Privacy Policy
1. Introduction
Adstorm LLC ("Adstorm," "we," "our," or "us") is committed to protecting the privacy and personal data of every individual who interacts with our websites, services, and communications. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information, as well as the rights you hold over your data under applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation.
This policy applies to all digital properties operated by Adstorm LLC, including any brand websites and microsites we own or manage, our consulting service portal, and any email marketing communications we send. By using our websites or services, you acknowledge that you have read and understood this Privacy Policy.
If you do not agree with the practices described in this policy, please discontinue use of our websites and services and contact us to exercise any applicable rights regarding data we may already hold about you.
2. Data Controller Information
Legal Entity: Adstorm LLC
Registered Office: Shams Media City FZ, Al Messaned, UAE
General Contact: hello@adstorm.agency
Data Protection Officer (DPO) / Privacy Contact: privacy@adstorm.agency
Adstorm LLC is the data controller for personal data processed in connection with our websites, brand properties, and consulting services. Where we process data on behalf of clients as a data processor, a separate Data Processing Agreement governs that relationship.
3. Personal Data We Collect
We collect different categories of personal data depending on the nature of your interaction with us. The table below summarizes the categories of data we may collect.
| Data Category | Examples | Source |
|---|---|---|
| Identity Data | First name, last name, username or similar identifier | Directly from you |
| Contact Data | Email address, telephone number, billing address, shipping address | Directly from you |
| Financial Data | Payment card details (processed and tokenized by our payment processor - we do not store raw card numbers), billing records | Directly from you via payment processor |
| Transaction Data | Details of products or services purchased, order history, refund history, subscription records | Automatically generated; from you |
| Technical Data | IP address, browser type and version, operating system, device identifiers, time zone, plug-in types, screen resolution | Automatically collected |
| Usage Data | Pages visited, time spent on pages, links clicked, referring URLs, search terms used on site, funnel step completions | Automatically collected |
| Marketing and Communications Data | Your preferences for receiving marketing from us, communication history, email open and click data, opt-out records | From you; automatically generated |
| Profile Data | Your account username and password, purchases or orders made, interests, preferences, quiz or survey responses | From you; inferred from usage |
| Aggregated and Anonymized Data | Statistical or demographic data for analytics purposes (e.g., 40% of users visited a specific page). This data cannot identify you individually. | Derived from above categories |
We do not intentionally collect Special Category Data (also known as sensitive personal data) such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning a person's sex life or sexual orientation. Please do not submit such data to us. If you do, we will delete it promptly.
4. How We Collect Personal Data
4.1 Data You Provide Directly
We collect personal data directly from you when you:
- Fill in a contact form, inquiry form, or lead capture form on any of our websites
- Create an account or register for a product or service
- Purchase a product or service
- Subscribe to our email newsletter or marketing communications
- Complete a quiz, survey, or assessment on one of our brand sites
- Correspond with us by email, phone, or any other means
- Request a consultation, proposal, or information about our services
- Participate in a promotion, competition, or event
4.2 Data We Collect Automatically
When you visit our websites or interact with our emails, we automatically collect Technical Data and Usage Data using cookies, server logs, web beacons, and similar tracking technologies. This may include your IP address, browser type, pages visited, and how long you spent on each page. For full details, please see our Cookie Policy.
4.3 Data We Receive from Third Parties
We may receive personal data about you from the following third-party sources:
- Analytics providers - aggregate audience and behavioral data
- Advertising platforms - audience match data and conversion data when you interact with our advertisements
- Payment processors - transaction confirmation and fraud screening signals
- Email service providers - delivery status, open rates, and engagement data
- Publicly available sources - publicly accessible professional profiles or directories, where relevant to a business inquiry
5. Legal Bases for Processing (GDPR)
For individuals located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases under GDPR Article 6 to process your personal data:
| Legal Basis | When We Rely on It |
|---|---|
| Consent (Art. 6(1)(a)) | When you have given clear, informed consent for a specific purpose - for example, opting in to receive marketing emails or accepting non-essential cookies |
| Contract (Art. 6(1)(b)) | When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract - such as processing an order or providing a purchased service |
| Legal Obligation (Art. 6(1)(c)) | When we must process your data to comply with a legal or regulatory obligation - such as tax record-keeping or responding to a lawful law enforcement request |
| Legitimate Interests (Art. 6(1)(f)) | When processing is necessary for our legitimate business interests (or those of a third party) and those interests are not overridden by your rights and interests - for example, website security, fraud prevention, improving our services, and certain direct marketing to existing customers |
Where we rely on consent, you may withdraw that consent at any time without detriment. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
6. Purposes of Processing
We collect and use your personal data for the following purposes:
- Service delivery: Processing your purchase, delivering digital products or educational materials, managing your account, and providing customer support
- Contract fulfilment: Onboarding and delivering consulting or advertising services to business clients
- Marketing and communications: Sending promotional emails, newsletters, and updates about our products and services (where you have consented or we have a legitimate interest as an existing customer)
- Personalization: Tailoring website content, advertisements, and email communications to your interests and behavior
- Analytics and improvement: Analyzing how visitors use our websites to improve usability, content, and marketing effectiveness
- Fraud prevention and security: Detecting, investigating, and preventing fraudulent transactions, chargebacks, and other malicious or illegal activity
- Legal compliance: Meeting our obligations under applicable laws and regulations, including tax, consumer protection, and data protection law
- Dispute resolution: Resolving disputes, enforcing our terms and conditions, and protecting our legal rights
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate our websites, measure performance, and deliver relevant advertising. Cookies are small text files stored on your device that allow us to recognize you across sessions.
