LEGAL · PDPPL & GDPR ALIGNED

Privacy Policy

How Vantage Technologies LLC collects, uses, stores, and protects personal data — under Qatar PDPPL (Law No. 13 of 2016) and the EU GDPR where applicable.

Last updated: 3 May 2026

1. Who we are

This Privacy Policy describes how Vantage Technologies LLC ("Vantage", "we", "us", "our"), a company registered in the State of Qatar with its registered office at Level 21, Doha Tower, West Bay, Doha, Qatar, processes personal data in connection with our governance, risk, and compliance (GRC) software platform and consultancy services delivered via vantage.com.qa.

For the purposes of Qatar Law No. 13 of 2016 on the Protection of Personal Data Privacy ("PDPPL") and, where applicable, the EU General Data Protection Regulation ("GDPR"), Vantage is the data controller of the personal data we process about visitors to our website, leads, and customers.

2. Personal data we collect

We collect the minimum personal data required for the purposes described below. Specifically:

  • Identity & contact data — first name, surname, email address, organisation name, role/title — when you complete a contact form, request a demo, or take one of our free readiness assessments.
  • Assessment response data — your answers to questions in our NIA, PDPPL, or ictQATAR readiness assessments. We process these to generate your personalised score and report.
  • Technical data — IP address, browser type, device type, referring URL, pages visited, timestamps. Collected automatically through server logs and (with your consent) analytics cookies.
  • Communications data — content of emails or messages you send to us, plus any responses we send.

3. Lawful basis for processing

Under PDPPL and GDPR, we rely on the following lawful bases:

  • Consent (PDPPL Article 4; GDPR Article 6(1)(a)) — for analytics cookies, marketing communications, and the email address you provide to receive your assessment report.
  • Performance of a contract or pre-contractual steps (GDPR Article 6(1)(b)) — when you request a demo, request a quote, or become a customer.
  • Legitimate interests (GDPR Article 6(1)(f)) — for site security, fraud prevention, and to send you relevant follow-up about Qatar GRC topics where you have actively engaged with us. You can object at any time.
  • Legal obligation (GDPR Article 6(1)(c)) — where required to comply with applicable law (e.g. tax records, regulatory enquiries).

4. Why we process your personal data

We use personal data for the following purposes:

  • Responding to enquiries and demo requests submitted through our contact form.
  • Generating and delivering your readiness assessment results, including emailing a summary of your score.
  • Operating, maintaining, and improving the vantage.com.qa website and our underlying GRC platform.
  • Sending follow-up communications about Qatar regulatory developments where you have engaged with us (you may opt out at any time).
  • Investigating and responding to security incidents and complaints.
  • Complying with legal obligations, including any reporting required under PDPPL or other Qatar law.

5. Who we share data with

We do not sell your personal data. We share it only with the following categories of recipients, and only to the extent necessary:

  • Service providers — vendors that help us operate the website and process form submissions (e.g. Formspree for form handling, Vercel for website hosting, Google Analytics for traffic analytics where you have consented). These vendors act as data processors and are bound by contractual obligations consistent with PDPPL and (where relevant) GDPR.
  • Professional advisors — lawyers, auditors, and accountants where required.
  • Regulators & authorities — where we are legally required to disclose information (for example, to NCSA or NDPO if reporting a personal data breach under PDPPL).
  • Successors in interest — in the event of a merger, acquisition, or sale of assets, where personal data may be transferred subject to equivalent protections.

6. International transfers

Some of our service providers (notably Google Analytics, Vercel, and Formspree) process data outside Qatar — including in the European Union and the United States. Where we transfer personal data internationally, we rely on appropriate safeguards including standard contractual clauses and the recipient's compliance with comparable data protection regimes.

If you are a Qatar resident and have specific concerns about international transfers, please contact us using the details below.

7. How long we keep your data

We retain personal data only as long as necessary for the purposes for which it was collected, plus any period required by law:

  • Contact form enquiries: up to 24 months from your last interaction.
  • Assessment results and lead data: up to 24 months from your last interaction; longer if you become a customer or expressly consent.
  • Customer records: for the duration of the relationship plus 7 years (consistent with Qatar tax and commercial record-keeping requirements).
  • Server and security logs: typically 12 months.
  • Cookie consent records: until you change your preferences (stored locally in your browser).

8. Your rights

Under PDPPL Articles 7 to 10 and (where applicable) GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to withdraw consent — for any processing where consent is the lawful basis; withdrawal does not affect prior lawful processing.
  • Right to object — to processing based on our legitimate interests, including direct marketing.
  • Right to erasure / restriction — in defined circumstances under GDPR (and analogous protections under PDPPL).
  • Right to data portability — under GDPR, where the processing is by automated means and based on consent or contract.
  • Right to lodge a complaint — with the National Data Privacy Office (NDPO) of NCSA in Qatar, or with your EU/UK supervisory authority if you are based there.

9. Security of your data

We implement organisational and technical security measures appropriate to the nature, volume, and sensitivity of the personal data we process. These include role-based access control, encryption of data in transit, secure code review, vulnerability management, and incident response procedures aligned to ISO 27001:2022 controls.

No transmission over the internet is fully secure. While we apply industry-standard safeguards, we cannot guarantee absolute security. If you become aware of a security incident affecting your data with us, please contact us immediately.

10. Cookies and tracking

We use cookies and similar technologies to operate the site, remember your preferences, and (with your consent) measure traffic. For full detail on the categories and specific cookies used, please see our Cookie Policy.

11. Changes to this policy

We may update this Privacy Policy from time to time. The current version is dated 3 May 2026. Where changes are material, we will draw attention to them on the website or, where appropriate, contact you directly.

12. How to contact us

For any privacy-related question or to exercise any of the rights described above, please contact us at:

  • Vantage Technologies LLC
  • Level 21, Doha Tower, West Bay, Doha, State of Qatar
  • Email: hello@grcvantage.com
  • Or via our contact page.

We will respond to your request within the timelines set by applicable law (typically 30 days under PDPPL/GDPR; we aim to respond sooner where possible).

Questions about how Vantage handles your data?

Contact our team