Privacy Policy

*draft

SHIFT Arabia W.L.L 

Last updated: 2 Juney, 2026 

SHIFT Arabia W.L.L (“SHIFT Arabia,” “we,” “us,” or “our”) recognizes the importance of protecting personal data and is committed to processing personal data in a lawful, fair, transparent, and secure manner. 

This Privacy Policy explains how we collect, use, disclose, store, transfer, and protect personal data in connection with our website, inquiries, business activities, recruitment activities, events, and services. This Policy is intended to comply with the Personal Data Protection Law of the Kingdom of Bahrain, Law No. 30 of 2018, and its implementing resolutions, as applicable. 

1. Data Controller 

For the purposes of applicable data protection laws, the data controller is: 

SHIFT Arabia W.L.L
Address: Seef District, Shop 1390, Building 2102, Road 2825, Block 428 (Manama, Bahrain)
Email: bahrain-mena@shift-arabia.ninja
Telephone: [TBD] 

If we appoint a Data Protection Officer or data protection contact, their details will be as follows: 

Data Protection Contact / Officer: Masashi Suzuki
Email: moshsuzuki@shift-arabia.ninja

2. Personal Data We Collect 

We may collect the following categories of personal data: 

 2.1 Business contact information 

• Name 
• Company name 
• Job title / department 
• Business email address 
• Business telephone number 
• Country / region 
• Inquiry details and communication history 

 2.2 Client, vendor, and partner information 

• Contact details of representatives 
• Contract-related information 
• Billing, payment, and transaction-related information 
• Meeting records, correspondence, and business communications 

 2.3 Website and technical information 

• IP address 
• Browser type and version 
• Device information 
• Operating system 
• Referring URLs 
• Pages viewed 
• Date and time of access 
• Cookie identifiers and similar online identifiers 
• 
  

Our website may be created and hosted using GoDaddy or related services. In that case, certain technical data may be processed by GoDaddy as our service provider for hosting, security, website operation, analytics, or related technical purposes. 

 2.4 Recruitment information 

 If you apply for a position with us, we may collect: 

• Name and contact details 
• CV/resume and employment history 
• Education and qualifications 
• Interview notes 
• References, where applicable 
• Work authorization or immigration-related information, where legally required 

 2.5 Event and seminar information 

 If you register for or attend our events, webinars, or seminars, we may collect: 

• Name 
• Company and job title 
• Contact information 
• Attendance status 
• Questions, survey responses, and feedback 

 2.6 Sensitive personal data 

 We do not intentionally collect sensitive personal data unless necessary and permitted by law. Under Bahrain PDPL, sensitive personal data may include information revealing, directly or indirectly, matters such as race or ethnic origin, political or philosophical opinions, religious beliefs, trade union affiliation, criminal record, health data, or similar protected categories. 

Where sensitive personal data is required, we will process it only where permitted by applicable law and with appropriate safeguards. 

3. How We Collect Personal Data 

 We may collect personal data: 

• Directly from you when you contact us, submit an inquiry, register for an event, apply for a job, or enter into a business relationship with us. 
• From your company, employer, or business partners. 
• Automatically through our website, cookies, analytics tools, server logs, and similar technologies. 
• From publicly available sources, such as company websites, business directories, or professional networking platforms. 
• From SHIFT group companies, where permitted by law. 

4. Purposes of Processing Personal Data 

 4.1 To provide and improve our services 

• Responding to inquiries 
• Providing software testing, quality assurance, consulting, development support, or related services 
• Managing client accounts 
• Performing contracts 
• Providing customer support 
• Improving service quality and developing new services 

 4.2 Business administration 

• Contract management 
• Billing and payment processing 
• Vendor and partner management 
• Internal reporting 
• Recordkeeping 
• Compliance, audit, and risk management 

4.3 Marketing and communications 

• Sending information about our services 
• Providing newsletters, event invitations, and business updates 
• Conducting surveys 
• Measuring marketing effectiveness 
• Improving website content and user experience 

 Where required by applicable law, we will obtain your consent before sending direct marketing communications. You may opt out of marketing communications at any time. 

4.4 Recruitment 

• Reviewing applications 
• Communicating with candidates 
• Conducting interviews 
• Assessing qualifications and suitability 
• Conducting background or reference checks, where permitted by law 
• Managing hiring and onboarding processes 

4.5 Website operation and analytics 

• Operating, maintaining, and securing our website 
• Understanding website usage 
• Preventing fraud, misuse, or unauthorized access 
• Improving website functionality and user experience 

4.6 Legal and compliance purposes 

• Complying with applicable laws, regulations, court orders, or government requests 
• Protecting our rights, property, safety, and legitimate interests 
• Enforcing contracts and policies 
• Handling disputes, investigations, or claims 

5. Legal Basis for Processing 

 We process personal data where we have a lawful basis under applicable data protection laws, including where: 

• You have given consent. 
• Processing is necessary to perform a contract or take steps before entering into a contract. 
• Processing is necessary to comply with legal obligations. 
• Processing is necessary for our legitimate business interests, provided that such interests are not overridden by your rights and freedoms. 
• Processing is otherwise permitted under applicable law. 

 Bahrain PDPL generally requires personal data to be processed fairly and lawfully, and individuals should be informed of relevant details such as the identity of the processing entity, the purposes of processing, and other information necessary to make the processing fair. 

6. Disclosure of Personal Data 

 We may disclose personal data to the following categories of recipients: 

 6.1 SHIFT group companies 

 We may share personal data with our parent company, subsidiaries, affiliates, or related companies for business administration, service delivery, group reporting, internal controls, and marketing purposes, where permitted by law. 

