Skip to main content
Legal

Privacy
Policy

We respect your privacy. This policy explains exactly what information we collect on this website, why we collect it, and how you can control it.

Last updated: April 1, 2026 | Bolingbrook, IL · United States | Terms of Service →

No Accounts. No Tracking.

We operate a brochure website only. No user accounts, no login, no persistent profiling.

We Never Sell Your Data

Your personal information is never sold, rented, or traded to any third party for commercial gain.

Minimal Data Collection

We collect only what you voluntarily submit via our contact form, plus standard server logs.

Your Rights Respected

Access, correct, or delete your data at any time. We honour GDPR, CCPA, and Illinois PIPA rights.

Plain-Language Summary

This is a brochure website with no user accounts or login system. The only personal data we ever receive is what you voluntarily type into our contact form. We use that data solely to reply to you. We do not track you across the web, and we do not sell your information. Full legal detail is set out section-by-section below.

1

About This Policy

This Privacy Policy ("Policy") describes how Al Rafay Consulting LLC ("ARC," "we," "us," or "our") collects, uses, stores, and discloses personal information obtained through the corporate website located at alrafayglobal.com (the "Site").

This Policy applies exclusively to personal data processed in connection with the Site. It does not govern data processing that occurs within a separately contracted client engagement — that is addressed in the applicable Master Service Agreement, Statement of Work, and where required, a Data Processing Agreement executed between ARC and the client.

By accessing or using the Site, you acknowledge that you have read and understood this Policy. If you do not agree to this Policy, please discontinue use of the Site immediately.

2

Data Controller

Al Rafay Consulting LLC is the data controller responsible for personal data collected through this Site. Our legal details are:

🇺🇸 United States (HQ)

Al Rafay Consulting LLC

440 W Boughton Rd, Suite 206

Bolingbrook, IL 60440, USA

contact@alrafayconsulting.com

🇵🇰 Pakistan

Al Rafay Consulting

Suite #705, 7th Floor, Emarah Suites

Shahrah-e-Faisal Road, Block A

Karachi 75350, Pakistan

+92 213 338 9328
3

Information We Collect

Because this Site has no registration or account system, the volume and type of personal data ARC processes is intentionally minimal. The two categories are:

A — Voluntarily Submitted Data

When you complete the contact / enquiry form on this Site, you voluntarily provide one or more of the following:

Full name
Business email address
Company or organisation name
Phone number (optional)
Job title (optional)
Project description / message

This data is used solely to respond to your enquiry. We do not add you to any marketing database without your express consent.

B — Automatically Collected Technical Data

When you visit the Site, our hosting infrastructure and analytics software automatically captures:

IP address (anonymised where possible)
Browser type and version
Operating system
Referring URL
Pages visited and time on page
Date and time of visit

This data is processed in aggregate form to understand how visitors use the Site. It is not used to build individual profiles and is not linked to your identity unless you have also submitted the contact form.

We do not collect: payment card data, social security or national ID numbers, health information, biometric data, or any special-category personal data as defined under GDPR Article 9.

4

How We Use Your Information

ARC processes personal data collected through this Site strictly for the following specific, explicit, and legitimate purposes:

Responding to Enquiries

When you submit the contact form, we use your name, email address, and message to prepare and send you a relevant response. We do not use this information for any other purpose without your consent.

Improving Site Performance

Aggregated, anonymised technical data (e.g., page traffic, browser distribution) is used to identify usability issues and optimise the Site's content and performance.

Legal and Compliance Obligations

We may process personal data where required to comply with applicable law, regulation, court order, or where necessary to establish, exercise, or defend legal claims.

Fraud and Security

Technical data such as server logs and IP address information may be used to detect, prevent, and investigate suspected fraud, security incidents, or violations of our Terms of Service.

ARC does not use personal data collected through this Site for automated decision-making or profiling that produces legal or similarly significant effects.

6

Sharing & Disclosure

We do not sell, rent, or trade your personal information. ARC may share data only in the limited circumstances described below:

Service Providers (Data Processors)

We engage a small number of trusted third-party technology vendors to operate this Site — including web hosting (Vercel), email delivery (for contact form routing), and website analytics providers. These vendors act strictly as data processors under written agreements, may only process personal data on ARC's documented instructions, and may not use it for their own purposes.

Legal Requirements

ARC may disclose personal data if required to do so by applicable law, regulation, legal process, or enforceable governmental request (e.g., a court order or subpoena). Where permitted, we will attempt to notify you before making such a disclosure.

Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of ARC's assets, personal data held by ARC may be transferred as part of that transaction. We will provide prior notice of any such transfer and of any resulting changes to this Policy.

Protection of Rights

ARC may disclose personal data where we believe in good faith that such disclosure is necessary to investigate, prevent, or respond to suspected illegal activity, fraud, or threats to the safety of any person or property.

7

Data Retention

ARC retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our specific retention periods are:

Data Category Retention Period
Contact form submissions (enquiry not converted) 12 months from date of submission, then securely deleted
Contact form submissions (where Engagement commenced) Duration of the Engagement plus 7 years, in accordance with Illinois record-keeping obligations
Anonymised analytics data 26 months (standard analytics rolling window), then automatically purged
Server / access logs 90 days, then automatically overwritten

At the end of each applicable retention period, personal data is securely deleted or irreversibly anonymised. You may also request earlier deletion — see Section 10 (Your Privacy Rights).

8

Cookies & Tracking Technologies

The Site uses cookies — small text files stored on your device — and similar tracking technologies to enable core functionality and to understand how Visitors use the Site. We use three categories of cookies:

Strictly Necessary Cookies Required

Essential for the Site to function correctly (e.g., security tokens, form session state). These cookies cannot be disabled without breaking core Site functionality.

