Target Markets
- Kingdom of Saudi Arabia
- United Arab Emirates
- Kuwait
- Bahrain
Effective Date: 21/05/2026
Last Updated: 21/05/2026
This website is operated by NEXCORE ("we," "us," or "our"), a professional compliance consulting practice specialising in Personal Data Protection Law (PDPL) advisory services for businesses operating in Saudi Arabia and the GCC region.
This Privacy Policy applies solely to this website (nexcorecompliance.com) and explains what limited personal data we collect when you visit it, how we use it, and your rights in relation to it.
This policy does not govern data collected during a client engagement. Data processing within a consulting sprint is governed exclusively by the Master Consulting Services Agreement and its Schedule B (Data Processing Addendum), which are provided to clients separately.
This website is a simple, informational website. We do not run a user account system, membership portal, or e-commerce checkout. We do not use tracking cookies, advertising pixels, or analytics platforms.
Data collected through the call booking form:
When you book a discovery call through our scheduling tool (Calendly), the following data is collected:
Purpose: This data is collected solely to confirm, manage, and conduct your discovery call with NEXCORE. It is not used for any marketing, profiling, or third-party sharing purpose.
Legal basis: Legitimate interest — you have taken a direct action to initiate a business conversation, and processing your contact details to facilitate that conversation is necessary and proportionate.
This website does not set, read, or use cookies of any kind. No tracking cookies, session cookies, analytics cookies, or advertising cookies are present on this website. No cookie consent banner is required or displayed.
The only third-party service embedded on this website is Calendly (Calendly LLC, USA), used to facilitate call scheduling. When you interact with the Calendly booking widget, your data is processed by Calendly under their own Privacy Policy, available at calendly.com/privacy.
NEXCORE has no control over Calendly's data practices beyond what is disclosed in their policy. We recommend reviewing it before submitting a booking.
We do not embed Google Analytics, Meta Pixel, Google Tag Manager, HubSpot, Hotjar, or any other tracking or marketing technology on this website.
Booking confirmation data (name, email, appointment details) is retained for a maximum of 90 days following your discovery call, after which it is deleted. If you proceed to a client engagement, your data handling transitions to the terms of the Master Consulting Services Agreement.
We do not sell, rent, license, or share your personal data with any third party for commercial purposes. Your data is accessed only by Mohammad Amaan Rahim Shaikh for the purpose of conducting your discovery call.
The only disclosure that may occur is where we are legally required to provide information to a competent authority pursuant to applicable law.
NEXCORE is based in India. Calendly processes data in the United States. By submitting a booking, you acknowledge that your data may be transferred to and processed in jurisdictions outside your country of residence. Both India and the USA have data protection frameworks in place. Calendly's transfer safeguards are detailed in their Privacy Policy.
Depending on your jurisdiction, you may have the right to:
To exercise any of these rights, email us at info@nexcorecompliance.com. We will respond within 14 calendar days.
We take reasonable technical and organisational measures to protect any data in our possession, including secure email and the use of Calendly's encrypted booking infrastructure. As this website collects minimal data, our exposure and risk surface are intentionally limited.
This website is directed at business professionals and is not intended for individuals under the age of 18. We do not knowingly collect data from minors.
We may update this Privacy Policy from time to time. The "Last Updated" date at the top will reflect any changes. Continued use of the website after an update constitutes your acknowledgement of the revised policy.
For any privacy-related questions, requests, or concerns:
Effective Date: 21 May 2026
Last Updated: 21 May 2026
By accessing or using nexcorecompliance.com (the "Website"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, please do not use this Website.
These Terms govern your use of the Website only. They do not govern any consulting engagement with NEXCORE. All consulting services are exclusively governed by a separately executed Master Consulting Services Agreement.
This Website is an informational and lead-generation platform operated by NEXCORE. Its sole function is to provide information about our compliance consulting services and to allow prospective clients to book a discovery call. No services are sold, contracted, or delivered through this Website.
Nothing on this Website constitutes legal advice, a legal opinion, or formal legal representation. All content published on this Website — including articles, descriptions of PDPL requirements, regulatory summaries, and service descriptions — is provided for general informational purposes only.
NEXCORE is a compliance consulting practice, not a law firm. Content on this Website should not be relied upon as a substitute for advice from a qualified legal professional. We expressly disclaim any liability arising from reliance on Website content for legal decision-making.
We make reasonable efforts to ensure that the information on this Website is accurate and up to date. However, PDPL regulations and SDAIA enforcement guidance are subject to change. We do not warrant the completeness, accuracy, or currency of any regulatory information published here. You should always verify regulatory requirements against primary sources (sdaia.gov.sa) or obtain qualified legal advice.
All content on this Website — including text, layout, branding, service descriptions, methodology overviews, and the NEXCORE name and tagline ("Compliance without Complexity") — is the exclusive intellectual property of NEXCORE.
You may not copy, reproduce, republish, redistribute, or commercially exploit any content from this Website without our prior written consent. Sharing a link to this Website is permitted.
