Privacy Policy

📋 1. Information We Collect

EVERLINE CYBER IT INFRASTRUCTURE L.L.C. ("EVERLINE", "we", "us", "our") collects information to provide cybersecurity services. We collect information you provide directly, information generated through your use of our services, and information from third parties.

Information You Provide Directly

• Account & Contact Data: Name, email address, phone number, job title, company name, billing address
• Service Request Data: Security audit requests, incident reports, support tickets, communications with our team
• Assessment Data: Network topology, system inventories, and other technical information shared during security engagements
• Payment Data: Billing information processed securely via PCI-DSS Level 1 compliant payment processors

Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent, click paths
• Device & Technical Data: IP address, browser type, operating system, referring URLs
• Cookies & Tracking: See Section 9 for full details

⚙️ 2. How We Use Your Information

⚖️ 3. Legal Basis for Processing

We process your personal data only when we have a valid legal basis under applicable data protection law, including the EU General Data Protection Regulation (GDPR) and the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection.

• Contract Performance: Processing necessary to deliver services you have contracted with us
• Legitimate Interests: Improving our services, fraud prevention, network security monitoring — balanced against your rights
• Consent: Marketing emails and non-essential cookies — you may withdraw consent at any time
• Legal Obligation: Compliance with applicable laws, court orders, and regulatory requirements

🤝 4. Data Sharing & Disclosure

We do not sell your personal data. We share data only in the following circumstances:

• Service Providers: Vetted sub-processors bound by data processing agreements (cloud hosting, payment processing, analytics)
• Professional Advisors: Legal, accounting, and insurance professionals under confidentiality obligations
• Business Transfers: In the event of merger, acquisition, or sale — with advance notice to you
• Legal Requirements: When required by law, court order, or to protect rights, property, or safety
• With Your Consent: Any other sharing with your explicit prior consent

📅 5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law.

🛡️ 6. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion where there is no compelling reason for continued processing
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing
• Rights Related to Automated Decision-Making: Not be subject to solely automated decisions that significantly affect you

To exercise any of these rights, contact our Data Protection Officer at privacy@everline.ae. We will respond within 30 days.

🔐 7. Security Measures

As a cybersecurity company, we apply the most rigorous security standards to protect your data:

• AES-256 encryption at rest and TLS 1.3 in transit
• ISO 27001-certified information security management system
• Role-based access control and multi-factor authentication for all systems
• Regular penetration testing of our own infrastructure
• 24/7 SOC monitoring for our client data environments
• Annual third-party security audits
• Employee background checks and mandatory security awareness training

Despite our best efforts, no security measure is 100% impenetrable. In the event of a data breach, we will notify affected individuals and relevant authorities within 72 hours as required by GDPR Article 33.

🌍 8. International Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries recognised as providing adequate protection by the European Commission
• Standard Contractual Clauses (SCCs): EU-approved contractual protections for transfers to third countries
• Binding Corporate Rules: For intra-group transfers within our corporate structure
• Certifications: Transfers to recipients holding valid privacy certifications (e.g., ISO 27701)

Our primary data centres are located in the UAE and EU (Ireland/Germany) with industry-standard data residency controls.

🍪 9. Cookies

We use cookies and similar tracking technologies. For full details on what cookies we use, why, and how to manage them, please see our Cookie Policy.

In summary, we use:

• Essential Cookies: Required for site functionality — cannot be disabled
• Analytics Cookies: Help us understand how visitors use our site (with your consent)
• Marketing Cookies: Used to deliver relevant content and ads (with your consent)

📬 10. Contact & Data Protection Officer

For any questions, requests, or complaints regarding this Privacy Policy or our data practices, contact us:

• Data Protection Officer: privacy@everline.ae
• General Enquiries: info@everline.ae
• Postal Address: EVERLINE CYBER IT INFRASTRUCTURE L.L.C., AL BARSHA FIRST BUILDING, Dubai, UAE
• Phone: (373-408) 228

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the EU, this is your national supervisory authority (e.g., the ICO in the UK, CNIL in France).

This policy was last updated on April 1, 2026. We may update it periodically — material changes will be communicated by email or prominent notice on our website.