Privacy Policy

Sustainable Mindz Media Services L.L.C

Effective Date: 13 March 2026  |  Version 1.0

Last Updated: 13 March 2026

1. Who We Are

Sustainable Mindz Media Services L.L.C is a digital marketing agency based in Dubai. We have offices in Abu Dhabi and Kochi, India, and we are licensed under UAE commercial law.

2. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our website at www.sustainablemindz.net
• Prospective and current clients who contact us or engage our services
• Subscribers to our newsletters and marketing communications
• Job applicants and employment candidates
• Business partners, vendors, and third-party collaborators

This policy does not cover third-party websites we link to. Those sites have their own privacy policies — worth reading before you share anything with them.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Complete our website contact form (name, email address, phone number, company name, message)
• Request a proposal, quote, or consultation
• Subscribe to our newsletter or blog updates
• Apply for a job or partnership opportunity
• Correspond with us by email, phone, WhatsApp, or other channels

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical data, including:

• IP address and approximate geographical location
• Browser type, version, and language settings
• Device type and operating system
• Pages visited, time spent on each page, and navigation path
• Referring URL and exit page
• Date and time of access
• Interaction data (clicks, scrolls, form completions)

3.3 Analytics and Tracking Data

We use Google Analytics 4 (GA4) to understand how people use our website. GA4 collects anonymised data – session activity, page events, conversions – and Google processes it on our behalf. Data may flow to Google’s US servers; that transfer happens under Standard Contractual Clauses (SCCs) approved by the European Commission.

3.4 Cookies and Similar Technologies

Our website uses cookies. Section 7 has the full breakdown.

3.5 Client Service Data

When we run campaigns for clients, we sometimes handle their customers’ data – for example, to target ads on their behalf. In that situation, the client controls the data and we process it on their instructions. A Data Processing Agreement (DPA) governs that work.

4. How We Use Your Information

Here is what we actually do with your data:

5. Legal Basis for Processing Your Data

Every time we process personal data, there has to be a legal reason. Under the UAE PDPL (and the GDPR where it applies), we use one of four bases:

6. How We Share Your Information

6.1 We Do Not Sell Your Data

We do not sell your data. Not to marketers, not to anyone.

6.2 Trusted Service Providers (Data Processors)

Some of our tools and platforms handle data on our behalf. These are the main ones:

• Google LLC – Analytics (GA4), advertising (Google Ads), and business productivity (Google Workspace). Google processes data under Google’s data processing terms and applicable SCCs.
• Meta Platforms, Inc. – Meta Ads (Facebook & Instagram advertising). Governed by Meta’s Data Processing Terms.
• Microsoft Corporation – Microsoft Advertising (Bing Ads), LinkedIn Advertising, and Microsoft 365. Governed by Microsoft’s Data Processing Addendum.
• Email service and CRM providers – for sending communications and managing client relationships.
• Web hosting and cloud infrastructure providers – for secure storage and delivery of our website and data.
• Accounting and invoicing software – for financial record-keeping and billing.

Each of these providers is under contract with us. They can only use your data for the purpose we specify, and they have to meet the same data protection standards we do.

6.3 Legal Disclosures

We may disclose your personal data if required to do so by law, court order, or governmental authority, or where we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation or regulatory requirement
• Protect and defend our legal rights or property
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of our users or the public

6.4 Business Transfers

If we are ever acquired or merge with another company, your data may be part of that deal. We will let you know before anything changes about how it is handled.

7. Cookies Policy

Our website uses cookies for three broad reasons: keeping things working, understanding how the site performs, and running targeted ads. Here is what each type does:

7.1 Third-Party Tracking Technologies

We may deploy the following third-party tracking pixels and tags:

• Google Analytics 4 (Measurement ID: GA-35L1T28B9X) – website performance analytics
• Google Tag Manager – tag management and event tracking
• Meta Pixel – conversion tracking for Facebook and Instagram advertising campaigns
• Microsoft UET Tag – conversion tracking for Bing Ads campaigns

7.2 Managing Your Cookie Preferences

You can control and manage cookies in several ways:

• Cookie consent banner – When you first visit our website, you will see a cookie consent banner allowing you to accept or decline non-essential cookies.
• Browser settings – Most web browsers allow you to refuse or delete cookies via your browser settings. Please note that disabling cookies may affect website functionality.
• Opt-out tools – You may opt out of Google Analytics tracking at tools.google.com/dlpage/gaoptout. You may opt out of interest-based advertising via youronlinechoices.com (EU) or optout.networkadvertising.org (US).

