Privacy Policy

1. Introduction & Who We Are

Welcome to Percee Digital. We are a full-service digital marketing agency registered in the United Arab Emirates, providing services to clients across the UAE, United States, India, and France. This Privacy Policy explains how Percee Digital ("we", "us", or "our") collects, uses, discloses, and safeguards your personal information when you visit our website, contact us, or engage with our services.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This policy applies to all personal data processed by us in connection with our website and business activities, and is intended to meet the requirements of the EU General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Texas Data Privacy and Security Act (TDPSA), the India Digital Personal Data Protection Act 2023 (DPDP Act), and other applicable international privacy laws.

Percee Digital is a fully remote company registered in the United Arab Emirates. We have team members operating remotely from within the EU (including France), and accordingly we treat the GDPR as fully applicable to our processing activities, not merely on a territorial targeting basis, but because we have personnel present within the EU.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please discontinue use of our website.

2. Information We Collect

We collect personal information from various sources depending on how you interact with us. The categories of personal data we collect include:

2.1 Information You Provide Directly

When you interact with us through our website, contact forms, or during the course of a business relationship, you may provide us with:

• Contact details: name, email address, phone number, job title, and company name
• Enquiry and message content submitted through our contact forms
• Email address when subscribing to our newsletter or Studio Brief
• Business information, billing details, and project briefs provided during client onboarding
• Communications you send us by email, phone, or any other channel
• Account credentials if you access any client portal or reporting dashboards we provide

2.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through cookies and similar tracking technologies:

• IP address and approximate geographic location derived from it
• Browser type, version, and operating system
• Device type and screen resolution
• Pages viewed, time spent on pages, and navigation paths
• Referring website URLs and exit pages
• Date and time of your visit
• Interaction data such as clicks, scroll depth, and form engagement (via analytics tools)
• Cookie identifiers and session data

2.3 Information from Third Parties

We may receive information about you from third-party platforms and services in the following contexts:

• Advertising platforms (Google Ads, Meta Ads, LinkedIn Campaign Manager) may share conversion and audience data in connection with campaigns we manage on behalf of clients or ourselves
• Social media platforms when you engage with our content or connect through social login
• Business data providers for prospecting and outreach activities
• Referral partners or affiliates who refer clients to us
• Publicly available sources such as LinkedIn profiles and company websites

3. How We Use Your Information

We use the personal data we collect for the following purposes:

• Delivering our services: To provide digital marketing, SEO, paid media, analytics, web development, and related services to clients under contract
• Responding to enquiries: To respond to contact form submissions, emails, and calls from prospective and current clients
• Marketing communications: To send our newsletter, insights, case studies, and promotional content to subscribers who have opted in
• Website analytics: To understand how visitors use our website, measure the effectiveness of our content, and improve our user experience
• Advertising and remarketing: To run and optimise paid advertising campaigns, including remarketing to website visitors via Google, Meta, and LinkedIn platforms
• Business administration: For invoicing, contracts, financial record-keeping, and other operational purposes
• Legal and compliance: To comply with applicable laws, respond to legal requests, enforce our contracts, and protect our rights
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Service improvement: To conduct research and development, improve our service offerings, and develop new capabilities

4. Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA) and the United Kingdom, we process your personal data on the following legal bases under Article 6 of the GDPR:

• Consent (Art. 6(1)(a)): Where you have given us clear, specific, and freely given consent, for example, when subscribing to our newsletter or accepting non-essential cookies via our cookie banner
• Contractual necessity (Art. 6(1)(b)): Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request, for example, when onboarding a new client or responding to a service enquiry
• Legal obligation (Art. 6(1)(c)): Where processing is required to comply with a legal obligation to which we are subject, such as tax and accounting obligations, anti-money laundering requirements, or responding to court orders
• Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate business interests, such as improving our services, conducting B2B prospecting, maintaining website security, and sending direct marketing to existing clients, provided these interests are not overridden by your rights and freedoms

Where we rely on legitimate interests as the legal basis, we conduct a legitimate interests assessment to ensure that our interests are proportionate and balanced against your rights. You may object to such processing at any time, see Section 8 for details.

