Privacy Policy

This Privacy Policy explains how Shim Partners Management Consultancy FZCO collects, uses, stores, and protects your personal data when you use our websites and products. We are committed to protecting your privacy and complying with applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and the EU General Data Protection Regulation (GDPR) where applicable.

1. Who We Are

The data controller for your personal information is:

Shim Partners Management Consultancy FZCO
IFZA Business Park, Dubai Silicon Oasis, Dubai, UAE
hello@shimpartners.com  |  shimpartners.com

Payments are processed by Paddle (Paddle.com Market Limited), 15 Lower George’s Street, Dún Laoghaire, Co. Dublin, Ireland, who acts as Merchant of Record and is a separate data controller for payment-related data.

2. Data We Collect

2.1 Data you provide directly

• Name and email address (account registration, contact forms)
• Organisation name and role (for enterprise and advisory products)
• Payment information (collected and processed by Paddle — we do not store card data)
• Content you submit through our platforms (journal entries, meeting transcripts in ClarityOS)
• Communications you send to us by email or contact form

2.2 Data collected automatically

• IP address and approximate location
• Browser type, device type, and operating system
• Pages visited, time spent, and navigation patterns
• Referring URL and search terms used to find us

2.3 Data from third parties

• Authentication data if you sign in via Google or another OAuth provider
• Payment status and transaction identifiers from Paddle

3. How We Use Your Data

We use your personal data for the following purposes:

• To provide and maintain our products and services
• To process your subscription and manage your account
• To send you service-related communications (receipts, account notices)
• To send you marketing communications where you have opted in or where we have a legitimate interest (you may opt out at any time)
• To improve our products through anonymised usage analytics
• To comply with legal obligations
• To respond to your enquiries and support requests

4. Legal Basis for Processing (EU/UK Users)

For users in the European Union or United Kingdom, our legal bases for processing are:

• Contract performance — processing necessary to deliver the service you have purchased
• Legitimate interests — analytics, security, improving our products, direct marketing to existing customers
• Consent — marketing emails to new subscribers; processing of sensitive content you voluntarily submit
• Legal obligation — compliance with UAE and international law

5. Data Sharing

We do not sell your personal data. We share data only with:

• Paddle — for payment processing and subscription management
• Cloud hosting providers — for storing your account data securely
• Analytics providers — using anonymised or pseudonymised data only
• Professional advisors — lawyers, accountants, under confidentiality obligations
• Law enforcement or regulatory authorities — where required by law

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. After account deletion, we retain certain data for up to 7 years where required for legal or tax compliance. Payment records are retained by Paddle in accordance with their own retention policies.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — to obtain a copy of the data we hold about you
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure — to request deletion of your data (‘right to be forgotten’)
• Right to restrict processing — to limit how we use your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to processing based on legitimate interests, including direct marketing
• Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at hello@shimpartners.com. We will respond within 30 days. EU users may also lodge a complaint with their local supervisory authority.

8. Cookies

Our websites use cookies and similar tracking technologies for functionality, analytics, and marketing. You may control cookie preferences through your browser settings or our cookie consent banner. Essential cookies required for the website to function cannot be disabled.

9. International Data Transfers

Your data may be processed outside the UAE and the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms under UAE law.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include encryption in transit (TLS), access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Children’s Privacy

Our products are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at hello@shimpartners.com and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or via a prominent notice on our website. The updated policy will display the revised effective date.

13. Contact

For privacy-related enquiries or to exercise your rights:

Shim Partners Management Consultancy FZCO
hello@shimpartners.com
IFZA Business Park, Dubai Silicon Oasis, Dubai, UAE