7.3 Google Consent Mode v2

We have implemented Google Consent Mode v2 across our website and those of clients who use Google advertising and analytics tools. This framework adjusts the behaviour of Google tags (Google Analytics, Google Ads, Floodlight) based on the consent status signalled by your cookie preferences.

• analytics_storage – Controls whether Google Analytics collects measurement data. Set to “denied” until you accept analytics cookies.
• ad_storage – Controls whether advertising cookies are set. Set to “denied” until you accept marketing cookies.
• ad_user_data and ad_personalization – Required signals under Consent Mode v2. Both default to “denied” and activate only upon your explicit consent to marketing cookies, in compliance with EU and UAE consent requirements.

When consent is not granted, Google may use cookieless pings for basic conversion modelling, but no identifying data is collected or shared. This implementation is required for continued use of Google Ads conversion tracking and remarketing features, and is fully compliant with GDPR and UAE PDPL consent requirements.

8. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in this Policy, or as required by law. Our standard retention periods are:

When data is no longer required, we securely delete or anonymise it in accordance with our data disposal procedures.

9. International Data Transfers

We are based in the UAE and keep most data in UAE or GCC infrastructure. That said, tools like Google, Meta, and Microsoft run on servers in the US and EU – that is just how those platforms work.

When data moves outside the UAE or EEA, we make sure the right protections are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) where applicable
• Transfers to countries with an adequacy decision by the UAE Data Office or the European Commission
• Contractual obligations requiring recipients to uphold equivalent data protection standards

10. Your Data Protection Rights

You have rights over your data. We respect them regardless of where you live – not just where the law technically requires us to.

11. Data Security

No system is perfectly secure, but here is what we do to protect your data:

• SSL/TLS encryption for all data transmitted to and from our website
• Restricted access to personal data — limited to authorised personnel with a need-to-know basis
• Password-protected systems and multi-factor authentication (MFA) for internal tools
• Regular security assessments of our website and infrastructure
• Data processing agreements with all third-party processors
• Staff training on data protection and security best practices

If you think your data has been affected in any way, tell us straight away at [email protected].

12. Data Breach Notification

If there is ever a data breach that puts your rights at risk, we will:

• Notify the competent UAE regulatory authority within 72 hours of becoming aware, where feasible
• Notify affected individuals without undue delay where the breach is likely to result in high risk
• Maintain an internal record of all data breaches, including those not requiring notification

This follows Article 43 of the UAE PDPL and Article 33 of the GDPR.

13. Children’s Privacy

Our website is not for anyone under 18, and we do not knowingly collect data from children. If you think a child has submitted data through our site, email [email protected] and we will remove it.

14. Third-Party Websites and Links

Links on our website take you to other sites that have their own privacy rules – this policy does not cover them. The same goes for our social media profiles on Instagram, Facebook, LinkedIn, TikTok, YouTube, X/Twitter, and Threads. Each platform runs its own data practices.

15. Marketing Communications

We only send marketing emails to people who have asked to receive them. Every email has an unsubscribe link. You can also opt out by:

• Clicking the ‘Unsubscribe’ link in any marketing email
• Emailing [email protected] with the subject line Unsubscribe
• Contacting us by phone: +971 58 898 3218

We process opt-out requests within 5 business days. Unsubscribing from marketing does not affect service emails – invoices, project updates, and contract confirmations will still come through.

16. UAE Personal Data Protection Law (PDPL) Compliance

We operate under UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection. In practice, that means:

• We process personal data only for lawful, specific, and transparent purposes
• We collect only the minimum data necessary for the stated purpose (data minimisation)
• We maintain records of all data processing activities
• We implement appropriate technical and organisational safeguards
• We respect all individual rights as defined in the PDPL, including the right of access, correction, deletion, and objection
• We have appointed an internal privacy compliance officer responsible for data protection matters
• We ensure that cross-border data transfers comply with Article 22 of the UAE PDPL

17. U.S. Privacy Rights – California (CCPA / CPRA)

Although Sustainable Mindz is based in the UAE, we provide digital marketing services to clients who target consumers in the United States, including California. Where we process personal data of California residents on behalf of our clients, or directly through our own website, the California Consumer Privacy Act 2018 (CCPA), as amended by the California Privacy Rights Act 2020 (CPRA), may apply. The CPRA came into full enforcement effect on 1 July 2023, with ongoing updates effective into 2026.

