Get in Touch
Request a Demo

Privacy Policy

PRIVACY POLICY

This Privacy Policy (“Policy”) may be amended or updated from time to time to reflect changes in our business practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

About this Privacy Policy

Endida Cyber Security Limited, who’s Registered Number 10262 is incorporated as a Private Company under the Companies Law, DIFC Law No. 5 of 2018.

Endida Cyber Security Limited (“Endida”, “we”, “us”, “our”) values your security and privacy and may for certain types of personal data processing, be subject to the Data Protection Law, DIFC Law No. 5 of 2020 (the “DP Law”) or laws from other jurisdictions.

For the purposes of this Policy “Personal Data” means any information that Endida

processes that relate to identifiable or identified individuals.

This Policy:

  • is issued by Endida and addressed to individuals outside our organisation and anywhere in the world who submit Personal Data to Endida or whose Personal Data we otherwise obtain during our ordinary business activities; and
  • sets out the basis on which we collect, use, disclose and process or store your Personal Data.

Specifically, this Policy covers:

  • Individuals with whom we may have had contact for business purposes, either on our own account or on behalf of third parties or organisations;
  • Individuals who are employed by or otherwise associated with our suppliers, partners or professional advisors;
  • Individuals who are clients or potential clients;
  • Individuals who are involved in transactions or potential transactions which are evaluated or conducted by us or any of our sub-advisors including shareholders, employees, representatives and/or directors of companies we work with;
  • Individuals who serve as members of boards and committees;
  • Individuals with whom we have contact during a recruitment process; and
  • Individuals who have opted to receive communications from us.

For the purposes of the Data Protection (DP) Law, we are a Controller in respect of your Personal Data. This means that we are responsible for ensuring that we use your Personal Data in compliance with the DP Law. We are required under the Personal Data Protection Law to notify you of the information contained in this Policy.

Principles and Basis for Use of Personal Data

We will take all reasonable steps necessary to ensure your data is processed fairly and lawfully, in accordance with the DP Law, other applicable laws and this Policy. We will:

  • Process your Personal Data in a lawful, fair, transparent and secure way;
  • Collect your Personal data only for specific, explicit and legitimate purposes as explained to you when collecting your personal data;
  • Not use your Personal Data in a way that is incompatible with those purposes;
  • Process your Personal Data in a manner that is adequate and relevant to the purposes for which we have collected it and limited only to those purposes;
  • keep your Personal Data accurate, where necessary, up to date; and
  • keep your Personal Data in a form that identifies you only as long as necessary for the purposes we have informed you or as permitted by law.

We use your Personal Data on the following legal bases:

  • For our legitimate business interests as set out in the section below;
  • Because the information is necessary for the performance of a contract with you or to take steps at your request to enter into a contract;
  • Because you have given your consent (if we expressly ask for consent to process your Personal Data for a specific purpose); and
  • To comply with legal and regulatory obligations.

Should you have any questions with respect to the legal basis which we rely on in relation to a particular processing activity, please do not hesitate to contact us using the methods described.

Collection and Uses of Personal Data

Please refer to the relevant section to see the categories of personal information about you that we process, the purposes of processing and our lawful basis for doing so.

Individuals with whom Endida has contact for business purposes

If you have had contact with Endida, for example through emailing or meeting arepresentative of Endida, we process limited amounts of personal data relating to you. If your contact with Endida also falls within other categories defined below, we will also process your personal information as described in those categories.

Personal Data that we may collect about you

We may collect and process the following personal data about you:

  • Information that you provide to us or one of our affiliates. This may include your full name, job title, employer organisation and contact details.
  • Publicly available information.

Uses of your personal data

Subject to applicable law, your personal data may be stored and processed by us in the following ways and for the following purposes:

  • Maintaining a directory of contacts;
  • Organising meetings between you and Endida’s representatives;
  • General business marketing, including reporting on cyber security trends and other business and industry economic insights; and
  • Sending you periodic updates about Endida’s business and Endida’s parent company East Harbour, events, presentations and opportunities by email;

You can opt out of receiving updates at any time by contacting us at info@endida.com or by asking your Endida business contact. Processing personal information about business contacts is necessary for undertaking business development and promotion, and for other purposes as contemplated herein or as otherwise permitted under applicable law.

