Privacy policy
Overview
We attach great importance to compliance with privacy and cybersecurity regulations, including Algerian Law 18-07 and GDPR-aligned principles where applicable. This policy describes processing where we act as a data controller.
For customer workloads hosted on our infrastructure where we act as a processor, data handling is governed by contractual terms and service-specific data processing commitments.
Scope
This policy governs processing related to:
- Customer account creation, lifecycle management, and authentication.
- Ordering, provisioning, billing, renewals, and payment operations.
- Support channels, ticketing, communication history, and customer relations.
- Use of websites, dashboards, APIs, and connected product interfaces.
- Compliance procedures, legal obligations, and service security operations.
What data is processed?
Depending on the service and legal context, we may process these categories:
- Identity data: name, company data, account identifiers, proof of identity where required.
- Billing data: invoices, payment references, tax and accounting-related information.
- Consumption data: service usage history, infrastructure events, operational statistics.
- Communication data: emails, support tickets, call/chat history, complaints and requests.
- Connection data: IP, device/browser metadata, location signals, access and event logs.
What data do we share?
We do not sell personal data. We share data only when required for service execution, legal compliance, and infrastructure protection.
- With approved partners and sub-processors needed to deliver contracted services.
- In case of lawful administrative or judicial requests, according to applicable law.
- With security-related partners to prevent abuse, fraud, and service disruption.
- During corporate restructuring or business transfer with continuity safeguards.
How we use your data?
Contracts management and customer relations
We process data to manage customer contracts, account operations, support services, and payment workflows.
| Purposes | Categories of Data | Legal Basis | Retention | Categories of Recipients |
|---|---|---|---|---|
| Management of contracts and customer relations (accounts, support, payment means) |
Identity data Billing data Consumption data Communication data Connection data |
Execution of the contract | Duration of the contractual relationship plus an archiving period to meet legal obligations and defend legitimate interests. |
MAHLIATOV services Entitled partners for support and payment management Authorized third parties |
| Management of contracts with partners (service providers and suppliers) |
Identity data Commercial relationship monitoring data (activity reports and communications) |
Execution of the contract | Duration of the contractual relationship |
MAHLIATOV services Entitled partner for suppliers management Authorized third parties |
*Means any public authority or administration authorized by legal text to receive personal data.
Sales and marketing
We may process data for communication campaigns, events, service feedback, and product quality analysis. Processing may rely on legitimate interest or consent depending on context.
| Purposes | Categories of Data | Legal Basis | Retention | Categories of Recipients |
|---|---|---|---|---|
| Commercial prospecting and communication campaigns related to products and services |
Identity data Billing data Consumption data Communication data Connection data |
Legitimate interest Consent |
Duration of contractual relationship Account deletion request Prospects: deletion after 3 years of inactivity from last contact |
Sales and marketing teams Entitled partners for campaign and relation management Authorized third parties |
| Organization of events to promote services |
Identity data Communication data Connection data Professional background data of speakers |
Legitimate interest Consent |
Duration of contractual relationship Account deletion request Prospects: deletion after 3 years of inactivity from last contact |
Sales and marketing teams Entitled partners for events management Service team concerned by event Authorized third parties |
| Management of third-party cookies from our websites (learn more) | Connection data | Consent | Cookies are stored between 3 months and 1 year depending on cookie type. |
Sales and marketing teams Entitled partners for cookie management Authorized third parties |
| Carrying out satisfaction/quality surveys and training of teams |
Identity data Billing data Consumption data Communication data Connection data Audio or video recording |
Legitimate interest Consent |
1 year and anonymization |
Sales and marketing teams Entitled partners for marketing analysis Authorized third parties |
| Produce usage statistics | Connection data | Legitimate interest |
Cookies: between 3 months and 1 year Service usage data kept during contractual period or anonymized |
Sales and marketing teams Entitled partners for quality analysis Authorized third parties |
Recruitment
We also process personal data of candidates as part of recruitment and pre-contractual procedures.
| Purposes | Categories of Data | Legal Basis | Retention | Categories of Recipients |
|---|---|---|---|---|
| Recruitment |
Identity data Communication data Professional data (CV, salary expectations, contract details) |
Execution of contract or pre-contractual measures |
If application is not accepted: max 2 years. If accepted: kept for contract duration plus legal archiving period. |
Human resources services Manager and team concerned HR partners Authorized third parties |
Legal obligations
We process some data to meet legal obligations, including security, accounting, tax, and data protection requests.
| Purposes | Categories of Data | Legal Basis | Retention | Categories of Recipients |
|---|---|---|---|---|
| Guarantee security of customers as provider of electronic communication services, including fraud and identity theft prevention. |
Customer account data Photographs and visual/audio recordings Biometric data collected from image, video, or audio where a service requires it |
Legal obligation |
Contractual duration plus legal archiving period. KYC verification data kept only for strict verification need then archived/deleted as required. |
Entitled services Entitled partners for security/KYC checks Authorized third parties (auditors, etc.) |
| Abuse management (cybercrime, copyright violations, illegal content, spamming, malware distribution); related controls can include automated detection. |
Identity data User account information |
Legal obligation | 10 years from closure of concerned ticket |
Entitled services Entitled partners for ticketing/support management Authorized third parties |
| Responses to data protection requests and complaints |
Identity data (including proof of identity) User account information Data related to complaint |
Legal obligation |
5 years from ticket closing Identity card verification: 1 month |
Entitled services Entitled partner for subject request management Authorized third parties |
| Data breach management |
Identity data User account information linked to breach Data related to incident |
Legal obligation | 5 years from closure of incident |
Entitled services Competent authorities |
| Accounting obligations | Billing data | Legal obligation | 10 years from end of contract |
Entitled services Entitled partners for invoicing/payment management Competent authorities |
Legitimate interest
We may process data based on legitimate interest for service security, debt management, fraud prevention, and team training.
| Purposes | Categories of Data | Legal Basis | Retention | Categories of Recipients |
|---|---|---|---|---|
| Guarantee the security of services we offer | Identity data User account information |
Legitimate interest | 5 years from end of contract | IT security service Competent administrative authority |
| Debt collection | Identity data User account information |
Legitimate interest | 5 years from payment incident | Legal and accounting services Entitled debt collection partner |
| Fraud detection and prevention | Bank details Identity data User account information |
Legitimate interest |
5 years maximum from suspicion of incident ID card verification: 1 month |
Entitled service Entitled partner for support/ticketing |
| Anti-spam policy | Email addresses Spam content |
Legitimate interest | Reporter data deleted immediately after reporting | Service provider concerned |
| Litigation management | Identity data Data needed for evidence establishment |
Legitimate interest | Kept until legal remedies expire and archived for 10 years | Legal department Entitled legal partner |
| Ensure training of our teams | Identity data User account information |
Legitimate interest | Kept during contractual period | Entitled service |
Sub-processing
As data controller, we use processors for the following purposes:
- Customer relationship management and support operations.
- Emailing campaigns, surveys, and communications workflow.
- Partnership management with cloud and infrastructure providers.
- Accounting, legal, and data protection compliance obligations.
- Marketing and website analytics operations.
- Payment services and invoice processing.
- Consulting and audit firms.
- Security and identity control operations.
We select processors through strict security and compliance control procedures and require technical and organizational safeguards proportionate to personal data risks.
Transfer of data outside the EU / Algeria
We strive to minimize international data transfers and only perform them where legally justified. Where relevant, transfer mechanisms are governed by contractual clauses and data protection safeguards.
Transfers outside the primary processing jurisdiction are subject to strict validation of legal, contractual, and security controls before execution.
Requests from authorities
We may receive requests from competent judicial or administrative authorities to disclose customer data. When legally permitted, we may notify affected customers in advance to allow the exercise of rights.
We cannot oppose legally valid requests that comply with applicable local or international regulations.
Children
Our services are not intended for children. Any minor accessing services must be under supervision and legal responsibility of a parent or guardian.
Link to our partners
Our websites may contain links to partner platforms. Those websites maintain their own privacy policies, and we are not responsible for external privacy practices outside our controlled services.
Data security
We implement technical and organizational security measures to maintain confidentiality, integrity, availability, and resilience of systems and services.
Security controls include, without limitation:
- Information systems security policy and governance controls.
- Physical protection and access controls in data center environments.
- Secure authentication and role-based access controls.
- Logging, SIEM monitoring, and incident response workflows.
- Secure backup, recovery, and continuity measures.
- Anonymization where personal data is no longer required for a specific purpose.
If you identified a vulnerability or security concern, contact security@mahliatov.com.
Data subjects rights and contact
You may exercise rights available under applicable privacy laws, including:
- Right to be informed about how and why your data is processed.
- Right of access and copy of personal data we process.
- Right to rectify incorrect, incomplete, or outdated information.
- Right to object or request restriction of processing in eligible cases.
- Right to withdraw consent where processing is based on consent.
- Right to erasure where data is no longer necessary and no legal hold applies.
- Right to data portability where applicable.
For privacy requests: privacy@mahliatov.com
Policy update
This policy may be updated to reflect legal, operational, and service changes. Any update becomes effective from the publication date.
Last update: May 12, 2026