Examples: Session security token · Form CSRF protection

Analytics Cookies Optional — Can Opt Out

Help us understand how Visitors interact with the Site in aggregate (e.g., most-visited pages, referral sources). All data is anonymised; no cross-site tracking occurs.

Examples: Page view counters · Referral source tracking · Browser/device type

Preference Cookies Optional — Can Opt Out

Remember choices you make to improve your experience on return visits (e.g., language preference or region). No personal information is transmitted to third parties.

Examples: Language / region settings

Managing Cookies

You can control and delete cookies through your browser settings. Instructions for the most common browsers: Chrome · Firefox · Safari · Edge. Note that disabling cookies may affect certain Site features.

9

Security Measures

ARC implements appropriate technical and organisational security measures to protect personal data against accidental loss, unauthorised access, alteration, disclosure, or destruction. Measures in place for this Site include:

TLS Encryption

All data transmitted between your browser and the Site is encrypted via TLS 1.2 / 1.3 (HTTPS).

Verified Hosting

The Site is hosted on Vercel's enterprise-grade infrastructure with SOC 2 Type II certification.

Access Controls

Access to systems holding personal data is restricted to authorised ARC personnel on a need-to-know basis.

No Plain-Text Storage

Contact form submissions are routed via encrypted channels and are never stored in plaintext server logs.

Regular Security Reviews

Our security posture is reviewed periodically against recognised frameworks including NIST and Microsoft Secure Score.

Incident Response

ARC maintains a data breach response procedure. In the event of a breach affecting your data, we will notify you and applicable regulators as required by law.

No method of data transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. In the event of a compromise, ARC will take prompt remedial action and fulfil applicable legal notification obligations.

10

Your Privacy Rights

Depending on your location, you may have certain rights regarding the personal data ARC holds about you. ARC respects and honours all of the following rights:

Right of Access

Request a copy of all personal data ARC holds about you, along with information about how it is processed.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data where ARC no longer has a lawful basis to retain it.

Right to Restrict Processing

Request that ARC limits how it uses your personal data while a dispute is resolved or you object to processing.

Right to Data Portability

Receive a structured, machine-readable copy of personal data you provided to ARC, to transfer to another controller (GDPR / UK GDPR).

Right to Object

Object to processing based on legitimate interests (including for analytics). ARC will cease unless we demonstrate compelling legitimate grounds.

CCPA Rights (California Residents)

California residents have the right to know, delete, opt-out of sale (ARC does not sell data), and non-discrimination under the CCPA / CPRA.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights

Submit your request by email to contact@alrafayconsulting.com with the subject line "Privacy Rights Request." We will acknowledge your request within 5 business days and respond substantively within 30 calendar days (or 45 days where permitted by law). We do not charge a fee for reasonable requests.

11

International Data Transfers

ARC is headquartered in the United States and operates a delivery office in Karachi, Pakistan. Personal data submitted through the Site may be accessed and processed by ARC staff in either location.

Where personal data originating from the European Economic Area (EEA) or United Kingdom is transferred to the United States or Pakistan, ARC relies on appropriate transfer safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable
  • Adequacy decisions issued by the European Commission or UK ICO, where available
  • Binding internal data handling policies for intra-group transfers

By submitting your personal data through the contact form, you acknowledge that it may be processed in the United States, where data protection laws may differ from those in your country of residence.

12

Children's Privacy

This Site is directed exclusively to business professionals and corporate organisations. ARC does not knowingly collect, solicit, or process personal data from individuals under the age of 16. If you are a parent or guardian and believe that a child has submitted personal data to ARC through this Site, please contact us immediately at contact@alrafayconsulting.com and we will promptly delete such data.

13

Third-Party Links

The Site may contain links to third-party websites, including Microsoft, partner organisations, and other external resources. ARC has no control over and accepts no responsibility for the privacy practices or content of any linked third-party website. This Policy applies solely to data processed through alrafayglobal.com.

We encourage you to read the privacy policy of every website you visit. The presence of a hyperlink on this Site does not imply any endorsement or partnership with the linked site.

14

Changes to This Policy

ARC reserves the right to update this Policy at any time to reflect changes in our practices, applicable law, or operational requirements. When we do, we will revise the "Last updated" date at the top of this page. For material changes — such as changes to data sharing practices or the introduction of new processing activities — we will post a prominent notice on the Site for at least 30 days prior to the change taking effect.

We encourage you to review this Policy periodically. Your continued use of the Site after any updated Policy has been posted constitutes your acceptance of the revised Policy.

15

Contact & Complaints

For any questions, concerns, or requests relating to this Policy or the exercise of your privacy rights, please contact us at:

🇺🇸 United States (HQ)

Al Rafay Consulting LLC

440 W Boughton Rd, Suite 206

Bolingbrook, IL 60440

+1 630 946 7863 contact@alrafayconsulting.com

🇵🇰 Pakistan

Al Rafay Consulting

Suite #705, 7th Floor, Emarah Suites

Shahrah-e-Faisal Road, Block A

Karachi 75350

+92 213 338 9328

Supervisory Authority Complaints

If you are located in the EEA or UK and believe that ARC has not adequately addressed your privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In the US, Illinois residents may also contact the Illinois Attorney General's office.

Related Legal Documents

Terms of Service Submit Privacy Request About ARC
Let's Build Something Great

Questions About Your Privacy?

We're committed to full transparency. Email us anytime to exercise your data rights or get plain-language answers about how we handle your information.

Contact Us Read Terms of Service
No obligation Response within 24 hours Inc. 5000 #749