What personal data does Sphere IT Global collect?

We collect personal data including your name, email address, phone number, and any messages you submit through our contact forms. We also collect usage data such as IP address, browser type, and pages visited.

How does Sphere IT Global use my personal data?

We use your personal data to respond to your inquiries, provide information about our IT solutions and services, and improve our customer service quality. Your information is never sold or shared for marketing purposes.

How long does Sphere IT Global retain my data?

We retain personal data only for as long as necessary to respond to your inquiry or fulfill the purpose for which it was collected. After that period, your data is securely deleted or anonymized.

What are my rights regarding my personal data?

You have the right to request access to your personal data, request correction or deletion of your data, and withdraw consent for data processing at any time. Contact us at info@sphereitglobal.com to exercise these rights.

Does Sphere IT Global use cookies?

Yes, we use cookies to enable basic website functionality and analyze website performance. These cookies do not collect personal data or track your identity. You can disable cookies in your browser settings.

Privacy Policy - Sphere IT Global

Sphere IT Consultants DWC-LLC (Sphere IT) is dedicated to ensuring that personal data is handled responsibly, securely, and in compliance with the UAE Personal Data Protection Law (PDPL). This policy establishes clear guidelines for collecting, processing, storing, and disposing of personal data, ensuring data security, confidentiality, and privacy rights.

The objective of this policy is to reinforce trust with employees, clients, and partners by promoting transparency in data handling and safeguarding sensitive information against unauthorized access or misuse.

Scope

This policy applies to all personal data processed by Sphere IT in the UAE and globally, regardless of the format or method of processing. It includes but is not limited to:

Employees, customers, partners, vendors, and other stakeholders whose personal data is collected, stored, or processed during the course of business operations.
All forms of data processing, including electronic databases, physical records, cloud-based storage, communication logs, customer interaction records, employee records, and financial transactions.
Internal and external sources of data, ensuring that both Sphere IT internal operations and any interactions with external parties comply with UAE data protection regulations.
Third-party service providers, contractors, and subsidiaries who process data on behalf of Sphere IT, requiring them to adhere to the same legal and regulatory standards as Sphere IT
Cross-border data transfers, ensuring that any data transmitted outside the UAE meets strict security measures and regulatory approval requirements to prevent unauthorized access or misuse.
Data collected through digital channels, including website analytics, customer feedback forms, email communications, and social media interactions.
Data used for internal and external reporting, analytics, and decision-making, ensuring that the appropriate anonymization and security measures are applied.
Personal data collected to comply with legal and regulatory requirements, including tax laws, employment laws, and industry standards.

This policy applies to all employees, associates, and external partners, irrespective of their location, ensuring that the privacy of individuals is safeguarded throughout the organization’s operations.

Responsibility

Sphere IT management holds the primary responsibility for ensuring compliance with this data privacy policy. They must establish security measures, implement data governance controls, and oversee compliance with UAE data protection laws. Employees and third-party service providers handling personal data are also required to adhere to this policy and complete periodic training on data privacy and security best practices.

Additionally, the company assigns Local Privacy Responsible (LPR) personnel in each department to monitor and ensure adherence to data privacy measures. The Data Privacy Team oversees all data privacy efforts, ensuring that data processing is aligned with best practices and regulatory requirements.

All employees, contractors, and third-party representatives must handle personal data in compliance with this policy. Failure to do so may result in disciplinary action, contract termination, or legal consequences.

Definitions

To provide clarity and consistency in data handling, the following definitions apply within this policy:

Personal Data: Any information relating to an identified or identifiable natural person. This includes, but is not limited to, names, phone numbers, email addresses, identification numbers, biometric data, financial details, and geolocation data.
Processing: Any action performed on personal data, whether automated or manual. This includes collecting, recording, organizing, storing, modifying, retrieving, analyzing, transmitting, disclosing, or erasing data.
Data Subject: The individual whose personal data is being collected, processed, or stored.
Data Controller: The entity Sphere IT that determines the purposes and means of personal data processing.
Data Processor: A third party or service provider that processes personal data on behalf of Sphere IT under contractual obligations.
Consent: A clear and affirmative action by the data subject to authorize the processing of their personal data for a specific purpose. Consent must be freely given, informed, and revocable at any time.
Sensitive Data: Special categories of personal data that require heightened security measures, including racial or ethnic origin, religious beliefs, political opinions, trade union membership, biometric data, health-related data, and financial records.
Data Breach: Any incident that results in the unauthorized access, loss, destruction, alteration, or disclosure of personal data.
Anonymization: A process by which personal data is modified to prevent identification of an individual, ensuring irreversible de-identification.
Pseudonymization: The technique of replacing identifiable data elements with pseudonyms, allowing limited re-identification under controlled conditions.
Privacy Impact Assessment (PIA): A systematic review process to evaluate the risks and implications of data processing activities.
Records of Processing Activities (ROPA): A documented record of all processing activities carried out by the company in compliance with UAE PDPL.

By establishing clear definitions , Sphere IT ensures consistent interpretation and implementation of data protection principles across all operational areas.

Data Security and Confidentiality

Sphere IT applies strict technical and organizational measures to protect personal data. Access to data is granted only to authorized personnel based on their role and necessity. Data is encrypted during storage and transmission, and employees handling personal data are required to follow strict confidentiality guidelines. Security audits and compliance checks are performed regularly to prevent unauthorized access or breaches. Additionally, the organization implements a Privacy by Design approach, ensuring that data protection measures are integrated into all systems and processes from inception.

Sphere IT also maintains Records of Processing Activities (ROPA) to ensure compliance with the UAE PDPL and monitor how personal data is managed throughout the organization.

Data Transfers

Sphere IT may transfer personal data outside the UAE under specific conditions that ensure the continued protection of such data. These include:

Adequate Protection: Transfers are made to countries or entities that provide an adequate level of protection as recognized by the UAE Data Office.
Contractual Safeguards: Where adequacy is not recognized Sphere IT relies on legally binding instruments such as Standard Contractual Clauses, data sharing agreements, or other approved mechanisms that enforce equivalent levels of protection.
Explicit Consent: In cases where a data subject provides informed and unambiguous consent, and where such transfer is not prohibited by law.
Legal and Regulatory Requirement: Transfers required for the performance of a contract, legal claims, or substantial public interest may also be permitted.

Before any transfer takes place, Sphere IT ensures the risk is assessed through a transfer impact assessment and the necessary technical and organizational safeguards are in place. Any third parties receiving personal data must be contractually obligated to comply with data protection standards equivalent to those upheld by Sphere IT

Data Subject Rights

Sphere IT recognizes the following rights of data subjects under UAE PDPL:

Right to Access: Data subjects can request a copy of their personal data held by Sphere IT
Right to Correction: Individuals may request correction of inaccurate or outdated data.
Right to Erasure: Data subjects can request deletion of personal data where legally applicable.
Right to Restriction or Objection: Individuals may restrict or object to data processing under certain conditions.
Right to Withdraw Consent: If processing is based on consent, data subjects can withdraw their consent at any time.

Requests must be submitted in writing, and Sphere IT will verify the requester’s identity before taking action.

Data Breach Reporting and Incident Management

Sphere IT takes data breaches seriously and has a structured response plan. In the event of a suspected or confirmed data breach:

The incident is reported immediately to management and the Data Protection Officer.
An investigation is conducted to assess the impact and determine corrective measures.
If required, regulatory authorities and affected individuals are notified in compliance with UAE PDPL.
Security measures are reviewed and reinforced to prevent future breaches.

Compliance and Monitoring

Sphere IT maintains an active data protection compliance program that is overseen by the designated Data Protection Officer (DPO). This includes:

Routine Audits and Risk Assessments: Internal and external audits are conducted to identify compliance gaps, with corrective actions implemented promptly.
Records and Documentation: Detailed logs and records of processing activities are maintained to provide evidence of compliance, especially where Sphere IT acts as a Data Controller or Processor.
Data Incident Management: A structured incident response plan is in place to detect, investigate, contain, and report any data protection breaches. This includes notifying authorities and impacted individuals where necessary.
Third-party Risk Management: Contracts with vendors and service providers include strict data protection clauses. Due diligence is carried out regularly to assess compliance levels.
Awareness and Training: All employees receive mandatory annual training on data protection, cybersecurity, and incident reporting. Specific modules are delivered based on department and role.
Governance Oversight: A Data Privacy Governance Committee ensures policies remain current and effective, and reports directly to executive leadership on compliance status and risk.

Failure to comply with this policy or related laws may result in disciplinary action, contract termination, regulatory penalties, and reputational damage.

Review and Updates

This policy is reviewed annually and updated as required to align with UAE data protection laws, business needs, or emerging cybersecurity threats.

Communication

For any clarification or Request, the User can contact LPR by Emailing to Info-SecSphereIT@sphereitglobal.com

All Request will be Reviewed and Reverted within 3 working Days.

Scope

This policy applies to all personal data processed by Sphere IT in the UAE and globally, regardless of the format or method of processing. It includes but is not limited to:

Employees, customers, partners, vendors, and other stakeholders whose personal data is collected, stored, or processed during the course of business operations.
All forms of data processing, including electronic databases, physical records, cloud-based storage, communication logs, customer interaction records, employee records, and financial transactions.
Internal and external sources of data, ensuring that both Sphere IT internal operations and any interactions with external parties comply with UAE data protection regulations.
Third-party service providers, contractors, and subsidiaries who process data on behalf of Sphere IT, requiring them to adhere to the same legal and regulatory standards as Sphere IT
Cross-border data transfers, ensuring that any data transmitted outside the UAE meets strict security measures and regulatory approval requirements to prevent unauthorized access or misuse.
Data collected through digital channels, including website analytics, customer feedback forms, email communications, and social media interactions.
Data used for internal and external reporting, analytics, and decision-making, ensuring that the appropriate anonymization and security measures are applied.
Personal data collected to comply with legal and regulatory requirements, including tax laws, employment laws, and industry standards.

Responsibility

Definitions

To provide clarity and consistency in data handling, the following definitions apply within this policy:

Personal Data: Any information relating to an identified or identifiable natural person. This includes, but is not limited to, names, phone numbers, email addresses, identification numbers, biometric data, financial details, and geolocation data.
Processing: Any action performed on personal data, whether automated or manual. This includes collecting, recording, organizing, storing, modifying, retrieving, analyzing, transmitting, disclosing, or erasing data.
Data Subject: The individual whose personal data is being collected, processed, or stored.
Data Controller: The entity Sphere IT that determines the purposes and means of personal data processing.
Data Processor: A third party or service provider that processes personal data on behalf of Sphere IT under contractual obligations.
Consent: A clear and affirmative action by the data subject to authorize the processing of their personal data for a specific purpose. Consent must be freely given, informed, and revocable at any time.
Sensitive Data: Special categories of personal data that require heightened security measures, including racial or ethnic origin, religious beliefs, political opinions, trade union membership, biometric data, health-related data, and financial records.
Data Breach: Any incident that results in the unauthorized access, loss, destruction, alteration, or disclosure of personal data.
Anonymization: A process by which personal data is modified to prevent identification of an individual, ensuring irreversible de-identification.
Pseudonymization: The technique of replacing identifiable data elements with pseudonyms, allowing limited re-identification under controlled conditions.
Privacy Impact Assessment (PIA): A systematic review process to evaluate the risks and implications of data processing activities.
Records of Processing Activities (ROPA): A documented record of all processing activities carried out by the company in compliance with UAE PDPL.

By establishing clear definitions , Sphere IT ensures consistent interpretation and implementation of data protection principles across all operational areas.

Data Security and Confidentiality

Sphere IT also maintains Records of Processing Activities (ROPA) to ensure compliance with the UAE PDPL and monitor how personal data is managed throughout the organization.