Individuals who are associated with Endida’s suppliers, partners or professional advisors

If you are a supplier, partner or vendor to Endida, or one of our professional advisers, we will process limited amounts of personal information relating to you. 

Personal Data that we may collect about you

We may collect and process the following personal data about you:

  • Information that you provide to us or one of our affiliates. This may include your full name, job title, qualifications, employer or parent organisation and contact details.

Uses of your personal data

We will Process this personal information for the purposes of administering and maintaining records of goods, services or advice we have received and commissioning further services or procuring further goods.

Processing personal information that you provide to us is necessary for operating our business, and for other purposes as contemplated herein or as otherwise permitted under applicable law.

Individuals who are involved in transactions or potential transactions by or on behalf of the Endida

If you are involved in a transaction or potential transaction relating to the Endida’s business, including as a client using our products and services, we process personal information relating to you.

Personal Data that we may collect about you

We may collect and process the following personal data about you:

  • Information that you provide to us or one of our partners. To the extent appropriate, this may include your full name, business and personal contact details, log-in details for user accounts.

Uses of your personal data

Subject to applicable law, we process this personal information for the purposes of:

  • Maintaining records of licensing with our products;
  • Billing and invoicing purposes;
  • Safeguarding our legal rights and interests;
  • Organising and holding meetings and events;
  • Marketing of cyber security products and services
  • General business marketing, including reporting on cyber security trends and other business and cyber security economic insights; and
  • Sending you periodic updates about Endida’s and East Harbours business, events and opportunities.

You can opt out of receiving marketing updates at any time by contacting us

at info@Endida.com or by asking your Endida business contact.

Processing personal information about you is necessary in running our business, and for other purposes as contemplated herein or as otherwise permitted under applicable law. If we enter into a transaction that you are involved in, it will also be necessary for us to process your personal information for the purpose of performing that contract and to comply with our regulatory and legal obligations.

Individuals with whom we have contact during a recruitment process

We collect personal information about candidates through the application and recruitment process, either directly from candidates or sometimes from third parties (including recruitment agencies, former employers and credit reference agencies). Recruitment agencies which process your personal information, including for the purpose of introducing you as a candidate to Endida, act as the controller of your personal information for that purpose and so are subject to a separate privacy notice provided by the agencies to you.

Personal Data that we may collect about you

We may collect and process the following personal data about you:

  • Information that you provide to us or one of our affiliates. We will process information that you give us by submitting any applications, filling in forms or through any other communication with us, whether face-to-face, by phone, e-mail or otherwise during the application process. This may include:
  • Your full name (including previous names), date and place of birth, gender, nationality, citizenship, marital status, Emirates ID / social security number, bank account details, ID card, passport copies, email address, postal address, telephone number, qualifications, education and employment history;
  • Information about your previous and current level of remuneration, including benefit entitlements;
  • Other information provided by you in an application form, CV or resume or during an interview;
  • Information about your entitlement to work in the country in which you are employed;
  • Results of interview process tests or assessments; and
  • Health information and/or disability status.
  • Information we obtain from other sources. This is likely to include information about you such as:
  • Your past performance at work and other information provided from your previous and/or current employer(s);
  • Personal or professional references from third party referee(s) that you provide to us; and
  • Opinions expressed by others about you from other individuals.

Uses of your personal data

Subject to applicable law, your personal data may be stored and processed by us in the following ways and for the following purposes:

  • Consider your job application and evaluate your suitability for the role which you have applied for (including, in some cases, verifying your qualifications, education and references with those third parties you name);
  • Compliance with any legal or regulatory obligation to which we are subject (including compliance with any request from regulatory authorities or other relevant public authorities); and
  • For equal opportunities monitoring.

Should you be successful in your application, we will only transfer personal information to your employment record if it is relevant to your ongoing working relationship with Endida. Should your application be unsuccessful, we may keep your information on record for up to two (2) years to notify you of relevant job vacancies with us that you may be interested in, in the future unless you specifically request that this should not be the case. We are entitled to use your personal data in these ways because:

  • We need to in order to consider you for employment with us;
  • We have legal and regulatory obligations that we have to discharge;
  • We may need to for the purposes of occupational health and to take decisions regarding your fitness for work and health insurance requirements;
  • We may need to consider your eligibility for a visa;
  • The use of your personal data as described may be necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as:
  • Ensuring that we have made appropriate checks on the qualifications, education and experience that applicants tell us they have;
  • Maintaining compliance with internal policies and procedures; or
  • Allowing us to effectively and efficiently administer and manage the operation of our business.

