GearTek Trading LLC is committed to maintaining the highest standards of confidentiality and security regarding all client, partner, and proprietary information. This policy outlines our commitment to protecting the data we process and manage.

1. Scope and Application

This policy applies to all employees, contractors, partners, and third parties working on behalf of GearTek Trading LLC, and governs all confidential and personal data managed during client engagements, internal operations, and website interactions.

2. Commitment to Confidentiality
3. Client Data: All non-public information—including business plans, IT architecture details, network configurations, financial data, and proprietary intellectual property (IP)—shared by clients during the course of a consulting or project management engagement is treated as strictly confidential. This data is protected under formal Non-Disclosure Agreements (NDAs) where appropriate.
4. Internal Data: We protect our own proprietary information, including business strategies, financial records, methodologies, and employee data, with the same rigor applied to client data.
5. Restricted Access: Access to confidential and personal data is granted only on a “need-to-know” basis, requiring specific authorization based on an individual’s role and project requirements.
6. Data Protection and Processing Principles

We adhere to globally recognized data protection principles, ensuring data is:

• Lawful and Fair: Processed lawfully, fairly, and transparently, with specific, legitimate purposes.
• Purpose-Limited: Collected only for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.¹
• Data Minimization: Adequate, relevant, and limited to what is necessary in relation to the purposes for whic²h they are processed.
• Accuracy: Kept accurate and, where necessary, kept up to date.
• Storage Limitation: Retained only for as long as necessary for the purposes set out in the Privacy Policy or as required by law.
• Integrity and Confidentiality: Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.

4. Technical and Organizational Security Measures

We implement robust security measures to protect data, including:

• Encryption: Use of encryption technologies for sensitive data both in transit (SSL/TLS) and at rest.
• Access Controls: Strong password policies, multi-factor authentication (MFA), and role-based access controls (RBAC).
• Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and continuous monitoring of our networks.
• Physical Security: Secure facilities and controlled access to servers and physical storage devices.

5. Third-Party Sharing and Subcontractors

We ensure that any third parties or subcontractors involved in delivering services on our behalf (e.g., cloud providers, specialized vendors) are contractually obliged to adhere to data protection standards and confidentiality clauses equivalent to our own.

6. Data Breach Response

In the event of a suspected or actual data breach involving personal or confidential data, GearTek will implement a rapid response plan that includes:

1. Immediate containment and assessment of the breach.
2. Notification to affected clients and supervisory authorities as required by applicable law (e.g., GDPR, local UAE regulations).
3. Remediation to prevent future occurrences.

7. Policy Review

This Confidentiality and Data Protection Policy is subject to annual review and updates to ensure compliance with evolving technological standards and legal requirements in the jurisdictions where we operate, including the UAE.

This policy was last updated on [14th August 2025].