
Effective date: 18 June, 2026
1. WHO WE ARE
Casa Veda Life FZC LLC, trading as “Nico DiMattina” (“we”, “us”, or “our”), is a company incorporated in the United Arab Emirates through Ajman NuVentures Centre Free Zone.
Our registered address is:
CWS-2V-322409
26th Floor, Amber Gem Tower
Ajman
United Arab Emirates
For the purposes of applicable data-protection law, we will generally act as the controller of Personal Data collected in connection with our business.
Where we process Personal Data on behalf of a business customer through software, communication, automation, portal, or related services, the business customer may act as the controller and we may act as its processor.
2. SCOPE OF THIS PRIVACY POLICY
This Privacy Policy explains how we collect, record, organise, store, access, use, analyse, combine, disclose, transmit, publish, transfer, retain, anonymise, delete, and otherwise process Personal Data.
It applies whenever a person:
- visits or uses one of our websites;
- views or interacts with our advertisements;
- submits a form, survey, application, questionnaire, or assessment;
- makes an enquiry;
- books a call or appointment;
- submits an Order or payment;
- purchases or accesses a Product or Service;
- creates an account;
- accesses a Client Portal or community;
- uploads, posts, sends, or shares content;
- communicates with us or another Client;
- attends a session, workshop, retreat, Event, or facilitated experience;
- participates in coaching, mindfulness, personal-development, movement, breathing, wellbeing, or related services;
- subscribes to communications;
- responds to a message;
- provides feedback;
- shares progress, wins, results, or transformation;
- appears in a photograph, video, recording, or testimonial;
- uses software or a Third-Party Platform provided or arranged by us;
- otherwise interacts with our business.
This Privacy Policy applies to Personal Data processed through websites, landing pages, forms, surveys, advertisements, Client Portals, communities, applications, emails, text messages, WhatsApp, telephone calls, social media, payment systems, analytics systems, Events, Third-Party Platforms, and other business channels.
It does not control the independent privacy practices of third-party websites, platforms, payment providers, social media services, venues, organisers, or other organisations.
3. DEFINITIONS
Client means any person or organisation that purchases, applies for, accesses, receives, or participates in our Products and Services.
Client Account means any account, login, profile, or access credential created in connection with our Products and Services.
Client Portal means any website, application, portal, community, membership area, group, channel, communication space, or digital account through which Clients may access Content, post User Content, communicate with us, or communicate with other Clients.
Feedback Content means any feedback, testimonial, review, comment, message, progress update, accountability update, win, milestone, result, benefit, success story, transformation story, photograph, screenshot, recording, interview, Client Portal post, community post, or other content describing a person’s experience.
Personal Data means any information relating to an identified or reasonably identifiable natural person.
Processing means any operation performed in relation to Personal Data, including collecting, recording, organising, storing, accessing, using, analysing, combining, sharing, publishing, transmitting, transferring, altering, anonymising, deleting, or destroying it.
Products and Services means any products, coaching, mindfulness practices, personal-development services, wellbeing support, breathing practices, movement practices, facilitated experiences, private sessions, group sessions, workshops, retreats, Events, memberships, subscriptions, recordings, digital resources, Client Portal access, community access, software access, consultations, or related offerings provided by us.
Sensitive Personal Data means Personal Data that may require additional protection under applicable law, including information concerning health, mental wellbeing, religious or philosophical beliefs, ethnicity, family matters, sexual matters, biometric characteristics, criminal records, or other highly private circumstances.
Third-Party Platform means any software, website, application, payment system, communication service, customer relationship management system, Client Portal, community platform, video-call system, tracking service, automation service, analytics service, advertising platform, artificial-intelligence service, cloud provider, or other technology operated by a third party.
User Content means any post, message, profile, photograph, video, audio file, comment, reaction, document, link, submission, or other material provided through a Client Portal or another channel connected with our Products and Services.
4. APPLICATION, ACKNOWLEDGEMENT, AND ELECTRONIC CONSENT
This Privacy Policy applies automatically whenever a person interacts with our websites, forms, surveys, checkouts, payment pages, Client Portals, Products, Services, communications, or other business channels.
Where this Privacy Policy and our Terms and Conditions are linked, displayed, or otherwise reasonably made available before a person takes an electronic action, the person acknowledges those documents by:
- submitting a form;
- submitting a survey or questionnaire;
- sending an application;
- completing an Order or payment;
- clicking a booking, registration, payment, enrolment, or submission button;
- creating a Client Account;
- accessing or continuing to use a Client Portal;
- uploading or submitting User Content;
- voluntarily providing Feedback Content;
- continuing through the relevant electronic process.
Where the relevant page or process states that taking the action constitutes agreement to our Terms and Conditions, completing that action constitutes electronic acceptance of those Terms and Conditions.
Where a particular processing activity is clearly described in this Privacy Policy, our Terms and Conditions, or a notice reasonably made available before submission, the person’s voluntary submission may constitute a positive electronic action indicating consent to that processing.
A separate checkbox is not required where consent is provided through another clear, recorded, accessible, and unambiguous positive action.
This may include consent relating to:
- marketing communications;
- Client Portal participation;
- recording of a call, session, or Event;
- the use of voluntarily shared feedback;
- progress updates;
- wins;
- results;
- transformation stories;
- photographs;
- audio;
- video;
- other Feedback Content.
By voluntarily submitting Feedback Content after this Privacy Policy and our Terms and Conditions have been made reasonably available, the person agrees that the Feedback Content may be processed and used as described in this Privacy Policy and our Terms and Conditions.
Acknowledgement of this Privacy Policy does not create consent where applicable law requires more specific consent and the relevant processing activity has not been reasonably disclosed.
We may process Personal Data without consent where permitted by applicable law, including where processing is reasonably necessary to:
- take steps requested before entering a Contract;
- enter into or perform a Contract;
- deliver requested Products and Services;
- process payments;
- create and administer an account;
- provide Client Portal access;
- comply with legal or regulatory obligations;
- protect safety or security;
-prevent fraud;
- establish, exercise, or defend legal rights;
- process information deliberately made public by the person;
- pursue another lawful purpose.
Where processing is based on consent, the person may withdraw that consent through the methods described in this Privacy Policy.
Withdrawal applies to future processing and does not affect processing that lawfully occurred before withdrawal.
We may retain records showing:
- the date and time of submission;
- the form, page, survey, checkout, or process used;
- the applicable notice;
- the relevant policy or Terms version;
- the source page;
- the contact details submitted;
- marketing preferences;
- consent status;
- withdrawals or removal requests.
5. PERSONAL DATA WE MAY COLLECT
Depending on how a person interacts with us, we may collect the following categories of Personal Data.
Identity information
This may include:
- full name;
- preferred name;
- username;
- profile name;
- date of birth;
- age;
- nationality;
- gender;
- occupation;
- job title;
- employer;
- company name;
- photograph;
- image;
- voice;
- signature;
- identification details where reasonably required.
Contact information
- This may include:
- email address;
- telephone number;
- WhatsApp number;
- postal address;
- billing address;
- residential location;
- social media profile;
- communication preferences;
- emergency contact information.
Account and profile information
This may include:
- Client Account details;
- login records;
- account settings;
- profile photograph;
- biography;
- group membership;
- membership level;
- access permissions;
- portal activity;
- notification settings;
- security settings.
Purchase and transaction information
This may include:
- Products and Services purchased;
- Order history;
- booking history;
- invoices;
- payment status;
- instalment schedules;
- transaction references;
- refunds;
- cancellations;
- chargebacks;
- disputes;
- currency;
- billing information;
- limited payment information made available by a payment provider.
We generally do not receive or store full payment-card numbers. Payment providers may collect and retain those details under their own terms and privacy policies.
Participation and service information
This may include:
- attendance;
- engagement;
- completion status;
- session bookings;
- scheduling details;
- goals;
- preferences;
- challenges;
- progress;
- accountability records;
- questions;
- responses;
- notes;
- submissions;
- support requests;
- service history;
- information used to personalise or administer the Products and Services.
Wellbeing and personal information
Clients may voluntarily provide information about:
- stress;
- energy;
- sleep;
- focus;
- habits;
- relationships;
- emotional experiences;
- physical comfort;
- personal goals;
- work;
- family;
- lifestyle;
- challenges;
- medication;
- health history;
- mental wellbeing;
- injuries;
- pregnancy;
- personal beliefs;
- other circumstances affecting participation.
Clients should provide only information they are comfortable sharing and that is reasonably relevant to the Products and Services.
Communications
This may include:
- emails;
- telephone calls;
- SMS messages;
- WhatsApp messages;
- direct messages;
- social media communications;
- support communications;
- Client Portal messages;
- group communications;
- comments;
- complaints;
- reviews;
- survey responses;
- call notes;
- transcripts;
- recordings.
Client Portal and community information
This may include:
- profile information;
- posts;
- comments;
- reactions;
- group activity;
- channel participation;
- files;
- images;
- videos;
- messages;
- direct messages;
- content viewed;
- resources accessed;
- moderation reports;
- warnings;
- blocked users;
- community preferences.
Feedback, results, and transformation information
This may include:
- feedback;
- wins;
- milestones;
- progress updates;
- accountability updates;
- benefits;
- outcomes;
- results;
- reviews;
- testimonials;
- transformation stories;
- before-and-after descriptions;
- photographs;
-screenshots;
- audio;
- video;
- statements made during calls, sessions, Events, or conversations.
Website, device, and usage information
This may include:
- IP address;
- browser type;
- device type;
- operating system;
- device identifiers;
- approximate location;
- time zone;
- referral source;
- pages visited;
- links clicked;
- forms viewed;
- forms submitted;
- videos viewed;
- content accessed;
- session duration;
- login activity;
- advertising interactions;
- cookie identifiers;
- tracking identifiers;
- error logs;
- security logs.
Analytics, tracking, and advertising information
This may include:
- page views;
- conversion events;
- lead events;
- purchase events;
- advertising identifiers;
- campaign source;
- campaign attribution;
- browser and device information;
- website behaviour;
- click activity;
- event timestamps;
- cookie data;
- pixel data;
- server-side event data;
- hashed contact identifiers where configured;
- advertising audience membership;
- marketing engagement;
- predicted interests;
- conversion values.
Event and travel information
Where relevant, this may include:
- Event registration;
- attendance;
- accommodation preferences;
- dietary information;
- travel details;
- arrival and departure information;
- passport or visa information where reasonably required;
- emergency contacts;
- insurance confirmation;
- accessibility information;
- photographs;
- recordings;
- incident records.
Business and professional information
Where a Client is a business or professional, this may include:
- company details;
- trade name;
- business address;
- website;
- professional profile;
- employee details;
- business contacts;
- business goals;
- customer or prospect information uploaded by the Client;
- platform account information;
- support and configuration data.
Accounting and financial information
This may include:
- invoices;
- receipts;
- payment records;
- expense records;
- customer and supplier details;
- transaction descriptions;
- bank reconciliation information;
- tax-related information;
- accounting classifications;
- financial reports;
- information entered into our bookkeeping or accounting systems.
Legal, compliance, and security information
This may include:
- consent records;
- acceptance records;
- legal notices;
- complaints;
- disputes;
- recovery information;
- fraud indicators;
- access logs;
- moderation records;
- safety reports;
- incident reports;
- suspected breaches;
- insurance records;
- legal correspondence;
- regulatory requests.
6. SENSITIVE AND VULNERABLE INFORMATION
Some Personal Data voluntarily shared with us may qualify as Sensitive Personal Data or may otherwise be highly personal.
We may process such information where:
- the person has provided consent;
- it is reasonably necessary to provide or adapt the Products and Services;
- it is reasonably necessary for safety;
- it is necessary to protect the interests of the person or another person;
- it is necessary to establish, exercise, or defend legal rights;
- the person deliberately made the information public;
- another lawful ground applies.
Sensitive Personal Data may be accessed by authorised team members, contractors, facilitators, professional advisers, or service providers where reasonably required for service delivery, support, safety, legal compliance, platform operation, or administration.
Clients should not post unnecessary Sensitive Personal Data in shared community areas.
Information posted in shared Client Portal spaces may be visible to other members and should not be treated as confidential.
Where Feedback Content contains vulnerable, confidential, or highly personal information that is not reasonably necessary to communicate the person’s experience, result, win, or transformation, we may use reasonable efforts to:
remove it;
redact it;
crop it;
blur it;
shorten it;
paraphrase it;
anonymise it;
conceal identifying details.
We cannot guarantee that every detail a person considers vulnerable or sensitive will be identifiable to us, particularly where the person voluntarily presents that information as part of their Feedback Content.
7. HOW WE COLLECT PERSONAL DATA
We may collect Personal Data:
- directly from the person;
- through forms, surveys, applications, assessments, checkouts, and bookings;
- through a Client Account or Client Portal;
- during calls, sessions, Events, and conversations;
- through email, SMS, WhatsApp, social media, or direct messages;
- through cookies, analytics, pixels, tags, server-side tracking, and similar technologies;
- through payment providers;
- through accounting and bookkeeping systems;
- through advertising and social media platforms;
- through messaging automation platforms;
- through referral partners;
- through venues and Event organisers;
- through affiliates, contractors, and service providers;
- from another Client;
- from publicly available sources;
- from information deliberately made public by the person;
- from a business customer instructing us to process information on its behalf;
- by combining information obtained from multiple sources.
If a person provides Personal Data relating to another person, they confirm that they have a lawful basis and any required permission to provide it to us.
8. HOW WE MAY USE PERSONAL DATA
We may use Personal Data for the following purposes.
Providing Products and Services
This includes:
- processing Orders;
- providing access;
- creating accounts;
- delivering Content;
- administering coaching and facilitated experiences;
- managing bookings;
- personalising participation;
- maintaining Client records;
- providing support;
- operating Client Portals;
- communicating with Clients;
- managing groups and communities.
Managing the Client relationship
This includes:
- onboarding;
- responding to enquiries;
- account administration;
- reminders;
- service messages;
- updates;
- appointment management;
- complaint handling;
- gathering feedback;
- managing changes;
- renewals;
- support.
Processing payments and accounting
This includes:
- processing transactions;
- collecting instalments;
- issuing invoices;
- managing failed payments;
- administering refunds;
- preventing payment fraud;
- managing chargebacks;
- recovering debts;
- reconciling payments;
- maintaining accounting, bookkeeping, tax, and financial records.
Safety and suitability
This includes:
- reviewing relevant participation information;
- adapting participation;
- responding to incidents;
- managing Event safety;
- protecting Clients, team members, and others;
- recording concerns;
- taking protective action.
Client Portal and community management
This includes:
- hosting User Content;
- displaying profiles;
- enabling posts, comments, reactions, and messages;
- managing notifications;
- moderating content;
- handling reports;
- preventing harassment;
- enforcing community rules;
- investigating misuse;
- restricting or removing access.
Marketing and promotion
This includes:
- sending promotional communications;
- advertising Products and Services;
- personalising offers;
- measuring marketing effectiveness;
- creating or updating advertising audiences;
- retargeting visitors;
- analysing engagement;
- recommending relevant offers;
- using Feedback Content;
- publishing testimonials, wins, results, and transformation stories;
- creating case studies;
- producing promotional materials.
Analytics, attribution, and optimisation
This includes:
- measuring visits and conversions;
- understanding website behaviour;
- attributing leads and purchases;
- monitoring campaign performance;
- analysing traffic sources;
- testing pages and advertisements;
- improving tracking accuracy;
- creating aggregated reports;
- matching browser-side and server-side events;
- optimising advertising campaigns.
Business development
This includes:
- understanding Client needs;
- improving Products and Services;
- developing new offers;
- testing features;
- analysing trends;
- measuring performance;
- improving Client experience;
- reviewing pricing and delivery;
- conducting research;
- preparing aggregated business insights.
