Version 1.0 | Effective Date: February 24, 2026
Islamabad, Islamic Republic of Pakistan
1. INTRODUCTION AND SCOPE
Eregion Technologies ("we," "us," or "our") is committed to protecting the privacy and security of personal information entrusted to us. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with our technology products, platforms, and professional services (collectively, the "Services").
This Policy applies to individuals who visit our website, use our Services, or otherwise interact with us, whether as clients, prospective clients, or contacts. It should be read in conjunction with our Terms of Service.
Eregion Technologies operates internationally and complies with applicable data protection laws including the Pakistan Personal Data Protection Act (PDPA), the European Union General Data Protection Regulation (GDPR) where applicable, and other relevant privacy legislation. Where requirements differ across jurisdictions, we apply the higher standard of protection.
2. DATA CONTROLLER INFORMATION
Eregion Technologies acts as the data controller with respect to personal data collected through its website and direct business interactions. In the context of enterprise services, Eregion Technologies may act as a data processor on behalf of clients who are the data controllers.
For inquiries or to exercise your rights, contact our Data Privacy Officer at:
Data Privacy Officer
Eregion Technologies
Islamabad, Islamic Republic of Pakistan
3. INFORMATION WE COLLECT
3.1 Information You Provide Directly
- Identity data: name, job title, organization name;
- Contact data: business email address, phone number, mailing address;
- Account credentials: usernames and securely hashed passwords;
- Commercial data: billing information, payment methods, purchase history;
- Communications: correspondence, support requests, meeting notes, and survey responses;
- Project data: information provided in the course of delivering professional services, including requirements, specifications, and Client Data submitted to our platforms.
3.2 Information Collected Automatically
When you access our website or hosted Services, we automatically collect:
- Technical data: IP address, device identifiers, browser type and version, operating system;
- Usage data: pages visited, features accessed, time spent, navigation paths, clicks;
- Log data: server logs, error reports, and diagnostic data;
- Cookie data: as detailed in Section 8 of this Policy.
3.3 Information from Third Parties
We may receive information about you from business partners, data enrichment providers, referral sources, and publicly available sources such as professional networking platforms, in compliance with applicable law.
3.4 Sensitive Personal Data
We do not intentionally collect sensitive personal data (such as biometric data, health information, financial account numbers, or government-issued identity document numbers) unless expressly required under a specific engagement and subject to heightened protection measures and your explicit consent where required.
4. PURPOSES AND LEGAL BASIS FOR PROCESSING
We process personal data for the following purposes, relying on the legal bases identified:
- Service Delivery: To provide, operate, and maintain the Services, including account management and technical support. Legal basis: Performance of contract; legitimate interests.
- Billing and Administration: To process payments, manage invoicing, and maintain financial records. Legal basis: Performance of contract; compliance with legal obligations.
- Security and Fraud Prevention: To detect, prevent, and respond to security threats, fraud, and abuse. Legal basis: Legitimate interests; compliance with legal obligations.
- Product Improvement: To analyze usage patterns and improve our products and services, using aggregated and anonymized data wherever possible. Legal basis: Legitimate interests.
- Communications: To send service-related notices, respond to inquiries, and, where you have opted in, to send marketing communications about relevant products and services. Legal basis: Consent (marketing); legitimate interests (service communications).
- Legal Compliance: To comply with applicable laws, respond to lawful requests from authorities, enforce our agreements, and protect our legal rights. Legal basis: Compliance with legal obligations; legitimate interests.
- Research and Development: To conduct research into new technologies and service offerings using anonymized or aggregated data. Legal basis: Legitimate interests.
5. HOW WE SHARE INFORMATION
5.1 We Do Not Sell Your Data
Eregion Technologies does not sell, rent, or trade personal data to third parties for their independent marketing or commercial purposes.
5.2 Service Providers
We engage trusted third-party vendors to perform functions on our behalf, including cloud hosting, payment processing, customer support software, analytics, and email delivery. These vendors are contractually bound to process personal data only on our instructions and in accordance with this Policy.
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the successor entity, subject to equivalent privacy protections. We will provide notice of any such transfer.
5.4 Legal Requirements
We may disclose personal data where we believe in good faith that such disclosure is required by Applicable Law, court order, or governmental authority, or is necessary to protect the safety, rights, or property of Eregion Technologies, our clients, or the public.
5.5 With Your Consent
We may share your information with other parties where you have provided your explicit consent.
