Privacy Policy

We use the information we collect for the following purposes:

• To respond to enquiries, schedule demonstrations, and provide information about our services
• To deliver and administer cybersecurity services and related products to clients
• To send service-related communications, security advisories, and account notifications
• To send marketing communications where you have given consent or we have a legitimate interest
• To improve, personalise, and develop our website and service offerings
• To detect, prevent, and investigate security incidents, fraud, or violations of our terms
• To comply with applicable laws, regulations, and legal obligations

Where the EU General Data Protection Regulation (GDPR) applies, we process your personal data on the following legal bases:

• Contract: Processing necessary to perform a contract with you or to take pre-contractual steps
• Legitimate interests: Processing for our legitimate business interests where these are not overridden by your rights (e.g., improving our services, fraud prevention, direct marketing to business contacts)
• Consent: Where you have given us clear, specific consent (e.g., subscribing to marketing communications)
• Legal obligation: Processing required to comply with applicable law

We do not sell, trade, or rent your personal information to third parties. We may share your information in limited circumstances:

• Service Providers: We engage trusted third-party vendors (e.g., cloud hosting, email delivery, CRM, and analytics providers) who process data on our behalf under strict data processing agreements
• Professional Advisors: Lawyers, accountants, and auditors where necessary for legal or compliance purposes
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to the acquirer's commitment to honour this policy
• Legal Requirements: Where disclosure is required by applicable law, court order, or governmental authority
• Protection of Rights: Where disclosure is necessary to protect the rights, property, or safety of Vigilix, our clients, or the public

Vigilix is based in the United Arab Emirates. If you are accessing our services from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, please be aware that your information may be transferred to and processed in the UAE or other countries.

Where such transfers involve personal data originating from the EEA or UK, we implement appropriate safeguards including Standard Contractual Clauses or other legally recognised transfer mechanisms.

We retain personal information for as long as necessary to fulfil the purposes outlined in this policy and to comply with our legal obligations:

• Contact form and enquiry data: Up to 3 years from last interaction
• Client and contract data: Duration of the engagement plus 7 years for legal and audit purposes
• Website analytics data: Up to 24 months in aggregate or anonymised form
• Marketing consent records: Until consent is withdrawn plus 1 year

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data, subject to legal retention obligations
• Restriction: Request that we limit processing of your data in certain circumstances
• Data Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdrawal of Consent: Withdraw consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@vigilixcyberservices.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We implement industry-standard administrative, technical, and physical safeguards designed to protect your information against unauthorised access, disclosure, alteration, and destruction. As a cybersecurity company, information security is central to our operations. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Our website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party websites you visit. We are not responsible for the privacy practices or content of such sites.

Our website and services are intended for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy regularly. Your continued use of the website following any update constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: