Legal

Privacy Policy

Last updated 2026-05-17. We are a B2B technology consultancy and protect your data accordingly.

iVega Information Technology L.L.C. ("iVega," "we," "our," or "us") is a B2B digital transformation and AI consultancy headquartered in Dubai with regional offices in Poland, Jordan, and the United Kingdom. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you interact with our website at ivegagroup.com, our marketing communications, our enterprise services, or our owned platforms (GuestCast, ShortenFast, iVexa.ai).

We do not sell personal information, we do not engage in third-party advertising on our website, and we do not share data with advertising networks. Our processing is limited to what is necessary to deliver consulting engagements, owned products, and lawful business communications.

Definitions

  • Company: iVega Information Technology L.L.C., Level 41, Emirates Towers, Sheikh Zayed Road, Dubai, UAE - PO Box 31303.
  • Personal Data: any information that identifies, relates to, or could reasonably be linked to an identified or identifiable natural person.
  • Processing: any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, or erasure.
  • Service: our website at ivegagroup.com, regional subsites (ivega.pl, ivega.eu), and the owned platforms GuestCast, ShortenFast, and iVexa.ai.
  • Cookie: a small text file placed on your device by a website. We use only strictly necessary cookies and aggregated analytics cookies - no advertising cookies.

What Information We Collect

We collect personal information when you contact us, request a consultation, subscribe to communications, attend an event, or engage us for services. This includes:

  • Name
  • Business email
  • Job title and company
  • Phone (if provided)
  • Project context you share
  • Communications history

We also collect limited technical data automatically when you visit our website: IP address (truncated for analytics), browser type, pages visited, referral URL, and approximate location at the country level. We do not perform device fingerprinting or cross-site tracking.

How We Use Your Information

  • Respond to inquiries, proposals, and consultation requests.
  • Deliver consulting and software-development services under signed contracts.
  • Maintain ongoing client relationships, including account management and support.
  • Send service updates, contract communications, and (with your consent) infrequent newsletters.
  • Improve our website and services through aggregated, non-identifying analytics.
  • Comply with legal obligations (tax, accounting, regulatory).
  • Protect against fraud, abuse, and security threats.

Legal Basis for Processing (GDPR)

If you are in the EEA, UK, or Switzerland, our legal bases for processing your personal data are:

  • Contract: processing necessary to perform a contract with you or your organization (e.g., delivering services you engaged us for).
  • Legitimate Interests: for business-to-business communications, security, fraud prevention, and improving our services - balanced against your rights and freedoms.
  • Consent: for optional marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation: for tax, accounting, and regulatory compliance.

Sharing & Service Providers

We do not sell, rent, or trade your personal information. We share data only with vetted service providers acting on our behalf, under written data processing agreements, strictly limited to what is necessary to deliver our services:

  • Cloud hosting and infrastructure (e.g., AWS, Microsoft Azure, Google Cloud) for service delivery.
  • Email and communications (e.g., Microsoft 365, transactional email providers) for client correspondence.
  • CRM and project tooling for managing engagements and client relationships.
  • Analytics (privacy-respecting, aggregated) to understand site usage without identifying individuals.
  • Professional advisors (legal, accounting, audit) bound by confidentiality.

We may disclose personal information when required by law, court order, or to protect the rights, property, or safety of iVega, our clients, or others.

We never share data with advertisers, ad networks, data brokers, or marketing partners outside of contract delivery.

International Data Transfers

iVega operates across the UAE, EU (Poland), Jordan, and the UK. Personal data may be transferred to and processed in any country where iVega or its service providers operate. When data is transferred outside the EEA, UK, or other jurisdictions with restrictions on international transfers, we use safeguards including:

  • Standard Contractual Clauses approved by the European Commission.
  • UK International Data Transfer Agreement / Addendum where applicable.
  • Adequacy decisions where the receiving country provides equivalent protection.
  • Contractual safeguards with all sub-processors, including data minimization and security obligations.

Data Retention

We retain personal information only as long as necessary for the purposes set out in this Policy or as required by law. Typical retention periods:

  • Inquiry and consultation records: up to 24 months, then deleted unless converted to an engagement.
  • Client engagement records: for the duration of the engagement plus 6 years (or longer where required for legal, tax, or audit purposes).
  • Marketing subscriptions: until you unsubscribe, plus a short cooldown for suppression-list compliance.
  • Website analytics: aggregated, retained up to 26 months.
  • Security and access logs: typically 12 months for fraud and incident investigation.

Security

We apply administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include TLS encryption in transit, encryption at rest for sensitive data, least-privilege access controls, multi-factor authentication, supplier vetting, and routine security reviews.

No security measure is perfect. We will notify affected individuals and supervisory authorities of any personal data breach as required by applicable law.

Your GDPR Rights (EEA, UK, Switzerland)

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your data (the "right to be forgotten").
  • Restriction: request that we limit processing of your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent: for processing based on consent, at any time, without affecting prior lawful processing.
  • Lodge a complaint: with your local supervisory authority. For the UK, the ICO (ico.org.uk).

To exercise any of these rights, email [email protected]. We respond within 30 days.

California Residents (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know: request the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom we have shared it in the past 12 months.
  • Right to Delete: request deletion of your personal information, subject to legal exceptions.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Limit Sensitive PI Use: request that we limit use and disclosure of sensitive personal information.
  • Right to Opt-Out of Sale or Sharing: California residents have the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.
  • Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights.

To submit a verifiable consumer request, email [email protected] with the subject line "California Privacy Request." We will verify your identity using information you have previously provided to us and respond within 45 days (extendable by 45 days where reasonably necessary, with notice).

You may designate an authorized agent to make a request on your behalf. We require written authorization and verification of the agent's identity.

Children's Privacy

Our services are directed to businesses and professionals, not to children. We do not knowingly collect personal information from individuals under 16 (or under 13 where COPPA applies). If we learn we have inadvertently collected such information, we will delete it promptly. Parents or guardians may contact us at [email protected] to request review or deletion.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Material changes will be communicated by updating the "Last updated" date at the top of this Policy and, where appropriate, through a prominent notice on our website or by email. We encourage you to review this Policy periodically.

Contact Us

For any privacy-related question, request, or complaint, please contact:

Email [email protected]