Privacy Policy

Nastrum Technologies (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (www.nastrum.com), use our services, or otherwise interact with us.

This policy applies to all individuals who access our website, purchase our services, communicate with us, or otherwise provide us with personal data. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

We comply with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, the General Data Protection Regulation (GDPR) where applicable to our European users, and other relevant data protection laws.

We collect personal information that you voluntarily provide to us when you express an interest in our services, participate in activities on our website, or contact us directly. The types of personal data we collect include:

Information You Provide Directly:

• Contact Information: Full name, email address, phone number, company name, job title, and mailing address.
• Account Information: Username, password, and account preferences for client portal access.
• Communication Data: Information contained in emails, contact forms, support tickets, and other correspondence.
• Payment Information: Billing address, bank account details, and payment transaction records. Credit card details are processed by our PCI-DSS compliant payment processor and are not stored on our servers.
• Project Data: Technical specifications, business requirements, and other documentation provided during service engagements.

Information Collected Automatically:

• Device Information: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage Data: Pages visited, time spent on pages, referral source, click patterns, and navigation paths.
• Cookie Data: Information collected through cookies, pixels, and similar tracking technologies (see our Cookie Policy for details).
• Location Data: Approximate geographic location derived from your IP address.

We use the personal information we collect for the following purposes, each with a lawful basis for processing:

• Service Delivery: To provide, maintain, and improve our IT services, process transactions, and manage your account. (Lawful basis: contractual necessity)
• Communication: To respond to your inquiries, provide customer support, send service-related notifications, and deliver project updates. (Lawful basis: contractual necessity / legitimate interest)
• Marketing: To send newsletters, promotional materials, and information about new services that may be of interest to you. You may opt out of marketing communications at any time. (Lawful basis: consent)
• Analytics: To analyse website usage, understand user behaviour, and improve our website experience and service offerings. (Lawful basis: legitimate interest)
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests. (Lawful basis: legal obligation)
• Security: To detect, prevent, and address technical issues, fraud, and security threats. (Lawful basis: legitimate interest)

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Regular security assessments and penetration testing of our systems
• Access controls with role-based permissions and multi-factor authentication
• Regular data backups stored in geographically separated, secure facilities
• Employee security awareness training and confidentiality agreements
• Incident response procedures and breach notification protocols

Your personal data is stored on secure servers located in the UAE and within cloud infrastructure provided by our certified partners (AWS and Microsoft Azure). Data may be transferred to servers outside the UAE only where adequate data protection safeguards are in place, such as standard contractual clauses or adequacy decisions.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods are: client records (7 years after contract end), marketing data (until consent is withdrawn), and website analytics data (26 months).

We may share your personal information with trusted third-party service providers who assist us in operating our website, conducting our business, or providing services to you. These third parties are contractually obligated to protect your data and may only use it for the specific purposes we have engaged them for.

Categories of third-party recipients include:

• Cloud Hosting Providers: Amazon Web Services (AWS), Microsoft Azure — for data storage and application hosting.
• Analytics Services: Google Analytics — for website usage analysis and reporting.
• Payment Processors: PCI-DSS compliant payment gateways for processing financial transactions.
• Communication Tools: Email service providers, CRM platforms, and project management tools used in service delivery.
• Marketing Platforms: Email marketing services and advertising platforms (with your consent).

We do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may disclose your information if required to do so by law or in response to valid requests by public authorities.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and personalise content. Cookies are small text files stored on your device when you visit our website.

We use three categories of cookies: Essential Cookies (required for the website to function properly and cannot be disabled), Analytics Cookies (help us understand how visitors interact with our website), and Marketing Cookies (used to deliver relevant advertisements and measure campaign effectiveness).

You can manage your cookie preferences through your browser settings or through our cookie consent banner when you first visit our website. For a detailed breakdown of the cookies we use, please refer to our Cookie Policy.

Under the UAE Data Protection Law and the GDPR (where applicable), you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you at any time.
• Right to Rectification: You may request correction of any inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
• Right to Data Portability: You may request a machine-readable copy of your data to transfer to another provider.
• Right to Object: You may object to processing of your data based on legitimate interests, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at legal@nastrum.com. We will respond to your request within 30 days. If we cannot comply with your request, we will provide a written explanation of the reasons.

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data handling practices, please contact our Data Protection Officer:

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the UAE Data Office or the relevant supervisory authority in your jurisdiction.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the “Last Updated” date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the updated terms.