Privacy Policy

VulnXperts Consultancy W.L.L ("VulnXperts," "we," "our," or "us") operates its services commercially in the Kingdom of Bahrain. This Privacy Policy defines our procedures for maintaining the confidentiality, integrity, and security of personal data collected through our corporate offices, website, mobile applications, and other channels. This policy has been developed in line with the Bahrain Personal Data Protection Law (No. 30 of 2018) ("PDPL"), which came into effect on 1 August 2019.

By accessing or using our website or services, you acknowledge that you have read and understood this Privacy Policy and agree to the data practices described herein.

1. Definitions

For purposes of this Privacy Policy:

• Personal Data: Any information relating to an identifiable individual, including name, email, phone number, identification number, IP address, or any other identifier that can directly or indirectly identify a person.
• Sensitive Personal Data: Data revealing race, ethnicity, political or philosophical views, religious beliefs, criminal records, health information, or sexual life.
• Data Manager: VulnXperts Consultancy W.L.L, the entity determining purposes and means of personal data processing.
• Data Processor: Third parties processing personal data on our behalf, under written agreement.
• Processing: Any operation carried out on personal data including collecting, recording, storing, using, disclosing, or deleting.

2. Information We Collect

We collect and process the following categories of personal data from customers, prospective customers, website visitors, and business contacts performing legitimate business purposes:

• Identifiers: Name, email address, phone number, company name, job title, and identification numbers.
• Commercial Information: Service inquiries, subscription details, transaction records, and service history.
• Technical Data: IP address, device type, browser type, geographic location, and interaction patterns.
• Communication Data: Email messages, contact form submissions, support requests, and call notes.

We do not intentionally collect sensitive personal data unless explicitly required for service delivery or legal compliance, in which case appropriate safeguards apply.

3. How We Collect Information

We collect personal data through the following means:

• Information provided directly through our website forms, contact pages, or applications.
• Information collected automatically when you visit our website, including cookies and web beacons.
• Information from your employer or organization when you interact with us on their behalf.
• Information from service providers and business partners.

4. Purposes for Processing

We process your personal data for the following purposes:

• To provide, operate, and deliver our cybersecurity services.
• To respond to inquiries, requests, and support issues.
• To administer contracts and maintain business relationships.
• To process payments and perform billing and accounting.
• To prevent fraud, abuse, and security incidents.
• To comply with legal and regulatory obligations.
• To conduct analytics and improve our services.
• To send service-related communications and notices.

We process personal data based on: (a) explicit consent from you; (b) necessity to perform our contractual obligations; (c) compliance with legal requirements; or (d) our legitimate business interests where they do not interfere with your rights.

5. Data Disclosure

We only disclose your personal data to third parties in the following circumstances:

• When explicitly requested by you.
• To perform our contractual obligations with you.
• To service providers, contractors, and processors who provide services on our behalf under written confidentiality agreements.
• To professional advisors, including lawyers, accountants, and auditors.
• As compelled by court order or legal/regulatory requirement.
• In connection with a merger, acquisition, or sale of assets.

We do not sell personal data for monetary consideration.

6. Third-Party Service Providers and Subprocessors

We engage third-party service providers to support our business operations. These processors have access to your personal data only for purposes specified and are contractually bound to:

• Maintain confidentiality and security standards.
• Comply with applicable data protection laws.
• Process data only as instructed.

Such service providers include: cloud hosting providers, CRM platforms, email delivery services, analytics tools, and security vendors.

7. Cookies and Similar Technologies

We use cookies and similar technologies to enable website functionality, analyze usage, and improve our services. You can manage cookies through your browser settings.

We do not currently respond to browser "Do Not Track" signals.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law. Retention periods vary depending on the type of information and the reason it was collected. When information is no longer needed, we delete, aggregate, or anonymize it.

9. Third-Party Websites and Services

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

9a. International Data Transfers

Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not have the same data protection standards as Bahrain. Where required by law, we implement appropriate safeguards such as standard contractual clauses, adequacy decisions, or your explicit consent to protect personal information during international transfers.

9b. European Economic Area (EEA), UK, and Switzerland Users

If you are located in the EEA, the UK, or Switzerland, you may have additional rights under applicable data protection laws, including:

• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

You may exercise these rights by contacting us as described below.

10. Security

We implement reasonable administrative, technical, and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. Our security measures include encryption, firewalls, and access controls.

No method of transmission or storage is completely secure. If you believe your personal data has been compromised, please contact us immediately.

11. Data Breach Notification

In the event of a confirmed data breach, we will conduct a prompt investigation, contain the incident, and notify affected individuals without undue delay and in accordance with applicable laws.

12. Your Rights

Under the PDPL, you have the following rights:

• Right to Enquire: Request information about your personal data and processing purposes.
• Right to Object: Object to direct marketing communications and opt out at any time.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data under applicable circumstances.
• Right to Withdraw Consent: Withdraw consent at any time without affecting past processing.
• Right to Lodge a Complaint: Submit a complaint to the relevant Bahrain data protection authority.

To exercise any of these rights, contact us using the information below. You may be required to authenticate your identity.

13. Minors

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors.

14. Marketing Communications

We may send marketing communications, including updates about services, insights, newsletters, and events, only where permitted by law and based on your consent when required. You can opt out at any time using the unsubscribe link in any marketing message or by contacting us. You may still receive non-promotional, service-related communications related to your inquiry or engagement.

15. Sensitive Information

We do not intentionally collect sensitive personal information such as national identification numbers, financial account details, biometric data, health data, religious beliefs, political views, or criminal records. Please do not submit such data unless we have explicitly requested it for a legitimate business or legal purpose with appropriate safeguards in place.

16. Contact Forms and Service Requests

We collect personal information through our website forms, including:

• Contact Us Form: Used to submit inquiries and requests. Information is processed to respond and maintain business records.
• Schedule a Call: Used to book consultations. Information is used for calendar coordination and consultation delivery.

When you submit our Contact Us form, you must acknowledge that you have read our Privacy Policy and that we may process your information to respond to your inquiry. Marketing and newsletter updates are optional and are only sent if you choose to opt in. You may withdraw that consent or request deletion of your information at any time by contacting us.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post an updated version on our website and update the "Last updated" date. Your continued use of our website or services after any updates constitutes your acceptance of the revised Privacy Policy.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: