Updated: April 2026
Sheqinah — Privacy Policy
1. Who We Are
Sheqinah ("we," "us," "our") is an educational programme in body sovereignty and
embodiment, operated from Dubai, United Arab Emirates.
Data Controller: Sheqinah
Contact Email: [email protected]
Registered Address: Dynamic Freelancers, Marina Plaza — Office 1006, 10th
Floor, Dubai Marina, Dubai, United Arab Emirates
2. Scope
This Privacy Policy applies to all personal data we collect, process, and store in
connection with the Sheqinah programme as delivered through our platform, including
free and paid courses, memberships, community spaces, email communications, and
downloadable materials.
This policy applies regardless of your location. Where you are resident in the European
Union or European Economic Area, the additional protections described in Section 12
apply.
3. What Data We Collect
3.1 Account and Identity Data
Name
Email address
text)
Account credentials (encrypted; we do not have access to your password in plain
Country of residence (for tax/VAT purposes and jurisdictional compliance)3.2 Payment Data
Payment method details are processed and stored by our third-party payment
processor (currently Stripe). We do not store full card numbers or payment
credentials on our systems.
Transaction records: purchase date, amount, product purchased, subscription
status.
3.3 Programme Participation Data
Course progress and completion status
Practice Library access records (which content unlocked, completion timestamps)
Community posts and interactions
Downloadable material access (download timestamps)
3.4 Sensitive Personal Data
Certain memberships may collect data that touches on sensitive or special categories
under data protection law. This may include:
Health-related information — where you voluntarily disclose health conditions or
circumstances relevant to your participation (e.g., in community posts, facilitator
conversations, or intake questionnaires).
Information relating to sexuality or embodiment — where you engage with
Programme content or community discussions that address these topics.
Community posts are treated as member-initiated disclosures, not data we solicit.
Where we actively collect sensitive data (e.g., intake questionnaires for invitation-only
memberships), we do so only with your explicit consent and only where necessary for
safe programme delivery.
3.5 Technical and Usage Data
IP address
Browser type and device information
Pages viewed and interactions within the platform
Cookies and similar technologies (see Section 10)3.6 Communication Data
Email correspondence with us
Support requests
Feedback and survey responses
4. How We Use Your Data
We process your personal data for the purposes set out below. For each purpose, the
legal basis under the UAE Personal Data Protection Law (PDPL) is stated first, followed
by the applicable legal basis under the EU General Data Protection Regulation (GDPR)
where the GDPR applies to you.
Account creation and management. UAE PDPL basis: contractual necessity.
GDPR basis: Article 6(1)(b) — performance of a contract.
Delivering Programme content and services. UAE PDPL basis: contractual
necessity. GDPR basis: Article 6(1)(b) — performance of a contract.
Processing payments and managing subscriptions. UAE PDPL basis:
contractual necessity. GDPR basis: Article 6(1)(b) — performance of a contract.
Processing intake questionnaire data (where applicable). UAE PDPL basis:
explicit consent. GDPR basis: Article 9(2)(a) — explicit consent.
Email communications about your account and subscription. UAE PDPL
basis: contractual necessity. GDPR basis: Article 6(1)(b) — performance of a
contract.
Marketing emails about Programme offerings. UAE PDPL basis: consent (opt-
in). GDPR basis: Article 6(1)(a) — consent.
Improving Programme content and member experience. UAE PDPL basis:
legitimate interest. GDPR basis: Article 6(1)(f) — legitimate interest.
Complying with legal obligations (tax, record-keeping). UAE PDPL basis: legal
obligation. GDPR basis: Article 6(1)© — legal obligation.
Protecting the safety and wellbeing of members. UAE PDPL basis: legitimate
interest. GDPR basis: Article 6(1)(f) — legitimate interest.
5. Who We Share Your Data WithWe share your personal data only where necessary and with appropriate safeguards:
Payment processor — Stripe processes your payment data under their own
privacy policy. We do not have access to your full card details.
Platform provider — EzyCourse hosts the programme and processes account
data, course data, and community data under their privacy policy and data
processing terms.
Facilitators — Programme facilitators may access member participation data and
community interactions strictly for programme delivery purposes. Facilitators are
bound by confidentiality obligations.
Professional advisors — Legal counsel and accountants where required for
compliance or financial obligations.
Law enforcement or regulatory authorities — Only where required by applicable
law or valid legal process.
We do not sell, rent, or trade your personal data to any third party for marketing
purposes.
6. International Data Transfers
Your data may be processed in countries other than your country of residence. Our
platform provider and payment processor operate infrastructure internationally.
Where data is transferred outside the UAE, we ensure that the destination jurisdiction
provides an adequate level of data protection as determined by the UAE Data Office, or
we implement appropriate contractual safeguards.
Where data is transferred outside the EEA (for EU-resident members), we rely on
adequacy decisions, Standard Contractual Clauses approved by the European
Commission, or your explicit consent where no other mechanism is available.
7. Data Retention
We retain your personal data only as long as necessary for the purposes described in
this policy. Retention periods by data category are as follows:Account data — Duration of membership plus 2 years after account closure.
Payment and transaction records — 7 years from the transaction date, to satisfy
UAE tax and accounting requirements.
Course progress and completion data — Duration of membership plus 2 years
after account closure.
Community posts — Duration of membership. Deleted upon account closure
unless retention is required for safety or legal purposes.
Intake questionnaire data (where applicable) — Duration of the relevant
membership plus 1 year. Deleted upon request or at the end of the retention period.
Email marketing consent records — Duration of consent plus 2 years after
withdrawal.
Technical and usage data — 12 months from collection.
You may request earlier deletion subject to our legal retention obligations (see Section
8).
8. Your Rights
Under UAE PDPL and (where applicable) EU GDPR, you have the following rights:
8.1 Right of Access
You may request a copy of the personal data we hold about you. We will respond within
30 days.
8.2 Right to Rectification
You may request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure (Right to Be Forgotten)
You may request deletion of your personal data. We will comply unless we have a legal
obligation to retain it (e.g., tax records).
8.4 Right to Restrict Processing
You may request that we restrict processing of your data in certain circumstances (e.g.,while a rectification request is being assessed).
8.5 Right to Data Portability
You may request a copy of your personal data in a structured, commonly used,
machine-readable format (e.g., CSV or JSON).
8.6 Right to Object
You may object to processing based on legitimate interest. You may withdraw consent
for marketing communications at any time using the unsubscribe link in any email or by
contacting us.
8.7 Right to Withdraw Consent
Where processing is based on consent (e.g., intake questionnaire data, marketing
emails), you may withdraw consent at any time. Withdrawal does not affect the
lawfulness of processing before withdrawal.
8.8 Right to Lodge a Complaint
You may lodge a complaint with the UAE Data Office or, if you are an EU resident, with
your local supervisory authority.
How to Exercise Your Rights
Contact us at [email protected] with your request. We will verify your identity
before processing any data subject request. We will respond within 30 days (or within
applicable legal timeframes).
9. Data Security
We implement appropriate technical and organisational measures to protect your
personal data against unauthorised access, alteration, disclosure, or destruction. These
include:
Encryption in transit (TLS/SSL)Access controls limiting data access to authorised personnel on a need-to-know
basis
Use of reputable third-party processors with their own security certifications
Regular review of security measures
No system is completely secure. While we take reasonable precautions, we cannot
guarantee absolute security of your data.
10. Cookies and Tracking
Our platform uses cookies for essential functionality (authentication, session
management) and analytics cookies to understand how members use the platform. You
may manage cookie preferences through your browser settings.
Where required by applicable law (including the EU ePrivacy Directive), we will present
a cookie consent banner before setting non-essential cookies.
11. Email Communications
11.1 Transactional Emails
We send transactional emails related to your account, subscription, payment receipts,
and programme access. These are necessary for the performance of our contract with
you and do not require separate marketing consent.
11.2 Marketing Emails
We send marketing emails about Programme offerings only where you have opted in via
a separate, non-pre-ticked consent checkbox. You may withdraw consent at any time
using the unsubscribe link in any email.
12. Additional Protections for EU-Resident
MembersIf you are resident in the European Union or European Economic Area, the following
additional protections apply:
12.1. Processing of your personal data complies with the EU General Data Protection
Regulation (Regulation 2016/679) in addition to UAE PDPL.
12.2. Where we rely on legitimate interest as a legal basis, we have conducted a
balancing test and can provide details on request.
12.3. You have the right to lodge a complaint with your local Data Protection Authority.
12.4. International data transfers from the EEA are protected by Standard Contractual
Clauses or other approved mechanisms as described in Section 6.
12.5. We will appoint an EU representative if required by Article 27 GDPR when
applicable thresholds are met. Contact details will be published here once appointed.
13. Children
The Programme is not directed at individuals under 18 years of age. We do not
knowingly collect personal data from anyone under 18. If we become aware that we
have collected personal data from a person under 18, we will delete it promptly.
14. Data Breach Notification
In the event of a personal data breach that compromises the privacy, confidentiality, or
security of your data:
We will notify the UAE Data Office within 72 hours of becoming aware of the
breach.
Where the breach poses a high risk to your rights and freedoms, we will notify you
directly without undue delay.
For EU-resident members, we will also notify the relevant EU supervisory authority
within 72 hours where required by GDPR.15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be
communicated to registered members via email at least 14 days before taking effect.
The most current version is always available on our website.
16. Contact
For any questions about this Privacy Policy, data subject access requests, or
complaints:
Email: [email protected]
Registered Address: Dynamic Freelancers, Marina Plaza — Office 1006, 10th
Floor, Dubai Marina, Dubai, United Arab Emirates
Last updated: 22 April 2026