Technology and automation
This includes:
- operating workflows;
- sending automated communications;
- managing reminders;
- segmenting contacts;
- personalising messages;
- scoring or categorising leads;
- generating summaries;
- transcribing communications;
- detecting issues;
- supporting Client service;
- using artificial-intelligence tools where appropriate.
Security and fraud prevention
This includes:
- protecting accounts;
- verifying identity;
- detecting suspicious activity;
- preventing unauthorised access;
- protecting systems;
- maintaining logs;
- investigating breaches;
- preventing spam, fraud, abuse, and unlawful conduct.
Legal and regulatory purposes
This includes:
- complying with laws;
- maintaining tax and accounting records;
- responding to authorities;
- enforcing our Terms;
- establishing, exercising, or defending legal rights;
- responding to disputes;
- preserving evidence;
- managing insurance matters;
- complying with court orders.
Corporate transactions
This includes:
- restructuring;
- financing;
- investment;
- due diligence;
- sale of assets;
- merger;
- acquisition;
- transfer of ownership;
- insolvency;
- reorganisation.
We may process Personal Data for another purpose that is compatible, similar, or closely related to the purpose for which it was originally collected, where permitted by applicable law.
We may use anonymised, aggregated, or de-identified information for any lawful business purpose.
9. LEGAL GROUNDS FOR PROCESSING
Depending on the circumstances, we may process Personal Data on one or more of the following grounds:
- the person has provided consent;
- processing is necessary to take steps requested before entering a Contract;
- processing is necessary to enter into or perform a Contract;
- processing is necessary to comply with a legal or regulatory obligation;
- processing is necessary to establish, exercise, or defend legal rights;
- the information was deliberately made available to the public by the person;
- processing is necessary to protect the interests of the person or another person;
- processing is required for employment or related legal obligations;
- processing is necessary for recognised public-interest purposes;
- processing is necessary for lawful archival, statistical, analytical, or research purposes with appropriate safeguards;
- processing is necessary for our legitimate interests or the legitimate interests of another person, where recognised by applicable law and not overridden by the person’s rights;
- another lawful ground is available.
We may rely on more than one lawful ground for the same processing activity.
Where processing is based on consent, the person may withdraw consent.
Where processing is necessary for a Contract, refusing or withdrawing required information may prevent us from providing some or all Products and Services.
10. CLIENT PORTAL AND COMMUNITY PRIVACY
Clients may receive access to a Client Portal or community where they can:
- create a profile;
- post content;
- comment;
- react;
- upload files;
- view Content;
- join groups or channels;
- contact us;
- communicate with other Clients;
- receive direct messages;
- access live or recorded sessions.
Profile information, display names, photographs, posts, comments, reactions, and User Content may be visible to other authorised members.
Other Clients may be able to mention, reply to, follow, message, or contact a Client.
Clients should not publish information they do not want other authorised members to see.
Shared Client Portal spaces are not confidential.
Other members may copy, screenshot, download, record, or share User Content despite being prohibited from doing so under our Terms. We cannot guarantee that another Client will comply with their obligations.
Direct messages may be processed, stored, transmitted, and backed up by the relevant Third-Party Platform.
We do not continuously monitor all direct messages.
Where permitted by platform functionality and applicable law, communications may be accessed or reviewed where:
- a message is reported;
- support is requested;
- there is a safety concern;
- there is suspected harassment, fraud, abuse, or unlawful conduct;
- moderation is required;
- access is necessary for security;
- access is necessary to comply with law;
- access is necessary to protect legal rights.
We may retain records of moderation actions, warnings, reports, removed content, suspended accounts, and community incidents.
11. USER CONTENT
Clients retain rights they lawfully hold in their User Content.
By posting or submitting User Content, the Client permits us and our providers to process it as reasonably necessary to:
- host it;
- display it;
- store it;
- transmit it;
- reproduce technical copies;
- make it available to authorised members;
- moderate it;
- secure it;
- operate the Client Portal;
- provide Products and Services;
- comply with legal obligations;
- enforce our Terms.
We may remove, restrict, hide, archive, preserve, or retain User Content where reasonably necessary for:
- moderation;
- safety;
- legal compliance;
- security;
- intellectual-property protection;
- privacy;
- complaints;
- evidence;
- enforcement.
User Content may remain temporarily within backups, logs, archives, or Third-Party Platform systems after being deleted from the visible Client Portal.
Clients should keep their own copies of User Content they wish to retain.
12. FEEDBACK, RESULTS, WINS, AND TESTIMONIALS
During or after participation, a person may voluntarily share Feedback Content concerning their:
- experience;
- progress;
- wins;
- milestones;
- insights;
- breakthroughs;
- benefits;
- results;
- changes;
- transformation;
- relationship with our Products and Services.
Feedback Content may be provided through any channel, including:
- email;
- direct message;
- WhatsApp;
- social media;
- survey;
- form;
- interview;
- call;
- session;
- Event;
- Client Portal;
- community post;
- progress thread;
- accountability space;
- feedback channel;
- review platform.
Feedback Content does not need to be formally labelled as a testimonial.