 6.2 Service providers 

 We may disclose personal data to third-party service providers who support our business operations, including: 

• Website hosting providers, including GoDaddy 
• IT and cloud service providers 
• Email and communication service providers 
• CRM and marketing platforms 
• Payment and billing service providers 
• Professional advisers, such as lawyers, auditors, tax advisers, and consultants 
• Recruitment platforms or background check providers, where applicable 

 These service providers are required to process personal data only for authorized purposes and to implement appropriate security measures. 

 6.3 Clients, vendors, and business partners 

 Where necessary for service delivery, business collaboration, contract performance, or project management, we may share relevant business contact information with clients, vendors, contractors, or business partners. 

6.4 Government authorities and legal recipients 

We may disclose personal data where required or permitted by law, regulation, court order, government authority request, or to protect our legal rights. 

6.5 Business transfers 

If we undergo a merger, acquisition, restructuring, sale of assets, business transfer, or similar transaction, personal data may be disclosed or transferred as part of that transaction, subject to applicable legal requirements. 

7. International Transfers of Personal Data 

We may transfer personal data outside the Kingdom of Bahrain, including to SHIFT group companies, service providers, cloud platforms, or business partners located in other countries. 

Where personal data is transferred outside Bahrain, we will take appropriate steps to ensure that the transfer complies with applicable data protection laws, including Bahrain PDPL and relevant implementing resolutions. 

Such safeguards may include: 

• Obtaining consent where required 
• Using contractual safeguards 
• Assessing the level of protection in the destination country 
• Implementing technical and organizational security measures 
• Relying on other transfer mechanisms permitted by applicable law 

8. Data Security 

We implement reasonable technical, organizational, and administrative measures to protect personal data against unauthorized access, disclosure, alteration, loss, destruction, misuse, or unlawful processing. 

These measures may include: 

• Access controls 
• Password and authentication measures 
• Encryption where appropriate 
• Secure hosting and network protections 
• Employee training 
• Confidentiality obligations 
• Vendor due diligence 
• Incident response procedures 
• Periodic review of security controls 

9. Data Retention 

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. 

Retention periods may vary depending on: 

• The nature of the personal data 
• The purpose of processing 
• Contractual requirements 
• Legal, regulatory, tax, accounting, or audit obligations 
• Potential disputes or legal claims 
• Business and operational needs 

When personal data is no longer required, we will delete, anonymize, or securely dispose of it in accordance with applicable policies and legal requirements. 

10. Your Rights 

Subject to applicable law and verification of your identity, you may have the following rights in relation to your personal data: 

• Right to be informed about how your personal data is processed 
• Right of access to your personal data 
• Right to rectification of inaccurate or incomplete personal data 
• Right to erasure or deletion, where applicable 
• Right to object to certain processing activities 
• Right to restrict or suspend processing, where applicable 
• Right to withdraw consent, where processing is based on consent 
• Right to lodge a complaint with the relevant data protection authority 

To exercise your rights, please contact us at: 

Email: bahrain-mena@shift-arabia.ninja
Address: Seef District, Shop 1390, Building 2102, Road 2825, Block 428 (Manama, Bahrain) 

We may ask you to provide information necessary to verify your identity before responding to your request. 

11. Cookies and Similar Technologies 

Our website may use cookies, pixels, tags, server logs, and similar technologies to operate the website, improve user experience, analyze website traffic, and support marketing activities. 

 11.1 Types of cookies we may use 

• Strictly necessary cookies: Required for website operation and security 
• Analytics cookies: Help us understand how visitors use our website 
• Functionality cookies: Remember preferences and improve usability 
• Marketing cookies: Support advertising, campaign measurement, and promotional activities 

 11.2 GoDaddy and third-party tools 

Because our website may be built or hosted using GoDaddy, GoDaddy may process certain technical information, such as IP addresses, device data, browser information, server logs, and cookie-related data, to provide hosting, security, analytics, or website functionality. 

We may also use analytics or marketing tools such as Google Analytics or similar services, where implemented. If such tools are used, additional cookie notices or consent mechanisms may be provided where required by law. 

 11.3 Managing cookies 

You can manage cookies through your browser settings. You may block or delete cookies, but some website features may not function properly if cookies are disabled. 

12. Direct Marketing 

We may use your business contact information to send you information about our services, events, webinars, publications, or business updates. 

Where required by applicable law, we will obtain your consent before sending marketing communications. You may unsubscribe or opt out of marketing emails at any time by using the unsubscribe link in our emails or by contacting us at [privacy email]. 

13. Children’s Privacy 

Our website and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent or lawful basis, we will take appropriate steps to delete such data. 

14. Third-Party Websites 

Our website may contain links to third-party websites, plug-ins, or services. We are not responsible for the privacy practices, content, or security of third-party websites. We encourage you to review the privacy policies of those third parties before providing personal data. 

15. Complaints 

If you have questions, concerns, or complaints about how we handle your personal data, please contact us first at: 

Email: bahrain-mena@shift-arabia.ninja
Address: Seef District, Shop 1390, Building 2102, Road 2825, Block 428 (Manama, Bahrain) 

You may also have the right to lodge a complaint with the relevant data protection authority in Bahrain. 

16. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our business, legal requirements, technology, or data processing practices. 

When we update this Privacy Policy, we will revise the “Last updated” date at the top of this page. Where required by law, we may provide additional notice or seek consent for material changes. 

17. Contact Us 

If you have any questions about this Privacy Policy or our handling of personal data, please contact: 

SHIFT Arabia W.L.L

Email: bahrain-mena@shift-arabia.ninja
Address: Seef District, Shop 1390, Building 2102, Road 2825, Block 428 (Manama, Bahrain)
Telephone: [TBD]
Data Protection Contact / Officer: Masashi Suzuki