Scroll to top

Privacy Policy

"Bridging global markets and innovative technologies, delivering value and sustainable growth."

Last Updated: February 2026

Victoria Technology & Consulting ("VTC", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), the Kingdom of Saudi Arabia Personal Data Protection Law (Saudi PDPL), the United States California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable international data protection laws.

1. Information We Collect

We may collect and process the following categories of personal data:

1.1 Personal Identification Information
  • Name, email address, phone number
  • Company name and job title
  • Postal address and billing information
  • Professional credentials and qualifications
1.2 Technical Information
  • IP address and browser type
  • Device information and operating system
  • Cookies and similar tracking technologies
  • Website usage data and analytics
1.3 Communication Data
  • Correspondence via email, phone, or online forms
  • Feedback, inquiries, and support requests
  • Meeting notes and consultation records

2. How We Use Your Information

We process your personal data for the following purposes, based on legitimate legal grounds:

2.1 Service Delivery (Contract Performance)
  • Providing consulting and technology services
  • Processing appointments and service requests
  • Managing client relationships and projects
  • Delivering requested information and documentation
2.2 Communication (Legitimate Interest)
  • Responding to inquiries and support requests
  • Sending service updates and notifications
  • Providing technical support and assistance
2.3 Marketing (Consent)
  • Sending newsletters and promotional materials (with your consent)
  • Informing you about new services and offerings
  • Conducting market research and surveys
2.4 Legal Compliance
  • Complying with legal obligations and regulations
  • Protecting our legal rights and interests
  • Preventing fraud and ensuring security

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds, as applicable under EU, GCC, US, and international data protection laws:

  • Consent: You have given clear consent for us to process your personal data for specific purposes. You may withdraw consent at any time.
  • Contract: Processing is necessary for a contract we have with you, or to take steps at your request before entering into a contract.
  • Legal Obligation: Processing is necessary to comply with applicable laws, including UAE Federal Decree-Law No. 45 of 2021, GDPR, CCPA/CPRA, and other jurisdictional requirements.
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided such interests do not override your fundamental rights and freedoms.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

4.1 Service Providers
  • Cloud hosting and IT infrastructure providers
  • Email and communication service providers
  • Analytics and performance monitoring services
  • Payment processors and financial institutions
4.2 Business Partners
  • Technology partners and OEM suppliers (with your consent)
  • Subcontractors for project delivery
  • Professional advisors (lawyers, accountants, auditors)
4.3 Legal Requirements
  • Government authorities and regulatory bodies
  • Law enforcement agencies when legally required
  • Courts and dispute resolution bodies

We ensure all third parties respect the security of your personal data and treat it in accordance with the law. We only allow them to process your data for specified purposes and in accordance with our instructions. All third-party processors are bound by data processing agreements consistent with GDPR, UAE PDPL, and other applicable regulations.

5. International Data Transfers

VTC operates across the UAE, Nigeria, and internationally. Your data may be transferred to, stored, or processed in countries outside your country of residence, including countries outside the European Economic Area (EEA) and the Gulf Cooperation Council (GCC) region.

When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission or equivalent regulatory authority
  • Binding Corporate Rules or other approved transfer mechanisms
  • Compliance with UAE PDPL cross-border transfer requirements, including approval from the UAE Data Office where required
  • Compliance with Saudi PDPL requirements for transfers outside the Kingdom

Regardless of where your data is processed, we apply the same level of protection as described in this policy.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response and breach notification procedures in accordance with GDPR (72-hour notification), UAE PDPL, and other applicable breach notification laws
  • Regular backups and disaster recovery plans

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law, including:

  • Client Data: Duration of the business relationship plus 7 years for legal and accounting purposes
  • Marketing Data: Until you withdraw consent or request deletion
  • Website Analytics: 26 months from collection
  • Communication Records: 3 years from last contact

Upon expiration of the retention period, personal data is securely deleted or anonymized in accordance with applicable regulations.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

8.1 Rights Under EU GDPR

If you are in the European Economic Area (EEA) or the United Kingdom, you have the right to:

  • Access your personal data and obtain a copy
  • Rectify inaccurate or incomplete data
  • Erase your personal data ("right to be forgotten") under certain circumstances
  • Restrict processing of your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests or for direct marketing
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local supervisory authority
8.2 Rights Under UAE and GCC Data Protection Laws

If you are in the United Arab Emirates or other GCC states, under the UAE Federal Decree-Law No. 45 of 2021 (UAE PDPL) and similar GCC regulations, you have the right to:

  • Access your personal data held by us
  • Rectify inaccurate personal data
  • Erase your data when it is no longer necessary for the purpose for which it was collected
  • Restrict or stop processing of your personal data
  • Request transfer of your data to another controller
  • Withdraw consent at any time
  • Lodge a complaint with the UAE Data Office or relevant GCC authority
8.3 Rights Under US Privacy Laws (CCPA/CPRA)

If you are a resident of California or another US state with applicable privacy legislation, you have the right to:

  • Know what personal information we collect, use, disclose, and sell
  • Delete personal information we have collected from you
  • Opt out of the sale or sharing of your personal information (VTC does not sell personal data)
  • Correct inaccurate personal information
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights
  • Limit use of sensitive personal information to purposes necessary for providing our services

To exercise your CCPA/CPRA rights, you may contact us using the details provided below. We will verify your identity before processing your request and respond within 45 days as required by law.

8.4 Rights Under Other International Laws

If you are located in Nigeria, we comply with the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act 2023. If you are located in other jurisdictions with applicable data protection laws, we will honour the data subject rights granted to you under those laws.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within the timeframe required by applicable law.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device. We use:

9.1 Essential Cookies

Required for website functionality and security. These do not require consent.

9.2 Performance Cookies

Help us understand how visitors interact with our website.

9.3 Functional Cookies

Remember your preferences and settings.

9.4 Marketing Cookies

Track your activity to deliver relevant advertisements (deployed only with your prior consent, in accordance with GDPR and the ePrivacy Directive).

You can control cookie settings through your browser preferences. You may also withdraw your cookie consent at any time. However, disabling certain cookies may affect website functionality.

10. Do Not Track & Global Privacy Control

We respect browser-based opt-out signals. Where we detect a Global Privacy Control (GPC) signal, we treat it as a valid opt-out request under CCPA/CPRA and similar laws. Some browsers offer "Do Not Track" signals; while there is no universal standard for DNT, we endeavour to honour such preferences where technically feasible.

11. Children's Privacy

Our services are not directed to individuals under the age of 16 (or 13 in jurisdictions where that is the applicable age threshold). We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately and we will take steps to delete such data.

12. Automated Decision-Making

VTC does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. If this changes in the future, we will update this policy and provide the necessary disclosures and rights as required by GDPR, UAE PDPL, and other applicable laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Where required by law, we will seek your renewed consent for material changes to the way we process your data. We encourage you to review this Privacy Policy periodically.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Victoria Technology & Consulting

Address: Dubai Aviation City, United Arab Emirates

Phone: +971 56 399 6969

Email: gianluca.bariona@victoriatek.com

Website: www.victoriatek.com

15. Data Protection Officer

For data protection inquiries, you may contact our Data Protection Officer at: gianluca.bariona@victoriatek.com

16. Supervisory Authorities

Depending on your location, you may file a complaint with the relevant data protection authority:

  • EU/EEA: Your local Data Protection Authority (full list available at edpb.europa.eu)
  • United Arab Emirates: UAE Data Office (emiratesdata.gov.ae)
  • Nigeria: Nigeria Data Protection Commission (NDPC)
  • United States: California Attorney General (for CCPA/CPRA), or your state attorney general