By voluntarily submitting Feedback Content after this Privacy Policy and our Terms and Conditions have been made reasonably available, the person agrees that we may:
- use it;
- reproduce it;
- screenshot it;
- record it;
- transcribe it;
- quote it;
- excerpt it;
- edit it;
- shorten it;
- format it;
- translate it;
- paraphrase it;
- anonymise it;
- redact it;
- crop it;
- blur it;
- publish it;
- display it;
- distribute it;
- communicate it;
- promote it.
We may use Feedback Content for marketing, promotional, advertising, informational, commercial, and business purposes.
This may include the person’s:
- name;
- profile name;
- image;
- photograph;
- voice;
- occupation;
- job title;
- company name;
- location;
- social media profile;
- experience;
- progress;
- result;
- transformation;
- other information voluntarily supplied with the Feedback Content.
Feedback Content may be used through:
- websites;
- landing pages;
- sales pages;
- social media;
- paid advertisements;
- emails;
- messages;
- presentations;
- videos;
- webinars;
- Client Portals;
- case studies;
- sales conversations;
- proposals;
- printed materials;
- current or future media channels.
We may edit Feedback Content for clarity, spelling, grammar, design, length, translation, privacy, or presentation, provided that we do not knowingly create a materially misleading impression.
Where Feedback Content contains unnecessary vulnerable or highly personal information, we may use reasonable efforts to remove or conceal those parts.
The person may request that we stop future identifiable use of Feedback Content.
A removal request does not normally require us to:
- recall printed materials;
- recover communications already sent;
- undo completed campaigns;
- remove content independently republished by third parties;
- remove cached or archived third-party copies;
- erase records required for compliance or legal purposes;
- remove anonymised information that no longer reasonably identifies the person.
13. PHOTOGRAPHS, VIDEO, AUDIO, AND RECORDINGS
We may photograph, record, transcribe, monitor, or preserve certain:
- calls;
- group sessions;
- private sessions;
- Events;
- workshops;
- interviews;
- support interactions;
- Client Portal activities;
- video calls;
- communications.
Recordings may be used for:
- providing Products and Services;
- making replays available;
- maintaining records;
- quality control;
- internal development;
- note taking;
- transcription;
- summaries;
- safety;
- complaints;
- disputes;
- legal evidence;
C- ontent development;
- marketing and Feedback Content where permitted.
Where reasonably practicable or legally required, notice will be provided before recording.
- Private discussions and sensitive disclosures will not normally be published unless:
- the relevant content was voluntarily provided for promotional use;
- the person clearly shared it as feedback, a result, win, or transformation;
- consent or another lawful ground applies;
- unnecessary vulnerable information is removed or concealed where appropriate.
14. MARKETING COMMUNICATIONS
Where permitted, we may contact a person through:
- email;
- SMS;
- WhatsApp;
- telephone;
- automated calls or messages;
- social media;
- direct messages;
- online advertising;
- postal communication;
- other electronic channels.
Where a form, survey, registration, booking, application, checkout, or payment page states or reasonably indicates that promotional communications may follow, submitting the relevant information constitutes a positive electronic action indicating consent to receive those communications.
A separate marketing checkbox is not required where the marketing use and communication channels are made reasonably clear before submission and the submission is recorded.
Marketing may include:
- Products and Services;
- offers;
- Events;
- resources;
- updates;
- content;
- reminders;
- opportunities;
- surveys;
- recommendations;
- partner offers where disclosed.
We may personalise marketing using information about:
- previous purchases;
- interests;
- website activity;
- form submissions;
- Client activity;
- engagement;
- location;
- profession;
- communication history;
- advertising interactions.
A person may unsubscribe or object to marketing at any time by:
- using an unsubscribe link;
- using an available opt-out function;
- replying with the requested opt-out wording;
- changing account preferences;
- contacting us through our Support contact form.
Opting out of marketing does not prevent us from sending necessary service, payment, security, legal, booking, or transactional communications.
We may retain minimal suppression information indefinitely to ensure that the person is not added back to the same marketing channel.
15. COOKIES, PIXELS, TAGS, SERVER-SIDE TRACKING, AND ADVERTISING
We and our providers may use:
- cookies;
- pixels;
- tags;
- scripts;
- browser storage;
- device identifiers;
- server-side tracking;
- analytics tools;
- advertising identifiers;
- conversion APIs;
- similar technologies.
These technologies may be used to:
- operate websites;
- remember preferences;
- maintain sessions;
- protect accounts;
- understand website use;
- measure engagement;
- identify errors;
- improve performance;
- attribute leads and sales;
- personalise Content;
- measure campaigns;
- create advertising audiences;
- retarget visitors;
- limit repeated advertisements;
- detect fraud;
- improve tracking accuracy.
Depending on the configuration, browser-side events may be transmitted through a server-side tracking environment before being sent to analytics or advertising providers.
We may send limited identifiers, including hashed contact information where configured, to advertising or analytics platforms for:
- conversion measurement;
- audience matching;
- custom audiences;
- exclusion audiences;
- similar or lookalike audiences;
- campaign optimisation;
- attribution;
- analytics.
Third-party providers may use their own cookies and process information under their own privacy terms.
Where required by applicable law, non-essential analytics, advertising, or tracking technologies will be subject to the person’s cookie or consent choices.
A person may manage cookies and tracking through available cookie settings, browser settings, device settings, advertising-platform controls, or other opt-out mechanisms.
Disabling cookies may affect website or Client Portal functionality.
We do not sell Personal Data for cash as a standalone data product.
