Privacy Policy

This Privacy Policy explains how ESB Group(“we”, “us”, or “ESB Group”) collects, uses, and protects personal data when you visit www.esb.groupand any of our subdomains (together, the “Site”). We are committed to handling your data lawfully, transparently, and only for the purposes described here.

1. Who we are

The data controller is ESB Group, Khanzad, Bldg. 206/5/30, Erbil 44001, Kurdistan Region, Iraq. You can contact us at info@esb.group or on +964 750 426 5555.

2. What data we collect

We only collect personal data that you provide directly, or that is strictly necessary to operate the Site.

• Contact form submissions. When you use our contact form we receive the name, email address, organisation (optional), phone number (optional), and the message content you submit.
• Email correspondence. If you email us directly, we receive your email address and the content of your message.
• Technical and usage data. Our hosting provider and analytics services receive a limited set of technical information automatically, such as IP address, browser type, device type, referring URL, and pages visited. We do not use this data to identify individual visitors.

3. How we use your data

• To respond to enquiries submitted through the contact form or by email.
• To operate, secure, and improve the Site and its content.
• To measure aggregate traffic and performance, so we can understand which pages are useful and where the Site should be improved.
• To comply with legal obligations, including record-keeping and responses to lawful requests from competent authorities.

We do not sell your personal data. We do not use it for advertising profiling, and we do not share it with third parties for their own marketing.

4. Legal basis for processing

Where the EU General Data Protection Regulation (GDPR) or the UK GDPR applies, we rely on the following legal bases:

• Consent, for any non-essential processing you agree to.
• Legitimate interests, for operating and securing the Site, measuring aggregate usage with privacy-preserving analytics, and responding to enquiries you send us.
• Legal obligation, where we are required to retain or disclose data under applicable law.

5. Third-party processors

We use a small number of carefully selected service providers to operate the Site. Each acts as a processor under our instructions:

• Vercel Inc.: hosting, content delivery, privacy-friendly analytics (Vercel Analytics) and performance measurement (Speed Insights). Vercel Analytics and Speed Insights do not use cookies and do not track visitors across other sites. See Vercel's privacy policy.
• Resend (Resend, Inc.): transactional email delivery for contact form submissions. Resend only processes the message data needed to deliver the email. See Resend's privacy policy.
• Meta Platforms, Inc.: we fetch our own public Instagram posts via Meta's Graph API to display a news feed. No personal data of visitors is sent to Meta in the course of this fetch. See Meta's privacy policy.
• Microsoft (Outlook / Microsoft 365): our corporate email system, used when we reply to messages you send us.

6. Cookies and similar technologies

The Site does not use advertising or tracking cookies. We use only strictly necessary technologies to operate the Site.

• Strictly necessary. Minimal browser storage used to remember your accessibility or navigation preferences within a single session. These do not track you across sites.
• Analytics. Vercel Analytics and Speed Insights are cookieless. They use anonymised, hashed, daily-rotating visitor identifiers that cannot be used to re-identify you.

Because we do not deploy tracking cookies or third-party advertising technologies, we do not display a cookie-consent banner. You can review and clear your browser storage at any time via your browser settings.

7. How long we keep your data

• Contact form submissions are retained for as long as needed to resolve your enquiry and for a reasonable period afterwards for record-keeping, typically no longer than 24 months, unless a longer period is required by law.
• Email correspondence follows our internal email retention policy.
• Aggregate analytics are retained in anonymised form by our analytics providers according to their standard retention windows.

8. Security

We apply technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. This includes encrypted connections (TLS) for all traffic to the Site, limited internal access to contact form submissions, and vetted service providers. No online transmission or storage is ever 100% secure, and we do not guarantee absolute security.

9. International transfers

Our service providers may process data outside of Iraq, including in the European Union, the United Kingdom, and the United States. Where required, they rely on appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.

10. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Request that we correct inaccurate data.
• Request that we delete your data, where we are not required to keep it by law.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a competent data protection authority.

To exercise any of these rights, please contact info@esb.group. We will respond within a reasonable time and, where required, within the timescales set by applicable law.

11. Children

The Site is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page always reflects the current version. Material changes will be highlighted on the Site.

13. Contact us

If you have questions about this Privacy Policy or how we handle your data, please contact us at info@esb.group or via our contact page.