Logo

Privacy Policy

Introduction and scope

Jaffer Business Systems is a technology consulting and system integration company providing enterprise solutions across Pakistan, the United States, the Kingdom of Saudi Arabia (KSA), and other international markets.

This Privacy Policy explains how we collect, use, disclose, transfer, store, and protect personal and business-related information in connection with:

  • Visitors to our website
  • Clients and prospective clients
  • Business partners and vendors
  • Event participants
  • Users of AI systems and digital platforms

This policy is designed to align with:

  • Pakistan's Prevention of Electronic Crimes Act (PECA) and draft Personal Data Protection principles
  • United States privacy frameworks including CCPA/CPRA principles
  • Saudi Arabia's Personal Data Protection Law (PDPL)
  • GDPR-aligned global data protection standards
  • Enterprise security practices consistent with ISO 27001 principles

Information we collect

We collect information necessary to operate as a global enterprise technology services provider.

Personal and business contact information

  • Name
  • Business email address
  • Job title
  • Organization name
  • Phone number
  • Professional credentials

Technical and usage information

  • IP address
  • Device identifiers
  • Browser type
  • Operating system
  • Website usage data
  • Log files
  • Cookie identifiers

Service and project data

In the course of delivering enterprise services, we may process:

  • Business operational data
  • Enterprise system data
  • Cloud-hosted information
  • ERP-related datasets
  • Analytics outputs
  • Infrastructure performance logs

Where JBS acts as a data processor on behalf of clients, data processing is governed by contractual agreements.

AI interaction data

For AI-enabled solutions or platforms, we may process:

  • User inputs
  • Model outputs
  • System interaction logs
  • Performance analytics

AI data handling is subject to data minimization and governance controls.

Marketing and communication data

  • Event registrations
  • Webinar participation
  • Newsletter subscriptions
  • Communication preferences

How we use information

We use collected information for legitimate business and operational purposes, including:

  • Delivering contracted services
  • System integration and implementation
  • Technical support and managed services
  • Infrastructure monitoring
  • Cybersecurity threat detection
  • AI model optimization and performance improvement
  • Customer relationship management
  • Marketing communications, subject to consent where required
  • Legal and regulatory compliance
  • Risk management and audit functions

We do not sell personal information.

Data governance framework

JBS maintains a structured enterprise data governance framework designed to ensure responsible data handling across all jurisdictions.

Data classification and handling

We classify data based on sensitivity, such as public, internal, confidential, and restricted, and apply corresponding protection controls.

Data minimization

We collect and process only data necessary for defined business purposes.

Access controls

Role-based access controls (RBAC)

  • Least-privilege access principles
  • Multi-factor authentication where applicable
  • Periodic access reviews

Data lifecycle management

We manage data across its lifecycle:

  • Collection
  • Storage
  • Use
  • Archival
  • Deletion or anonymization