Some disclosures for targeted advertising or audience matching may be treated as “sharing,” “sale,” or a similar regulated activity under certain laws. Where applicable, a person may exercise available opt-out rights through our cookie settings, support channel, or relevant platform controls.
16. AUTOMATION AND ARTIFICIAL INTELLIGENCE
We may use automated systems, workflows, algorithms, and artificial-intelligence tools to:
- route enquiries;
- schedule appointments;
- send reminders;
- categorise contacts;
- segment audiences;
- personalise communications;
- score leads;
- analyse engagement;
- create summaries;
- transcribe calls;
- prepare notes;
- review feedback;
- support moderation;
- detect spam;
- detect suspected fraud;
- draft Content;
- respond to common questions;
- support delivery;
- improve operations.
Personal Data may be processed by Third-Party Platforms providing automation or artificial-intelligence functionality.
We may use anonymised or aggregated information to test, analyse, improve, or develop internal processes.
We will not intentionally rely solely on an automated decision producing a significant legal or similarly serious effect unless:
this is necessary for a Contract;
consent has been obtained where required;
applicable law permits it;
appropriate safeguards are used.
Where applicable, a person may request human review of a qualifying automated decision.
17. PAYMENT PROCESSING
Payments may be processed by third-party payment providers.
Payment providers may collect:
- card details;
- bank details;
- billing addresses;
- identity information;
- device information;
- fraud indicators;
- transaction information.
We may receive:
- payment confirmation;
- transaction references;
- payment status;
- limited card details;
- billing information;
- refund information;
- chargeback information.
Payment providers may act as processors, independent controllers, or both, depending on the activity and their legal obligations.
They process information under their own terms and privacy policies.
We may retain transaction records for accounting, tax, contractual, fraud-prevention, dispute, and legal purposes.
18. ACCOUNTING AND BOOKKEEPING
We may use accounting, bookkeeping, tax, and financial-management platforms to process:
- Client names;
- business names;
- contact details;
- invoices;
- receipts;
- transaction records;
- payment status;
- expenses;
- refunds;
- taxes;
- financial classifications;
- supporting documents;
- related correspondence.
Accounting providers may process Personal Data as processors for certain customer records and as independent controllers for account administration, security, product improvement, compliance, or other activities described in their own privacy policies.
19. HOW WE MAY SHARE PERSONAL DATA
We may share Personal Data with the following recipients where reasonably necessary.
Our team
This may include:
- directors;
- employees;
- contractors;
- assistants;
- coaches;
- facilitators;
- community moderators;
- customer-support personnel;
- sales personnel;
- marketing personnel.
Technology and platform providers
This may include providers of:
- Client Portals;
- customer relationship management systems;
- community platforms;
- website hosting;
- cloud storage;
- email;
- SMS;
- WhatsApp;
- telephone systems;
- scheduling;
- video calls;
- automation;
- analytics;
- tag management;
- server-side tracking;
- advertising;
- artificial intelligence;
- cybersecurity;
- backups;
- file storage.
Payment and financial providers
This may include:
- payment processors;
- card providers;
- banks;
- accounting providers;
- bookkeeping providers;
- tax advisers;
- debt-collection providers;
- fraud-prevention providers.
Professional advisers
This may include:
- lawyers;
- accountants;
- auditors;
- insurers;
- compliance advisers;
- consultants;
- corporate service providers.
Event and delivery partners
This may include:
- venues;
- hotels;
- transport providers;
- Event organisers;
- photographers;
- videographers;
- local partners;
- contractors;
- accommodation providers;
- activity providers.
Advertising and social media providers
We may share limited Personal Data with analytics, advertising, social media, audience-matching, attribution, and tracking providers.
Other Clients
Information may be shared with other authorised Clients where the person:
- creates a profile;
- posts in a shared space;
- comments;
- uploads content;
- joins a group;
- communicates with another Client;
- otherwise chooses to make information visible.
Authorities and legal recipients
- We may disclose Personal Data to:
- courts;
- regulators;
- government authorities;
- law-enforcement bodies;
- tax authorities;
- legal representatives;
- insurers;
- parties involved in a legal matter.
Corporate transactions
Personal Data may be shared with potential buyers, investors, financiers, advisers, successors, or acquiring organisations in connection with a proposed or completed corporate transaction.
20. SERVICE PROVIDERS, PROCESSORS, AND SUBPROCESSORS
We use external providers to support our business and process Personal Data.
Our current key service providers, processors, subprocessors, independent controllers, and joint controllers are listed on our:
The list may include providers supporting:
- customer relationship management;
- Client Portals;
- communities;
- forms;
- communications;
- messaging automation;
- payment processing;
- accounting;
- analytics;
- advertising;
- tag management;
- server-side tracking;
- hosting;
- automation.
Not every provider acts solely as our processor.
Depending on the service and processing activity, a provider may act as:
- our processor;
- our subprocessor;
- an independent controller;
- a joint controller;
- a combination of these roles.
Providers may engage their own affiliates, service providers, and subprocessors in accordance with their contracts and published documentation.
We may add, remove, replace, or change providers where reasonably necessary.
The current list will be updated when reasonably practicable.
We are not required to notify every person individually whenever a provider or its processing location changes, unless applicable law requires individual notice.
