Privacy Policy

Last Updated: March 2026

1. Information We Collect

Atlas Innovative Systems ("AIS", "we", "us") collects personal data only when it is necessary and proportionate to the purposes for which it is processed. We adhere to data minimization principles across all our operations.

The categories of information we may collect include:

• Identity Data: Full name, nationality, date of birth, and government-issued identification numbers when required for border management system operations.
• Contact Data: Email address, phone number, mailing address, and professional title provided through our website, demo requests, or contractual engagements.
• Biometric Data: Facial imagery, fingerprints, and iris scans processed exclusively within our ABIS platform under the legal authority of government clients.
• Technical Data: IP address, browser type, device information, and usage patterns collected automatically when you interact with our website.
• Travel Data: Advance Passenger Information (API) and Passenger Name Records (PNR) processed on behalf of and under the authority of government agencies.
• Communication Data: Correspondence records when you contact us, submit inquiries, or subscribe to our newsletter.

2. How We Use Your Information

We process personal data for the following purposes, each supported by an appropriate legal basis:

• Service Delivery: Operating border management, identity verification, and security platforms on behalf of government clients under contractual and legal obligations.
• Business Communications: Responding to inquiries, processing demo requests, and managing client relationships based on legitimate interest or consent.
• Security & Compliance: Protecting our systems, detecting threats, and fulfilling regulatory obligations under applicable law.
• Website Improvement: Analyzing usage patterns to enhance user experience, based on legitimate interest with anonymized or aggregated data where possible.
• Newsletter & Updates: Sending industry insights and company updates only with your explicit consent, which may be withdrawn at any time.

3. Data Sharing & Third Parties

AIS does not sell, rent, or trade personal data. We share data only in the following limited circumstances:

• Government Clients: Data processed within border management platforms is shared with the relevant government authority that holds legal jurisdiction and acts as the data controller.
• Technology Partners: Trusted partners (e.g., Thales, Equinix) may process data as sub-processors under strict Data Processing Agreements that meet GDPR Article 28 requirements.
• Legal Obligations: We may disclose data when required by law, court order, or regulatory authority in the jurisdictions where we operate.
• Professional Advisors: Legal, audit, and compliance advisors who are bound by professional confidentiality obligations.

All third-party processors are contractually required to implement appropriate technical and organizational security measures and to process data only for specified purposes.

4. Data Security

We implement industry-leading security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our security framework includes:

• TLS 1.3 encryption for all data in transit and AES-256 encryption for data at rest.
• SOC 2 Type II certified infrastructure and ISO 27001 certified information security management systems.
• Role-based access controls with multi-factor authentication for all platform access.
• Regular penetration testing, vulnerability assessments, and third-party security audits.
• 24/7 Security Operations Center (SOC) monitoring with automated threat detection and incident response.
• Dedicated data centers with physical security controls, biometric access, and redundant power systems.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law. Our retention practices include:

• Website & Marketing Data: Contact form submissions and newsletter subscriptions are retained until you request deletion or unsubscribe.
• Client Engagement Data: Business correspondence and contractual records are retained for the duration of the engagement plus the applicable statutory limitation period (typically 6 years).
• Border Management Data: Retention periods for traveler data processed on behalf of government clients are determined by the relevant national legislation and government data controller policies.
• Technical Logs: Server and access logs are retained for a maximum of 12 months for security monitoring purposes before being anonymized or deleted.

6. Your Rights (GDPR / PDPL)

Depending on your jurisdiction, you may have the following rights regarding your personal data. AIS is committed to honoring these rights under both the EU General Data Protection Regulation (GDPR) and the UAE Personal Data Protection Law (PDPL):

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to Restrict Processing: Request limitation of processing in certain circumstances, such as when you contest data accuracy.
• Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller.
• Right to Object: Object to processing based on legitimate interests, including profiling and direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Data Protection Officer using the details provided in Section 8 below. We will respond to all legitimate requests within 30 days.

For data processed within government border management systems, data subject rights requests should be directed to the relevant government authority acting as data controller, as AIS acts as a data processor in these contexts.

7. Cookies & Tracking

Our website uses cookies and similar technologies to enhance your browsing experience and analyze site performance. The types of cookies we use include:

• Essential Cookies: Required for the website to function correctly, including session management and security features. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymized usage data. We use these to improve site performance and content relevance.
• Functional Cookies: Remember your preferences, such as language settings and form data, to provide a personalized experience.

We do not use advertising or behavioral tracking cookies. You may control cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

8. Contact Our DPO

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is processed, please contact our Data Protection Officer:

• Data Protection Officer — Atlas Innovative Systems
• Addis Ababa, Ethiopia
• Email: dpo@atlasinnovativesystems.com

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority, including the UAE Data Office or the data protection authority in your country of residence.