Privacy Policy

This Privacy Policy explains how Nasaff GmbH, including its Pakistan branch/representative office operating under ITCES – Branch of Nasaff GmbH, where applicable, collects, uses, stores, shares, and protects personal data when you visit or use our website https://nasaff.com and related services. For the purpose of this Privacy Policy, “we”, “us”, and “our” refer to Nasaff GmbH and its relevant branch, office, employees, contractors, and service providers involved in operating this website. This Privacy Policy applies to visitors, customers, applicants, business contacts, and users of our website and online services

1) Who we are

Website: https://nasaff.com
Operator: Nasaff GmbH / ITCES – Branch of Nasaff GmbH
Pakistan office: A-52, Saima Villas, Super Highway, Karachi, Sindh, Pakistan
Email: info@nasaff.com
Phone Pakistan: +92 334 7518021
Phone Germany: +49 160 1269368

If the legal operator shown in your company documents differs from the above, this section should be adjusted before
publication.

2) Personal data we collect

Depending on how you use our website, we may collect the following categories of personal data

2.1) Personal data we collect

We may collect personal data when you submit a contact form, request information about our services, register
for a course, consultation, or online service, send us an email, WhatsApp message, or other communication,
apply for a job, internship, freelance role, or cooperation, or subscribe to updates or marketing communication.

 

This may include:

 

  • full name;
  • email address;
  • phone number;
  • company name;
  • country or city;
  • job title or professional background;
  • message content;
  • uploaded files, CVs, certificates, or documents;
  • course or service interests;
  • billing or business contact details, where applicable.

2.2) Information collected automatically

When you visit our website, certain technical data may be collected automatically, such as:

 

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • referring website;
  • pages visited;
  • date and time of access;
  • approximate location derived from IP address;
  • cookie identifiers;
  • website usage and interaction data.

This data is used for security, website operation, analytics, troubleshooting, and improving our services.

2.3) Payment-related information

If payments are offered through the website, payment processing may be handled by external payment
providers. We do not store full credit card or banking details unless explicitly required and legally permitted.
Payment providers process payment data according to their own privacy and security standards.

3) How we use personal data

We use personal data for the following purposes:

 

  • to operate and maintain the website;
  • to respond to inquiries and contact requests;
  • to provide IT consulting, software development, training, course, or support services;
  • to process course registrations, service requests, or business inquiries;
  • to communicate with customers, prospects, applicants, and partners;
  • to send administrative messages, confirmations, or service-related information;
  • to improve website content, usability, and performance;
  • to detect, prevent, and respond to fraud, misuse, spam, cyberattacks, or security incidents;
  • to comply with legal, tax, accounting, regulatory, and contractual obligations;
  •  to manage job applications, freelancer inquiries, and cooperation requests;
  • to send marketing communications where permitted by law or based on your consent.

We do not sell personal data.

4) Legal basis for processing

Depending on the applicable law and your location, we process personal data based on one or more of the
following grounds:

 

  • your consent;
  • performance of a contract or pre-contractual steps;
  • compliance with legal obligations;
  • our legitimate business interests, such as operating our website, improving our services, preventing misuse,
    and communicating with business contacts;
  • protection of rights, property, security, or legal claims.

Where the EU General Data Protection Regulation applies, the relevant legal bases may include Article 6(1)(a),
Article 6(1)(b), Article 6(1)(c), and Article 6(1)(f) GDPR.

5) Cookies and similar technologies

Our website may use cookies, pixels, tags, local storage, or similar technologies.

 

These technologies may be used to:

 

  • make the website function properly;
  • remember user preferences;
  • improve website performance;
  • analyse traffic and usage;
  • support security and fraud prevention;
  • measure the effectiveness of content or campaigns.

Some cookies are technically necessary. Others, such as analytics or marketing cookies, may require your
consent depending on applicable law.

 

You can control cookies through your browser settings. If we use optional analytics, advertising, or tracking
tools, we should provide a cookie banner or consent mechanism where legally required.

6) Analytics and third-party tools

We may use analytics tools to understand how visitors use our website and to improve our content and services.

 

Analytics tools may collect technical and usage data, such as pages visited, session duration, approximate
location, browser type, and device information. Where possible, we use aggregated or anonymised data.

 

If tools such as Google Analytics, Meta Pixel, LinkedIn Insight Tag, Microsoft Clarity, Hotjar, YouTube embeds,
Google Maps, WhatsApp widgets, newsletter systems, booking tools, CRM tools, payment providers, or similar
services are used, these tools should be listed in this Privacy Policy or in a separate Cookie Policy before
publication.

 

If additional analytics, advertising, newsletter, payment, booking, map, video, or chat tools are activated on the
website, this Privacy Policy or a separate Cookie Policy should be updated accordingly.

