1. Introduction

This Privacy Policy describes how RippleSeed FZE ("Company," "We," "Us," or "Our"), the data controller, collects, uses, shares, and protects your personal information ("Personal Data") when you use our Services.

Our registered address is:

Block C VL06-071, Sharjah Research Technology and Innovation Park, University City, Sharjah, UAE.

For all privacy-related requests, including accessing, correcting, or deleting your data, please contact our designated privacy contact at: hello@growthmarketing.me.

2. Commitment to Privacy & Legal Framework

We are committed to protecting your privacy and handling your data in an open and transparent manner. Our data processing activities are governed by the applicable laws of the United Arab Emirates, primarily the UAE Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data (the "PDPL").

The PDPL establishes an integrated framework to ensure the confidentiality of information and protect the privacy of individuals in the UAE. It applies to any entity, whether located inside or outside the UAE, that processes the Personal Data of individuals residing in the country. This policy is designed to comply with the principles and obligations set forth in the PDPL.

3. Information We Collect

We collect Personal Data through two primary means: information you provide to us directly and information collected automatically through our use of technology and third-party services.

3.1. Information You Voluntarily Provide

We collect Personal Data that you voluntarily provide to us when you:

• Contact us through forms on our website.

• Subscribe to our newsletter or other marketing communications.

• Schedule an appointment or meeting with us.

• Communicate with us via email or other direct channels.

The types of Personal Data collected in this manner may include your name, email address, phone number, and the content of your messages.

3.2. Information Collected Automatically via Third-Party Services

To operate and improve our Services, we use various third-party services that automatically collect information about your device and your interaction with our Services. The use of these third-party processors is essential for functions ranging from website analytics to customer relationship management. The PDPL requires transparency regarding these processing activities. By clicking on the green shield at the bottom left of the page, you will obtain a clear summary of the third-party data processors we use, the purpose of their services, the types of data they collect, and links to their respective privacy policies. This structured disclosure is intended to provide you with a comprehensive and easily understandable overview of how your data is handled by our partners.

4. How and Why We Use Your Information (Purpose of Processing)

In accordance with the PDPL, we collect and process your Personal Data only for specific, explicit, and legitimate purposes. We do not process your data in any way that is incompatible with these purposes. Our primary purposes for processing are:

• To Provide and Manage Our Services: We use your contact information and any data you provide to respond to your inquiries, schedule appointments, and fulfill our contractual obligations to you.

• To Improve Our Website and Services: We use data from analytics services like Google Analytics to understand how users interact with our Services, identify areas for improvement, and enhance the user experience.

• For Marketing and Advertising: With your explicit consent, we use your contact information to send you newsletters and other marketing materials via Beehiiv. We use data collected by Facebook Pixel to deliver targeted advertising that is relevant to your interests.

• To Manage Customer Relationships: We use our CRM system, Folk App, to organize contact information and communications to provide you with more efficient and personalized service.

• For Security and Fraud Prevention: We process technical data, such as IP addresses, to monitor for security threats, prevent fraudulent activity, and ensure the integrity of our Services.

5. Legal Basis for Processing

Our processing of your Personal Data is grounded in the legal bases provided by the PDPL. We rely on the following:

• Consent: This is our primary legal basis for several key activities. We will only send you direct marketing communications, such as newsletters, after you have provided your explicit, prior opt-in consent. Similarly, we will only place non-essential cookies and tracking technologies (like those used by Google Analytics and Facebook Pixel) on your device with your clear, affirmative consent. You have the right to withdraw this consent at any time.

• Performance of a Contract: When you request a service from us, such as scheduling a meeting through Google Calendar, we process the necessary Personal Data to fulfill that request, which forms a contract between you and us.

• Legitimate Interests: We may process certain data for our legitimate business interests, such as for security monitoring and fraud prevention, provided that these interests are not overridden by your rights and freedoms.

• Legal Obligation: We may be required to process your Personal Data to comply with a legal or regulatory obligation to which we are subject.

6. International Data Transfers

As outlined in Section 3.2, we use third-party service providers that are based globally, primarily in the United States. Consequently, when you use our Services, your Personal Data is transferred and stored on servers located outside of the United Arab Emirates.

We declare that all such international data transfers are conducted in full compliance with the PDPL. The PDPL permits cross-border data transfers to countries that have an adequate level of data protection as determined by the UAE Data Office, or where "appropriate safeguards" are in place. While the list of adequate countries is being established, we ensure the lawfulness of these transfers by relying on the contractual commitments of our service providers (e.g., Google, Meta, Folk, Beehiiv). These providers implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), which are legally binding agreements that ensure your data receives a level of protection equivalent to that provided within the UAE.

7. Data Retention and Security

7.1. Data Retention Policy

A core principle of the PDPL is data minimization, which dictates that Personal Data should not be kept for longer than is necessary to fulfill the purpose for which it was collected. The initial plan to retain data indefinitely is a direct violation of this principle. Therefore, our policy is as follows:

We will retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period for different types of data will vary depending on the context and purpose of processing. For example, contact information related to a client project will be retained for the duration of the project and for a subsequent period as required by law, while analytics data may be retained for a shorter period.

After the applicable retention period has expired, your Personal Data will be securely and permanently deleted or anonymized in accordance with Article 5 of the PDPL, which allows for data to be kept if the identity of the data subject is concealed. If you exercise your Right to Erasure, we will delete your data promptly, subject to any overriding legal obligations that require us to retain it.

7.2. Security Measures

We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Data we process. These measures aim to protect your data from accidental loss, and from unauthorized access, use, alteration, and disclosure. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Therefore, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

8. Your Rights Under the PDPL

Under the UAE's PDPL, you, as a data subject, are granted several rights to control your Personal Data. We are committed to upholding these rights.

• The Right to Access: You have the right to request and obtain a copy of the Personal Data we hold about you.

• The Right to Rectification: You have the right to request the correction of any inaccurate or incomplete Personal Data we hold about you.

• The Right to Erasure ('Right to be Forgotten'): You have the right to request the deletion of your Personal Data when it is no longer necessary for the purpose it was collected, if you withdraw consent, or if it has been processed unlawfully.

• The Right to Restrict Processing: You have the right to request that we limit the way we use your Personal Data in certain circumstances.

• The Right to Object to Processing: You have the right to object to our processing of your Personal Data, particularly for activities based on our legitimate interests or for direct marketing purposes.

• The Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.

• The Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights: To exercise any of these rights, please submit a verifiable request to us at our designated privacy email: hello@growthmarketing.me. We will respond to your request in accordance with the timelines and procedures stipulated by the PDPL.

9. Marketing Communications

We will only send you marketing communications, such as our newsletter, if you have explicitly consented to receive them. This "opt-in" approach is a strict requirement under both our policy and the UAE's Consumer Protection and Data Protection laws.  We will not add you to any marketing or newsletter list simply because you have contacted us for another reason.

You can opt-out of receiving marketing communications from us at any time by clicking the "unsubscribe" link provided in the footer of every marketing email we send, or by contacting us directly at hello@growthmarketing.me.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last Updated" date and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.