Booking a discovery call through this Website does not create a contract, engagement, or obligation on either party. It is an introductory conversation only. No consulting relationship exists until a Master Consulting Services Agreement has been formally executed by both parties.
NEXCORE reserves the right to decline any engagement at its absolute discretion, including after a discovery call has taken place.
This Website may contain links to third-party websites (including Calendly and regulatory bodies). These links are provided for convenience only. NEXCORE has no control over the content, privacy practices, or accuracy of external sites and accepts no responsibility for them.
To the fullest extent permitted by applicable law, NEXCORE, its Founder, and its affiliates shall not be liable for any direct, indirect, incidental, consequential, or special damages arising from:
We do not guarantee that this Website will be available at all times. We window suspend, modify, or discontinue the Website at any time without notice.
These Terms shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes arising from your use of this Website that cannot be resolved amicably shall be subject to the exclusive jurisdiction of the courts of Gujarat, India.
We reserve the right to update these Terms at any time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of the Website after any change constitutes your acceptance of the revised Terms.
For any questions regarding these Terms:
Since September 2023, Saudi Arabia's Personal Data Protection Law (PDPL) is fully enforced. We help SMEs achieve total operational compliance in 30 days—without the bloated law firm retainers.
Comprehensive Audits
PDPL Gap Analysis
Legal Protection
Bilingual Privacy Policies
Incident Preparedness
Data Breach Protocols
Over 70% of GCC mid-sized businesses have no formal data protection posture. SDAIA has already begun issuing investigations. When a customer demands data deletion or a breach occurs, scrambling will cost you millions.
No visibility into where customer personal data is stored, processed, or transferred across borders.
Lacking the legally mandated 72-hour breach notification procedure to SDAIA.
Average GCC SMEs lacking basic data protection posture.
Maximum penalty for severe PDPL violations and data leaks.
SDAIA enforcement is live, targeting mid-market gaps.
Feel confident knowing your entire company is legally protected from fines.
We price our 30-day sprints at a fraction of Big Law retainer fees.
Compress what takes internal teams 6 months into exactly 30 days.
Traditional law firms charge between USD 50,000 to USD 200,000 for a compliance engagement, leaving you with a 400-page report you'll never read.
We deliver operational certainty for a fraction of the cost. We don't just give advice; we build the actual templates, manuals, and staff training decks you need to operate smoothly under SDAIA regulations.
You know exactly what you are buying, when you will receive it, and what it costs.
No endless meetings. We operate quickly around your existing work hours.
Every compliance sprint we run is fundamentally anchored to the Saudi Personal Data Protection Law and enforced by SDAIA. We address the core mandates your organization must satisfy to avoid destructive fines.
Organisations must know what personal data they hold, where it is stored, who can access it, and how long they keep it. We map this completely for your operational footprint.
Every processing activity requires a legal justification. We establish compliant consent mechanisms required by PDPL.
Transferring data outside Saudi Arabia requires SDAIA approval or contractual safeguards. We identify your cloud exposures.
Under the PDPL, data breaches must be reported to SDAIA within 72 hours of discovery. We establish your complete incident response framework.
Days 1-3: We review your completed data inventory questionnaire, identify key internal contacts, and establish a shared secure portal for the engagement.
Days 4-10: We build the formal data flow map, identifying all personal data categories, storage locations, and third-party processing cross-border transfers.
Days 11-16: We score your compliance posture across all 7 PDPL requirement areas, producing a detailed matrix to identify urgent legal vulnerabilities.
Days 17-24: We deliver drafts of your bilingual privacy notice, internal handling policy, breach protocol, and vendor Data Processing Agreements.
Days 25-28: All documents are consolidated into a final operational packet alongside a prioritized 90-day implementation roadmap for your staff.
Days 29-30: We run a 60-minute debrief call with your executives, answer all queries, and deliver an editable staff training deck to secure ongoing compliance.
A scored assessment of your compliance posture, detailing what personal data you hold, where it lives, and who accesses it.
Customised, compliant privacy notices in Arabic and English for your website and internal staff handbooks.
Step-by-step procedures detailing exactly how your staff should handle customer requests to access, correct, or delete data.
Protect your business when third-party cloud services or contractors process personal data on your behalf.
A step-by-step procedure for reporting critical data incidents to SDAIA before massive regulatory fines kick in.
Businesses operating in these areas face immediate data vulnerability and require formal compliance mapping.
High exposure due to customer order data, payment info, and sprawling loyalty programs.
Tenant contracts, CVs, ID documents, and salary information represent massive unaddressed compliance gaps.
Patient info is 'sensitive data' under PDPL. Highest protection required.
Student data requires extra PDPL sensitivity and parental consent protocols.
Investment advisors hold sensitive financial personal data needing strict care.
Book a complimentary 20-minute PDPL readiness call to scope your exact operational bottlenecks. If we can't help, we'll tell you directly.
Book Readiness CallNo Sales Pitch. Just Useful Diagnostics.
