Privacy Policy
1. Introduction
This Privacy Policy explains how Gottesman Investments LLC (“we”, “us”, “our”), operator of The Institutional Desk at institutional-desk.com, collects, uses, stores, and protects personal data. We are committed to compliance with the EU General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL), and the Saudi Arabia Personal Data Protection Law (Saudi PDPL).
2. Data We Collect
| Category | Examples | Legal Basis (GDPR) |
|---|---|---|
| Account Data | Name, email address, organisation name, job title | Contract performance |
| Payment Data | Billing address, last 4 digits of card (processed by Stripe/HyperPay — we do not store full card numbers) | Contract performance |
| Usage Data | Pages visited, features used, session duration, IP address, browser type | Legitimate interest |
| Communication Data | Emails sent to us, support tickets, contact form submissions | Legitimate interest / consent |
| API Access Data | API keys, endpoint calls, rate limit logs | Contract performance |
3. How We Use Your Data
- To provide and maintain your subscription and platform access
- To process payments via Stripe (US/EU) and HyperPay (GCC)
- To deliver the Overnight Desk brief and other subscribed content
- To respond to support and compliance inquiries
- To improve platform functionality and user experience
- To comply with applicable legal and regulatory obligations
4. Data Sharing
We do not sell personal data. We share data only with:
- Stripe Inc. — payment processing (US/EU subscribers)
- HyperPay — payment processing (GCC subscribers)
- Mailchimp / SendGrid — email delivery of subscribed content
- Hostinger — web hosting and server infrastructure
- Legal authorities when required by applicable law
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of subscription + 7 years (tax/legal compliance) |
| Payment records | 7 years (financial record-keeping requirements) |
| Usage logs | 12 months |
| Support communications | 3 years |
| Deleted account data | 30 days after deletion request, then permanently erased |
6. Your Rights (GDPR / UAE PDPL / Saudi PDPL)
- Right of Access — Request a copy of your personal data
- Right to Rectification — Correct inaccurate personal data
- Right to Erasure — Request deletion of your personal data
- Right to Restriction — Restrict processing of your data
- Right to Portability — Receive your data in a machine-readable format
- Right to Object — Object to processing based on legitimate interest
To exercise any of these rights, email: compliance@institutional-desk.com. We will respond within 30 days.
7. Cookies
We use essential cookies for authentication and session management, and analytics cookies (Google Analytics / Plausible) to understand platform usage. You may disable non-essential cookies via your browser settings. A cookie consent banner is displayed on first visit.
8. International Transfers
Your data may be transferred to and processed in the United States. For EU/EEA users, such transfers are covered by Standard Contractual Clauses (SCCs) or adequacy decisions. For UAE and Saudi Arabia users, transfers comply with applicable cross-border transfer requirements under UAE PDPL and Saudi PDPL.
9. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security audits. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.
10. Children’s Privacy
The platform is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify subscribers of material changes via email at least 14 days before the change takes effect. The “Last Updated” date at the top of this page reflects the most recent revision.
12. Contact — Data Protection
Data Controller: Gottesman Investments LLC, 1600 NE 1st Avenue, Suite 3800, Miami, Florida 33132, USA
Email: compliance@institutional-desk.com
سياسة الخصوصية
١. المقدمة
توضح سياسة الخصوصية هذه كيفية قيام Gottesman Investments LLC (“نحن”)، مشغّل المكتب المؤسسي على institutional-desk.com، بجمع البيانات الشخصية واستخدامها وتخزينها وحمايتها. نلتزم بالامتثال للائحة الأوروبية العامة لحماية البيانات (GDPR)، والمرسوم الاتحادي الإماراتي رقم 45 لعام 2021 بشأن حماية البيانات الشخصية، ونظام حماية البيانات الشخصية السعودي.
٢. البيانات التي نجمعها
| الفئة | الأمثلة |
|---|---|
| بيانات الحساب | الاسم، البريد الإلكتروني، اسم المؤسسة، المسمى الوظيفي |
| بيانات الدفع | عنوان الفوترة، آخر 4 أرقام من البطاقة (تُعالَج بواسطة Stripe/HyperPay — لا نخزن أرقام البطاقات الكاملة) |
| بيانات الاستخدام | الصفحات التي تمت زيارتها، الميزات المستخدمة، مدة الجلسة، عنوان IP، نوع المتصفح |
| بيانات التواصل | الرسائل الإلكترونية المرسلة إلينا، تذاكر الدعم، نماذج الاتصال |
٣. حقوقك (GDPR / PDPL الإماراتي / PDPL السعودي)
يحق لك الوصول إلى بياناتك الشخصية وتصحيحها وحذفها وتقييد معالجتها ونقلها والاعتراض على معالجتها. للممارسة هذه الحقوق، راسلنا على: compliance@institutional-desk.com. سنرد خلال 30 يوماً.
٤. الأمان
نطبّق معايير أمان الصناعة بما في ذلك تشفير TLS أثناء النقل وتشفير AES-256 في حالة السكون وضوابط الوصول وعمليات التدقيق الأمني المنتظمة.
٥. التواصل
المتحكم في البيانات: Gottesman Investments LLC، ميامي، فلوريدا، الولايات المتحدة الأمريكية
البريد الإلكتروني: compliance@institutional-desk.com