21. BUSINESS CUSTOMERS AND SOFTWARE SERVICES
Where a business customer uses software, a Client Portal, communication tools, automation, or other technology provided or arranged by us, that customer may upload or process Personal Data relating to its own:
- customers;
- prospects;
- employees;
- contractors;
- users;
- contacts.
In those circumstances:
- the business customer may act as controller;
- we may act as processor;
- our technology providers may act as subprocessors;
- additional platform terms or a Data Processing Agreement may apply.
The business customer is responsible for:
- providing required privacy notices;
- obtaining required permissions;
- ensuring lawful collection;
- responding to data-subject requests;
- using the service lawfully;
- complying with marketing and communication rules.
We may separately act as controller for information relating to:
- the business customer’s account;
- authorised users;
- billing;
- security;
- support;
- contract management;
- legal compliance;
- our own marketing.
22. INTERNATIONAL DATA TRANSFERS
We operate from the UAE, but our providers, platforms, contractors, infrastructure, affiliates, and recipients may be located in other countries.
Personal Data may be:
- stored outside the UAE;
- accessed outside the UAE;
- transferred outside the UAE;
- processed outside the UAE.
Countries may include the United States, countries in the European Economic Area, the United Kingdom, Australia, countries in Asia, and other locations used by our providers.
Where required, we may rely on:
- contractual protections;
- Data Processing Agreements;
- standard contractual clauses;
- provider security measures;
- recognised transfer mechanisms;
- explicit consent;
- contractual necessity;
- legal claims;
- another legally permitted transfer ground.
International providers may be subject to laws applying in the countries where they operate.
23. SOCIAL MEDIA, PUBLIC CONTENT, AND THIRD-PARTY SERVICES
Information posted on social media, review sites, public websites, or public community spaces may become publicly available.
We may view, respond to, share, embed, quote, screenshot, or otherwise use public content relating to our business where permitted by law and the relevant platform terms.
Social media and Third-Party Platforms operate under their own terms and privacy policies.
We do not control how another person or platform copies, shares, indexes, archives, or uses publicly available information.
Our websites, Client Portals, or communications may contain links to third-party websites. We are not responsible for their privacy practices.
24. DATA RETENTION
We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, including contractual, service, marketing, operational, security, accounting, tax, legal, historical, and dispute-resolution purposes.
The periods below are general standard or maximum retention periods.
We may retain data for a shorter period where it is no longer reasonably required.
We may retain data for longer where:
- required by law;
- required by a regulator;
- required for tax or accounting;
- a payment remains outstanding;
- a complaint is open;
- a dispute or claim exists;
- litigation is reasonably anticipated;
- an investigation is ongoing;
- an insurance matter exists;
- a legal hold applies;
- information is needed to protect a person;
- information is needed to establish, exercise, or defend legal rights;
- the person requests continued storage;
- the information has been anonymised.
Website, tracking, and analytics information
Website analytics, device information, event data, cookie identifiers, advertising information, and attribution data may generally be retained for up to five years after collection.
Individual cookies and identifiers may expire earlier according to provider settings.
Aggregated or anonymised analytics may be retained indefinitely.
Prospects, enquiries, applications, and leads
Information concerning prospects, enquiries, applications, assessments, and leads may generally be retained for up to seven years after the last meaningful interaction.
If the person continues to engage, submits another form, responds, books a call, purchases, renews consent, or remains connected with us, the retention period may restart or continue.
Marketing records
Marketing profiles, audience information, engagement data, lead scores, attribution data, and consent records may be retained during the marketing relationship and for up to ten years afterwards for evidence, analysis, suppression, compliance, and legal purposes.
Minimal suppression records may be retained indefinitely.
Client, Contract, and service records
Client Accounts, Orders, Contracts, participation records, session administration, support communications, and related business records may generally be retained for up to ten years after the Client relationship ends.
They may be retained for up to fifteen years or longer where reasonably required for claims, disputes, investigations, insurance, debt recovery, or another lawful purpose.
Accounting, invoice, payment, and tax records
Invoices, receipts, transaction records, accounting records, payment records, bank reconciliation information, and tax-related documents may generally be retained for at least seven years after the relevant transaction or tax period.
They may be retained for up to fifteen years or longer where required for an audit, investigation, tax matter, suspected non-compliance, dispute, legal obligation, or claim.
Payment-provider information
Payment tokens, transaction references, limited card information, refunds, payment disputes, and chargeback records may be retained during the Client relationship and for up to ten years afterwards.
Full payment-card information is generally retained by the payment provider under its own retention requirements.
Client Portal profiles and User Content
Profiles, posts, comments, files, community activity, moderation records, and User Content may be retained while the Client Account is active and for up to seven years after access ends.
Content may be retained longer where:
- it has been used as Feedback Content;
- it is needed for a complaint;
- it is needed for safety;
- it forms part of a community record;
- it is needed for legal or compliance purposes.
Direct messages and communications
Direct messages and associated metadata may be retained while the relevant account or community is active and for up to seven years afterwards, subject to platform functionality.
Reported messages, complaints, investigations, or evidence may be retained for up to fifteen years or longer where reasonably necessary.
Session and participation records
Session records, notes, submissions, participation information, and relevant personal or wellbeing information may generally be retained for up to seven years after the last Product or Service.
They may be retained for up to fifteen years or longer where connected with a complaint, safety matter, insurance matter, dispute, or legal claim.
