Privacy Policy

FortMind, located in Doha, State of Qatar, is the data controller responsible for personal data processed through this website and in connection with our services. For privacy enquiries or to exercise your rights, contact us at privacy@fortmind.qa.

Identity and contact data — name, business email, phone number, organization, job title, and any details you provide in a contact form, course registration, or engagement.

Engagement data — names, business contact details, and roles of the client representatives required to deliver our services, together with information you share with us during a project.

Course and learner data — enrollment records, attendance, assessment results, certificates issued, and similar training-related information.

Recruitment and talent data — where you submit a CV or apply for placement, the information contained in your CV, references you provide, and interview notes.

Payment data — billing details and transaction records (full card data is processed by our payment service providers and is not stored by us).

Technical data — IP address, device and browser information, operating system, referring URL, pages visited, time stamps, and similar information collected automatically through server logs, cookies, and analytics.

Communications — records of correspondence with us by email, phone, web form, or chat, including any feedback or complaints you submit.

We collect personal data directly from you when you contact us, register for a course, engage our services, attend an event, or interact with the website.

We collect technical data automatically through standard server logs, cookies, and analytics tools when you use the website.

We may also receive personal data from our clients (for example, the names of their representatives or learners), references you provide, and publicly available sources where lawful.

Responding to enquiries and proposals, providing requested information, and managing pre-contractual communications — based on your request and our legitimate interest in operating our business.

Delivering services and courses, managing enrollments, issuing certificates, and administering accounts — based on the performance of a contract with you or your organization.

Processing payments, accounting, taxation, and financial-record retention — based on contractual necessity and legal obligation.

Operating, securing, and improving the website and our services, including detection and prevention of fraud, abuse, or unlawful activity — based on our legitimate interests in operating a safe and effective business.

Sending service-related communications and, with your consent or where permitted by law, marketing communications about our services — based on your consent or our legitimate interest in promoting our services to existing clients.

Complying with legal, regulatory, and reporting obligations, and establishing, exercising, or defending legal claims — based on legal obligation and legitimate interests.

We do not sell personal data. We share personal data only as needed to operate our business and in accordance with applicable law, including with: (a) service providers who process data on our behalf under written agreements (for example, hosting, analytics, payment processors, email delivery, customer-support tools, security and bot-protection providers, and professional advisors); (b) clients or partners where you participate in a course or engagement they sponsor, limited to information reasonably required for that purpose; (c) authorities, regulators, courts, or other parties where required by law, to enforce our terms, or to protect rights, property, or safety; and (d) potential or actual acquirers in the context of a merger, acquisition, or sale of assets, subject to appropriate confidentiality obligations.

Some of our service providers process personal data in countries outside the State of Qatar. Where we transfer personal data internationally, we rely on appropriate safeguards required by applicable law, including contractual commitments with the receiving party and recognized provider-level certifications. We take reasonable steps to ensure that personal data is protected to a level comparable with the protections required under the PDPPL.

We retain personal data only for as long as necessary for the purposes set out in this Policy, including to satisfy legal, accounting, tax, regulatory, or reporting requirements, and to establish, exercise, or defend legal claims.

Indicative retention periods: contact-form submissions and prospect enquiries — up to 24 months from last contact unless an engagement begins; engagement records and deliverables — for the duration of the engagement and for the period required by law thereafter (typically up to 10 years for accounting and tax records); course and certification records — for the period necessary to verify completion and re-issue certificates, and to comply with applicable retention obligations; technical and security logs — typically up to 12 months unless a longer period is required for investigation; recruitment data — up to 24 months unless you ask us to keep your CV on file longer.

We apply administrative, technical, and physical safeguards designed to protect personal data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These include access controls, encryption in transit, secure development practices, and vendor due diligence. No method of transmission or storage is perfectly secure; if we become aware of a personal data breach affecting you, we will notify you and the relevant authorities in line with applicable law.

We use cookies and similar technologies on the website. For details, please see our Cookie Policy.

Where we send you marketing communications, we will do so only as permitted by law and you may opt out at any time using the unsubscribe link in the message or by contacting us. Opting out of marketing does not affect service-related communications about engagements you have with us.

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without human involvement.

Subject to applicable law, you have the right to: (a) request access to your personal data and information about how we process it; (b) request correction of inaccurate or incomplete data; (c) request erasure of personal data in certain circumstances; (d) request restriction of, or object to, certain processing; (e) request data portability where applicable; (f) withdraw consent at any time, where processing is based on consent (without affecting the lawfulness of processing carried out before withdrawal); and (g) lodge a complaint with the competent data-protection authority in Qatar (the Compliance and Data Protection Department of the Ministry of Communications and Information Technology).

To exercise any of these rights, contact us at privacy@fortmind.qa. We may need to verify your identity before responding. We will respond within the period required by applicable law (typically within 30 days), and will inform you if we need additional time.

Our services are intended for adult professionals. We do not knowingly collect personal data from children under the age of 16 without parental consent or as otherwise required by law. If you believe a child has provided personal data without appropriate consent, please contact us so we can take appropriate action.

The website may contain links to third-party websites and may embed third-party content. We are not responsible for the privacy practices of those third parties. We encourage you to review their policies before providing personal data to them.

We may update this Policy from time to time. The effective date at the top of this page reflects the latest version. Material changes affecting how we use existing personal data will be communicated separately where required.

For questions about these documents, contact FortMind at info@fortmind.qa, or by post at FortMind, Doha, State of Qatar.