Privacy Policy

Effective Date: 18-09-2025

Last Updated: 18-09-2025

1. Introduction

This Privacy Policy explains how CREATOR IDEATION FZCO ("we", "us", or "our") collects,

processes, uses, and protects your personal data in compliance with the United Arab Emirates

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE Data Protection

Law"). Where applicable, we also ensure compliance with the data protection laws of Free

Zones, including DIFC Data Protection Law No. 5 of 2020 and ADGM Data Protection

Regulations 2021.

We are committed to protecting your personal data and ensuring transparency in how we

process and protect your information. This Privacy Policy applies to all users of our services,

including but not limited to our website, applications, platforms, and communication systems.

This Privacy Policy applies to all personal data we process during the delivery of our services,

whether that data originates in the United Arab Emirates (“UAE”) or is subject to cross-border

transfers under our use of third-party tools. By continuing your use, you agree to the terms of

this Privacy Policy.

If you have any questions or concerns about this Privacy Policy, please contact us using the

details provided in Section 13.

2. Data Collection

2.1. We may collect and process the following types of personal data:

a. Identity Information: Full name.

b. Contact Details: Email address, phone numbers, and mailing address.

c. Transaction Data: Information related to service usage, account activity, and historical

interactions, monthly incomes, etc.

d. Browsing and Technical Data: Data such as IP addresses, device information,

operating systems, browser types, Cookies and analytics data, and Location data

(collected automatically through website hosting and analytics tools).

2.2. Restrictions on Sensitive Data

We do not collect sensitive personal data, such as health records or biometric identifiers.

Payment information is processed exclusively by secure third-party providers (e.g.,

Stripe, bank transfer) that comply with the Central Bank of UAE (CBUAE) Regulations on

consumer data protection and other applicable global security standards.

3. Purpose of Processing

3.1. We process personal data primarily to deliver our services in a lawful, transparent, and

fair manner. We process your personal data for the following purposes:

a. Onboarding and managing applications.

b. Processing payments and handling financial transactions securely.

c. Delivering consultancy and coaching services, including communications via tools

such as Skool, Discord, and WhatsApp.

d. Sending programme-related notifications and updates.

e. Conducting service improvements based on user feedback and general analytics.

f. Sending marketing materials such as emails and newsletters.

3.2. We may engage in profiling, automated decision-making, or targeted advertising to the

extent necessary for delivering and improving our services. This includes the use of

standard analytics tools, retargeting ads, and targeted advertising based on

non-sensitive data and user interactions (e.g., via platforms such as Google Ads or Meta

Ads). Any such processing will be conducted in accordance with applicable data

protection laws, and users will have the ability to manage their preferences or opt out

where required.

3.3. All processing activities are conducted in compliance with the principles of lawfulness,

fairness, and transparency under applicable UAE data protection laws.

4. Sharing with Third-Party Service Providers

4.1. To deliver our services, we collaborate with third-party service providers, ensuring they

maintain strict confidentiality and robust data protection measures. These providers may

include, but are not limited to Payment platforms, Application and form software,

Community and communication tools, Document management and email hosting

services, Virtual meeting platforms, Analytics and marketing tools.

4.2. We may use additional or alternative third-party tools in the future as necessary to

operate and improve our services. All such providers are required to comply with

applicable data protection laws and maintain adequate security measures.

4.3. These providers adhere to strict confidentiality agreements, implement robust technical

and organizational data protection measures, and are only permitted to process your

data in accordance with the instructions we provide.

4.4. We only share personal data with affiliates, subsidiaries, or other group entities to the

extent strictly necessary for operational, legal, or service-related purposes, and we

ensure that it is handled securely and in compliance with the applicable data protection

laws.

4.5. All third-party processors are contractually obligated to comply with UAE data protection

laws and maintain appropriate security measures.

5. Cross-Border Data Transfers

As part of our operations, personal data may be stored or processed outside the UAE, including

in jurisdictions such as the United States and the European Union, where our third-party tools

operate. Where cross-border data transfers occur:

● We ensure that appropriate safeguards are implemented that adhere to UAE

requirements.

