@thehouseofalchemy.co
If you have questions about this Privacy Policy or wish to exercise your rights, contact:
Email: hello@thehouseofalchemy.co
Updates to this policy
Policy updates
Updates to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. Your continued use of our website or Services after changes take effect means you acknowledge the updated policy.
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. Your continued use of our website or Services after changes take effect means you acknowledge the updated policy.
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. Your continued use of our website or Services after changes take effect means you acknowledge the updated policy.
Contact us
+971 (0) 52 201 2984
hello@thehouseofalchemy.co
The House of Alchemy DWC-LLC
Building A3
Business Park
Dubai South
Dubai
United Arab Emirates
Contact us
+971 (0) 52 201 2984
hello@thehouseofalchemy.co
The House of Alchemy DWC-LLC
Building A3
Business Park
Dubai South
Dubai
United Arab Emirates
Contact us
+971 (0) 52 201 2984
hello@thehouseofalchemy.co
The House of Alchemy DWC-LLC
Building A3
Business Park
Dubai South
Dubai
United Arab Emirates