In addition to the above, we reserve the right to collate, process and disseminate any statistics based on an aggregation of personal data held by us, provided that any individual is not identified from the resulting analysis and the collation, processing and dissemination of such information is permitted by law.

Other purposes for processing your personal information

Generally, we may also process your personal information for the following purposes:

Personal Data that we may collect about you

We may collect and process the following personal data about you:

  • Information establishing your identity (for example your name, address, email address, date of birth, passport or other ID, photograph);
  • Documents to verify information supplied to us, such as bills issued by third parties or endorsements issued by employers or institutions such as banks;
  • Reference checking information obtained via third parties such as credit reference agencies, and sanctions lists;
  • Financial information (for example, credit card details, bank account details);
  • Information provided so that we are able to fulfil our regulatory compliance obligations including anti-money laundering and “know your client” checks (for example the information establishing your identity as set out above);
  • Information you provide when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
  • Any information you independently choose to provide to us (for example, if you send us an email or call us);
  • Information relating to your use of our website (for example, domain name, IP address and cookies) or information you provide when you register for alerts and subscriptions and when you report a problem with any of our website services; and

Under certain circumstances, we may also collect special categories of Personal Data,

specifically:

  • Criminal record checks.

We may obtain your Personal Data from:

  • You (for example, when you use our website, when you make an inquiry, send emails, or otherwise provide us with your Personal Data);
  • Credit information, identity or criminal record checks;
  • Suppliers, consultants or advisors; and
  • Screening tools and information available in the public domain.

Uses of your Personal Data

Subject to applicable law, your Personal Data may be stored and processed by us in the following ways and for the following purposes:

  • To provide you with information about our services and solutions including by way of direct marketing;
  • To verify your identity and to undertake customer due diligence;
  • For audit purposes;
  • To resolve complaints and handling requests and enquiries;
  • Preventing, detecting and investigating crime, including cyber security crime, fraud and money-laundering or terrorist financing, and analyzing and managing commercial risks;
  • To respond to any queries, requests or comments that you may have;
  • To process your payments;
  • To review, develop and improve the services which we offer;
  • To review, analyse and assess potential investment into target companies; and
  • To comply with legal obligations.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform any contract we may have entered into with you, or we may be unable to deal with you.

Change of purpose

We will only use your personal information for the purposes for which we collected it or as otherwise described in this privacy notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, if required by applicable law, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing of Personal Data

We may share your Personal Data with third parties only where we have a lawful basis to do so, including:

  • Any member of the Endida for internal administrative purposes and for our legitimate interests;
  • For the purposes of marketing our products and services;
  • Our shareholders including in corporate or regulatory documents or publications;
  • Third party service providers who provide a service to us and need access to such Personal Data to carry out work on our behalf or to perform a contract we enter into with them (including but not limited to marketing and advertising, data processing, IT and office services);
  • Professional advisors such as lawyers and other consultants;
  • Any competent authority or government entities anywhere in the world if required by any applicable law, regulation, or legal process;
  • If we otherwise notify you and you consent to the sharing; and
  • With third parties in an aggregated and/or anonymised form which cannot reasonably be used to identify you.

Transferring Personal Data Internationally

The information you submit may be transferred, stored and hosted outside the DIFC, and may be transferred to countries which do not have data protection laws or to countries where your privacy and other fundamental rights will not be protected as extensively.

We will implement appropriate measures to ensure that your Personal Data remains protected and secure while and for as long as it remains under our control.

Should you have any questions with respect to safeguards we employ when transferring your Personal Data out of the DIFC, please do not hesitate to contact us using the methods described below.

Data Retention

We will keep your Personal Data for as long as is necessary for the specific purpose which we collected it, including for the purposes of satisfying any accounting or reporting requirements and to comply with any legal obligations to which we may be subject. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights

You may contact us if you wish to:

Access your Personal Data: request a copy of your Personal Data that we process about you.

Rectify your Personal Data: request us to amend or update your Personal Data where it is inaccurate or incomplete. We are not responsible for the accuracy of the information you provide and will modify or update your Personal Data upon your request.

