This Privacy Policy explains how Aphelion Technology Services ("Aphelion", "we", "us", or "our") collects, uses, stores, and protects personal data when you visit aphelionits.com, submit inquiries, or engage our IT, OT, and cybersecurity services. Please read this policy carefully. It should be read together with our Terms & Conditions.
1 Introduction
Aphelion Technology Services is a technology services company headquartered in Abu Dhabi, United Arab Emirates. We specialize in bridging Information Technology (IT) and Operational Technology (OT) through managed services spanning OT security, AI-driven data center consultation, ICT/IoT infrastructure, and green technology integration.
We are committed to protecting your privacy and handling personal data responsibly, transparently, and in compliance with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), where applicable.
By accessing our website, submitting a contact form, or engaging with our services, you acknowledge that you have read and understood this Privacy Policy.
2 Scope & Definitions
This policy applies to personal data processed through:
- Our public website and any subdomains operated by Aphelion;
- Contact, consultation, and inquiry forms on our website;
- Email, telephone, and other communications initiated through our website;
- Pre-contract discussions and business development activities relating to our services.
For the purposes of this policy:
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
- "You" refers to website visitors, prospective clients, clients, and any individual whose personal data we process.
This policy does not apply to personal data processed solely under a separate written Service Agreement or Statement of Work, which may contain additional or superseding data protection terms agreed between the parties.
3 Information We Collect
We collect personal data that you voluntarily provide and data collected automatically when you use our website.
Information you provide directly
- Identity & contact details: Full name, email address, telephone number, and company or organization name.
- Inquiry details: Subject of inquiry, message content, and any other information you choose to include in our contact form.
- Professional information: Job title, department, industry sector, and project-related details shared during consultations.
Information collected automatically
- Technical data: IP address, browser type and version, device type, operating system, time zone, and language settings.
- Usage data: Pages visited, time and date of visits, time spent on pages, click paths, and referral sources.
- Cookie data: Information collected through cookies and similar technologies as described in Section 9.
We do not intentionally collect sensitive personal data (such as health, biometric, or financial account data) through our website. Please do not submit sensitive information unless we explicitly request it as part of a formal engagement.
4 How We Use Your Information
We use personal data for legitimate business purposes, including:
- Responding to inquiries, consultation requests, and support communications;
- Evaluating, proposing, and delivering our technology services and solutions;
- Managing client relationships, contracts, and project communications;
- Improving our website, services, and user experience through analytics;
- Sending service updates, security notices, or marketing communications where you have opted in or where permitted by law;
- Complying with legal, regulatory, and contractual obligations;
- Detecting, preventing, and addressing fraud, abuse, or security incidents;
- Protecting the rights, property, and safety of Aphelion, our clients, and others.
We will not use your personal data for purposes materially different from those described above without notifying you and, where required, obtaining your consent.
5 Legal Basis for Processing
Depending on the context and applicable law, we process personal data on one or more of the following bases:
- Consent: Where you have given clear consent, such as subscribing to communications or submitting a contact form.
- Contractual necessity: Where processing is necessary to respond to your request or perform a contract with you or your organization.
- Legitimate interests: Where processing is necessary for our legitimate business interests, such as improving services, securing our systems, or developing client relationships, provided your rights do not override those interests.
- Legal obligation: Where we must comply with applicable laws, regulations, court orders, or regulatory requests.
6 Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We may share personal data only in the following circumstances:
- Service providers: Trusted third parties who support our operations (e.g., hosting, email delivery, analytics, CRM systems), bound by confidentiality and data processing obligations.
- Professional advisors: Lawyers, auditors, or consultants where necessary for legal, compliance, or business purposes.
- Corporate transactions: In connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate safeguards.
- Legal and regulatory authorities: When required by law, regulation, legal process, or governmental request.
- With your consent: In any other situation where you have provided explicit authorization.
All third parties are required to process personal data only for specified purposes and in accordance with applicable data protection standards.
7 International Data Transfers
Your personal data may be processed in the United Arab Emirates and, where necessary to deliver our services, in other countries where our service providers or partners operate.
When personal data is transferred outside the UAE, we implement appropriate safeguards — such as contractual data protection clauses, adequacy assessments, or other mechanisms recognized under applicable law — to ensure your data receives a comparable level of protection.
8 Data Security
As a cybersecurity-focused organization, we apply robust technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
These measures include, where appropriate:
- Encryption of data in transit using SSL/TLS protocols;
- Role-based access controls and authentication mechanisms;
- Network segmentation and security monitoring;
- Regular review of security practices and vendor assessments;
- Employee training on data protection and confidentiality obligations.
While we take reasonable steps to safeguard personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any confirmed data breach in accordance with applicable legal requirements.
9 Cookies & Tracking Technologies
Our website uses cookies and similar technologies to operate effectively, analyze usage, and improve performance.
- Strictly necessary cookies: Essential for core website functionality and security.
- Analytics cookies: Help us understand visitor behavior and improve content (e.g., page views, session duration).
- Functional cookies: Remember preferences and enhance your browsing experience.
You can manage or disable cookies through your browser settings. Disabling certain cookies may limit some website features. Where required by law, we will obtain your consent before placing non-essential cookies.
10 Your Rights
Subject to applicable law, you may have the following rights in relation to your personal data:
- Right of access — to obtain confirmation of whether we process your data and receive a copy;
- Right to rectification — to request correction of inaccurate or incomplete data;
- Right to erasure — to request deletion where processing is no longer necessary or lawful;
- Right to restrict processing — to limit how we use your data in certain circumstances;
- Right to data portability — to receive your data in a structured, commonly used format;
- Right to object — to object to processing based on legitimate interests or for direct marketing;
- Right to withdraw consent — where processing is based on consent, without affecting prior lawful processing.
To submit a request, email info@aphelionits.com with the subject line "Data Privacy Request." We may need to verify your identity before responding. We aim to respond within thirty (30) days, or within the timeframe required by applicable law.
11 Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
- Contact form inquiries: Up to three (3) years from the date of submission, unless a longer period is required for an active business relationship or legal hold.
- Client and project records: For the duration of the engagement and up to seven (7) years thereafter, where required for contract, tax, or regulatory purposes.
- Website analytics data: Typically retained in aggregated or anonymized form for up to twenty-four (24) months.
When personal data is no longer needed, we securely delete or anonymize it in accordance with our data retention procedures.
12 Children's Privacy
Our website and services are directed at business professionals and organizations. We do not knowingly collect personal data from individuals under the age of eighteen (18). If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.
13 Third-Party Links
Our website may include links to third-party websites, platforms, or services (including social media). We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to review the privacy policies of any external sites you visit before providing personal information.
14 Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy regularly. Your continued use of our website after changes are posted constitutes acceptance of the updated policy, unless otherwise required by applicable law.
15 Contact Us
If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to report a privacy concern, please contact us:
- Company: Aphelion Technology Services
- Email: info@aphelionits.com
- Phone: +971 50 123 4567
- Address: Abu Dhabi, United Arab Emirates
We will investigate and respond to legitimate requests promptly and in accordance with applicable data protection laws.