Gem Soft Privacy Policy

1. INTRODUCTION:

This Privacy Policy describes AST LLC’s (“Company”) commitment to responsibly collecting, using, storing, and protecting personal data in compliance with applicable Qatari laws, including Law No. 13 of 2016, "The Protection of Personal Data Privacy Law" ("PDPL").

 

The Company is dedicated to handling personal data in a transparent, secure, and lawful manner. We collect minimal personal data, specifically users' full names, email addresses, and company names through our website's contact form. This information is gathered solely to respond to user inquiries and ensure effective communication.

 

The Company implements industry-standard security and organizational measures to protect the integrity and confidentiality of personal data. Our data handling practices align with best practices and legal requirements, ensuring that data collection, processing, and storage respect user rights and meet the stringent requirements outlined in the PDPL.

 

This policy explains:

  1. The types of data collected and the purpose of its collection,
  2. How data is securely stored and shared,
  3. User rights regarding access, correction, deletion, and data portability,
  4. Contact details for inquiries related to data privacy.

 

Our commitment to protecting personal data reflects the Company’s adherence to both Qatari regulations and global data protection standards, safeguarding users’ privacy and fostering trust.

 

 2. DATA COLLECTION:

The Company collects and processes only the minimum personal data necessary to provide an effective and secure user experience on our website. Specifically, we collect the following types of information:

  1. Contact Information: Through our website’s contact form, we gather users' full names, email addresses, and company names. This data is collected solely to respond to inquiries and maintain communication with individuals interested in our services.
  2. Activity Data: We may collect data related to user interactions on our website, including access dates, pages viewed, and actions taken (e.g., submitting forms). This information helps us improve our website’s functionality, user experience, and security.
  3. Device Data: To enhance website performance and secure user interactions, we may automatically collect technical information about the devices used to access our website. This includes device type, browser type, IP address, and operating system. Such data enables us to troubleshoot issues, optimize the website for various devices, and protect against potential security threats.
  4. Third-Party Data: In some cases, we may obtain additional information from third-party providers (e.g., analytics services) to better understand how users engage with our website and to assess the effectiveness of our digital content. This data is used in aggregated form to help improve the quality and relevance of our content and services.

 

All data collection practices are conducted in compliance with applicable Qatari laws and with strict adherence to privacy and data security standards. This approach ensures that we collect only what is necessary, maintain data integrity, and limit data retention to the purposes outlined in this policy.

 

Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you are under 16, please do not use our website or provide any personal data.

 

3. PURPOSE OF DATA PROCESSING:

The Company processes personal data exclusively for legitimate business purposes in accordance with Qatari data protection laws. The primary purposes for collecting and processing data on our website are as follows:

  1. Responding to Inquiries and Communication: The contact information collected (full name, email address, and company name) enables us to effectively respond to user inquiries and maintain communication with individuals or organizations interested in our services.
  2. Sending Marketing Offers and Updates: The Company may use contact information (full name, email address, and company name) to send marketing offers and updates about our products and services. Users will have the option to unsubscribe from these communications at any time, ensuring they receive only relevant and desired information.
  3. Enhancing Website Functionality and User Experience: We process activity and device data to analyze user interactions with our website, helping us identify areas for improvement, optimize user experience, and ensure content relevance.
  4. Ensuring Security: We collect technical data, such as IP addresses and browser types, to detect, prevent, and respond to potential security threats. This processing supports the integrity and security of our website and protects both user data and the Company’s digital infrastructure.
  5. Compliance with Legal and Regulatory Obligations: The Company may be required to process and retain personal data to comply with legal requirements, such as regulatory mandates, lawful requests from authorities, and obligations under applicable data protection laws.

 

Our data processing practices are designed to meet privacy standards and legal obligations, ensuring that all personal data is handled responsibly and in the best interests of our users. We do not use personal data for any purposes beyond those specified in this policy, unless consent is obtained or as otherwise required by law.

 

The Company will only send marketing communications after obtaining explicit consent from individuals, including a clear option to unsubscribe at any time.

 

4. DATA RETENTION:

The Company retains personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, in compliance with Qatar’s Law No. 13 of 2016 on the Protection of Personal Data Privacy (PDPL). Standard retention periods are as follows:

  1. Contact Information: Personal data collected through our website’s contact form (such as full name, email address, and company name) is typically retained for a period of up to 2 years from the date of the last interaction. This allows us to respond to follow-up inquiries and maintain records of communications.
  2. Activity and Device Data: Data related to user interactions and technical information collected automatically (e.g., IP addresses, device type) is generally retained for up to 1 year. This data helps us analyze usage patterns, improve functionality, and secure our website.
  3. Extended Retention for Legal Compliance: In specific cases, the Company may be required to retain certain data beyond the standard period to comply with legal or regulatory obligations. For example, records may be held for up to 5 years in accordance with local regulatory requirements, in cases involving potential legal disputes, or to meet financial audit requirements.
  4. Data Deletion and Anonymization: Once personal data is no longer needed for the purposes described or required for legal reasons, it will be securely deleted or anonymized in line with PDPL and industry best practices.
  5. User Rights to Data Deletion: Users have the right to request deletion of their personal data at any time, provided that no legal or regulatory obligation requires us to retain it. We will review and respond to such requests in accordance with applicable laws.