Erase your Personal Data: request us to delete your Personal Data where it is no longer necessary for the purpose(s) for which your information was collected. We will erase or archive from active use your Personal Data upon request, unless we are required to retain it in accordance with DIFC or other applicable laws or to perform agreed services.

Restrict your Personal Data: request us to temporarily or permanently to stop processing all or some of your Personal Data.

Object to use of your Personal Data: at any time, object to us processing your personal data where it is based exclusively on our legitimate interests or for direct marketing purposes.

Receive or transmit your Personal Data in machine-readable and structured format (also known as “data portability”): request the receipt or transmission of your personal data to another organisation, in a structured and machine-readable format.

Withdraw your consent: withdraw your consent at any time to the use of your Personal Data for a particular purpose (where we have asked for your consent to use your information for that particular purpose).

No fee usually required: You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may, where the relevant law permits, charge a reasonable fee if your request for access is clearly unfounded or excessive (for example, for repeat copies).

What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

For any of the above, please see Contact Us Section below.

Data Security

Endida makes every effort to ensure that your Personal Data is secure on its system. Endida has staff dedicated to maintaining our data protection and security policies, periodically reviewing them and making sure that Endida employees are aware of our data protection and security practices. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, Endida cannot warrant or guarantee the security of any Personal Data you transmit to us, and you do so at your own risk.

Endida has established policies and procedures for securely managing information and protecting Personal Data against unauthorized access. We continually assess our data privacy, information management and security practices. We do this in the following ways:

  • Establishing policies and procedures for securely managing information;
  • Limiting employee access to viewing only necessary information in order to perform his or her duties;
  • Protecting against unauthorized access to Personal Data by using data encryption, authentication and virus detection technology, as required;
  • Requiring service providers and other third parties with whom we do business to comply with relevant data privacy legal and regulatory requirements. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality;
  • Monitoring our websites through recognised online privacy and security organizations; and
  • Conducting background checks on employees and providing training to our employees.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Cookies

A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences, and enhance browsing experience (“Cookie”). Endida uses Cookies to track overall site usage and enables us to provide a better user experience.

We do not use Cookies to “see” other data on your computer or determine your email address. Types of cookies we drop and the information collected using them include:

Essential

  • Google Tag Manager – helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags all in one place.

Site Analytics

  • Google Analytics – gives website owners the digital analytics tools needed to analyse data from all touchpoints in one place, for a deeper understanding of the customer experience.

Advertising

  • LinkedIn Analytics – enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet.

Most browsers accept and maintain Cookies by default. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookies settings related to the use of our website services, but this may limit your ability to access certain areas of our website. Alternatively you may wish to visit an independent source of information, www.aboutcookies.org, which contains comprehensive information on how to alter settings or delete Cookies from your computer as well as more general information about Cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual or network operator for advice.

External Links

The website may contain links to other websites on the Internet that are owned and operated by third parties. If you access those links, you will leave our website. These links are provided solely as a convenience to you and not as an endorsement by Endida of their content or reliability. You acknowledge that Endida is not responsible for the availability of, or the information and content of any external links. If you decide to access linked third-party websites, you do so at your own risk. Endida does not accept liability and shall not be liable to you for any loss or damage arising from or because of your acting upon the content of another website to which you may link from the website services.

This Policy does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy policy of any company before submitting your Personal Data.

Changes to this Privacy Policy

We may change this Policy from time to time and without notice. If we make significant changes in the way we treat your Personal Data, or to the Policy, we will endeavour to provide you notice through the website services or by some other means, such as email. Your continued use of the website services after such notice constitutes your acceptance of the changes. We encourage you to periodically review this Policy for the latest information on our privacy practices. We provide links to it through:

  • Website services;
  • Referencing it in our Terms and Conditions; and
  • Incorporating it into our contracts, agreements, and other documents as necessary or appropriate.

Contact Us

If you have any questions relating to this Policy or if you have any complaints related to how Endida processes your Personal Data, please contact our Data Protection Officer by email:

info@endida.com 

or at

Endida Cyber Security Limited
Level 02
Innovation One
Dubai International Finance Centre

Miscellaneous

This Policy shall be governed in all respects by the laws of the Dubai International Financial Centre.