Privacy Policy

About this Privacy Policy

This Privacy Policy ("Policy") may be amended or updated from time to time to reflect changes in our business practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

Endida Cyber Security Limited, whose Registered Number is 10262, is incorporated as a Private Company under the Companies Law, DIFC Law No. 5 of 2018.

Endida Cyber Security Limited ("Endida", "we", "us", "our") values your security and privacy and may, for certain types of personal data processing, be subject to the Data Protection Law, DIFC Law No. 5 of 2020 (the "DP Law") or laws from other jurisdictions. For the purposes of this Policy, "Personal Data" means any information that Endida processes that relates to identifiable or identified individuals.

• Is issued by Endida and addressed to individuals outside our organisation anywhere in the world who submit Personal Data to Endida or whose Personal Data we otherwise obtain during our ordinary business activities
• Sets out the basis on which we collect, use, disclose and process or store your Personal Data

• Individuals with whom we may have had contact for business purposes, either on our own account or on behalf of third parties or organisations
• Individuals who are employed by or otherwise associated with our suppliers, partners or professional advisors
• Individuals who are clients or potential clients
• Individuals involved in transactions or potential transactions which are evaluated or conducted by us or any of our sub-advisors, including shareholders, employees, representatives and/or directors of companies we work with
• Individuals who serve as members of boards and committees
• Individuals with whom we have contact during a recruitment process
• Individuals who have opted to receive communications from us

For the purposes of the Data Protection (DP) Law, we are a Controller in respect of your Personal Data. This means that we are responsible for ensuring that we use your Personal Data in compliance with the DP Law.

Principles & Legal Basis

We will take all reasonable steps necessary to ensure your data is processed fairly and lawfully, in accordance with the DP Law, other applicable laws and this Policy. We will:

• Process your Personal Data in a lawful, fair, transparent and secure way
• Collect your Personal Data only for specific, explicit and legitimate purposes as explained to you when collecting your personal data
• Not use your Personal Data in a way that is incompatible with those purposes
• Process your Personal Data in a manner that is adequate and relevant to the purposes for which we have collected it and limited only to those purposes
• Keep your Personal Data accurate and, where necessary, up to date
• Keep your Personal Data in a form that identifies you only as long as necessary for the purposes we have informed you or as permitted by law

• For our legitimate business interests as set out in the section below
• Because the information is necessary for the performance of a contract with you or to take steps at your request to enter into a contract
• Because you have given your consent (if we expressly ask for consent to process your Personal Data for a specific purpose)
• To comply with legal and regulatory obligations

Should you have any questions with respect to the legal basis which we rely on in relation to a particular processing activity, please do not hesitate to contact us using the methods described below.

Business Contacts

If you have had contact with Endida, for example through emailing or meeting a representative of Endida, we process limited amounts of personal data relating to you.

• Information that you provide to us or one of our affiliates — including your full name, job title, employer organisation and contact details
• Publicly available information

• Maintaining a directory of contacts
• Organising meetings between you and Endida's representatives
• General business marketing, including reporting on cyber security trends and other business and industry economic insights
• Sending you periodic updates about Endida's business, events, presentations and opportunities by email

You can opt out of receiving updates at any time by contacting us at [email protected] or by asking your Endida business contact.

Suppliers, Partners & Professional Advisors

If you are a supplier, partner or vendor to Endida, or one of our professional advisers, we will process limited amounts of personal information relating to you.

• Your full name, job title, qualifications, employer or parent organisation and contact details

We will process this personal information for the purposes of administering and maintaining records of goods, services or advice we have received and commissioning further services or procuring further goods. Processing personal information that you provide to us is necessary for operating our business.

Transactions & Clients

If you are involved in a transaction or potential transaction relating to Endida's business, including as a client using our products and services, we process personal information relating to you.

• Your full name, business and personal contact details, and log-in details for user accounts

• Maintaining records of licensing with our products
• Billing and invoicing purposes
• Safeguarding our legal rights and interests
• Organising and holding meetings and events
• Marketing of cyber security products and services
• General business marketing, including reporting on cyber security trends
• Sending periodic updates about Endida's business, events and opportunities

You can opt out of receiving marketing updates at any time by contacting us at [email protected].

Recruitment

We collect personal information about candidates through the application and recruitment process, either directly from candidates or sometimes from third parties (including recruitment agencies, former employers and credit reference agencies).

• Full name (including previous names), date and place of birth, gender, nationality, citizenship, marital status, ID and passport copies, email address, postal address and telephone number
• Qualifications, education and employment history
• Information about your previous and current level of remuneration, including benefit entitlements
• Other information provided in an application form, CV or resume or during an interview
• Information about your entitlement to work in the relevant country
• Results of interview process tests or assessments
• Health information and/or disability status
• References and opinions from previous or current employers

• Consider your job application and evaluate your suitability for the role applied for
• Compliance with any legal or regulatory obligation to which we are subject
• Equal opportunities monitoring

Should your application be unsuccessful, we may keep your information on record for up to two (2) years to notify you of relevant job vacancies, unless you specifically request otherwise.

