Privacy Policy

BARQ is the data controller responsible for your personal data. We are a specialist IT staffing, consulting, and training company operating in the GCC region and internationally.

For enterprise and partner organisations requiring a formal Data Processing Agreement (DPA) — including those aligned with GDPR Article 28, EU Standard Contractual Clauses (SCCs), or UK GDPR requirements — please contact privacy@barq.com. We are prepared to execute DPAs with all clients and partners who require them.

We process your personal data on the following legal bases under GDPR Article 6:

• Contractual necessity (Art. 6(1)(b)): processing required to provide our services, manage your profile, and match you to relevant opportunities.
• Legitimate interests (Art. 6(1)(f)): operating and improving our platform, fraud prevention, and network security — where our interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): optional analytics cookies and marketing communications, where separately obtained and freely given.
• Legal obligation (Art. 6(1)(c)): where we are required to retain or disclose data by applicable law or regulatory obligation.

• Identity data: full name, email address, password (hashed and salted — never stored in plain text).
• Professional data: role, field, industry, years of experience, education level, skills, certifications, languages, CV/résumé, LinkedIn and portfolio URLs.
• Contact data: phone number, location, country, timezone.
• Preference data: availability, contract type preferences, desired roles.
• Usage data: pages visited, session duration, browser/device type — collected via analytics cookies only with your consent.
• Communication data: messages submitted through our contact form.
• Technical data: IP address and authentication tokens, stored securely via our infrastructure providers.

• To create and manage your professional profile on our platform.
• To verify your credentials and conduct competency assessments.
• To match you to relevant opportunities with partner organisations (only after verification and with your knowledge).
• To communicate with you about your application, interview scheduling, or placement.
• To send service-related notifications (e.g., profile status updates).
• To improve our platform, fix issues, and develop new features.
• To comply with our legal obligations and enforce our Terms of Service.

We use two categories of cookies:

• Essential cookies: required for authentication and site functionality. These are set on login and cannot be disabled without breaking core features.
• Analytics cookies: help us understand how visitors use the site. These are only set after you give explicit consent via our cookie banner.

Your cookie preference is stored in your browser under the key barq_cookie_consent. You can withdraw consent at any time by clearing this key and refreshing the page.

We do not sell your personal data. We may share data with:

• Partner organisations: your verified profile may be presented to a client organisation when you are being considered for a placement. This is always done with your knowledge.
• Infrastructure sub-processors: Supabase (database and authentication, EU-hosted), Vercel (web hosting), and Resend (transactional email). All operate under Data Processing Agreements aligned with GDPR requirements.
• Legal and regulatory authorities: where we are required to disclose data by applicable law, court order, or regulatory obligation.

A full list of our sub-processors is available on request at privacy@barq.com.

Where personal data is transferred outside the European Economic Area (EEA) or UK, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) as approved by the European Commission, and UK International Data Transfer Agreements (IDTAs) where applicable. Our infrastructure providers maintain EU Standard Contractual Clauses for all cross-border transfers.

We retain your profile data for as long as your account is active. If you do not log in for 36 consecutive months, we may send a re-engagement notice before archiving your data. Analytics data is retained for a maximum of 26 months.

You may request deletion of your account and all associated personal data at any time. We will process such requests within 30 days, subject to any legal retention obligations.

Under GDPR and UK GDPR, you have the right to:

• Access the personal data we hold about you (Subject Access Request).
• Correct inaccurate or incomplete data.
• Erase your data ("right to be forgotten"), subject to legal exceptions.
• Restrict processing of your data in certain circumstances.
• Data portability — receive a copy of your data in a structured, machine-readable format.
• Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
• Lodge a complaint with a supervisory authority (see section 11).

To exercise any of these rights, email privacy@barq.com. We will respond within 30 days.

We implement industry-standard security measures to protect your personal data, including:

• TLS/SSL encryption for all data in transit.
• At-rest encryption for database storage.
• Password hashing using bcrypt.
• Row-level security policies on our database.
• Restricted access controls — only authorised personnel can access personal data.
• Regular security reviews of our infrastructure and codebase.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

If you are based in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

If you are based in the EU, you may contact your local Data Protection Authority. A list of EU supervisory authorities is available at edpb.europa.eu.

We may update this policy to reflect changes in our practices or applicable law. When we make material changes, we will notify registered users via email and display a notice on our website. The "Last updated" date at the top of this page will always reflect the most recent revision.

For all privacy-related enquiries, data subject requests, or DPA requests: