سياسة الخصوصية

1. Introduction

Welcome to الكويت التالي (“we,” “us,” “our,” or “Company”). Kuwait Next is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services.

This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard your information when you visit our website at www.kuwaitnext.com (the “Website”) and when you use our digital services, including but not limited to:

• Website Development Services
• Mobile Application Development Services
• Search Engine Optimization (SEO) Services
• Digital Marketing Services
• UI/UX Design Services
• E-Commerce Solutions
• Digital Transformation Solutions
• Website Maintenance and Support Services
• Custom Digital Solutions

This Privacy Policy applies to all information collected through our Website and Services, as well as any related applications, communications, and interactions. By accessing and using Kuwait Next’s Website and Services, you acknowledge that you have read and understood this Privacy Policy and consent to our data practices as described herein.

2. Information We Collect

We collect information about you in various ways. The types of information we may collect include:

2.1 Information You Provide Directly

Contact Information:

• Full name
• Email address
• Phone number
• Company name and business details
• Job title and role
• Mailing address
• Website URL (if applicable)

Account Information:

• Username and password (securely encrypted)
• Account credentials
• Billing and payment information
• Service preferences and settings

Payment Information:

• Invoice details
• Transaction records
• Billing address
• Credit card information (processed securely; we do not store full credit card numbers)

2.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information about your device and browsing behavior:

Device Information:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Device ID and identifiers
• Language and locale settings

Usage Information:

• Pages visited and time spent on each page
• Links clicked
• Searches performed
• Features accessed
• Referral sources
• Interaction patterns with our Website and Services

2.3 Information From Third Parties

We may receive information about you from:

• Third-party service providers and partners
• Analytics and advertising platforms
• Social media platforms (if you connect your account)
• Payment processors and financial institutions
• Business partners and referral sources
• Public databases and business registries
• Law enforcement and regulatory authorities (when legally required)

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to remember your preferences, analyze Website usage, personalize your experience, and deliver targeted advertising. See Section 10 for detailed information about cookies.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Service Delivery

• Providing Services: Delivering the digital services you request
• Account Management: Creating and managing your account
• Project Execution: Planning, designing, developing, testing, and deploying your projects
• Quality Assurance: Testing and ensuring quality and functionality
• Technical Support: Providing customer support and troubleshooting
• Customization: Tailoring Services to meet your specific requirements

3.2 Communication

• Service updates and notifications
• Support communications
• Project updates and progress reports
• Appointment reminders

3.3 Marketing and Business Development

• Sending promotional content and newsletters (with your consent)
• Marketing analytics
• Lead generation and business opportunities
• Improvement suggestions

3.4 Website and Service Optimization

• User experience enhancement
• Performance analysis
• Feature development
• A/B testing
• Analytics and user behavior analysis

3.5 Legal and Compliance

• Regulatory Compliance: Complying with applicable laws including:
  • Kuwait’s Electronic Transactions Law (Law No. 20 of 2014)
  • Kuwait’s Data Privacy Protection Regulation (No. 26/2024)
  • GDPR (if processing EU resident data)
  • CCPA and LGPD (if applicable)
• Contract enforcement
• Fraud prevention and security
• Legal proceedings and claims
• Audit and compliance documentation

3.6 Security and Safety

• Protecting security and integrity of Website and Services
• Access control and user verification
• Monitoring for suspicious activity
• Incident response
• Risk assessment and mitigation

4. Legal Basis for Processing

Under applicable data protection regulations, including Kuwait’s Data Privacy Protection Regulation (DPPR) and the GDPR (where applicable), we process your personal data on the following legal bases:

4.1 Consent

We process your personal data based on your explicit consent when you opt-in to receive marketing communications, subscribe to newsletters, accept our Terms of Service, or voluntarily provide information.

4.2 Contract Performance

We process your personal data as necessary to execute the Services agreement between us, provide requested Services, fulfill contractual obligations, and process payments.

4.3 Legal Obligation

We process your personal data to comply with:

• Kuwait’s Electronic Transactions Law (Law No. 20 of 2014)
• Kuwait’s Data Privacy Protection Regulation (No. 26/2024) by CITRA
• Tax and accounting regulations
• Court orders and legal demands
• Law enforcement requirements
• Financial and reporting obligations

4.4 Legitimate Interest

We process your personal data based on our legitimate business interests:

• Improving our Services and Website
• Preventing fraud and maintaining security
• Marketing and business development (where permitted)
• Analytics and performance optimization
• Defending legal claims
• Maintaining customer relationships

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers and Processors

We share your data with trusted third-party service providers who assist us in operating our Website and delivering Services:

Technical Service Providers:

• Cloud hosting and storage (AWS, Google Cloud, Microsoft Azure)
• Website analytics (Google Analytics, Hotjar)
• Payment processors (Stripe, PayPal, 2Checkout)
• Email service providers (SendGrid, Mailchimp)
• CRM systems (HubSpot, Salesforce)
• Security tools (Sentry, Cloudflare)

5.2 Legal Requirements and Law Enforcement

We may disclose your personal data when required or permitted by law:

• Court orders and legal judgments
• Subpoenas and legal inquiries
• Government and regulatory authorities (CITRA, Ministry of Justice, etc.)
• Law enforcement agencies
• To protect legal rights and ensure safety

5.3 Business Transfers

If Kuwait Next is involved in a merger, acquisition, bankruptcy, or similar transaction, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your personal data.

