Our Privacy Policy

Last Updated:

06 May, 2026

1. Introduction


Hashmu Cybersecurity Consulting LLC ("Hashmu", "we", "us", or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy describes how we collect, use, store, disclose, and protect personal data in connection with our cybersecurity consulting, training, incident response, and related professional services.

This Policy applies to: personal data of our clients' authorised representatives and contacts; personal data collected through our website at www.hashmu.com; personal data processed in the course of delivering our services; and personal data of prospective clients, training participants, and other individuals who interact with us.

This Policy is issued in compliance with Qatar's Personal Data Privacy Protection Law (Law No. 13 of 2016) and the Qatar Financial Centre (QFC) regulatory framework. Where we process data of individuals in the European Economic Area, GDPR principles also apply.

For questions, contact us at: privacy@hashmu.com


2. Who We Are


Data Controller: Hashmu Cybersecurity Consulting LLC
Address: QFC Tower 1, Floor 9, Office No. 4, West Bay, Doha, Qatar
Email: info@hashmu.com
Website: www.hashmu.com


3. What Data We Collect


We may collect the following categories of personal data:

Identity Data: full name, job title, employer, professional credentials.

Contact Data: business email, phone number, office address.

Engagement Data: information provided in connection with a service engagement, including scope documents and business correspondence.

Training Data: registration details, attendance records, assessment results, and certification information.

Financial Data: invoice and payment information, billing address.

Communications Data: records of email correspondence and meeting notes.

Website Technical Data: IP address, browser type, operating system, referring URLs, and pages visited — collected automatically when you visit our website.

Engagement System Data: during cybersecurity engagements, we may access network logs, endpoint telemetry, user account information, and security event data strictly as necessary to perform the agreed services. This data is never used for any other purpose.


4. How We Use Your Data


We use personal data to:

  • Deliver our cybersecurity consulting, training, and related services.

  • Communicate with you about your engagement and respond to enquiries.

  • Process invoices and manage financial records.

  • Administer training programmes and issue certificates.

  • Conduct client due diligence in accordance with QFC requirements.

  • Maintain and improve our website.

  • Send business development communications where permitted by law or with your consent.

  • Comply with our legal and regulatory obligations.

  • Protect our legal rights and enforce our Terms and Conditions.


5. Legal Basis for Processing


We process personal data on the following legal bases:

  • Contractual Necessity — to deliver services and manage client relationships.

  • Legitimate Interests — to operate our business, improve our services, and protect our systems.

  • Legal Obligation — to comply with QFC regulations, Qatari law, and applicable legal requirements.

  • Consent — for certain marketing communications and non-essential cookies, where we will obtain your consent prior to processing.


6. Who We Share Your Data With


We do not sell, rent, or trade your personal data.

We may share data with:

  • IT and cloud service providers who support our operations, bound by confidentiality obligations.

  • Legal, financial, and regulatory advisors where necessary.

  • QFC regulatory bodies, law enforcement, or courts where required by law.

  • An acquiring entity in the event of a business merger or sale, subject to equivalent protections.


7. International Transfers


Hashmu is based in Qatar and primarily processes data within Qatar. Where we engage service providers outside Qatar, we ensure personal data is protected to a standard equivalent to Qatari law. For individuals in the EEA, we rely on appropriate transfer mechanisms including Standard Contractual Clauses where applicable.


8. How Long We Keep Your Data


Client engagement records: 7 years from conclusion of engagement. Financial and invoicing records: 7 years. Training records and certifications: 5 years. Website visitor data: 12 months. Marketing and contact data: 3 years from last interaction, or until withdrawal of consent.

Data is securely deleted or anonymised upon expiry of the applicable retention period.


9. How We Protect Your Data


As a cybersecurity firm, data security is central to everything we do. Our measures include:

  • Encryption of data at rest and in transit.

  • Role-based access controls on a need-to-know basis.

  • Multi-factor authentication on all systems processing personal data.

  • Regular security assessments of our own infrastructure.

  • Incident response procedures with breach notification protocols.

  • Confidentiality obligations for all staff and contractors.


10. Cookies


Our website uses cookies to improve user experience and analyse traffic.

Strictly Necessary Cookies: essential for the site to function. Cannot be disabled. Analytics Cookies: help us understand how visitors use our site. Used only with your consent. Preference Cookies: remember your settings. Used only with your consent.

You may manage cookies through your browser settings or our cookie consent tool. Disabling certain cookies may affect website functionality.


11. Your Rights


You have the following rights regarding your personal data:

  • Right of Access — request a copy of the data we hold about you.

  • Right to Rectification — request correction of inaccurate or incomplete data.

  • Right to Erasure — request deletion of your data where we no longer have a lawful basis to hold it.

  • Right to Restriction — request that we limit processing of your data in certain circumstances.

  • Right to Object — object to processing based on legitimate interests or for direct marketing.

  • Right to Data Portability — request your data in a structured, machine-readable format where applicable.

  • Right to Withdraw Consent — withdraw consent at any time without affecting prior processing.

To exercise any right, contact us at privacy@hashmu.com. We will respond within 30 days. Identity verification may be required.

You may also lodge a complaint with the relevant supervisory authority: in Qatar, the Ministry of Transport and Communications (MOTC) or the QFC Regulatory Authority.


12. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have done so inadvertently, contact us immediately.


13. Third-Party Links

Our website may contain links to third-party sites. This Policy does not apply to those sites. We encourage you to review their privacy policies independently.


14. Changes to This Policy

We may update this Policy periodically. The revised version will be posted on our website with an updated effective date. For material changes, we will provide notice by email or website announcement where appropriate.


15. Contact

For any privacy-related questions or requests:

Hashmu Cybersecurity Consulting and Training LLC
Email: privacy@hashmu.com
Office Address: QFC Tower 1, Floor 9, Office No. 4, West Bay, Doha, Qatar
Website: www.hashmu.com


© 2026 Hashmu Cybersecurity Consulting LLC. All rights reserved.