At Red Link, data integrity and confidentiality are not just obligations—they are operational imperatives. This Data Protection Statement outlines our approach to collecting, processing, storing, securing, and managing personal, project, and technical data in accordance with Law No. (13) of 2016 on the Protection of Personal Data in the State of Qatar and applicable GCC regulatory frameworks.

Our Commitment to Data Privacy

Red Link is committed to protecting the rights and freedoms of data subjects—including clients, employees, contractors, and partners—by maintaining a data environment that ensures:

• Transparency in how we collect and use information
• Accountability through structured compliance procedures
• Security through layered digital and physical safeguards
• Minimalism in data collection (only collecting what is necessary)
• Lawful processing aligned with contractual, legal, and ethical standards

We operate under a data-by-design principle, ensuring that privacy is embedded into every service we deliver—whether a topographic survey, a tunnel scan, or an HR secondment.

What Data We Protect

The following categories of data are processed and protected under our internal Data Protection Policy:

• Personal Identification Information: Name, phone number, email address, passport/national ID (when required)
• Project Data: CAD files, point clouds, site layouts, GNSS datasets, as-built models
• Client Correspondence: Emails, contracts, technical briefings, RFQs, invoices
• Employment & HR Records: Job titles, certifications, work permits, visa documents, timesheets
• Technical Logs & Metadata: Website interaction, device usage, and access logs to file systems

All such data is classified and stored based on sensitivity, duration of use, and legal retention requirements.

Lawful Basis for Processing

Red Link processes personal and project-related data on the basis of:

• Explicit client or staff consent
• Contractual necessity for project execution and staffing
• Legal compliance under Qatari labor and commercial law
• Legitimate interest for internal governance and quality control

We never process data for purposes outside the original scope of consent or contractual need without obtaining renewed permission.

Data Security Practices

Red Link maintains robust safeguards to protect all forms of collected data. This includes:

• Encryption of survey and scan files using AES-256 standards
• Controlled access to client and employee data through multi-level authentication
• Role-based data permissions and regular audit logs
• Secure physical storage of printed documentation and signed deliverables
• Cloud backup policies with localized data centers in Qatar and the GCC
• Periodic system reviews and penetration testing of our digital platforms

All Red Link employees undergo regular training in information security and data handling.

Rights of Data Subjects

Any individual or client whose data we process has the right to:

• Request access to their personal or project data
• Ask for corrections in case of inaccuracies
• Withdraw consent where legally permissible
• Request deletion (subject to contract or law-based exceptions)
• Raise a complaint with a supervisory authority

Requests can be submitted via email to: compliance@redlinkgroup.com.
We will respond within 30 calendar days, or earlier where possible.

Data Sharing and Confidentiality

We do not sell or share data for commercial gain. Data may be shared only under:

• Signed NDAs with subcontractors or consultants
• Regulatory mandates from Qatari government agencies
• Judicial orders, legal notices, or statutory investigations
• Service integrations involving joint operations (with consent)

All third-party partners are vetted for data protection compliance and required to follow Red Link’s confidentiality clauses.

Data Breach Protocol

In the unlikely event of a data breach, Red Link has a formal Incident Response Plan that includes:

• Immediate containment and assessment
• Notification of affected data subjects (if required)
• Rectification and system audits
• Filing of compliance reports to appropriate authorities

We take full accountability for managing such events in a timely and transparent manner.

Changes to This Statement

This Data Protection Statement may be reviewed and updated periodically. Any material changes will be posted on our website along with the updated date. Continued engagement with Red Link services after any revision implies acceptance of the new terms.

Contact Us

For queries, access requests, or data-related concerns, contact:

Red Link – Data Governance Office
Address : Al Mirqab Mall, 1st Floor, Block-C, Office No. C-108
Al Nasr, Doha – Qatar

Phone: +974 4416 0101
Email: compliance@redlinkgroup.com

Version: 1.0
Last Revised: [Insert Date]