Privacy Policy

1. Who we are

Vionex Digital Solutions ("Vionex", "we", "us") designs and deploys enterprise AI, data infrastructure, and digital platforms for healthcare, government, and enterprise clients across the MENA region. We are the data controller for personal information we collect through this website (vionex.digital) and through our directly-operated SaaS products.

For enterprise deployments hosted on a client's own infrastructure or under a separate Data Processing Agreement, Vionex acts as a data processor and the client is the controller.

2. Information we collect

Information you give us

• Contact data when you complete the Let's Talk form (name, work email, phone, company, message).
• Account data when you log in to a Vionex product (name, email, role, organisation, authentication tokens).
• Communication data from email, LinkedIn, WhatsApp, or scheduled calls.

Information collected automatically

• Technical data: IP address, device type, browser, OS, referrer URL, language preference.
• Usage data: pages viewed, session duration, click events, error reports.
• Cookie data: see section 9.

3. How and why we use information

We use personal information to:

• Respond to enquiries and provide requested services.
• Operate, secure, and improve our products and website.
• Comply with legal, accounting, and regulatory obligations.
• Detect and prevent fraud, abuse, and security incidents.
• Send service-related notifications (billing, security alerts, downtime).
• Send marketing communications only with your consent — you can withdraw consent at any time.

4. Legal bases

Depending on the applicable jurisdiction, our processing is grounded in one or more of:

• Consent — for marketing, optional cookies, and any processing where consent is specifically required.
• Contract — to provide a Vionex product or fulfil a signed agreement.
• Legal obligation — to comply with applicable laws including the Saudi PDPL, UAE Federal Decree-Law 45/2021, Bahrain Law 30/2018, Qatar Law 13/2016, Egypt Law 151/2020, and equivalents.
• Legitimate interests — to secure our infrastructure, prevent abuse, and improve our services in ways you would reasonably expect.

5. Sharing and disclosure

We do not sell personal data. We share it only with:

• Sub-processors who provide hosting, email delivery, analytics, or customer-support infrastructure under contract. Current key sub-processors include cloud providers in the EU and MENA regions.
• Professional advisers (auditors, lawyers) bound by confidentiality.
• Authorities when required by valid legal process or to protect rights and safety.
• Successors in connection with a merger, acquisition, or asset sale — in which case your data continues to be protected by an equivalent policy.

6. Retention and deletion

We retain personal data only for as long as needed for the purposes set out in this policy or as required by law. Typical retention windows:

• Sales enquiries: 24 months from last interaction.
• Customer account data: duration of the contract plus 6 years for tax/audit.
• Web analytics: aggregated after 14 months; raw IP addresses truncated at collection.
• Marketing consent records: until consent is withdrawn, plus a short suppression-list retention to honour the withdrawal.

You may request earlier deletion under section 8.

7. Security

We use technical and organisational measures appropriate to the sensitivity of the data, including TLS in transit, encryption at rest for sensitive fields, role-based access control, scoped API tokens, and audit logging. No system is perfectly secure; we strive to notify affected users without undue delay when a breach is reasonably likely to result in a high risk to your rights.

8. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete personal data ("right to erasure").
• Restrict or object to processing.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.
• Receive your data in a portable format.
• Lodge a complaint with your local data-protection authority (e.g., SDAIA in Saudi Arabia, NDMO/UAE Data Office in the UAE, PDPC in Bahrain).

To exercise any of these rights, email privacy@vionex.digital. We respond within 30 days.

9. Cookies and similar technologies

We use a small number of first-party cookies and similar technologies. Categories:

• Strictly necessary — session, security, and language preference. Always on; cannot be disabled.
• Analytics — anonymised page-view counters to understand which pages are useful. Optional, off until you accept.
• Marketing — none on this site at the time of publication. If we add any in the future, we will surface them in the consent banner before they fire.

10. International transfers

Some sub-processors host data in the European Union or other jurisdictions outside your home country. Where a transfer is subject to MENA data-residency rules (e.g., Saudi PDPL Article 29, UAE Federal Decree 45/2021), we apply contractual safeguards and only transfer data with a valid lawful basis. Enterprise customers with strict residency requirements can request EU- or MENA-only hosting under a Data Processing Agreement.

11. Children

Vionex's website and products are intended for business users. We do not knowingly collect data from children under 18. If you believe we have, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. We will publish the new version here and update the "Effective" date at the top. Material changes will be highlighted with a banner on the home page for at least 30 days.

13. Contact us

For privacy questions, requests, or complaints:

• Email: privacy@vionex.digital
• General: info@vionex.digital
• Phone: +20 10 60093030
• LinkedIn: linkedin.com/company/vionex-digital-solutions