● We transfer data only to jurisdictions that provide a level of data protection

commensurate with UAE PDPL or where appropriate safeguards are in place.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this

Privacy Policy or to comply with legal obligations. Retention periods include:

● Paying clients: Data is retained during the client relationship and for up to three (3) years

following termination, for legal and accounting purposes.

● Marketing leads/newsletters: Data is retained until consent is withdrawn or after two (2)

years of user inactivity.

● Payment records: As required by UAE/EU tax laws.

Upon expiry of the applicable retention period, we will securely delete or anonymise your

personal data where technically and legally feasible, taking into account the legal, regulatory,

and accounting requirements.

7. User Rights

Under UAE Data Protection Law, you have the following rights with respect to your personal

data:

● Right to Access: Request confirmation as to whether their personal data is being

processed.

● Right to Erasure or Correction: Request correction of inaccuracies and/or request that

your data be deleted where legally permitted.

● Right to Restrict Processing: Restrict the data processing activities based on legitimate

interests and as permitted.

● Right to request Personal Data Transfer: Request their personal data be obtained in a

structured, commonly used, and machine-readable format and to transfer to another

processor if required.

● Right to Object to and Stop Processing: Right to object to and stop processing of their

personal data for Direct marketing purposes, including Profiling related to direct marketing,

or Processing is for the purposes of conducting statistical surveys, unless compelling legal

grounds override.

● Right to Withdraw Consent: Where consent is the lawful basis for processing, a data

subject may withdraw consent at any time.

● Right Not to be Subject to Automated Decision-Making: Right not to be subject to

decisions based solely on automated processing, including profiling, that significantly affect

them.

● Right to Complain: To file complaints with the data protection authority if they believe their

rights are violated.

● Right to obtain Information: To provide clear and accessible information, including the

purpose of processing, rights, cross-border transfers, etc.

To exercise these rights, please contact us via the details in Section 13. We will respond to

verified requests within fifteen [15] calendar days, subject to extension in complex cases as

permitted under the law.

8. Data Safeguards

We use technical and organizational measures to protect your personal data against

unauthorized access, alteration, or disclosure. These safeguards include:

● Encryption: SSL encryption for data in transit and at rest, provided by our website hosting

and the third-party platforms we use.

● Access control: Password protection and restricted access to critical systems, with

two-factor authentication (2FA) enabled where available.

● Hosting compliance: Servers operated by third-party providers.

All tools and service providers we use are required to adhere to equivalent data protection and

security frameworks.

9. Children’s Data

Our services are not directed at individuals under the age of eighteen (18) years. We do not

knowingly collect the data of minors without the verifiable consent of a parent or guardian. If we

become aware of such data processing, we will delete it immediately.

10. Cookies

The Website uses cookies and similar technology (“Cookies”). A Cookie is a small file of letters

and numbers that our website places on your computer, or other equipment, which you use to

access our website. These Cookies allow us to distinguish you from other customers on the

website. Cookies perform many functions, such as allowing you to navigate between pages

efficiently, remembering your preferences, and generally improving your experience. Cookies

can further ensure that the advertising that you see online is more relevant to you and your

interests.

We use Cookies to optimize your experience on our website and analyze traffic. Essential

cookies are required for functionality, but users may opt-out of non-essential Cookies.

11. Marketing Consent Records

We maintain detailed records of user consent for marketing purposes, including timestamps and

audit trails. You may withdraw your consent at any time by contacting us as per Clause 13.

12. Amendments to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal or regulatory

requirements. Material updates will be communicated to you via our website or other direct

communications. By continuing to access or use our services after such revisions become

effective, you agree to be bound by the revised terms.

13. Contact Information

For questions, concerns, or to exercise your rights, please contact us:

Creator Ideation - FZCO

Email: leander@creatorideation.com

14. Governing Law and Dispute Resolution

This Privacy Policy shall be governed and construed in accordance with Federal Decree-Law

No. 45 of 2021 and, where relevant, Free Zone data protection laws, including DIFC and

ADGM. Any dispute arising out of or in connection with this contract, including any question

regarding its existence, validity, or termination, shall be referred to and finally resolved by

arbitration under the Arbitration Rules of the Dubai International Arbitration Centre (DIAC).