17.1 Your Rights Under CCPA / CPRA

• Right to Know – You may request disclosure of the categories and specific pieces of personal information we have collected, the purposes for which it was collected, and the categories of third parties with whom it was shared.
• Right to Delete – You may request deletion of your personal information, subject to certain exceptions (e.g., where retention is required for legal compliance or contract performance).
• Right to Correct – Introduced by the CPRA, you may request correction of inaccurate personal information we hold about you.
• Right to Opt Out of Sale or Sharing – We do not sell personal data. We do not share personal data for cross-context behavioural advertising in a way that would constitute a “sale” under CCPA/CPRA. If this changes, we will update this section and provide a clear opt-out mechanism.
• Right to Limit Use of Sensitive Personal Information – We only collect sensitive personal information where strictly necessary, and we do not use or disclose it beyond purposes permitted by CPRA.
• Right to Non-Discrimination – We will not discriminate against you for exercising any of your CCPA/CPRA rights.

17.2 Global Privacy Control (GPC)

As of 2026, California law requires businesses to honour the Global Privacy Control (GPC) signal as a valid opt-out of the sale or sharing of personal data. If your browser or device transmits a GPC signal when you visit our website, we will treat it as a valid opt-out request under CCPA/CPRA. No further action is required on your part.

17.3 How to Exercise Your U.S. Rights

California residents may submit requests by emailing [email protected] with the subject line “CCPA/CPRA Privacy Request”. We will verify your identity and respond within 45 calendar days, with the option to extend by a further 45 days where necessary. We do not charge a fee for responding to verifiable consumer requests, unless requests are manifestly unfounded or excessive.

18. AI Transparency and Automated Decision-Making

As a digital marketing agency, Sustainable Mindz uses artificial intelligence (AI) and machine learning tools to deliver services to our clients and manage our own operations. This section explains how and where AI is used in ways that may affect you, in compliance with the UAE PDPL and, where applicable, the GDPR (Articles 13, 14, and 22).

18.1 How We Use AI

• Ad campaign optimisation – AI-powered tools within Google Ads, Meta Ads, and Microsoft Advertising automatically adjust bids, targeting, and creative delivery to improve campaign performance. These optimisations are based on aggregated and anonymised performance signals.
• Content and copy assistance – We may use generative AI tools to assist in drafting content, proposals, or reports. All AI-assisted outputs are reviewed and approved by a human team member before being used or shared with clients.
• Audience segmentation and analytics – We use AI-assisted analytics to identify patterns in website and campaign data to improve marketing effectiveness. This analysis is performed on aggregated data and does not produce decisions that affect individual rights.

18.2 Automated Decision-Making

We do not make decisions about individuals solely by automated means where those decisions produce legal effects or similarly significant effects on them. All decisions that materially affect an individual – such as whether to engage a job applicant or approve a client proposal – involve meaningful human review.

Where any automated profiling or decision-making tool is introduced that could produce significant effects on individuals, we will update this section and ensure that appropriate safeguards are in place, including the right to request human review, the right to object, and the right to an explanation of the decision, in accordance with GDPR Article 22 and the UAE PDPL.

18.3 Third-Party AI Tools

Some third-party platforms we use (such as Google, Meta, and Microsoft) deploy their own AI systems for ad delivery, fraud detection, and measurement. Where personal data is processed by these systems, it is governed by the respective platform’s terms and data processing agreements. We encourage you to review their privacy policies for further information. We ensure that any personal data shared with these platforms is subject to appropriate data processing agreements (DPAs) as described in Section 6.2.

19. Changes to This Privacy Policy

This policy will change as our business and the law evolve. When we make a meaningful update, we will:

• Update the ‘Last Updated’ date at the top of this document
• Post a prominent notice on our website homepage for 30 days following the update
• Send a notification to registered newsletter subscribers where the changes materially affect their rights

It is worth checking back occasionally. Using our website after an update means you are comfortable with the revised terms.

20. Contact Us & Privacy Requests

Questions, concerns, or requests? Reach us here:

Sustainable Mindz Media Services L.L.C

Office No. 404, Business Venue Building, Oud Metha, Dubai, UAE | P.O. Box 300311

[email protected]  |  +971 58 898 3218  |  www.sustainablemindz.net

(c) 2026 Sustainable Mindz Media Services L.L.C. All rights reserved.