7) Contact forms, email, WhatsApp, and communication

When you contact us through forms, email, phone, WhatsApp, LinkedIn, Facebook, or other channels, we process the information you provide to respond to your inquiry and manage the communication.

 

Please do not send sensitive personal data unless it is necessary for your request.

8) Newsletter and marketing communication

If you subscribe to a newsletter or request marketing communications, we may use your contact details to send
relevant updates about our services, courses, events, or business activities.

 

You may unsubscribe or object to marketing communications at any time by using the unsubscribe link, replying to the message, or contacting us at info@nasaff.com.

9) Job applications and recruitment

If you apply for a job, internship, working student position, freelance role, or cooperation opportunity, we may
process personal data such as:

 

  • name and contact details;
  • CV and cover letter;
  • education and work experience;
  • certificates and references;
  • interview notes;
  • salary or availability information;
  • communication history.

We use this data only for recruitment, evaluation, communication, and legal documentation purposes.

10) Sharing personal data

We may share personal data with trusted third parties where necessary, including:

 

  • hosting providers;
  • IT service providers;
  • email and communication providers;
  • website maintenance providers;
  • analytics providers;
  • payment processors;
  • CRM or support tools;
  • tax advisors, accountants, auditors, lawyers, and consultants;
  • public authorities, courts, or regulators where legally required;
  • affiliated companies, branches, or representatives involved in providing our services.

We only share personal data where necessary and, where required, based on appropriate contractual,
technical, and organisational safeguards.

 

We do not allow service providers to use your personal data for their own unrelated marketing purposes.

11) International data transfers

Because we operate internationally, personal data may be processed in Pakistan, Germany, the European
Union, the United Arab Emirates, or other countries where our service providers or business operations are
located.

 

Where applicable law requires safeguards for international transfers, we take appropriate steps, such as
contractual safeguards, access controls, data minimisation, and security measures.

12) Data retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.
Retention periods may depend on:

 

  • the type of data;
  • the purpose of processing;
  • contractual requirements;
  • tax, accounting, and legal obligations;
  • dispute resolution or legal claims;
  • user requests for deletion or objection.

Typical retention examples:

 

  • contact inquiries: usually up to 3 years after the last communication;
  • customer and contract records: according to applicable tax and commercial retention periods;
  • job applications: usually up to 6 months after completion of the recruitment process, unless longer retention
    is required or consented to;
  • technical logs: usually short-term, unless needed for security investigation;
  • newsletter data: until you unsubscribe or withdraw consent.

13) Data security

We use reasonable technical and organisational measures to protect personal data against unauthorised
access, loss, misuse, alteration, or disclosure.

 

These measures may include:

 

  • access restrictions;
  • secure hosting environments;
  • password protection;
  • encryption where appropriate;
  • backups;
  • malware and spam protection;
  • monitoring of suspicious activity;
  • internal confidentiality obligations.

No website, email system, or internet transmission is completely secure. Therefore, we cannot guarantee
absolute security.

14) Your rights

Depending on applicable law and your location, you may have the right to:

 

  • request access to your personal data;
  • request correction of inaccurate data;
  • request deletion of your data;
  • withdraw consent;
  • object to certain processing;
  • request restriction of processing;
  • request data portability;
  • object to direct marketing;
  • file a complaint with a competent authority, where applicable.

To exercise your rights, contact us at info@nasaff.com.

We may need to verify your identity before responding to your request.

15) Children's privacy

Our website and services are not intended for children under the age of 18.

 

We do not knowingly collect personal data from children under 18. If you believe that a child has provided us
with personal data, please contact us so that we can review and delete the data where appropriate.

16) Links to external websites

Our website may contain links to external websites, platforms, or social media pages.

 

We are not responsible for the privacy practices, content, or security of external websites. Please review the
privacy policies of those third parties before providing personal data.

17) Social media

We may maintain profiles on platforms such as LinkedIn, Facebook, Instagram, YouTube, or other social media
services.

 

If you interact with us through social media, the respective platform may process your personal data according
to its own privacy policy. We do not control how these platforms process your data.

18) Data breaches

If we become aware of a data breach affecting personal data, we will take reasonable steps to investigate, limit
harm, secure our systems, and notify affected individuals or authorities where legally required.

19) Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

 

The updated version will be published on this website with a new “Last updated” date. Continued use of the
website after changes means that you acknowledge the updated Privacy Policy.

20) Contact us

If you have questions, concerns, complaints, or requests regarding this Privacy Policy or our handling of personal data, please contact us:

 

Nasaff GmbH / ITCES – Branch of Nasaff GmbH

A-52, Saima Villas, Super Highway, Karachi, Sindh, Pakistan

 

Email: info@nasaff.com
Phone Pakistan: +92 334 7518021
Phone Germany: +49 160 1269368