Privacy Policy

​

Effective date: 01.10.2025

​

This Privacy Policy describes how DD FZC, an owner of SoulLead brand (“Soullead”, “we”) collects, uses, discloses, and protects personal data of users (“you”, “your”) when you visit or interact with our website (soulleadcompany.com) or otherwise engage our services. This policy also explains your rights under applicable laws in the EU and the UAE.

If you are located in the European Union or the United Arab Emirates (or both), this policy applies to you.

 

1. Definitions

• Personal Data / Personal Information: any information relating to an identified or identifiable natural person (e.g. name, email, IP address).

• Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion etc.).

• Controller: the entity that determines the purposes and means of processing personal data.

• Processor: entity that processes personal data on behalf of the controller.

• Sensitive Personal Data: data such as race, religion, biometric data, health data, etc. (in many jurisdictions these require stricter protection).

• User / Data Subject: you, the natural person whose data we process.

 

2. Data Controller & Contact Details

DD FZC

Business Centre, Sharjah Publishing City Free Zone, Sharjah, United Arab Emirates
Email: support@soulleadcompany.com

​

If you are in the EU, for GDPR-related issues you may address queries to the above contact, or to our EU representative at:
Renata Pillarova Kresankova, phone: +421 907 274 665  

 

3. What Data We Collect & When

We collect personal data directly from you, automatically through your use of our website, and sometimes from third parties when necessary to provide our services. The types of information we collect include the following:

​

Identification and contact information.
When you interact with us — such as when you register on our website, subscribe to our newsletter, fill in contact forms, or make an inquiry — we may collect your first and last name, email address, phone number, and postal address. This information allows us to identify and communicate with you effectively.

​

Account and login information.
If you create an account with us, we collect the username and password you choose. Passwords are stored in encrypted form and are never visible to us in plain text.

​

Transaction and payment information.
When you make a purchase or use a paid service through our website, we collect transaction details such as payment method, order number, billing and shipping addresses, and order history. We do not store full card details ourselves; these are processed securely by our authorized payment gateway providers.

​

Technical and usage data.
Whenever you visit our website, we automatically collect technical data such as your IP address, browser type and version, device identifiers, operating system, pages you visit, time and date of access, referring and exit pages, and other analytical information. This data helps us maintain site security, analyze performance, and improve the user experience.

​

Communications and correspondence.
If you contact us directly — for example, by email or through our contact form — we may collect the content of your message, any attachments you send, and other information you voluntarily provide. This allows us to respond to your requests and provide customer support.

​

Marketing and preference data.
When you opt in to receive marketing communications or participate in promotions, we may collect information about your preferences, such as language choices or interests, as well as whether you open our emails or click on links. This helps us tailor our content and offers to what interests you most.

​

Optional or sensitive information.
You may choose to share additional or more sensitive information with us, for example when providing feedback or participating in coaching or spiritual development activities. We will only process such data if you voluntarily provide it and we have a clear legal basis to do so.

We do not intentionally collect more data than is necessary to achieve the purposes described in this policy.

 

4. Legal Bases for Processing (EU / GDPR) & Grounds (UAE)

When you are in the EU, our legal bases under GDPR include:

• Consent: when you have expressly agreed (e.g. subscribing to newsletter, cookies)

• Performance of contract: to fulfill a contract you have with us (e.g. delivering goods or services)

• Legal obligation: complying with a legal obligation (e.g. tax, regulatory)

• Legitimate interests: where we have a legitimate interest (provided your rights are not overridden) — e.g. fraud prevention, site analytics, improving services

 

Under UAE data protection regimes, processing must likewise comply with principles such as lawfulness, purpose limitation, data minimization, accuracy, storage limitation, security, accountability, and cross-border transfer regulations. We rely similarly on lawful grounds including consent, performance of contract, compliance with legal obligations, and legitimate interest (where permissible).

 

5. Purposes of Processing / Use of Data

We use your personal data for various purposes, including but not limited to:

1. Provision of Services / Orders

   • To process your orders, payments, returns, invoices, deliveries

   • To manage your account, respond to inquiries, provide customer support

2. Communication & Notifications

   • To send confirmations, updates, notices, support responses

   • To communicate important changes to our policies

3. Marketing & Promotions

   • Subject to your consent where required, to send offers, newsletters, promotional content

   • To tailor marketing based on your preferences

4. Analytics & Improvement

   • To analyze site usage, improve functionality, user experience, features

   • To detect, prevent, or investigate fraud or abuse

5. Legal & Compliance

   • To comply with legal, tax, audit, or regulatory obligations

   • To enforce our terms, policies, defend legal claims

6. Security & Safety

   • To protect our systems, detect malicious activity, maintain system integrity

7. Other Purposes

   • With your consent, other uses you explicitly agree to (e.g. surveys, feedback)

If we need to use your data for a purpose not listed in this policy, we will ask for your consent (if required) or notify you and explain the new purpose.