For special categories of personal data (which we do not routinely process), we would rely on explicit consent or another applicable basis under Article 9 of the GDPR.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following circumstances:

5.1 Service Providers and Sub-processors

We engage trusted third-party service providers who process personal data on our behalf under data processing agreements. These include:

• Google LLC, Google Analytics (website analytics), Google Ads (paid advertising), Google Workspace (email and productivity), Google Cloud (hosting and infrastructure)
• Meta Platforms, Inc., Meta Pixel and Conversions API for advertising analytics and campaign management
• LinkedIn Corporation, LinkedIn Insight Tag for B2B audience analytics and paid campaigns
• HubSpot, Inc., CRM and marketing automation platform for managing client relationships and email communications
• Amazon Web Services (AWS), Cloud hosting and data storage infrastructure
• Hotjar Ltd, Behavioural analytics and heatmapping
• Stripe / payment processors, For processing client invoice payments
• Mailchimp / email marketing platforms, For delivering newsletter communications

All service providers are contractually bound to process your data only in accordance with our instructions and to maintain appropriate security measures.

5.2 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, personal data held by us may be transferred to the acquiring entity. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your personal information where required to do so by applicable law, court order, regulatory authority, or governmental body, including authorities in the UAE, EU member states, the United States, and India. We will take reasonable steps to notify you of any such disclosure where permitted by law.

5.4 Protection of Rights

We may share information where we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, ensure the safety of our personnel, or enforce our Terms of Service.

6. International Data Transfers

Percee Digital operates internationally, and your personal data may be transferred to, stored, and processed in countries outside your country of residence, including the UAE, United States, France, and India. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data from the EEA or UK to countries not recognised as providing an adequate level of protection, we rely on appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with data processors and recipients
• The EU-US Data Privacy Framework (where applicable for US-based processors)
• Adequacy decisions issued by the European Commission for specific countries
• Binding Corporate Rules where applicable

You may request a copy of the relevant safeguards we rely on for international transfers by contacting us at privacy@perceedigital.com.

7. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, taking into account applicable legal requirements. Our retention periods are as follows:

• Client data (contracts, invoices, project records, communications): 7 years from the end of the client relationship, to comply with UAE commercial and tax laws
• Prospect and lead data (enquiry forms, CRM records for non-clients): 2 years from the date of last interaction
• Newsletter subscriber data: Until you unsubscribe, after which we retain a suppression record to honour your opt-out preference
• Website analytics data: 26 months in Google Analytics 4 (GA4), subject to your cookie consent preferences
• Cookie data: Variable depending on cookie type, see our Cookie Policy for specific durations
• Legal hold data: For as long as required by legal proceedings or regulatory investigations

After the applicable retention period, personal data is securely deleted or anonymised in accordance with our data disposal procedures.

8. Your Rights

Depending on your jurisdiction, you have a number of rights regarding your personal data. We will respond to all verifiable requests within the timeframes required by applicable law.

8.1 Rights Under GDPR (EEA & UK Residents)

• Right of access (Art. 15): You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data along with supplementary information about how it is used
• Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data we hold about you
• Right to erasure / "right to be forgotten" (Art. 17): You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing was unlawful, subject to certain legal exceptions
• Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested
• Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller
• Right to object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests
• Rights related to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects, we do not currently conduct such processing
• Right to withdraw consent: Where we process data based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal
• Right to lodge a complaint: You have the right to lodge a complaint with the data protection supervisory authority in your EU member state of habitual residence or place of work. For example, residents in France may contact the CNIL (Commission Nationale de l'Informatique et des Libertés). In the UAE, the supervisory authority is the UAE Data Office.

8.2 Rights for California Residents (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• The right to know what personal information we collect, use, disclose, and sell about you
• The right to delete personal information we have collected from you, subject to certain exceptions
• The right to correct inaccurate personal information we hold about you
• The right to opt out of the sale or sharing of your personal information, we do not sell your personal information, and we do not share your personal information for cross-context behavioural advertising purposes as defined under CPRA
• The right to non-discrimination for exercising your CCPA rights
• The right to limit use of sensitive personal information (we do not collect sensitive personal information as defined under CPRA)

We honour the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and sharing of personal information, as required under CPRA and the Colorado Consumer Privacy Act (CPA). If your browser transmits a GPC signal when you visit our website, we will treat it as an opt-out request and will not set marketing or targeting cookies for your session.