6. INTERNATIONAL DATA TRANSFERS
Eregion Technologies operates globally and may transfer personal data to countries outside your jurisdiction, including to countries that may not provide the same level of data protection as your home jurisdiction. Where we transfer personal data across borders, we implement appropriate safeguards, which may include:
- Adequacy decisions by relevant data protection authorities;
- Standard Contractual Clauses (SCCs) as approved by the European Commission;
- Binding Corporate Rules or other legally recognized transfer mechanisms;
- Data Processing Agreements with applicable cross-border data flow provisions.
Clients in the European Economic Area (EEA), United Kingdom, or other jurisdictions with transfer restrictions may request information about applicable safeguards by contacting our Data Privacy Officer.
7. DATA RETENTION
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, contractual, audit, and reporting requirements. The following general retention periods apply:
- Active client account data: retained for the duration of the client relationship plus seven (7) years for legal and tax compliance purposes;
- Prospective client and contact data: retained for up to three (3) years from the last meaningful interaction;
- Website usage and log data: retained for up to twelve (12) months;
- Marketing opt-in records: retained until withdrawal of consent plus three (3) years;
- Legal correspondence and dispute records: retained as required by Applicable Law.
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymized.
8. COOKIES AND TRACKING TECHNOLOGIES
8.1 Types of Cookies
We use the following categories of cookies and similar technologies on our website:
- Strictly Necessary Cookies: Essential for the operation of the website and cannot be disabled.
- Analytics Cookies: Used to understand how visitors interact with our website, helping us improve performance. These may be set by us or third-party analytics providers.
- Preference Cookies: Remember your choices and settings to enhance your experience.
- Marketing Cookies: Used to deliver relevant content and track the effectiveness of our communications, only where you have consented.
8.2 Your Choices
You may manage cookie preferences through your browser settings or our cookie consent tool. Disabling certain cookies may impact the functionality of our website. We honor Global Privacy Control (GPC) signals where technically feasible.
9. SECURITY
Eregion Technologies implements a comprehensive security program designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. Our measures include:
- Encryption in transit (TLS 1.2 or higher / HTTPS) and at rest using industry-standard algorithms;
- Multi-factor authentication (MFA) on administrative and production systems;
- Role-based access controls and the principle of least privilege, including no shared admin accounts;
- Regular vulnerability assessments, penetration testing, and security audits;
- Incident response planning and data breach notification procedures;
- Employee security awareness training and confidentiality obligations.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities within the timeframes required by Applicable Law.
10. YOUR PRIVACY RIGHTS
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- Right of Access: To request a copy of personal data we hold about you.
- Right to Rectification: To request correction of inaccurate or incomplete data.
- Right to Erasure: To request deletion of personal data where it is no longer necessary or where consent is withdrawn, subject to legal retention obligations.
- Right to Restriction: To request that we restrict processing of your data in certain circumstances.
- Right to Data Portability: To receive your personal data in a structured, machine-readable format.
- Right to Object: To object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: To lodge a complaint with a supervisory authority, including the National Commission for Personal Data Protection in Pakistan or the relevant supervisory authority in your jurisdiction.
To exercise any of these rights, please contact our Data Privacy Officer. We will respond to verifiable requests within the timeframes required by Applicable Law. We may require you to verify your identity before processing your request.
11. CHILDREN'S PRIVACY
Our Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor without verifiable parental consent, we will take steps to delete such data promptly. If you believe we may have collected information from a minor, please contact us immediately at info.eregion@gmail.com.
12. THIRD-PARTY LINKS AND INTEGRATIONS
Our website and Services may contain links to third-party websites and integrations with third-party platforms. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access. Eregion Technologies is not responsible for the privacy practices of third-party sites or services.
13. AUTOMATED DECISION-MAKING
Eregion Technologies may employ automated processing technologies, including machine learning systems, within its Services. Where automated processing produces decisions that have significant legal or similarly significant effects on individuals, we ensure that: (a) such processing is permitted under Applicable Law; (b) appropriate human oversight is maintained; and (c) individuals are informed of their right to contest automated decisions and to request human review.
We do not use personal data to train publicly available AI models without explicit client consent and appropriate contractual safeguards.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of material changes by posting the updated Policy on our website with a revised effective date, and where appropriate, by direct notification. Your continued use of the Services following such notice constitutes acceptance of the updated Policy.
15. CONTACT AND COMPLAINTS
For questions, concerns, or to exercise your privacy rights, please contact:
Data Privacy Officer
Eregion Technologies
Islamabad, Islamic Republic of Pakistan
We will acknowledge your request within five (5) business days and aim to resolve all inquiries within thirty (30) days, or within such a shorter period as required by Applicable Law. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority in your jurisdiction.