We use the following categories of cookies:
- Strictly Necessary Cookies: Required for the website to function. Cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our websites by collecting anonymized usage data.
- Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our ad campaigns.
- Functional Cookies: Enable enhanced functionality such as remembering your preferences and language settings.
For a full list of cookies we use, their purpose, duration, and how to manage or disable them, please read our Cookie Policy.
8. Sharing Your Personal Data
We do not sell your personal data. We may share your data with the following categories of third parties, strictly for the purposes set out in this policy:
- Service providers and processors: Companies that process data on our behalf under written data processing agreements, including email delivery providers, payment processors, cloud hosting providers, CRM platforms, analytics vendors, and customer support tools
- Advertising and marketing platforms: Platforms through which we run paid media campaigns, including audience matching services (data is shared only in hashed or anonymized form where technically feasible)
- Professional advisors: Lawyers, accountants, auditors, and insurers who provide consultancy, legal, accounting, or insurance services to us
- Regulatory authorities and law enforcement: Where required by law, court order, regulatory direction, or to protect the rights, safety, or property of Adstorm LLC or others
- Business transfers: In connection with any merger, acquisition, restructuring, or sale of all or part of our business assets, where personal data may be transferred to a successor entity
We require all third parties to respect the security and confidentiality of your personal data and to process it only in accordance with our instructions and applicable law.
9. International Data Transfers
Adstorm LLC is headquartered in the United Arab Emirates (Shams Media City FZ, Al Messaned, UAE). Your personal data may be transferred to, and processed in, countries outside your country of residence, including the UAE and other jurisdictions where our service providers operate.
For transfers of personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision from the relevant data protection authority, we rely on the following safeguards:
- Standard Contractual Clauses (SCCs): We incorporate the EU Commission's approved Standard Contractual Clauses into our agreements with data processors in third countries to ensure an equivalent level of protection for transferred data
- UK International Data Transfer Agreements (IDTA): For transfers from the UK, where applicable
- Processor binding agreements: Contractual obligations imposing GDPR-equivalent protections on all processors regardless of location
You may request a copy of the specific safeguards we use for any particular transfer by contacting us at privacy@adstorm.agency.
10. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The following general retention periods apply:
| Data Type | Retention Period | Reason |
|---|---|---|
| Customer account data | Duration of account + 3 years | Contract performance and dispute resolution |
| Transaction and financial records | 7 years from transaction date | Legal and tax compliance |
| Marketing consent records | Until consent withdrawn + 3 years | Evidence of lawful processing |
| Email engagement data | 3 years from last engagement | Marketing optimization and suppression lists |
| Website analytics data | 26 months | Trend analysis and service improvement |
| Support and correspondence records | 3 years from resolution | Quality assurance and dispute resolution |
| Fraud and abuse records | Up to 7 years | Security and legal protection |
When personal data is no longer needed, we securely delete or anonymize it. Where immediate deletion is not technically possible (e.g., data in backup archives), we isolate the data from further active processing until deletion is possible.
11. Your Rights Under GDPR
If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the GDPR and UK GDPR with respect to your personal data:
- Right of Access (Art. 15): You have the right to obtain confirmation of whether we process personal data about you and, if so, to receive a copy of that data along with supplementary information about how it is processed.
- Right to Rectification (Art. 16): You have the right to require us to correct inaccurate personal data concerning you and to have incomplete data completed.
- Right to Erasure / "Right to be Forgotten" (Art. 17): You have the right to request deletion of your personal data where, for example, the data is no longer necessary for the purpose it was collected, you withdraw consent (where consent was the legal basis), or you object to processing and there are no overriding legitimate grounds.
- Right to Restriction of Processing (Art. 18): You have the right to request that we restrict processing of your personal data in certain circumstances - for example, while you contest the accuracy of the data, or while we assess an objection you have raised.
- Right to Data Portability (Art. 20): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller.