 

These retention periods align with Qatari data protection regulations, ensuring data is maintained only as long as necessary for its intended purpose and securely disposed of afterward.

 

5. DATA SHARING:

The Company is committed to safeguarding user data and only shares personal information under specific conditions that are consistent with Qatar’s data protection laws, including Law No. 13 of 2016 (PDPL). We do not sell or otherwise disclose personal data to third parties for unrelated purposes. Personal data may be shared under the following circumstances:

  1. Legal and Regulatory Compliance: the Company may disclose personal data when required by law, regulation, or valid legal process. This includes sharing information with government authorities, regulatory bodies, or law enforcement in response to lawful requests, for example, to meet national security or law enforcement requirements or as necessary to protect the rights, property, and safety of the Company, its users, or the public.
  2. Corporate Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, the Company may transfer personal data as part of the transaction. Any such transfer will adhere to the terms of this Privacy Policy and comply with applicable data protection regulations. In these cases, users will be notified of the change in data controller and will have the opportunity to withdraw their data prior to the transfer, if desired. We will also ensure that any third party involved agrees to handle personal data in a manner consistent with our data protection commitments.
  3. Consent-Based Sharing: In situations where we may wish to share personal data for purposes not covered by this policy, we will request explicit consent from users before proceeding. Users will have the option to decline such data sharing requests without impacting their ability to use our website.

 

The Company ensures that any third party with whom we share personal data adheres to strict data protection standards and is contractually obligated to maintain data confidentiality and security. We take appropriate steps to safeguard personal data at every stage of sharing, in line with PDPL and best practices for data security.

 

6. USER RIGHTS:

In accordance with Qatar’s Law No. 13 of 2016 on the Protection of Personal Data Privacy (PDPL), the Company respects and upholds users' rights regarding their personal data. Users have the following rights:

    1. Right of Access: Users have the right to request access to their personal data held by the Company, including the right to receive a copy of their data in a format that enables them to verify the lawfulness of its processing.
    2. Right to Rectification: Users have the right to request correction or update of any inaccurate or incomplete personal data. The Company will promptly make necessary adjustments to ensure data accuracy and completeness in compliance with PDPL.
    3. Right to Erasure: Users have the right to request deletion of their personal data when it is no longer necessary for the purposes for which it was collected, or if they withdraw consent (where consent is the basis for processing). The Company will respect such requests unless retention of the data is required by overriding legal or regulatory obligations.
    4. Right to Restrict Processing: Users have the right to request restriction of processing of their personal data if they contest its accuracy, if the processing is unlawful, or if the data is no longer needed for processing purposes but is required for legal claims. The Company will review such requests and restrict processing where applicable.
    5. Right to Data Portability: Where technically feasible and required by PDPL, users may request to receive a copy of their data in a structured, commonly used, and machine-readable format to transfer it to another data controller if processing is based on consent or a contract.
    6. Right to Information: Users have the right to be informed about the purpose of data processing, the categories of personal data collected, any third parties to whom their data may be disclosed, and the duration of data storage.
    7. Right to Withdraw Consent: Users may withdraw their consent to data processing at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

 

To exercise these rights, users may contact the Company using the details provided in the "Contact" section of this Privacy Policy. The Company is committed to responding to such requests within the legally specified timeframes, ensuring full compliance with user rights as set forth by the PDPL.

 

7. USE OF COOKIES

The Company does not use cookies or similar tracking technologies on its website. We do not collect or store information about your preferences, visits, or activities through the use of cookies. All personal information we process is provided directly by you through forms on our website and is used solely for the purposes specified in this Privacy Policy.

 

If in the future we decide to use cookies to enhance the functionality of our website or to provide you with a more personalized experience, we will notify you in advance and update this Privacy Policy to reflect any changes. We will also ensure compliance with all applicable laws and regulations, including obtaining your consent if required.

 

8. ADDITIONAL TERMS FOR EUROPEAN UNION (EU) CITIZENS:

The Company recognizes the importance of protecting the personal data of European Union citizens and is committed to complying with the General Data Protection Regulation (GDPR). This section of our Privacy Policy provides additional information for EU users about how we process their personal data and outlines their rights under the GDPR.

 

Legal Basis for Processing Personal Data

We process your personal data on the following legal bases:

  1. Consent: You provide explicit consent when you fill out our contact form.
  2. Performance of a Contract: Processing is necessary to respond to your inquiries and provide our services.
  3. Legitimate Interests: We process your data to improve our services and ensure security, provided it does not override your fundamental rights and freedoms.