5.4 Consent-Based Sharing

With your explicit consent, we may share your information for:

• Targeted advertising and remarketing campaigns
• Analytics and optimization partnerships
• Co-marketing initiatives
• Customer testimonials and case studies

6. Data Security

Kuwait Next takes data security seriously and implements comprehensive technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.

6.1 Security Measures

Technical Safeguards:

• SSL/TLS encryption for all data in transit (HTTPS)
• AES-256 encryption for data at rest
• Secure password hashing algorithms (bcrypt, SHA-256)
• Firewalls and intrusion detection systems
• Regular security scanning and vulnerability assessments
• Web Application Firewalls (WAF)
• DDoS protection and rate limiting
• Secure API authentication (OAuth 2.0, JWT tokens)
• Database encryption and access controls
• Regular software updates and security patches

Administrative Safeguards:

• Limited access to personal data (role-based access control)
• Employee confidentiality agreements and privacy training
• Background checks for staff with data access
• Secure document handling and storage procedures
• Physical security measures in data centers
• Audit trails and activity logging
• Data classification and handling procedures

6.2 Security Best Practices for Users

• Use strong, unique passwords for your account
• Enable two-factor authentication (2FA) if available
• Do not share your login credentials
• Log out after each session
• Keep your devices and software updated
• Be cautious of phishing attempts
• Report security concerns immediately

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

7.1 Retention Periods by Data Category

7.2 Deletion Upon Request

Upon your written request and in accordance with applicable law, we will delete your personal data, subject to:

• Legal retention obligations
• Ongoing disputes or legal proceedings
• Fraud investigation and prevention
• Security concerns
• Contract performance requirements

We will delete or anonymize your data as soon as practicable while maintaining necessary records for legal and compliance purposes.

8. Your Rights and Choices

Depending on your jurisdiction and applicable laws (including Kuwait’s DPPR and the GDPR), you may have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request access to your personal data. Upon a valid request, we will provide you with a copy of your personal data in a structured, commonly used format, information about how we process your data, and details about recipients of your data.

8.2 Right to Rectification

You have the right to request correction or rectification of inaccurate, incomplete, or outdated personal data. You can log into your account and update your information directly, or contact us with correction details.

8.3 Right to Erasure (“Right to be Forgotten”)

Under certain circumstances, you have the right to request deletion of your personal data when:

• The data is no longer necessary for the purpose collected
• You withdraw your consent
• You object to processing and we have no legitimate interest
• Your data was unlawfully processed
• Deletion is required by law

8.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and request that we transmit it to another service provider.

8.5 Right to Object

You have the right to object to processing of your personal data on grounds of legitimate interest, including objection to direct marketing and promotional communications.

8.6 Right to Withdraw Consent

If we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.

How to withdraw: Click “unsubscribe” in marketing emails, log into your account and adjust privacy settings, or contact us directly.

8.7 Right to Opt-Out of Marketing

You can opt-out of marketing communications at any time by:

• Clicking the “unsubscribe” link in any marketing email
• Updating your notification preferences in your account settings
• Contacting us directly
• Responding “STOP” to SMS messages (where applicable)

8.8 Exercising Your Rights

To exercise any of the rights above, please submit a written request to our Data Protection Officer with:

• Clearly stated right(s) you wish to exercise
• Sufficient identification information
• Specification of what data or actions you’re requesting
• Any relevant supporting documents
• Submission in English or Arabic

9. International Data Transfers

Kuwait Next operates globally and may transfer your personal data to countries outside Kuwait.

9.1 Cross-Border Transfers

Hosting and Infrastructure:

• United States (AWS, Google Cloud)
• Europe (EU data centers)
• Asia-Pacific regions

Service Providers:

• Payment processors (may be internationally located)
• Analytics providers (US-based servers)
• CRM and business tools (cloud-based, multiple countries)
• CDN and content delivery (global distribution)

9.2 Adequacy and Safeguards

For transfers to countries without adequate protection: We implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) with service providers
• Binding Corporate Rules (BCRs)
• Contractual data processing agreements
• Supplementary measures for enhanced protection

9.3 Regulatory Compliance

International transfers comply with:

• Kuwait’s Data Privacy Protection Regulation (No. 26/2024)
• GDPR Chapter 5 (if transferring EU resident data)
• CCPA, PIPEDA, LGPD (where applicable)
• Standard Contractual Clauses approved by relevant authorities

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you, remember your preferences, and understand how you use our Website and Services.

