We provide digital marketing, creative, and advertising services. For our own website and marketing, we act as a data controller. When clients ask us to run campaigns or handle their customer data on their behalf, we usually act as a processor/service provider under a data processing agreement (DPA).

1) Scope

This policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, international transfers, and your rights under applicable laws, including the UAE Federal Personal Data Protection Law (PDPL) and, where relevant, DIFC/ADGM rules, EEA/UK GDPR, certain US state privacy laws (e.g., California CPRA), Canada’s PIPEDA, and Australia’s Privacy Act. Regional specifics appear in Section 16 (Regional Addenda).

2) The data we collect

You give us directly: name, work email, phone, company, role, project details, messages, files (e.g., briefs), feedback/testimonials, and meeting notes.

• Collected automatically (our sites/apps): device/browser type, IP address, approximate location, pages viewed, session duration, referral/campaign parameters (UTMs), and similar analytics.

• From tools we use: analytics & ad pixels (e.g., GA4, Meta Pixel), A/B testing, form and email tools, CRM, payment providers, fraud/security tools.

• From third parties (where lawful): ad networks, lead-gen platforms, publicly available business profiles.

• Sensitive data: Please do not send health, biometric, or other sensitive categories unless we specifically request it and you consent (or another legal basis applies).

3) Why we use your data

We process personal data to:

• Provide and operate services: respond to enquiries, prepare proposals, deliver projects, support.

• Improve & secure our products/sites: analytics, diagnostics, monitoring, troubleshooting, security.

• Run advertising & measure performance: for ourselves and, when engaged, on your behalf.

• Communicate: send updates you request (e.g., newsletter) or marketing you consent to (you can opt out any time; see Section 12).

4) Our legal basis (UAE PDPL)

Under the PDPL, processing is centered on consent, unless a listed exception applies (e.g., to perform a contract, comply with a legal obligation, protect vital interests, or for public interest/public health, or where data is manifestly made public). Unlike the EU/UK GDPR, the PDPL does not include a “legitimate interests” basis.

If part of our business operates in DIFC or ADGM, their data-protection regimes (which are GDPR-style and do recognize legitimate interests) may apply in those zones.

5) Cookies & similar tech

• Essential cookies (site functionality and security).

• Analytics cookies (understand use, improve content).

• Advertising pixels (measure, optimize campaigns, build audiences).

Where required (e.g., EEA/UK, some other regions), we’ll show a consent banner. You can manage preferences via the banner, your browser, or our cookie settings page. See also the US “Do Not Sell/Share” choice in Section 16(B).

6) Sharing your data

We share personal data with service providers under contracts that limit use: hosting/CDN, analytics/ad platforms, A/B testing, email/CRM, payment processors, security/anti-fraud, professional advisers, and subcontracted creatives. If required by law or to protect rights, we may disclose information to authorities or third parties. We do not sell personal data.

7) International transfers

We may transfer personal data outside your country (e.g., to cloud/analytics providers). We use applicable safeguards:

• PDPL: transfer to “adequate” jurisdictions or use contractual safeguards when available.

• EEA/UK: EU Standard Contractual Clauses (and UK Addendum) + supplementary measures.

• DIFC/ADGM: their transfer rules, including adequacy or appropriate safeguards.

8) How long we keep it

We retain personal data only as long as needed for the purposes above, to meet legal/accounting requirements, or to resolve disputes—then delete or anonymize it. Typical periods (illustrative):

• Website leads: 24 months from last interaction;

• Client and project files: contract term + 7 years;

• Marketing email lists: until you unsubscribe or become inactive for 24 months.
  Actual periods may vary by law/contract.

9) Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict or stop processing, portability, and to withdraw consent. Some regimes also offer rights against solely automated decisions. We will respond within legal timeframes and may need to verify your identity. Contact: info@blunt.ae.

10) Children

Our services and sites are intended for business audiences. We do not knowingly collect children’s data.

11) Security

We use technical and organizational measures to protect personal data (encryption in transit, access controls, least-privilege, logging). No system is 100% secure, but we work to prevent unauthorized access, use, or disclosure.

12) Marketing messages

We send marketing only with consent or as permitted by law. You can unsubscribe via our emails or by contacting us. Some countries (including the UAE) set consent expectations for unsolicited electronic communications.

13) Third-party links & platforms

Our sites may link to third-party websites or embed third-party tools (e.g., social widgets). Their privacy practices apply when you use them.

14) Roles when we work for clients

• Controller (our own activities): We decide how and why we process data about visitors, prospects, and our clients’ contacts for BLUNT’s marketing and operations.

• Processor/Service Provider (client work): When a client instructs us to process their customer data (e.g., ad audiences, CRM exports), we act on their written instructions under a DPA. We require clients to ensure their own lawful basis and transparency.

15) Changes to this policy

We may update this policy from time to time. If changes are material, we’ll post a clear notice (and seek new consent where required)

16) Regional addenda

(A) EEA/UK (GDPR/UK GDPR)

• Controller details & contact: see top of policy. If required, we will appoint an EU/UK representative and list them here.

• Lawful bases: consent, contract, legal obligation, vital interests, legitimate interests (for our own operations where appropriate and not overridden by your interests/rights).

• Transfers: We use SCCs (and UK Addendum) plus supplementary measures where needed.

• Your rights: access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.

• Complaints: You can contact your local Data Protection Authority (or the UK ICO).

• Cookies: Non-essential cookies require consent via our banner.
   

(B) United States (including California)

• We may engage in “sharing” for cross-context behavioral advertising (ad retargeting/measurement). Some states, including California, treat this as “sell” or “share” even if no money changes hands.

• Your choices:

  • Right to know/access, delete, correct, limit use of sensitive PI (where applicable): request via info@blunt.ae

  • Verification & agents: We may ask for information to verify requests; authorized agents may submit with proof. 
     

(C) Canada (PIPEDA)

• We process personal information in line with PIPEDA’s fair information principles (accountability, identifying purposes, consent, limiting collection/use/retention, accuracy, safeguards, openness, individual access, challenging compliance).

• You may request access and correction, and withdraw consent (subject to legal/contractual limits). 
   

(D) Australia

• We handle personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles.

• If we use tracking pixels/cookies for advertising/analytics, we will provide clear notice and (where required) seek consent. You may opt out via our settings, your browser, or ad platform controls. 
   

(E) DIFC and ADGM (if applicable to our operations)

• When processing occurs in the DIFC or ADGM (or is otherwise in scope), we comply with DIFC Law No. 5 of 2020 and ADGM Data Protection Regulations 2021, which are broadly GDPR-style (including legitimate interests as a basis, data-subject rights, and transfer rules).

17) Contact & complaints

BLUNT Marketing Management L.L.C
G-58, Techno Hub 1, Silicon Oasis, Dubai
Email: info@blunt.ae
Phone: +971 50 745 8819