Noimann Academy Privacy Policy

1. Introduction

1.1. Purpose of this Privacy Policy

This Privacy Policy explains how Noimann Academy collects, uses, stores, shares, transfers and protects Personal Data in connection with its website, Platform, educational programs, coaching services, digital products, consultations, webinars, live events, communities, chats, recordings, AI tools, VR tools, neurotechnology tools and B2B services.
This Privacy Policy explains what Personal Data the Academy may process, why it is processed, who it may be shared with, how long it may be retained and what rights may be available under applicable data protection laws.

1.2. Relationship with Other Documents

This Privacy Policy should be read together with the Academy’s Terms and Conditions, Product-Specific Terms, Cookie Policy, Refund and Cancellation Policy, Media or Testimonial Consent, Parental or Guardian Consent, VR or Safety Acknowledgement, B2B Order Form, Data Processing Addendum and any applicable consent form.
If a Product-Specific Term, consent form or B2B document contains additional privacy-related information for a specific Product or service, that document applies together with this Privacy Policy.

1.3. Scope of this Privacy Policy

This Privacy Policy applies to website visitors, customers, students, platform users, webinar and event participants, consultation participants, community and chat participants, B2B clients, Authorized Users, prospective clients and other individuals who communicate with or provide Personal Data to the Academy.
This Privacy Policy applies to the Academy’s website, Platform, payment pages, product pages, digital learning environments, communication channels, chats, messengers, email communications, video-call tools, cloud links, AI tools, VR tools and other digital or offline channels used by the Academy in connection with the Services.

1.4. International Users

The Academy may provide Services to users in different countries. Data protection rights and requirements may vary depending on the user’s country, applicable law, type of data, type of service and the relationship between the user and the Academy.
Where mandatory data protection laws provide users with rights that cannot be excluded, such rights remain unaffected.

1.5. English Version

This Privacy Policy is prepared in English. If this Privacy Policy is translated into another language, the English version prevails to the extent permitted by applicable law.

2. Provider and Data Controller

2.1. Provider

The provider of the Services is:
Noimann Academy L.L.C-FZ
Meydan Grandstand, 6th Floor
Meydan Road, Nad Al Sheba
Dubai, United Arab Emirates
License No. 2529929.01
Licensed by Meydan Free Zone

2.2. Website

The Academy’s website is:
https://noimann.academy

2.3. Role of the Academy as Data Controller

For its website, Platform, direct sales, customer accounts, educational Services, communications, payments, support, communities, recordings, marketing and general operations, the Academy generally acts as the Data Controller. This means that the Academy determines the purposes and means of processing Personal Data.

3. Key Definitions

3.1. Academy

“Academy”, “we”, “us” or “our” means Noimann Academy L.L.C-FZ.

3.2. Personal Data

“Personal Data” means any information relating to an identified or identifiable person. Depending on applicable law, terms such as “personal information” may be interpreted consistently with this definition.

3.3. Processing

“Processing” means any operation performed on Personal Data, including collection, recording, storage, use, review, analysis, organization, disclosure, transfer, restriction, deletion or other operation involving Personal Data.

3.4. Data Controller

“Data Controller” means a person or organization that determines the purposes and means of processing Personal Data.

3.5. Data Processor

“Data Processor” means a person or organization that processes Personal Data on behalf of a Data Controller.

3.6. Sensitive Data

“Sensitive Data” means Personal Data that may require special protection under applicable law or due to its nature. This may include health-related, psychological, emotional, children’s, identification, financial, intimate, biometric, VR-suitability, safety-related or other sensitive information.
The exact meaning of Sensitive Data may depend on applicable law.

3.7. Consent

“Consent” means a user’s freely given, specific, informed and clear indication of agreement to the processing of Personal Data, where consent is required or used as a legal basis.

3.8. User / Client / Student

“User”, “Client” or “Student” means any person who visits the website, purchases a Product, registers for, accesses, participates in or uses any Service, Product, Platform, event, community, chat, session or communication channel of the Academy.

3.9. Business Client

“Business Client” means any company, organization, institution, partnership or other legal entity that purchases, orders or receives Services for itself or for its employees, contractors, representatives, clients or other participants.

3.10. Authorized User

“Authorized User” means any person who receives access to the Services through, for or on behalf of a Business Client.

3.11. Services

“Services” means educational, coaching, consulting, digital, live, group, individual, B2B and technology-supported services provided by the Academy, including services involving AI, VR or neurotechnology where applicable.