10.2 Types of Cookies We Use

Essential/Necessary Cookies:

• Session management
• Security and fraud prevention
• User authentication
• Load balancing
• Status: Always enabled (required for Website functionality)

Performance and Analytics Cookies:

• Website traffic analysis (Google Analytics)
• Performance monitoring (Sentry, Datadog)
• User behavior tracking (Hotjar)
• Status: Requires your consent (can be declined)
• Duration: Typically 13-24 months

Marketing and Advertising Cookies:

• Targeted advertising campaigns
• Remarketing and retargeting (Facebook Pixel, Google Ads)
• Interest profiling and conversion tracking
• Status: Requires explicit opt-in consent
• Duration: Typically 3-12 months

10.3 Third-Party Tracking Services

10.4 Managing Your Cookie Preferences

On Our Website:

• A cookie consent banner appears on first visit
• You can adjust preferences in the cookie settings
• Click “Manage Preferences” to customize which cookies are allowed

In Your Browser:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Privacy → Cookies and other site data

11. Children’s Privacy

11.1 Age Restrictions

Our Website and Services are intended for business and professional use by individuals aged 18 years and older. We do not knowingly collect personal data from children under 18.

11.2 If We Discover Collected Children’s Data

If we discover that we have inadvertently collected personal data from a child under 18, we will:

• Immediately delete such data
• Notify the parent/guardian
• Cease marketing to that individual
• Comply with all applicable child protection laws

11.3 Parent/Guardian Responsibility

If you believe we have collected data from your child, please contact us immediately at kaukab@kuwaitnext.com with proof of guardianship.

11.4 Applicable Laws

Our children’s privacy practices comply with:

• COPPA (Children’s Online Privacy Protection Act) – if applicable
• GDPR Article 8 (EU users)
• Kuwait’s Data Privacy Protection Regulation

12. Third-Party Links

12.1 External Links

Our Website and Services may contain links to third-party websites and services that are not operated by Kuwait Next, including social media platforms, payment processors, analytics platforms, and partner websites.

12.2 No Endorsement or Responsibility

We are not responsible for:

• The privacy practices of third-party websites
• The accuracy or legitimacy of third-party content
• Data collection by third parties
• Security of third-party services
• Terms and conditions of third parties

13. Data Breach Notification

13.1 What Is a Data Breach?

A data breach is an unauthorized access to, disclosure of, loss of, or destruction of personal data, including:

• Unauthorized access by hackers or malicious actors
• Accidental disclosure or loss of data
• Ransomware or extortion attacks
• Insider threats and employee misconduct
• Compromised credentials and authentication

13.2 Our Breach Response Protocol

Immediate Actions (within 24 hours):

1. Contain and stop the breach
2. Secure and isolate affected systems
3. Assess the scope and nature of the breach
4. Identify affected individuals and data categories
5. Begin forensic investigation
6. Activate incident response team

Notification (within 72 hours or as required):

1. Notify CITRA of the breach
2. Notify affected individuals with details about:
   • The nature of the breach
   • Data categories affected
   • Likely consequences
   • Measures taken to address the breach
   • Our contact information
3. Notify relevant authorities if required by law
4. Inform our legal and insurance advisors

13.3 Your Rights in Case of Breach

If your data is breached, you have the right to:

• Receive timely and accurate notification
• Know what data was compromised
• Receive contact information for assistance
• Access free credit monitoring (if appropriate)
• File complaints with regulatory authorities
• Pursue legal remedies

13.4 Regulatory Compliance

Breach notification complies with:

• Kuwait’s Data Privacy Protection Regulation (24-hour requirement)
• GDPR Article 34 (without undue delay)
• CCPA and LGPD (as applicable)
• Local laws and requirements

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Our Data Protection Officer is available to:

• Address privacy questions and concerns
• Process data subject rights requests
• Assist with complaints and disputes
• Coordinate with regulatory authorities
• Provide privacy guidance

Regulatory Authority – Kuwait

CITRA (Communications and Information Technology Regulatory Authority)

Role: Data protection authority for telecommunications and IT services in Kuwait

Website: www.citra.gov.kw

Languages

We respond to inquiries in:

• English
• Arabic (العربية)
• Other languages upon request

15. Policy Changes

15.1 Updates and Amendments

We may update this Privacy Policy periodically to:

• Reflect changes in our data practices
• Comply with new laws and regulations
• Improve clarity and transparency
• Address user feedback
• Enhance security measures

15.2 Notification of Changes

For material changes, we will:

• Notify you via email (at least 30 days notice)
• Post notice on our Website homepage
• Update the “Last Updated” date
• Request explicit consent (if required by law)

For non-material changes:

• Updates may be effective immediately
• Changes will be posted on our Website
• Continued use implies acceptance

15.3 Effective Date

This Privacy Policy is effective as of January 30, 2026, and applies to all personal data collected from that date forward.