1. Introduction

Welcome to Peritum International (“Peritum,” “we,” “us,” or “our”). As a premier engineering and project management firm with global operations, we are committed to protecting the privacy and security of the personal data we collect and process. This Privacy Policy25 outlines our practices concerning the collection, use, disclosure, and protection of your personal information.26

This policy applies to personal data collected through our website, during the provision of our services, in our business dealings, and through our recruitment processes across our operational areas in Central Asia, the Middle East, and India. We are dedicated to ensuring that our data processing activities comply with applicable data protection laws, including the General Data Protection Regulation (GDPR)27 as a standard of best practice, and the specific legal requirements of Kazakhstan, the United Arab Emirates (UAE), the Kingdom of Saudi Arabia (KSA), and India.

2. Information We Collect

We may collect and process the following categories of personal data:

• Identity and Contact Data: This includes your full name, email address, telephone number, job title, and the name of your organization.
• Client and Project Data: We may process personal information provided by our clients or on their behalf to deliver our engineering and project management services. This can include data of our clients’ employees, contractors, or other third parties involved in a project.
• Recruitment Data: If you apply for a position with Peritum, we will collect your curriculum vitae (CV), resume, cover letter, and any other information you provide during the application and interview process. This may include your employment history, educational background, and professional certifications.
• Website and Technical Data: When you visit our website, we may automatically collect technical information, including your IP address, browser type and version, time zone setting,28 and operating system. We may also collect information about your visit, such as the pages you viewed and your interaction with our site.
• Supplier and Partner Data: We collect contact details and other professional information of individuals working for our suppliers and business partners to manage our commercial relationships.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

• To Provide and Manage Our Services: To deliver our engineering, design, and project management solutions, including responding to inquiries, preparing proposals and bids, and managing projects.
• Client Relationship Management: To maintain and manage our relationships with existing and potential clients, including for communication and informational purposes.
• Recruitment and Human Resources: To assess the suitability of candidates for employment, manage our hiring process, and for onboarding successful applicants.
• Business Operations: For our internal administrative and operational purposes, such as ensuring the security of our IT systems and complying with our legal and regulatory obligations.
• Website Improvement: To analyze how our website is used in order to improve its functionality and user experience.
• Marketing and Communications: Where it is in our legitimate interest and permissible under applicable law, we may send you information about our services that we believe may be of interest to you. You may opt-out of these communications at any time.

4. Legal Basis for Processing Personal Data

We will only process your personal data when we have a lawful basis to do so. The legal basis for our processing activities will depend on the type of data and the context in which we collect it. These bases include:

• Consent: Where you have given us your clear and explicit consent to process your personal data for a specific purpose.
• Contractual Necessity: Where the processing is necessary for the performance of a contract29 to which you are a party or to take steps at your request before entering into a contract.
• Legal Obligation: Where30 the processing is necessary for31 us to comply with our legal or regulatory obligations.
• Legitimate Interests: Where the processing is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights32 do not override those interests. Our legitimate interests include33 the effective delivery of our services and the administration of our business.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your personal information with the following parties for the purposes outlined in this policy:

• Within Peritum International: With our affiliated companies and offices within our group to ensure the seamless delivery of our global services.
• Service Providers: With trusted third-party service providers who perform services on our behalf, such as IT hosting, data analytics, and marketing services. These providers are contractually obligated to protect your data.
• Professional Advisors: With our lawyers, auditors, and insurers, where necessary in the course of the professional services they provide to us.
• Regulatory and Law Enforcement Bodies: If required by law, we may disclose your personal data to government agencies, regulatory bodies, or law enforcement officials.

6. International Data Transfers

As a global company, your personal data may be transferred to, stored, and processed in countries other than your own, including our headquarters in Kazakhstan and our operational centers in the Middle East and India. We will take all necessary measures to ensure that any such transfers comply with applicable data protection laws and that your34 data is protected to the same high standard, regardless of its location. This may include entering into standard contractual clauses or relying on other legally-provided mechanisms for data transfer.

7. Data Security

We have implemented appropriate technical and organizational security measures to protect your personal data from accidental or35 unlawful destruction, loss, alteration, unauthorized disclosure, or access.36 We regularly review our security procedures to consider new technologies and methods.

8. Data Retention

We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying37 any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the38 personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and the applicable legal requirements.39

9. Your Rights

Depending on the laws in your jurisdiction, you may have the following rights regarding your personal data:

• The right to be informed: about the collection and use of your personal data.
• The right40 of access: to your personal data.
• The right to rectification: of inaccurate personal data.
• The right to erasure:41 (or “right to be forgotten”) of your personal data in certain circumstances.
• The right to restrict processing: of your personal data in certain circumstances.
• The right to data portability:42 allowing you to obtain and reuse your personal data for your own purposes across different services.
• The right to object:43 to the processing of your personal data in certain circumstances.
• Rights in relation to automated decision-making and profiling.44

To exercise any of these rights, please contact us using the45 details provided below.

10. Children’s Privacy

Our services and website are not directed at children, and we do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected46 personal data from a child, we will take steps to delete47 it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on our website and updating the effective date.48

12. Contact Us

If you wish to contact us regarding this policy or your personal data, you may reach us through the following channels.

General Privacy Inquiries:

• Email: hr@peritum-int.com

Office Locations:

Kazakhstan Office: 8th Floor, Dostyk Ave., 210a, Grand Koktem Business Center Almaty – 050051

India Office: Office No. 1104, 11th Floor, Ocus Quantum, Sector 51, Gurgaon, Haryana – 122018

Working Hours: Monday – Saturday, 9:00 to 18:00 IST