3.12. Platform

“Platform” means the Academy’s website, learning environment, course pages, personal account area, payment pages, chats, communities and other digital environments used by the Academy to provide, manage or support the Services.

3.13. Product-Specific Terms

“Product-Specific Terms” means the specific commercial, educational, operational and technical terms applicable to a particular Product, including the product page, checkout page, invoice, written offer, order form, B2B documentation or other written information provided by the Academy.

3.14. Community / Chat

“Community” or “Chat” means any Telegram group, WhatsApp group, platform chat, discussion space, channel, forum or other communication environment created, managed or used by the Academy in connection with the Services.

3.15. AI Tools

“AI Tools” means artificial intelligence tools, assistants, prompts, automated systems, content generation tools, analysis tools or other AI-based functions used or provided by the Academy.

3.16. VR Tools and Neurotechnology Tools

“VR Tools” and “Neurotechnology Tools” mean virtual reality, immersive, biofeedback-based, neurotechnology or similar digital tools used or provided by the Academy in connection with specific Products.

3.17. Cookies

“Cookies” means small files or similar technologies placed on a device or browser to support website functionality, analytics, security, personalization, payment flow or marketing, where applicable.

3.18. Third-Party Service Provider

“Third-Party Service Provider” means any external provider that supports the Academy’s Services, including payment, hosting, learning platform, email, CRM, analytics, messenger, video-call, AI, technology, cloud storage, legal, accounting or consulting providers.

4. Categories of Personal Data We Collect

4.1. Account and Contact Data

The Academy may collect account and contact data, including name, email address, phone number, country, preferred communication channel, login details, account identifiers and registration information.
Date of birth or age may be collected only where required for a specific Product, age verification, participation of minors, suitability assessment, legal compliance or safety-related purposes.

4.2. Purchase, Payment and Billing Data

The Academy may collect purchase, payment and billing data, including Product purchased, price, currency, payment status, invoice details, transaction identifiers, payment method, billing name, company details where applicable and related payment records.

4.3. Course, Learning and Participation Data

The Academy may collect course, learning and participation data, including course enrollment, Product access status, progress, attendance, homework, assignments, test answers, assessment information, completion status, certificate records and participation records.

4.4. Communication, Community and Chat Data

The Academy may collect communication data, including emails, support requests, messenger messages, platform messages, comments, questions, reactions, shared files and communications sent through Telegram, WhatsApp, platform chats, video-call chats, communities or other Academy communication channels.

4.5. Recordings and Event Data

The Academy may collect recordings and event-related data, including video, audio, images, voice, visible name, questions, comments, attendance logs, participation records and other information generated during webinars, live events, group sessions, individual sessions, workshops, masterclasses, consultations, supervision sessions, public events or similar activities.

4.6. User-Generated Content

The Academy may collect user-generated content, including homework, assignments, files, comments, testimonials, reviews, case studies, photos, videos, feedback, examples, practice results, business materials, company materials and other content submitted, uploaded, posted, sent or shared by users.

4.7. Technical, Security and Usage Data

The Academy may collect technical, security and usage data, including IP address, device information, browser type, operating system, log data, platform usage data, session data, security logs, access logs, error logs, cookie identifiers and similar technical information.

4.8. Cookies, Analytics and Marketing Data

The Academy may collect cookies, analytics and marketing data, including website behavior, referral information, analytics events, cookie identifiers, marketing preferences, marketing consent records, newsletter subscription data, campaign interactions, unsubscribe status and, where applicable, marketing pixel or retargeting data.
Details may be provided in the Cookie Policy.

4.9. B2B and Authorized User Data

For B2B Services, the Academy may collect company name, company contact details, billing details, Business Client representative details, Authorized User lists, employee or participant names, emails, access status, attendance, progress, completion data, participation data and related corporate information.
Where reporting to a Business Client is included, such reporting is provided only as stated in the relevant B2B Order Form, Product-Specific Terms, Data Processing Addendum or other written agreement.

4.10. Sensitive and Suitability Data

For certain Products, especially those involving VR, immersive tools, intensive practices, emotional practices, safety screening or suitability assessment, the Academy may collect Sensitive Data or suitability-related information.
Such data is collected only where voluntarily provided by the user, required by a specific Product, requested by the Academy, necessary for safety or suitability purposes, or otherwise permitted under applicable law.

