The Orange Code

Preparing your experience...

Back to Home

Privacy Policy

Compliant with UAE Data Protection Laws

Privacy Notice

This Privacy Policy explains how The Orange Code ("we," "us," or "our") collects, uses, processes, and protects your personal data in compliance with:

  • GDPR: EU General Data Protection Regulation (EU) 2016/679
  • UAE Federal Law: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
  • Ministry of Economy: UAE Ministry of Economy Regulations for Commercial Activities
  • ePrivacy Directive: Directive 2002/58/EC (as amended)

Your privacy and data protection rights are our priority. This policy is transparent, clear, and explains your rights under applicable data protection laws.

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, book services, purchase ebooks, or contact us. We also automatically collect certain information when you visit our website.

Personal Information

  • • Full name and contact details
  • • Email address and phone number
  • • Date of birth and nationality
  • • Professional title and company
  • • Billing address and payment information

Service Information

  • • Cultural background and preferences
  • • Training goals and objectives
  • • Masterclass bookings and attendance
  • • Ebook purchases and downloads
  • • Communication preferences

Automatically Collected Information

When you visit our website, we automatically collect basic information to improve our services and understand how visitors use our site:

  • • General location information (country, city) for analytics purposes
  • • Device type (mobile, tablet, or desktop) and browser information
  • • Pages visited and how you navigate our website
  • • Traffic source (how you found our website)
  • • Basic website performance metrics

Note: This information is used for analytics and service improvement only. We do not attempt to identify individual visitors, and all data is aggregated and anonymized where possible.

Payment Processing: All payment card information is securely processed by Stripe. We do not store or have access to your full payment card details.

Ebook Delivery & Security: For ebook purchases, we use a secure token-based download system. Upon purchase completion, you will receive an email with a time-limited download link (valid for 48 hours). All downloaded ebooks are watermarked with your email address for security and copyright protection. This watermark is embedded in the PDF file and cannot be removed.

2. How We Use Your Information

We use your information for the following legitimate business purposes:

Service Delivery

  • • Provide Cultural Intelligence training and masterclasses
  • • Deliver digital products (ebooks) via secure download links
  • • Personalize your learning experience
  • • Process payments and bookings
  • • Send service-related communications and confirmations
  • • Watermark purchased ebooks with your email for security

Business Operations

  • • Improve our services and masterclasses
  • • Conduct market research and analytics
  • • Monitor website performance and user experience
  • • Send real-time notifications for business operations
  • • Comply with UAE legal requirements
  • • Maintain business records

3. Legal Basis for Processing (GDPR Article 6)

Under GDPR, we process your personal data based on the following legal grounds:

Consent (Art. 6(1)(a))

  • • Marketing communications and newsletters
  • • Optional cookies (analytics, marketing)
  • • Participation in surveys or research

Contract Performance (Art. 6(1)(b))

  • • Delivering masterclasses and training
  • • Processing payments and bookings
  • • Providing customer support

Legal Obligation (Art. 6(1)(c))

  • • Tax and accounting records
  • • Regulatory compliance (UAE law)
  • • Anti-money laundering checks

Legitimate Interests (Art. 6(1)(f))

  • • Fraud prevention and security
  • • Business analytics and improvements
  • • Network and information security

Your Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. Contact us at legal@theorangecode.com to withdraw consent.

4. Information Sharing & Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

With Your Consent

  • • Explicit written consent for specific purposes
  • • Marketing communications (opt-in only)
  • • Third-party service providers

Legal Requirements

  • • UAE government authorities
  • • Court orders or legal processes
  • • Regulatory compliance

5. Third-Party Services & Data Processors

We use trusted third-party services to operate our website and provide services. These services may process your personal information on our behalf. All third-party services are GDPR-compliant and bound by strict data processing agreements:

Google Analytics 4

Purpose: Website analytics, user behavior tracking, conversion measurement, and performance monitoring.

Data Collected: IP address (anonymized), page views, clicks, scroll depth, time on page, device type, browser information, referrer, UTM parameters, and custom events.

Data Processing: Google LLC (USA) - Data is processed with appropriate safeguards including Standard Contractual Clauses (SCCs) for EU data transfers.

Google Privacy Policy | Google Analytics Privacy

Stripe

Purpose: Secure payment processing for masterclass bookings, course purchases, and ebook sales.

Data Collected: Payment card information (encrypted), billing address, email, phone number, transaction details, and fraud prevention data.

Data Processing: Stripe, Inc. (USA) - PCI DSS Level 1 certified, GDPR compliant with Data Processing Agreement (DPA).

Stripe Privacy Policy | Stripe DPA

Resend

Purpose: Sending transactional emails, contact form notifications, booking confirmations, and service communications.

Data Collected: Email address, name, message content, and email engagement metrics (opens, clicks).

Data Processing: Resend, Inc. (USA) - GDPR compliant with appropriate data processing safeguards.

Resend Privacy Policy

MailerLite

Purpose: Email marketing, newsletter management, subscriber segmentation, and marketing automation.

Data Collected: Email address, name, subscription preferences, email engagement data, and subscriber tags.

Data Processing: MailerLite UAB (Lithuania/EU) - GDPR compliant, EU-based data processing.

MailerLite Privacy Policy

Vercel (Hosting & Infrastructure)

Purpose: Website hosting, content delivery network (CDN), serverless functions, and performance monitoring.

Data Collected: IP addresses, request logs, error logs, performance metrics, and visitor analytics.

Data Processing: Vercel, Inc. (USA) - GDPR compliant with DPA, data stored in multiple regions including EU.

