Privacy Policy and Data Protection

Al-Muraba Information Technology, Research and Training Company

Effective Date: January 2026

Article 1: Introduction

Al-Muraba Information Technology, Research and Training Company (hereinafter referred to as "Al-Muraba", "we", "us", or "the Company") is committed to protecting the privacy of its service users and ensuring the security of their personal data. This policy explains how we collect, use, protect, and disclose personal data.

By using our services, you agree to the practices described in this policy. If you do not agree with any of the terms of this policy, please do not use our services.

Article 2: Definitions

  • "Personal Data": Any information relating to an identified or identifiable natural person, including name, email, phone number, employment data, and financial data.
  • "Processing": Any operation performed on personal data, whether by automated or non-automated means, such as collection, recording, organization, storage, modification, retrieval, use, disclosure, and deletion.
  • "Services": All systems, applications, and software platforms provided by Al-Muraba, including enterprise resource management systems and workflow management systems.
  • "User": Any natural or legal person who uses Al-Muraba services.
  • "Third Party": Any entity other than Al-Muraba or the User, including electronic payment service providers and technical partners.

Article 3: Scope of Application

This policy applies to all services provided by Al-Muraba, including:

  • Enterprise Resource Planning (ERP) systems
  • Workflow Management systems
  • Web and mobile applications
  • Integrated electronic payment services
  • Any other services provided by Al-Muraba

This policy applies to all categories of users, including individuals, private companies, and government entities.

Article 4: Data We Collect

4.1 Basic Data

  • Full name
  • Email address
  • Phone number
  • Physical address
  • Identity document (when verification is required)

4.2 Employment Data

  • Job title
  • Employer organization
  • Employment history
  • Salary and benefits information (when using HR systems)
  • Attendance and leave records

4.3 Financial Data

  • Bank account information (when required for payment processing)
  • Financial transaction records
  • Invoices and receipts

Note: Financial data is handled through certified payment service providers. Al-Muraba does not retain credit card information.

4.4 Technical Data

  • Internet Protocol (IP) address
  • Browser type and operating system
  • Device information
  • Login and system activity logs
  • Approximate geographic location

Article 5: Purposes of Data Collection and Use

We use the collected data for the following purposes:

  • Providing, managing, and improving requested services
  • Creating and managing user accounts
  • Processing financial transactions and managing invoices
  • Communicating with users regarding services and updates
  • Ensuring service security and preventing fraud and unauthorized use
  • Complying with legal and regulatory requirements
  • Analyzing usage to improve service quality
  • Responding to inquiries and technical support requests

Article 6: Legal Basis for Data Processing

We process your personal data based on the following legal grounds:

  • Your explicit consent to processing
  • Necessity of processing for the performance of a contract to which you are a party
  • Compliance with a legal obligation incumbent upon Al-Muraba
  • Legitimate interests of Al-Muraba, provided they do not conflict with your fundamental rights and freedoms

Article 7: Sharing Data with Third Parties

We may share your personal data with the following parties:

7.1 Electronic Payment Service Providers

We work with certified payment service providers to process financial transactions. These providers are subject to strict security standards and have their own privacy policies.

7.2 Government and Regulatory Authorities

We may disclose data to competent government authorities in the Republic of Iraq when there is a legal obligation to do so or upon official request from a competent authority.

7.3 Technical Service Providers

We may share data with hosting and cloud service providers to operate our services, ensuring their compliance with appropriate security and privacy standards.

Commitment: We will never sell your personal data to any third party under any circumstances.

Article 8: Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encrypting data in transit and at rest using TLS/SSL protocols
  • Using firewalls and intrusion detection systems
  • Restricting data access to authorized personnel only
  • Conducting regular and secure backups
  • Periodic security reviews and penetration testing
  • Training employees on information security best practices
  • Using multi-factor authentication (where applicable)

Article 9: Data Storage and Transfer

9.1 Storage Location

Data is stored on servers within the Republic of Iraq or on reliable cloud services that comply with international security standards.

9.2 Data Transfer

If data is transferred outside Iraq (for cloud hosting purposes), we ensure appropriate protection through:

  • Selecting service providers committed to recognized international security standards
  • Entering into data processing agreements containing appropriate protection clauses
  • Full encryption of data during transfer

Article 10: Data Retention Period

We retain your personal data according to the following criteria:

  • Throughout the service activity period and continuity of the contractual relationship
  • For twelve (12) months after the end of service or subscription cancellation
  • For longer periods if required by law (such as financial and tax records)

After the retention period expires, data is securely deleted or anonymized so that you cannot be identified through it.

Article 11: Cookies

We use cookies for the following purposes:

  • Essential cookies: To enable login and maintain user sessions
  • Functional cookies: To save user preferences and access permissions
  • Security cookies: To protect your accounts and prevent unauthorized access

We do not use cookies for advertising or tracking purposes. You can control cookies through your browser settings, noting that disabling some may affect service functionality.

Article 12: User Rights

You have the right to exercise the following rights regarding your personal data:

  • Right of Access: View the personal data we hold about you
  • Right to Rectification: Request correction of any inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restriction: Request restriction of processing in certain cases
  • Right to Data Portability: Obtain a copy of your data in a machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw your consent to processing at any time

To exercise any of these rights, please contact us using the contact information provided at the end of this policy. We will respond to your request within thirty (30) days of receipt.

Article 13: Protection of Minors' Data

Our services are not directed to persons under eighteen (18) years of age. We do not knowingly collect personal data from minors. If we become aware that data has been collected from a minor without parental consent, we will take necessary steps to delete such data immediately.

Article 14: Data Breach Notification

In the event of a security breach affecting your personal data:

  • We will notify competent regulatory authorities within 72 hours of discovering the breach (where required by law)
  • We will notify affected users without undue delay
  • We will explain the nature of the breach, measures taken, and recommended steps for protection

Article 15: Amendments to Privacy Policy

We reserve the right to amend this policy at any time. In case of material amendments:

  • We will notify you via email or through a prominent notice in our services
  • We will update the "Last Modified" date at the top of this policy
  • Amendments will become effective thirty (30) days after notification

Your continued use of the services after the amendments take effect means your acceptance of the amended policy.

Article 16: Governing Law and Dispute Resolution

This policy is governed by and construed in accordance with the laws of the Republic of Iraq. Any dispute arising from or related to this policy shall first be referred for amicable settlement, and if that fails, the competent Iraqi courts shall have jurisdiction to consider it.

Article 17: Contact Information

For any inquiries or requests related to this policy or your personal data, please contact us:

Al-Muraba Information Technology, Research and Training Company

Address: [Insert full address]

Email: [email protected]

Phone: [Insert phone number]

Article 18: Acknowledgment and Consent

By using Al-Muraba services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and processing of your personal data as described herein.

— End of Policy —

Logo AlMuraba

ALMURABA helping organizations to TRANSFORM into digital era.. Then cope with them in Support, protect & gaining growth.

Company

© 2026 ALMurbaa Company Design with ❤ by MURABAA CMS.