Privacy Policy

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes described in this policy. We collect information you provide directly when you use our website and services. This includes your name, email address, phone number, company name, job title, and any additional information you submit through our assessment request form or other contact forms.

We also collect certain technical information automatically when you visit our website, including your IP address, browser type, operating system, referring URLs, and pages viewed. This data is collected through standard web analytics tools to understand website traffic patterns and improve site performance.

We process your personal data only when we have a valid legal basis to do so. The specific basis depends on the context in which we collect and use your information:

Contractual necessity: We process data provided through assessment requests, service agreements, and the Mizan Comply platform because it is necessary to perform or prepare a contract with you.

Legitimate interest: We process technical data such as IP addresses, browser information, and page views for website analytics and security monitoring. We have assessed that these interests do not override your fundamental rights and freedoms.

Consent: Where you have opted in to receive industry insights, marketing communications, or newsletters, we process your contact information based on your explicit consent. You may withdraw consent at any time by contacting us or using the unsubscribe link in our communications.

Legal obligation: We may process your data where necessary to comply with applicable laws, regulations, or legal proceedings in the UAE and GCC region.

We use the information we collect for the following specific purposes: responding to your inquiries and assessment requests, delivering consulting engagements and advisory services, providing and maintaining access to the Mizan Comply platform, analyzing website traffic patterns to improve site performance, and communicating service updates relevant to active engagements.

We may also use your information to send relevant industry insights or updates, but only if you have explicitly opted in. We process data to comply with legal obligations applicable in the UAE and GCC region. We do not use your personal data for any purpose beyond what is described in this policy.

We take reasonable steps to ensure that the personal data we hold is accurate, complete, and kept up to date. We periodically review the data we store and correct or delete inaccurate records where we become aware of errors.

You have the right to request correction of any inaccurate or incomplete personal data we hold about you. We encourage you to notify us of any changes to your information so that we can maintain accurate records. You may update your information at any time by contacting us at [email protected].

Your data is stored on secure servers provided by our infrastructure partners. We implement industry-standard security measures including encryption in transit and at rest, access controls, and regular security assessments to protect your information.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specifically: assessment request data is retained for up to 24 months following your inquiry; active client engagement data is retained for the duration of the engagement plus 36 months; Mizan Comply platform data is retained for the duration of your subscription plus 12 months; website analytics data is retained for up to 12 months in aggregated form.

When data is no longer needed and the applicable retention period has expired, it is securely deleted or anonymized. Data required by law to be retained for longer periods will be stored in accordance with the relevant legal requirements.

We do not sell, rent, or trade your personal information to third parties. We may share your data with trusted service providers who assist in operating our website and delivering our services, subject to strict confidentiality obligations.

We may disclose your information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of SIAN, our clients, or the public.

If you use the Mizan Comply compliance automation platform, we process organizational data including compliance documentation, evidence files, policy documents, risk assessments, and audit records. This data is processed solely for the purpose of delivering the platform services and remains the property of your organization.

Client data within Mizan Comply is logically isolated and accessible only to authorized users within your organization and SIAN personnel who require access to deliver the service.

Our website uses essential cookies to ensure proper functionality. We may also use analytics cookies to understand how visitors interact with our site. You can control cookie preferences through your browser settings.

We do not use cookies for targeted advertising or cross-site tracking.

You have the right to access, correct, or delete your personal data. You may also request a copy of the data we hold about you, or ask us to restrict processing in certain circumstances. Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

You also have the right to data portability, meaning you can request your personal data in a structured, commonly used, and machine-readable format. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

We comply with applicable data protection laws in the UAE, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, and relevant regulations in other GCC jurisdictions where we operate, including the Saudi Personal Data Protection Law (PDPL).

For individuals in the European Economic Area, we also adhere to the principles of the EU General Data Protection Regulation (GDPR) when processing personal data of EU residents.

SIAN is committed to demonstrating compliance with applicable data protection principles. We maintain records of our data processing activities, including the categories of data processed, purposes of processing, data recipients, and applicable retention periods.

We conduct periodic reviews of our data protection practices and update our policies and procedures to reflect changes in law, technology, or our business operations. Responsibility for data protection compliance is assigned to designated personnel within SIAN who oversee our privacy program.

We carry out data protection impact assessments for processing activities that are likely to result in a high risk to individuals. Our service providers are subject to contractual obligations regarding data protection, and we verify their compliance as part of our vendor management process.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised "Last updated" date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected] or write to us at SIAN Cyber Security, Dubai, UAE.