Privacy Policy

1. Controller & Contact

TheClueX Education Platform Ltd respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it and what rights you have. It applies to all visitors and users of institutional.theclue.io and related services.

This policy is designed to comply with the DIFC Data Protection Law 2020 (DIFC Law No. 5 of 2020) and, where applicable, the EU General Data Protection Regulation (GDPR) and the UK GDPR.

2. Data We Collect & Why

2.1 Server & Access Logs (Hosting)

When you visit our website, our hosting provider Webflow, Inc. automatically collects technical data including:

• IP address (anonymized after processing)
• Browser type and version
• Operating system
• Referrer URL
• Date and time of access
• Pages visited

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR / DIFC DP Law) — ensuring website security, stability and performance. Logs are retained for a maximum of 30 days.

2.2 Contact via WhatsApp

When you contact us via our WhatsApp link (wa.me/+971568610024), your message and contact details are processed by WhatsApp (Meta Platforms Ireland Ltd) and shared with us. We use this data solely to respond to your inquiry.

Legal basis: Pre-contractual measures / legitimate interests (Art. 6(1)(b)/(f) GDPR). We retain messages for 24 months or until your inquiry is resolved, whichever is sooner.

Third-party privacy policy: WhatsApp Privacy Policy

2.3 Meeting Scheduling via Calendly

When you book a call using our Calendly link, Calendly, Inc. (USA) collects your name, email address and selected appointment time. This data is shared with us to facilitate the scheduled meeting.

Legal basis: Pre-contractual measures / consent (Art. 6(1)(a)/(b) GDPR). Data transfer to the USA is covered by Calendly's Standard Contractual Clauses (SCCs). We retain booking data for 24 months.

Third-party privacy policy: Calendly Privacy Policy

2.4 LinkedIn Profile Links

Our website contains links to LinkedIn (LinkedIn Ireland Unlimited Company). Clicking these links transfers you to LinkedIn's platform. We do not transmit any personal data to LinkedIn; any processing is subject to LinkedIn's privacy policy upon your interaction.

Third-party privacy policy: LinkedIn Privacy Policy

3. Website Hosting — Webflow

This website is hosted by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. Webflow acts as a data processor under a Data Processing Agreement (DPA) with TheClueX Education Platform Ltd. Data transfers to the USA are covered by Standard Contractual Clauses (SCCs) approved by the European Commission.

Webflow may collect and process technical usage data (including IP addresses and browser information) as part of its hosting services. For further details, see Webflow's Privacy Policy and GDPR information.

4. Cookies & Tracking

This website uses only technically necessary session data required for the website to function correctly. We do not use tracking cookies, analytics scripts or advertising pixels.

Webflow may set a technically necessary session cookie to maintain basic website functionality. This does not require your consent as it is strictly necessary for website operation.

If you contact us via Calendly or WhatsApp, those third-party services may set their own cookies subject to their respective privacy policies.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law:

• Server logs: Maximum 30 days
• Inquiry & contact data: 24 months from last contact, unless ongoing engagement requires longer retention
• Contractual data: As required by applicable commercial and tax law (typically 7 years under UAE Commercial Companies Law)

6. International Data Transfers

TheClueX Education Platform Ltd is based in the Dubai International Financial Centre (DIFC), which maintains an adequate level of data protection under the DIFC Data Protection Law 2020. The DIFC has been recognized as providing adequate protection for personal data transferred from the EEA and UK.

Where we engage third-party service providers based outside the DIFC or EEA (e.g., Webflow in the USA, Calendly in the USA), we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) or equivalent mechanisms — before transferring your personal data.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — You have the right to obtain confirmation of whether we process your personal data and to receive a copy of it.
• Right to rectification — You may request correction of inaccurate or incomplete data.
• Right to erasure — You may request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to restriction — You may request that we restrict processing of your data in certain circumstances.
• Right to data portability — Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
• Right to object — You may object to processing based on legitimate interests, including profiling.
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at privacy@theclue.io. We will respond within 30 days.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the DIFC Commissioner of Data Protection: difc.ae/data-protection. EU/EEA residents may also contact their national data protection authority.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These measures are reviewed and updated regularly in line with the state of the art and applicable data protection requirements.

Our website is served exclusively over encrypted HTTPS connections. Our hosting provider Webflow maintains ISO 27001 certification and implements industry-standard security measures.

9. Children's Privacy

This website is directed exclusively at business professionals and institutional clients. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us at privacy@theclue.io and we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or applicable law. We will post the updated policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.

For material changes that may significantly affect your rights, we will provide a prominent notice on our website or contact you directly where required by law.

11. Governing Law

This Privacy Policy is governed by the laws of the Dubai International Financial Centre (DIFC), including the DIFC Data Protection Law 2020 (DIFC Law No. 5 of 2020). To the extent applicable, we also comply with the EU General Data Protection Regulation (GDPR) and UK GDPR for users in those jurisdictions.

Any disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the DIFC Courts.