 

Your Rights Under the GDPR

As an EU citizen, you have the following rights regarding your personal data:

  1. Right of Access: Request confirmation of whether we process your data and obtain a copy.
  2. Right to Rectification: Request correction of inaccurate or incomplete data.
  3. Right to Erasure ("Right to be Forgotten"): Request deletion of your data when it's no longer needed or if you withdraw consent.
  4. Right to Restrict Processing: Request limitation of data processing under certain circumstances.
  5. Right to Data Portability: Receive your data in a structured format and transfer it to another controller.
  6. Right to Object: Object to data processing based on legitimate interests or for direct marketing.
  7. Right Not to Be Subject to Automated Decision-Making: Opt out of decisions based solely on automated processing that significantly affect you.

 

International Data Transfers

 

Since the Company is located outside the EU, your personal data may be transferred to a country that may not provide the same level of data protection. We ensure adequate protection by:

  1. Using Standard Contractual Clauses approved by the European Commission.
  2. Implementing additional technical and organizational security measures.

 

Withdrawal of Consent

If processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

 

Contact Information for GDPR Inquiries

If you have questions or wish to exercise your GDPR rights, please contact us:

AST LLC
Address: Office No. 226-02, Floor No. 2
Regus Business Centre, No. 65
Doha, Qatar
Email: support@gemspace.com

 

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to file a complaint with the supervisory authority in your EU member state.

 

9. SECURITY MEASURES:

The Company takes the protection of personal data seriously and implements a range of security measures to safeguard data from unauthorized access, disclosure, alteration, or destruction. In compliance with Qatar’s data protection laws, we employ the following measures to ensure the security and confidentiality of personal data:

  1. Encryption: Personal data is encrypted during transmission and storage, ensuring that information remains secure and unreadable to unauthorized parties. This helps protect sensitive data from interception or unauthorized access.
  2. Access Control: Access to personal data is strictly limited to authorized personnel who require it to perform their duties. Our employees and service providers are bound by confidentiality obligations, and access rights are managed and regularly reviewed to prevent unauthorized access.
  3. Network Security: the Company utilizes firewall protection, intrusion detection systems, and secure networks to prevent unauthorized access and protect our website and internal systems from external threats.
  4. Data Minimization: We collect and retain only the data necessary for specified purposes, reducing the risk associated with data storage and processing.
  5. Regular Audits and Assessments: We conduct regular security audits and vulnerability assessments to identify potential risks and ensure our security practices remain effective and up to date.
  6. Data Backup and Recovery: We maintain regular data backups and recovery protocols to ensure data integrity and availability in the event of accidental loss or technical failure.
  7. Employee Training: the Company conducts regular training for employees to ensure awareness of data protection practices, emphasizing the importance of safeguarding user data in compliance with Qatar’s data protection laws.

 

These measures reflect our commitment to data security and are designed to align with industry best practices and applicable legal requirements. However, while we strive to implement and maintain secure systems, it is important to note that no security measures can provide absolute protection against all potential risks.

 

10. PRIVACY POLICY UPDATES

 

The Company reserves the right to modify or update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or other operational, legal, or regulatory reasons. Any updates, modifications, or changes to this Privacy Policy will be posted on our website, and the revised policy will become effective immediately upon its publication. Users are encouraged to review this Privacy Policy regularly to stay informed about how their personal data is protected and managed by the Company.

 

By continuing to use our website following the posting of any changes to this Privacy Policy, users acknowledge and agree to the updated terms. In the event of significant changes that materially impact how personal data is handled, the Company will take appropriate measures to ensure users are adequately informed. This may include providing advance notice through a prominent notice on the website, such as a banner or an email notification, where feasible, to give users the opportunity to review and understand the modifications.

 

The effective date of this Privacy Policy is November 04, 2024. Users are encouraged to check this date to confirm the currency of the information provided. If you have any questions or concerns regarding updates to this Privacy Policy, or if you wish to understand more about how we handle personal data, please reach out using the contact information provided in the "Contact Information" section of this Privacy Policy. The Company is committed to responding to all inquiries in a timely and comprehensive manner to uphold transparency and user trust.

 

11. CONTACT INFORMATION:

If you have any questions or concerns regarding this Privacy Policy, the processing of your personal data, or wish to exercise your data protection rights, please feel free to contact us. Our team is available to assist with any inquiries and ensure your rights under Qatar’s data protection laws are respected.

If you believe your data protection rights have been violated, you also have the right to file a complaint with Qatar’s regulatory authority responsible for data protection.

You may contact AST LLC at:

AST LLC

Office No. 226-02, Floor No. 2

Regus Business Centre, No. 65

Doha, Qatar

Email: support@gemspace.com

 

We are committed to responding promptly to all inquiries and requests related to personal data, typically within the legally specified timeframes.