- Right to Object (Art. 21): You have the right to object at any time to processing of your personal data for direct marketing purposes. You also have the right to object to processing based on legitimate interests on grounds relating to your particular situation.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority. In the EU, you may contact your national Data Protection Authority. In the UK, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, please contact our DPO at privacy@adstorm.agency. We will respond within 30 days (or within 72 hours for data breach notifications). We may need to verify your identity before fulfilling a request.
12. Your Rights Under CCPA (California Residents)
If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom we have shared it.
- Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., where needed to complete a transaction or comply with a legal obligation).
- Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing: We do not sell personal information for monetary consideration. We do share certain data with advertising platforms for cross-context behavioral advertising. You may opt out by contacting us or adjusting your cookie preferences.
- Right to Limit Use of Sensitive Personal Information: You may limit how we use sensitive personal information (where applicable).
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest that you will receive different treatment for exercising your rights.
California residents may submit a verifiable consumer request by emailing privacy@adstorm.agency. We will respond within 45 days of receiving a verifiable request, with an extension of up to 90 days where reasonably necessary.
Categories of Personal Information Collected in the Last 12 Months: Identifiers, commercial information, internet or other electronic network activity information, and inferences drawn from the above to create a profile.
13. Children's Privacy
Our websites, products, and services are not directed to children under the age of 18, and we do not knowingly collect personal data from minors. Our educational and personal improvement content is designed exclusively for adults.
If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal data without your consent, please contact us immediately at privacy@adstorm.agency. Upon verification, we will delete such information from our records promptly.
14. Data Security Measures
Adstorm LLC has implemented appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:
- Encryption: Personal data is encrypted in transit using TLS/SSL protocols. Sensitive stored data is encrypted at rest using industry-standard encryption algorithms.
- Access controls: Access to personal data is restricted on a need-to-know basis. We use role-based access control, multi-factor authentication for internal systems, and regular access reviews.
- Vendor assessments: We evaluate the security posture of all third-party service providers before engagement and require contractual security commitments.
- Incident response: We maintain a documented data breach response procedure. In the event of a personal data breach, we will notify affected individuals and relevant supervisory authorities as required by applicable law (within 72 hours for GDPR-notifiable breaches).
- Employee training: Personnel with access to personal data receive regular privacy and security awareness training.
- Infrastructure security: Our hosting infrastructure is protected by firewalls, intrusion detection, and regular vulnerability assessments.
No method of transmission over the internet or method of electronic storage is 100% secure. While we use commercially reasonable measures to protect your personal data, we cannot guarantee absolute security.
15. Third-Party Links and Services
Our websites may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy notice of every website you visit when you leave our sites.
16. Marketing Communications
Where we have your consent or a legitimate interest as an existing customer, we may send you marketing communications about our products, services, and promotions. Each marketing email we send will include a clear and easy method to unsubscribe or update your communication preferences.
You may opt out of receiving marketing communications at any time by:
- Clicking the "unsubscribe" or "manage preferences" link in any marketing email we send
- Emailing privacy@adstorm.agency with your request
Note that even if you opt out of marketing communications, we may still send you transactional messages related to your purchases or account (e.g., order confirmations, password resets).
17. Automated Decision-Making and Profiling
We may use automated tools to segment our email list, personalize website content, and optimize ad delivery. These processes may involve profiling based on your Usage Data and Marketing Data. However, we do not make decisions about you that have a significant legal or similarly significant effect solely by automated means without human review. If you have concerns about any automated processing that affects you, please contact us.
18. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals websites not to track user behavior across sites. Because there is currently no agreed-upon standard for how websites should respond to DNT signals, our websites do not currently alter their behavior in response to DNT signals. You may manage tracking preferences through our cookie consent mechanism and your browser settings.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Post the revised policy on this page
- Where appropriate and required by law, notify you by email or a prominent notice on our website
We encourage you to review this Privacy Policy periodically. Your continued use of our websites and services after any changes constitutes your acceptance of the updated policy.
20. How to Exercise Your Rights - Contact Us
For all privacy-related inquiries, requests to exercise your rights, or questions about this Privacy Policy, please contact our Data Protection Officer:
Adstorm LLC - Data Protection Officer
Email: privacy@adstorm.agency
Postal Address: Shams Media City FZ, Al Messaned, UAE
General Inquiries: hello@adstorm.agency
We will acknowledge receipt of your request within 5 business days and provide a substantive response within 30 days (extendable to 60 days for complex requests under GDPR, or 90 days under CCPA). We will not charge a fee for exercising your rights unless your request is clearly unfounded or excessive.
If you are not satisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority in your jurisdiction.
21. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates and the applicable regulations of Shams Media City Free Zone. Where EU GDPR or UK GDPR applies to your personal data, we comply with those frameworks as described above. Where the CCPA applies to California residents, we comply with those requirements as described in Section 12.