Privacy Policy

G2 Middle East ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our Projects Portal and related services.

By using our services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not access or use our services.

This Privacy Policy complies with applicable data protection laws in the GCC region, including the UAE, Saudi Arabia, Qatar, Kuwait, Bahrain, and Oman.

G2 Middle East is the data controller responsible for your personal information.

3.1 Information You Provide

When you register for the Projects Portal, we collect:

• Identity Information: Full name, email address
• Professional Information: Company name, industry sector, country, job title
• Contact Information: Phone number, business address
• Account Information: Username, password (encrypted), security preferences
• Communication Data: Your correspondence with us, feedback, survey responses

3.2 Automatically Collected Information

When you access our Portal, we automatically collect:

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages viewed, time spent, navigation paths, access times
• Authentication Logs: Login attempts, access history, security events
• Performance Data: Error reports, system performance metrics

3.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience. See Section 10 for detailed information.

We use your personal information for the following purposes:

4.1 Service Provision

• Creating and managing your account
• Authenticating your identity and access
• Providing access to confidential project case studies
• Processing and responding to your inquiries
• Delivering personalized content based on your interests

4.2 Security and Compliance

• Monitoring for security threats and unauthorized access
• Detecting and preventing fraud or illegal activities
• Enforcing our Terms of Service and confidentiality agreements
• Complying with legal obligations and regulatory requirements
• Maintaining audit trails for compliance purposes

4.3 Communication

• Sending account-related notifications (approval, updates, security alerts)
• Responding to your requests and support inquiries
• Providing updates about new projects and case studies (with consent)
• Conducting surveys to improve our services (optional)

4.4 Analytics and Improvement

• Analyzing Portal usage patterns and user behavior
• Improving Portal functionality and user experience
• Developing new features and services
• Conducting internal research and analytics

We process your personal information based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide services you've requested
• Consent: You have explicitly agreed to the processing (e.g., marketing communications)
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., security, analytics)
• Legal Obligation: Processing required to comply with applicable laws and regulations

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

6.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6.2 Sharing with Service Providers

We may share your information with trusted service providers who assist us with:

• Cloud hosting and infrastructure (Cloudflare)
• Database management
• Email delivery services
• Analytics and performance monitoring
• Security and fraud prevention

These service providers are contractually bound to protect your data and use it only for specified purposes.

6.3 Legal Disclosures

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Protect the rights and safety of our users and the public

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

7.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure password hashing (SHA-256)
• Multi-factor authentication options
• Regular security audits and vulnerability assessments
• Access controls and role-based permissions
• Activity logging and monitoring
• Account lockout after failed login attempts

7.2 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using a strong, unique password
• Notifying us immediately of any unauthorized access
• Logging out after each session, especially on shared devices

7.3 Data Breach Notification

In the event of a data breach that may affect your rights, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law.

8.1 Retention Periods

• Active Accounts: Retained for the duration of your account plus 2 years
• Inactive Accounts: Deleted after 3 years of inactivity
• Access Logs: Retained for 1 year for security and audit purposes
• Communication Records: Retained for 5 years for legal compliance
• NDA Obligations: Records maintained for the duration of confidentiality obligations

8.2 Deletion Process

Upon retention period expiration or account deletion request, we will:

• Permanently delete your personal information from active systems
• Anonymize or aggregate data for analytical purposes
• Retain only information required for legal compliance

Under applicable data protection laws, you have the following rights:

9.1 Right to Access

You can request a copy of the personal information we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete information.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information, subject to legal retention requirements.

9.4 Right to Restrict Processing

You can request limitation of how we process your information in certain circumstances.

9.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

9.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9.8 How to Exercise Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request.

10.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services.

10.2 Types of Cookies We Use

• Essential Cookies: Required for authentication and security (cannot be disabled)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Portal
• Security Cookies: Detect and prevent security threats

10.3 Cookie Duration

• Session Cookies: Deleted when you close your browser
• Persistent Cookies: Remain for up to 30 days (authentication) or 1 year (preferences)

10.4 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect Portal functionality.

Your information may be transferred to and processed in countries outside the GCC region, including the United States (Cloudflare infrastructure).

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) with service providers
• Data Processing Agreements compliant with GCC regulations
• Encryption and security measures during transit and storage
• Regular audits of data processing activities

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.

We comply with data protection regulations in all GCC countries:

13.1 United Arab Emirates

• Federal Law No. 45 of 2021 on Personal Data Protection
• UAE Data Office: u.ae/data-protection

13.2 Saudi Arabia

• Personal Data Protection Law (PDPL)
• Saudi Data & AI Authority (SDAIA)

13.3 Qatar

• Law No. 13 of 2016 on Personal Data Privacy Protection

13.4 Other GCC Countries

We also comply with data protection regulations in Kuwait, Bahrain, and Oman.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Material changes will be communicated via:

• Email notification to your registered email address
• Prominent notice on the Portal
• Updated "Last Updated" date at the top of this policy

Your continued use of the Portal after changes are posted constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

We will respond to your inquiry within 30 days of receipt.