---

1. Introduction

Quantum Innovations ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy applies to all services provided by Quantum Innovations, including cybersecurity solutions, AI automation systems, security operations, training programs, and related services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Fill out contact forms or request information
• Subscribe to our newsletter
• Register for training programs or certifications
• Request quotes or consultations
• Engage our cybersecurity or AI automation services
• Apply for employment opportunities

This information may include:

• Full name
• Email address
• Phone number
• Company name and job title
• Business address
• Professional certifications and qualifications
• Areas of interest in cybersecurity or AI solutions

2.2 Technical Information

When you visit our website, we automatically collect certain technical information, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website addresses
• Device information (type, screen resolution)
• Cookies and similar tracking technologies

2.3 Service-Related Information

When you engage our services, we may collect:

• Technical infrastructure details (for security assessments)
• Network configuration information (for SOC services)
• Security incident data (for threat detection and response)
• Compliance documentation (for GRC services)
• Training progress and certification records

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Providing cybersecurity solutions and AI automation services
• Conducting security assessments, penetration testing, and audits
• Delivering 24/7 SOC monitoring and threat detection
• Implementing compliance frameworks (NCA, SAMA, ISO standards)
• Providing training and certification programs

3.2 Communication

• Responding to inquiries and support requests
• Sending service updates and security alerts
• Providing newsletters and industry insights
• Marketing our cybersecurity and AI solutions (with your consent)

3.3 Business Operations

• Processing payments and managing accounts
• Improving our website and services
• Analyzing usage patterns and trends
• Conducting research and development
• Ensuring network security and preventing fraud

3.4 Legal Compliance

• Complying with Saudi Arabia's Personal Data Protection Law (PDPL)
• Meeting regulatory requirements (NCA, SAMA, SADIA)
• Responding to legal requests and protecting our rights
• Fulfilling contractual obligations

4. Legal Basis for Processing (PDPL Compliance)

Under Saudi Arabia's Personal Data Protection Law, we process your personal data based on:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to fulfill our service agreements
• Legal Obligation: When required by Saudi regulations (NCA, SAMA frameworks)
• Legitimate Interests: When necessary for our business operations and your security

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

5.1 Service Providers

• Technology partners (Cisco, Fortinet, Microsoft, Symantec)
• Cloud infrastructure providers
• Payment processors
• Training and certification bodies (ISACA, ISC2, EC-Council)

5.2 Legal Requirements

• Government authorities when required by law
• Regulatory bodies (National Cybersecurity Authority, SAMA)
• Law enforcement in response to valid legal requests

5.3 Business Transfers

• In connection with mergers, acquisitions, or asset sales
• With successor entities, subject to confidentiality obligations

All third parties are contractually obligated to protect your information and use it only for specified purposes.

6. Data Security

As a cybersecurity company, we implement enterprise-grade security measures:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring
• Security Operations: 24/7 SOC monitoring of our own systems
• Incident Response: Rapid response protocols for data breaches
• Regular Audits: Compliance with ISO 27001, NCA frameworks
• Employee Training: Regular security awareness programs

Despite our best efforts, no security system is impenetrable. We will notify affected individuals and authorities promptly in the event of a data breach, as required by PDPL.

7. Data Retention

We retain personal information for as long as necessary to:

• Fulfill the purposes outlined in this policy
• Comply with legal, regulatory, or contractual obligations
• Resolve disputes and enforce agreements

Specific retention periods:

• Client data: Duration of service agreement plus 7 years
• Training records: 10 years for certification compliance
• Marketing data: Until you withdraw consent
• Website analytics: 26 months

After retention periods expire, we securely delete or anonymize personal information.

8. Your Rights Under PDPL

Under Saudi Arabia's Personal Data Protection Law, you have the right to:

8.1 Access and Portability

• Request access to your personal data
• Receive your data in a structured, commonly used format
• Transfer your data to another service provider

8.2 Correction and Deletion

• Request correction of inaccurate personal data
• Request deletion of your personal data (subject to legal obligations)

8.3 Restriction and Objection

• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Opt-out of marketing communications at any time

8.4 Consent Withdrawal

• Withdraw consent for specific processing activities
• Unsubscribe from newsletters and marketing emails

To exercise these rights, contact us at: privacy@quantum-innovations.com.sa
We will respond to requests within 30 days, as required by PDPL.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and user behavior
• Improve website functionality and user experience
• Deliver relevant content and advertisements

Cookie Types:

• Essential Cookies: Required for website functionality
• Performance Cookies: Analyze website usage (Google Analytics)
• Functional Cookies: Remember user preferences
• Marketing Cookies: Track advertising effectiveness

You can control cookies through your browser settings. Disabling cookies may limit website functionality.

10. Third-Party Links

Our website may contain links to third-party websites, including:

• Technology partner sites (Cisco, Fortinet, Microsoft)
• Certification bodies (ISACA, ISC2, EC-Council)
• Industry resources and news sites

We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.

11. International Data Transfers

While we primarily operate in Saudi Arabia and the UAE, some service providers may process data internationally. When transferring data outside the Kingdom, we ensure:

• Adequate protection through Standard Contractual Clauses
• Compliance with PDPL cross-border data transfer requirements
• Equivalent security standards to Saudi regulations

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected information from a minor, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our services or business practices
• New regulatory requirements
• Technological developments in cybersecurity

We will post updated policies on our website with a new "Last Updated" date. Significant changes will be communicated via email to registered users.

14. Compliance and Regulatory Framework

This Privacy Policy complies with:

• Saudi Arabia's Personal Data Protection Law (PDPL)
• National Cybersecurity Authority (NCA) frameworks
• SAMA Cybersecurity Framework requirements
• ISO 27001 (Information Security Management)
• ISO 27701 (Privacy Information Management)

15. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

16. Vision 2030 Commitment

As a proud partner in Saudi Arabia's Vision 2030, we are committed to:

• Supporting the Kingdom's digital transformation goals
• Protecting critical national infrastructure
• Developing cybersecurity-ready workforces
• Advancing AI-enabled innovation securely and responsibly
• Maintaining the highest standards of data protection and privacy

---

Acknowledgment: By using our website or services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data handling practices.

Consent: If required, we will obtain your explicit consent before processing personal data for specific purposes beyond our legitimate business interests.