Vercel Privacy Policy

Vercel KV / Upstash Redis

Purpose: Data storage for visitor tracking, session management, and application state.

Data Collected: Visitor session data, tracking information, and temporary application data.

Data Processing: Upstash, Inc. (USA) - GDPR compliant with appropriate safeguards.

Upstash Privacy Policy

Slack (Business Operations)

Purpose: Internal notifications for business operations including contact form submissions, newsletter signups, and payment notifications.

Data Collected: Basic contact information and transaction notifications for internal use only.

Data Processing: Slack Technologies, LLC (USA) - GDPR compliant with Data Processing Agreement (DPA).

Slack Privacy Policy

Data Processing Safeguards

All third-party service providers are required to:

  • • Comply with GDPR and applicable data protection laws
  • • Process data only for specified purposes
  • • Implement appropriate technical and organizational security measures
  • • Notify us of any data breaches
  • • Delete or return data upon termination of services
  • • Use Standard Contractual Clauses (SCCs) for international data transfers

6. Data Security & Protection

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

  • • SSL/TLS encryption for data transmission
  • • AES-256 encryption for data storage
  • • Multi-factor authentication
  • • Regular security audits and penetration testing

Organizational Measures

  • • Access controls and user permissions
  • • Staff training on data protection
  • • Incident response procedures
  • • Regular policy reviews and updates

7. Your Data Protection Rights (GDPR Articles 12-23 & UAE Law)

Under GDPR and UAE Federal Decree-Law No. 45 of 2021, you have the following data protection rights:

Right to Access (Art. 15)

Request copies of your personal data and information about processing

Right to Rectification (Art. 16)

Correct inaccurate or incomplete data without undue delay

Right to Erasure (Art. 17)

Request deletion of your data ("Right to be Forgotten")

Right to Restriction (Art. 18)

Limit processing of your data under certain conditions

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format

Right to Object (Art. 21)

Object to processing based on legitimate interests or direct marketing

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

Right to Lodge a Complaint

File a complaint with a supervisory authority (see Section 11)

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer at legal@theorangecode.com or call +971 56 878 6106.

  • • We will respond to your request within 30 days (GDPR) or as required by UAE law
  • • We may request additional information to verify your identity before processing your request
  • • Exercising your rights is free of charge, unless requests are manifestly unfounded or excessive
  • • We will inform you if we cannot comply with your request and provide reasons

8. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can control cookie preferences through our cookie banner or browser settings. For detailed information about our use of cookies, please see our Cookie Policy.

Essential Cookies

Required for basic website functionality and security

Analytics Cookies

Help us understand website usage and performance (Google Analytics)

Personalization Cookies

Remember your preferences and settings

Marketing Cookies

Used for targeted advertising (with consent)

9. Data Retention & Storage

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Active Clients

Duration of service + 3 years for business records

Marketing Data

Until consent is withdrawn or 2 years of inactivity

Legal Compliance

As required by UAE law (typically 7 years)

Website Analytics Data

Retained for analytics purposes as per standard industry practices

Ebook Purchase Records

Permanently retained for business records and copyright protection

Download Links

Time-limited for security purposes

10. International Data Transfers (GDPR Chapter V)

Your data is primarily stored and processed within the UAE and EU. When we transfer personal data outside the UAE or EU, we ensure adequate protection through:

GDPR Safeguards

  • • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • • Data Processing Agreements (DPAs) with all third-party processors
  • • Adequacy decisions where applicable
  • • Binding Corporate Rules (BCRs) for intra-group transfers

UAE Requirements

  • • Compliance with Federal Decree-Law No. 45 of 2021
  • • Authorization from competent authorities where required
  • • Contractual obligations ensuring data protection
  • • Technical and organizational security measures

Data Transfer Countries: USA (Google, Stripe, Vercel, Resend), Lithuania/EU (MailerLite). All transfers are protected by SCCs and appropriate safeguards.

11. Supervisory Authorities & Complaints

If you are located in the EU/EEA or UAE, you have the right to lodge a complaint with a supervisory authority:

EU/EEA Residents

You may lodge a complaint with your local data protection authority. Find your authority at:

European Data Protection Board - Member List

UAE Residents

UAE Data Office
Telecommunications and Digital Government Regulatory Authority (TDRA)
Email: dataoffice@tdra.gov.ae
Website: tdra.gov.ae

12. Contact Information

For privacy related questions feel free to contact us.

Legal Team

The Orange Code

Email: legal@theorangecode.com

Phone: +971 56 878 6106

Business Address

Etihad Towers

Tower 3, Floor 36

Abu Dhabi, United Arab Emirates

Response Time: Within 30 days

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will:

  • • Post the updated policy on our website with a new "Last Updated" date
  • • Notify you by email if you have an account with us
  • • Display a prominent notice on our website
  • • Obtain your consent if required by law (e.g., for new processing purposes)

We encourage you to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy, unless your consent is required by law.

Legal Compliance & Certifications

Last Updated: January 6, 2026

Effective Date: January 6, 2026

Version: 2.0

This Privacy Policy complies with:

  • GDPR: EU General Data Protection Regulation (EU) 2016/679
  • ePrivacy Directive: Directive 2002/58/EC (as amended by Directive 2009/136/EC)
  • UAE Federal Law: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
  • Ministry of Economy: UAE Ministry of Economy Regulations and ADRA Licensing Requirements
  • PCI DSS: Payment Card Industry Data Security Standard (via Stripe)

The Orange Code is committed to maintaining the highest standards of data protection and privacy. This policy reflects our commitment to transparency, accountability, and respect for individual privacy rights under international and local laws.