 

6. Data Sharing & Disclosure

We may share your personal data in the following circumstances:

• Within our group / affiliates: for internal operations (e.g. support, finance)

• With service providers / processors: e.g. payment gateways, shipping / delivery providers, analytics providers, marketing platforms, IT and hosting providers

• With legal & regulatory authorities: when required by law, judicial processes, to prevent harm or fraud

• Business transfers: in case of merger, acquisition, sale of assets, or restructuring (with appropriate safeguards)

• With your consent: if you have explicitly authorized sharing with third parties

We require that any third party we share your data with agrees to protect it and only use it for the permitted purposes.

 

7. International Transfers / Cross-Border Transfers

Because we are operating globally, your data may be transferred to, stored in, or processed in countries outside your home country (e.g. servers in the UAE, EU, or third countries).

• EU persons: we will ensure that such transfers are only made if there is an adequate level of protection (e.g. European Commission adequacy decision, Standard Contractual Clauses, binding corporate rules, or other lawful transfer mechanisms).

• UAE and other jurisdictions: we will comply with applicable cross-border transfer rules (e.g. requiring consent or specific safeguards).

By using our services, you consent to these transfers under the safeguards described.

 

8. Data Retention & Deletion

We will retain your personal data only as long as necessary for the purposes for which it was collected, or to satisfy legal, accounting, or reporting requirements.

• For transactional data (orders, invoices) – typically 5 years

• For marketing / preference data – until you withdraw consent or unsubscribes

• For technical / analytics data – for a period consistent with business needs

• After no longer needed, we will securely delete or anonymize your personal data

If you wish, you may request deletion or anonymization earlier (subject to legal or contractual constraints).

 

9. Data Security & Protection

We have implemented appropriate technical and organizational measures to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction. These may include:

• Encryption in transit (TLS / SSL)

• Encryption or hashing of sensitive data at rest

• Access controls, role-based access

• Regular security audits, penetration testing

• Network security (firewalls, intrusion detection)

• Secure backups and disaster recovery

• Employee training and confidentiality obligations

However, no system is completely secure. If a breach occurs, we will follow legal obligations to notify affected persons or regulators as required (e.g. GDPR’s 72-hour breach notification rule).

 

10. Cookies, Tracking & Similar Technologies

We use cookies, web beacons, pixels, or similar technologies to collect usage and technical data. These may include:

• Essential / Strictly Necessary Cookies: required for site operation (e.g. login sessions)

• Performance / Analytics Cookies: to understand how users use the site (e.g. Google Analytics)

• Functional / Preference Cookies: to remember your choices (language, preferences)

• Marketing / Targeting Cookies: to deliver relevant advertising, measure ad campaign efficacy

You have the right to accept or refuse (or withdraw) consent for non-essential cookies. You can manage your preferences (via cookie banner or browser settings). Blocking cookies may reduce site functionality.

 

11. Your Rights (for EU / GDPR and applicable UAE regime)

Depending on where you are located, you have specific rights concerning your personal data under applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the UAE’s Personal Data Protection Law (PDPL). We respect these rights and will respond to all valid requests in accordance with the law.

You have the right to access your personal data. This means you may request a copy of the personal data we hold about you and information about how we process it.

You have the right to rectification, which allows you to ask us to correct any inaccurate or incomplete personal data.

You have the right to erasure, sometimes referred to as the “right to be forgotten.” You can request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent and there is no other lawful basis for processing.

You have the right to restrict processing of your personal data. This means you can ask us to temporarily limit how we use your data, for example, while we verify its accuracy or the reasons for processing it.

You have the right to data portability, which allows you to receive your personal data in a structured, commonly used, and machine-readable format and to transfer that data to another controller, where technically feasible.

You have the right to object to certain types of processing, particularly where we rely on legitimate interests as the lawful basis for processing or where your data is used for direct marketing purposes.

If our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing that took place before you withdrew it.

You also have the right to lodge a complaint with the relevant supervisory authority if you believe your rights have been infringed.

• If you are located in the European Union, you may contact the data protection authority in your country of residence.

• If you are located in the United Arab Emirates, you may raise a complaint with the UAE Data Office or the relevant free zone authority (such as ADGM or DIFC, if applicable).

We will respond to all legitimate requests without undue delay, and at the latest within the time periods required by law (typically within one month under GDPR). In some cases, we may need to verify your identity before acting on your request.

 

12. Children & Minors

Our services are not intended for children. We do not knowingly collect personal data from minors without parental/guardian consent. If you believe we have collected such data inadvertently, please contact us to request deletion.

 

13. Updates to This Policy

We may update this Privacy Policy periodically (due to changes in law, technology, business practices). We will:

• Post the updated version on our website with a new effective date

• Where required, notify users by email or prominent notice

• Ask for renewed consent if required by law

You should review this policy from time to time to stay informed.

 

14. Miscellaneous

• Third-Party Links / Services: Our website may contain links to external websites. We are not responsible for their privacy practices.

• No Automated Decisions: We do not carry out fully automated individual decision-making or profiling that leads to legal effects.

• Severability: If a provision is invalid under a jurisdiction’s law, that part will be severed, and the rest remains in effect.

• Governing Law & Jurisdiction: Disputes may be governed by UAE law, subject to applicable mandatory rules.

• Contact Us: For any privacy queries, requests, complaints, contact us at:

  • Email: support@souleadcompany.com