Other Processing Purposes

• Information establishing your identity (name, address, email address, date of birth, passport or other ID, photograph)
• Documents to verify information supplied, such as bills or endorsements from employers or institutions
• Reference checking information from credit reference agencies and sanctions lists
• Financial information (credit card details, bank account details)
• Information provided for regulatory compliance obligations including AML and KYC checks
• Information you provide when entering into any agreement or using our services
• Any information you independently choose to provide to us
• Information relating to your use of our website (domain name, IP address, cookies)
• Criminal record checks (under certain circumstances)

• To provide you with information about our services and solutions, including direct marketing
• To verify your identity and undertake customer due diligence
• For audit purposes
• To resolve complaints and handle requests and enquiries
• Preventing, detecting and investigating crime, including cyber security crime, fraud and money laundering
• To respond to any queries, requests or comments
• To process your payments
• To review, develop and improve the services which we offer
• To comply with legal obligations

If you fail to provide certain information when requested, we may not be able to perform any contract we may have entered into with you, or we may be unable to deal with you.

Sharing Personal Data

We may share your Personal Data with third parties only where we have a lawful basis to do so, including:

• Any member of Endida for internal administrative purposes and for our legitimate interests
• For the purposes of marketing our products and services
• Our shareholders, including in corporate or regulatory documents or publications
• Third party service providers who provide a service to us and need access to such Personal Data to carry out work on our behalf
• Professional advisors such as lawyers and other consultants
• Any competent authority or government entities anywhere in the world if required by any applicable law, regulation, or legal process
• If we otherwise notify you and you consent to the sharing
• With third parties in an aggregated and/or anonymised form which cannot reasonably be used to identify you

International Transfers

The information you submit may be transferred, stored and hosted outside the DIFC, and may be transferred to countries which do not have data protection laws or to countries where your privacy and other fundamental rights will not be protected as extensively.

We will implement appropriate measures to ensure that your Personal Data remains protected and secure while and for as long as it remains under our control. Should you have any questions with respect to safeguards we employ when transferring your Personal Data out of the DIFC, please do not hesitate to contact us using the methods described below.

Data Retention

We will keep your Personal Data for as long as is necessary for the specific purpose for which we collected it, including for the purposes of satisfying any accounting or reporting requirements and to comply with any legal obligations to which we may be subject.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights

You may contact us if you wish to exercise any of the following rights:

• Access your Personal Data — request a copy of your Personal Data that we process about you
• Rectify your Personal Data — request us to amend or update your Personal Data where it is inaccurate or incomplete
• Erase your Personal Data — request us to delete your Personal Data where it is no longer necessary for the purpose(s) for which it was collected
• Restrict your Personal Data — request us to temporarily or permanently stop processing all or some of your Personal Data
• Object to use of your Personal Data — at any time, object to us processing your personal data where it is based exclusively on our legitimate interests or for direct marketing purposes
• Data portability — request the receipt or transmission of your personal data to another organisation in a structured and machine-readable format
• Withdraw your consent — withdraw your consent at any time to the use of your Personal Data for a particular purpose

You will not usually have to pay a fee to access your personal information or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. We may need to request specific information from you to help us confirm your identity before processing your request.

Data Security

Endida makes every effort to ensure that your Personal Data is secure on its systems. Endida has staff dedicated to maintaining our data protection and security policies, periodically reviewing them and making sure that Endida employees are aware of our data protection and security practices.

Endida has established policies and procedures for securely managing information and protecting Personal Data against unauthorised access. We do this in the following ways:

• Establishing policies and procedures for securely managing information
• Limiting employee access to only necessary information to perform their duties
• Protecting against unauthorised access using data encryption, authentication and virus detection technology
• Requiring service providers and third parties to comply with relevant data privacy legal and regulatory requirements
• Monitoring our websites through recognised online privacy and security organisations
• Conducting background checks on employees and providing data protection training

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Cookies

A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences and enhance browsing experience. Endida uses Cookies to track overall site usage and to provide a better user experience. We do not use Cookies to "see" other data on your computer or determine your email address.

• Google Tag Manager — helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags in one place

• Google Analytics — provides digital analytics tools to analyse data from all touchpoints in one place, for a deeper understanding of the customer experience

• LinkedIn Analytics — enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet

Most browsers accept and maintain Cookies by default. Check the 'Help' or 'Settings' menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookie settings related to the use of our website services, but this may limit your ability to access certain areas of our website. For more information, visit www.aboutcookies.org.

External Links

The website may contain links to other websites on the Internet that are owned and operated by third parties. If you access those links, you will leave our website. These links are provided solely as a convenience to you and not as an endorsement by Endida of their content or reliability.

You acknowledge that Endida is not responsible for the availability of, or the information and content of, any external links. If you decide to access linked third-party websites, you do so at your own risk. This Policy does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy policy of any company before submitting your Personal Data.

Changes to this Policy

We may change this Policy from time to time and without notice. If we make significant changes in the way we treat your Personal Data, or to the Policy, we will endeavour to provide you notice through the website services or by some other means, such as email. Your continued use of the website services after such notice constitutes your acceptance of the changes.

We encourage you to periodically review this Policy for the latest information on our privacy practices. We provide links to it through our website services, by referencing it in our Terms and Conditions, and by incorporating it into our contracts, agreements and other documents as necessary or appropriate.

Contact Us

If you have any questions relating to this Policy or if you have any complaints related to how Endida processes your Personal Data, please contact our Data Protection Officer:

This Policy shall be governed in all respects by the laws of the Dubai International Financial Centre.