To submit a California rights request, contact us at privacy@perceedigital.com. We will acknowledge your request within 10 days and respond within 45 days.

8.3 Rights for Texas Residents (TDPSA)

If you are a Texas resident, you have the following rights under the Texas Data Privacy and Security Act (TDPSA):

• The right to confirm whether we are processing your personal data and to access that data
• The right to correct inaccuracies in your personal data
• The right to delete personal data provided by or obtained about you
• The right to obtain a portable copy of your personal data in a readily usable format
• The right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

To submit a Texas rights request, contact us at privacy@perceedigital.com. We will respond within 45 days, with a possible 45-day extension where reasonably necessary. If we decline to take action, you may appeal our decision by contacting us, and if you remain unsatisfied, you may contact the Texas Attorney General.

8.4 Rights for Indian Residents (DPDP Act 2023)

If you are located in India, you have the following rights as a Data Principal under the Digital Personal Data Protection Act 2023 (DPDP Act). We act as a Data Fiduciary in respect of personal data we collect and process:

• The right to obtain a summary of the personal data we hold about you and the processing activities we carry out
• The right to correction and erasure of inaccurate or incomplete personal data
• The right to grievance redressal, you may raise a complaint with our Data Protection Officer, who will acknowledge it within 48 hours and resolve it within 30 days
• The right to nominate another individual to exercise rights on your behalf in the event of your death or incapacity
• Where applicable, the right to withdraw consent for processing based on consent, without affecting the lawfulness of prior processing

If you are not satisfied with our response to a grievance, you may escalate your complaint to the Data Protection Board of India (DPBI), once it is established and operational under the DPDP Act. To submit an Indian rights request, contact our Data Protection Officer at privacy@perceedigital.com.

8.5 How to Exercise Your Rights

9. Cookies

We use cookies and similar tracking technologies on our website to enhance your browsing experience, analyse site traffic, and support our advertising activities. Cookies are small text files placed on your device that allow us to recognise your browser across visits.

We obtain your consent before placing non-essential cookies on your device. You may withdraw or update your consent at any time via our cookie preference centre, accessible from the cookie banner on our website.

For full details on the specific cookies we use, their purposes, durations, and how to manage them, please refer to our Cookie Policy.

10. Children's Privacy

Our website and services are not directed at, and we do not knowingly collect personal data from, individuals under the age of 16. If you are a parent or guardian and believe your child under 16 has provided personal information to us without your consent, please contact us immediately at privacy@perceedigital.com and we will promptly delete such information.

In jurisdictions where the age of digital consent differs (such as Germany where it is 16, or the United States where COPPA applies to children under 13), we comply with the applicable local standard.

11. Third-Party Links

Our website may contain links to third-party websites, platforms, and resources that are not operated or controlled by Percee Digital. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any third-party sites you visit.

Links to external sites including our social media profiles (LinkedIn, Instagram, X, Facebook), case study partners, and industry publications are provided for informational purposes only and do not constitute endorsement of the linked site or its privacy practices.

12. Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our business practices, applicable laws, and technology. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law or where we deem it appropriate, notify you by email or by posting a prominent notice on our website.

We encourage you to review this policy periodically. Your continued use of our website following the posting of changes constitutes your acknowledgement of those changes. If a change materially affects how we process your personal data and we rely on your consent as the legal basis, we will seek fresh consent.

Previous versions of this Privacy Policy are available on request from our Data Protection Officer.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us:

If you are not satisfied with our response to a complaint, you have the right to refer the matter to the relevant data protection authority. EU residents may contact the supervisory authority in their member state of habitual residence or place of work, for example, in France: CNIL. For the UAE: the UAE Data Office. For the UK: the ICO. For California: the California Privacy Protection Agency (CPPA). For Texas: the Texas Attorney General. For India: the Data Protection Board of India (DPBI), once operational under the DPDP Act 2023.