ITButler e-Services (“we,” “our,” “us”) is committed to protecting the privacy policy and security of our clients, partners, and website visitors. As a Managed Security Service Provider (MSSP) operating in Saudi Arabia, the UAE, and globally, we handle sensitive information with the highest standards of confidentiality, security, and compliance.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with:

• General Data Protection Regulation (GDPR) – EU/EEA
• Saudi Arabia’s Personal Data Protection Law (PDPL) and NDMO cybersecurity controls
• UAE Federal Data Protection Law and DIFC Data Protection Law (Dubai)
• Other applicable local and international regulations

1. Information We Collect

We collect and process personal data only when necessary for legitimate business, contractual, or regulatory purposes. This includes:

• Client information: contact details, contract, and billing information
• Service-related data: network logs, firewall logs, security alerts, telemetry data, access logs, incident data
• Website and marketing data: visitor analytics (cookies, IP, browser type), contact form submissions

We do not collect unnecessary personal information unless required for contractual or regulatory purposes.

2. Purpose of Processing

We process data for:

• Delivering MSSP services, including log monitoring and incident response
• Fulfilling contractual and compliance obligations
• Improving security platforms and dashboards
• Providing customer support and account management
• Sending service-related communications and updates
• Meeting legal and regulatory requirements

3. Legal Basis for Processing

Processing is based on:

• Contractual necessity
• Legitimate interest in improving security operations
• Legal obligation under GDPR, PDPL, NDMO, and DIFC
• Consent for optional marketing or services

4. Data Sharing and Transfers

We may share data only with:

• Authorized employees and SOC analysts
• Trusted vendors and partners under strict agreements
• Regulatory authorities, when legally required

International transfers are carried out only with adequate safeguards, such as GDPR Standard Contractual Clauses, PDPL requirements, or DIFC equivalents.

5. Data Retention

• Logs and telemetry: retained per client contract (commonly 12 months)
• Account and billing information: retained per statutory requirements
• Website analytics: retained for limited periods (12–24 months)

Data is securely deleted or anonymized once no longer required.

6. Data Security

We apply strong technical and organizational measures, including encryption, access control, SOC monitoring, intrusion detection, client data segregation, regular audits, and alignment with NDMO controls.

7. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete your data
• Restrict or object to processing
• Request data portability
• Withdraw consent where applicable
• File a complaint with a data protection authority

Contact us to exercise these rights.

8. Cookies and Tracking

We use cookies and similar technologies to improve website functionality and analyze traffic. You may manage preferences through your browser.

9. Cross-Border Data

For Saudi and UAE clients, we prioritize local data residency requirements. Cross-border transfers are minimized and safeguarded.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in laws or operations. The latest version will always be available on our website.

11. Contact Us

For questions about this Privacy Policy or data practices, please contact: ITButler e-Services
Email: info@itbutler.sa