Recordings and transcripts
Call recordings, video recordings, session recordings, Event recordings, transcripts, notes, and summaries may generally be retained for up to seven years after creation.
Recordings incorporated into reusable Content, Feedback Content, promotional material, or business archives may be retained for as long as they remain in use or until a valid removal request applies.
Feedback Content and testimonials
Feedback Content may be retained and used for as long as it remains relevant to our business, unless the person withdraws applicable consent or makes a valid removal request.
Consent, licence, publication, and removal-request records may be retained for up to ten years after the final use or request.
Anonymised Feedback Content may be retained indefinitely.
Event photographs and footage
Event photographs, general footage, audio, and related media may generally be retained for up to ten years after capture.
Materials incorporated into long-term brand archives, Content, historical records, or campaigns may be retained longer where lawful.
Complaints, incidents, moderation, and legal records
Complaint records, legal correspondence, incident reports, safety records, moderation actions, suspensions, investigations, and dispute information may generally be retained for up to fifteen years after final resolution.
Security and system logs
Security logs, access records, audit records, fraud indicators, system records, and incident information may generally be retained for up to seven years.
Records connected with a breach, investigation, suspected fraud, or legal claim may be retained longer.
Recruitment records
Unsuccessful job or contractor applications may generally be retained for up to three years after the application process.
Employment and contractor records may generally be retained for up to ten years after the relationship ends, or longer where required by law or a legal matter.
Backups
Deleted information may remain in secured backups for up to twelve months after deletion from active systems.
Backup data will not normally be restored except for security, disaster recovery, legal, or operational purposes.
Anonymised information
Information that has been irreversibly anonymised so that it no longer reasonably identifies a person may be retained indefinitely and used for any lawful purpose.
25. DATA SECURITY
We use reasonable technical and organisational measures intended to protect Personal Data against:
- unauthorised access;
- accidental loss;
- unlawful disclosure;
- alteration;
- destruction;
- misuse;
- fraud;
- security incidents.
Measures may include:
- encrypted transmission;
- password protection;
- access controls;
- account permissions;
- secure platforms;
- authentication;
- backups;
- logging;
- security monitoring;
- confidentiality obligations;
- provider assessments;
- incident-response procedures;
- restricted access to Sensitive Personal Data.
No website, Client Portal, communication channel, electronic system, or storage system can be guaranteed to be completely secure.
Clients are responsible for maintaining the security of their login credentials and devices.
26. PERSONAL DATA BREACHES
Where we become aware of a Personal Data breach, we may:
- investigate;
- contain the incident;
- take corrective action;
- work with providers;
- preserve evidence;
- assess risk;
- notify relevant authorities;
- notify affected persons;
- take other steps required by law.
Notifications will be made where and within the period required by applicable law.
27. PRIVACY RIGHTS
Subject to applicable law and relevant exceptions, a person may have the right to:
- receive information about Processing;
- request access to Personal Data;
- request correction;
- request deletion;
- request restriction of Processing;
- object to direct marketing;
- withdraw consent;
- request eligible data in a machine-readable format;
- request transfer of eligible data where technically feasible;
- object to certain automated decisions;
- request human review of certain automated decisions;
- submit a complaint to an appropriate authority.
These rights are not absolute.
We may refuse, limit, or delay a request where permitted by law, including where the request:
- is excessively repetitive;
- affects another person’s privacy;
- affects system security;
- conflicts with legal proceedings;
- affects an investigation;
- prevents us from establishing, exercising, or defending legal rights;
- conflicts with a legal retention obligation;
- cannot be completed without retaining limited compliance records.
A deletion request does not necessarily require deletion of:
- tax records;
- invoices;
- Contracts;
- transaction records;
- legal records;
- complaint records;
- security records;
- anonymised information;
- information required for a dispute;
- suppression records;
- information remaining temporarily in backups.
28. HOW TO MAKE A PRIVACY REQUEST
Privacy requests may be submitted through our Support contact form.
The request should include:
- full name;
- email address;
- telephone number where relevant;
- details of the request;
- enough information for us to locate the relevant records.
We may request identity verification.
We may request clarification where the request is unclear or unusually broad.
We will respond within the period required by applicable law.
29. CHILDREN
Our Products and Services are generally intended for adults aged 18 or older.
We do not knowingly collect Personal Data from a child without appropriate authorisation.
Where a person under 18 participates with our approval, we may collect information relating to the child and their parent or legal guardian.
A parent or guardian who believes that a child has provided Personal Data without appropriate permission should contact us.
30. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time for:
- legal reasons;
- regulatory reasons;
- security reasons;
- operational reasons;
- technology changes;
- provider changes;
- platform changes;
- business changes;
- changes to Products and Services.
The updated version will be published with a revised effective date.
Where required, we will provide additional notice or request renewed consent before using Personal Data in a materially different manner.
Continued use of our websites, Client Portal, Products, or Services after an update will be subject to the updated Privacy Policy, except where further consent is legally required.
31. CONTACT AND PRIVACY SUPPORT
Questions, concerns, complaints, privacy requests, consent withdrawals, marketing opt-outs, and Feedback Content removal requests may be submitted through our Support contact form.
Please provide enough information for us to identify the relevant account, communication, or content.
You may also write to:
Casa Veda Life FZC LLC
Trading as Nico DiMattina
CWS-2V-322409
26th Floor, Amber Gem Tower
Ajman
United Arab Emirates