Data Transfers

Sphere IT may transfer personal data outside the UAE under specific conditions that ensure the continued protection of such data. These include:

Adequate Protection: Transfers are made to countries or entities that provide an adequate level of protection as recognized by the UAE Data Office.
Contractual Safeguards: Where adequacy is not recognized Sphere IT relies on legally binding instruments such as Standard Contractual Clauses, data sharing agreements, or other approved mechanisms that enforce equivalent levels of protection.
Explicit Consent: In cases where a data subject provides informed and unambiguous consent, and where such transfer is not prohibited by law.
Legal and Regulatory Requirement: Transfers required for the performance of a contract, legal claims, or substantial public interest may also be permitted.

Data Subject Rights

Sphere IT recognizes the following rights of data subjects under UAE PDPL:

Right to Access: Data subjects can request a copy of their personal data held by Sphere IT
Right to Correction: Individuals may request correction of inaccurate or outdated data.
Right to Erasure: Data subjects can request deletion of personal data where legally applicable.
Right to Restriction or Objection: Individuals may restrict or object to data processing under certain conditions.
Right to Withdraw Consent: If processing is based on consent, data subjects can withdraw their consent at any time.

Requests must be submitted in writing, and Sphere IT will verify the requester’s identity before taking action.

Data Breach Reporting and Incident Management

Sphere IT takes data breaches seriously and has a structured response plan. In the event of a suspected or confirmed data breach:

The incident is reported immediately to management and the Data Protection Officer.
An investigation is conducted to assess the impact and determine corrective measures.
If required, regulatory authorities and affected individuals are notified in compliance with UAE PDPL.
Security measures are reviewed and reinforced to prevent future breaches.

Compliance and Monitoring

Sphere IT maintains an active data protection compliance program that is overseen by the designated Data Protection Officer (DPO). This includes:

Routine Audits and Risk Assessments: Internal and external audits are conducted to identify compliance gaps, with corrective actions implemented promptly.
Records and Documentation: Detailed logs and records of processing activities are maintained to provide evidence of compliance, especially where Sphere IT acts as a Data Controller or Processor.
Data Incident Management: A structured incident response plan is in place to detect, investigate, contain, and report any data protection breaches. This includes notifying authorities and impacted individuals where necessary.
Third-party Risk Management: Contracts with vendors and service providers include strict data protection clauses. Due diligence is carried out regularly to assess compliance levels.
Awareness and Training: All employees receive mandatory annual training on data protection, cybersecurity, and incident reporting. Specific modules are delivered based on department and role.
Governance Oversight: A Data Privacy Governance Committee ensures policies remain current and effective, and reports directly to executive leadership on compliance status and risk.

Failure to comply with this policy or related laws may result in disciplinary action, contract termination, regulatory penalties, and reputational damage.

Review and Updates

This policy is reviewed annually and updated as required to align with UAE data protection laws, business needs, or emerging cybersecurity threats.

Communication

For any clarification or Request, the User can contact LPR by Emailing to Info-SecSphereIT@sphereitglobal.com

All Request will be Reviewed and Reverted within 3 working Days.

Privacy Policy

Scope

Responsibility

Definitions

Data Security and Confidentiality

Data Transfers

Data Subject Rights

Data Breach Reporting and Incident Management

Compliance and Monitoring

Review and Updates

Communication

Let's build your next IT success story together.

Privacy Policy

Scope

Responsibility

Definitions

Data Security and Confidentiality

Data Transfers

Data Subject Rights

Data Breach Reporting and Incident Management

Compliance and Monitoring

Review and Updates

Communication

Let's build your next IT success story together.

Objective

Scope

Responsibility

Definitions

Data Security and Confidentiality

Data Transfers

Data Subject Rights

Data Breach Reporting and Incident Management

Compliance and Monitoring

Review and Updates

Communication

Let's build your next IT success story together.

Objective

Scope

Responsibility

Definitions

Data Security and Confidentiality

Data Transfers

Data Subject Rights

Data Breach Reporting and Incident Management

Compliance and Monitoring

Review and Updates

Communication

Let's build your next IT success story together.