4.11. Minors’ Data

Where a minor is permitted to participate in a Product with parental or guardian consent, the Academy may collect limited Personal Data relating to the minor, the parent or legal guardian, consent records, participation records, communication data and any Product-related data necessary to provide the Service safely and lawfully.
The Academy may request evidence of parental or guardian consent before providing or continuing access.

5. How We Collect Personal Data

5.1. Directly from Users

The Academy may collect Personal Data directly from users when they register, purchase a Product, create an account, complete a form, submit a questionnaire, contact support, send an email, communicate through messengers, participate in chats, submit assignments, attend webinars or sessions, provide feedback, sign consent forms or otherwise interact with the Academy.

5.2. Automatically Through Digital Services

The Academy may collect Personal Data automatically through its website, Platform, cookies, analytics tools, access logs, device and browser logs, security logs, platform usage data, payment status updates and similar technologies used to operate, secure and improve the Services.

5.3. From Business Clients

For B2B Services, the Academy may receive Personal Data from Business Clients, including Authorized User lists, employee or participant names and emails, company contact details, training group details, attendance or reporting requirements and other information necessary to provide the relevant B2B Service.
The Business Client is responsible for ensuring that it has the necessary notices, consents, authorizations and lawful bases to provide such Personal Data to the Academy.

5.4. From Third-Party Service Providers

The Academy may receive Personal Data from Third-Party Service Providers, including payment confirmations, transaction status, email delivery data, platform logs, video-call attendance data, messenger metadata, CRM records, analytics data, AI tool outputs or other information generated in connection with the Services.

5.5. From Public Sources

The Academy may collect Personal Data from public sources only where relevant, lawful and reasonably necessary.
This may include publicly posted reviews, public social media comments, public business profiles, public testimonials or other information that a user or organization has made publicly available.

5.6. From Offline or Semi-Offline Channels

Where applicable, the Academy may collect Personal Data through offline or semi-offline channels, including in-person events, signed forms, paper forms, consent documents, safety acknowledgements, business meetings or other product-specific processes.

5.7. From Communications and User-Generated Content

The Academy may collect Personal Data from communications and user-generated content submitted by users, including homework, files, questions, comments, testimonials, reviews, case studies, messages, voice notes, videos, images and other content provided in connection with the Services.

6. Purposes of Processing

6.1. General Purposes

The Academy processes Personal Data only where it has a relevant purpose and an applicable legal basis.
The purposes described in this Privacy Policy may apply depending on the user’s relationship with the Academy, the Product purchased, the communication channel used, the type of data provided and the applicable law.

6.2. Account Creation and Registration

The Academy may process Personal Data to create, verify, manage and maintain user accounts, registrations, access rights, login details and participation records.
This may include processing name, email address, phone number, account identifiers, registration information and related access data.

6.3. Providing Services and Products

The Academy may process Personal Data to provide educational programs, digital products, consultations, coaching services, webinars, live events, communities, chats, recordings, B2B services, AI tools, VR tools and related support services.
This includes processing data necessary to activate access, deliver materials, manage participation, provide support, administer Products and communicate with users.

6.4. Payment, Billing and Accounting

The Academy may process Personal Data to administer purchases, payments, invoices, payment confirmations, refunds, chargebacks, installment payments, accounting records and related financial administration.
Payment data may also be processed by third-party payment providers, banks, card issuers or payment platforms.

6.5. Communication and Support

The Academy may process Personal Data to respond to requests, provide customer support, send operational messages, answer questions, manage complaints, handle refund requests, resolve technical issues and communicate about the Services.

6.6. Learning Administration

The Academy may process Personal Data to manage course enrollment, access status, attendance, progress, homework, assignments, tests, completion status, certificates, participation records and other learning-related activities.

6.7. Communities and Chats

The Academy may process Personal Data to manage Communities, Chats, announcement channels, group communication, moderation, participation, support, learning activities and operational updates.

6.8. Recordings and Events

The Academy may process Personal Data in connection with webinars, live events, individual sessions, group sessions, consultations, workshops, masterclasses, public events and recordings.
Such processing may be used for educational delivery, participant access, quality control, internal review, team training, archive, service verification, product improvement, legal protection and marketing where permitted.

6.9. AI Tools and Automation

The Academy may process Personal Data through or in connection with AI Tools for educational delivery, content support, communication, assignment review, analysis, automation, user support, internal operations, product improvement and related purposes.
Where AI Tools are used for a specific Product, additional information may be provided in the relevant Product-Specific Terms, AI notice or other written information.

6.10. VR, Neurotechnology and Suitability

Where a Product includes VR Tools, immersive tools, neurotechnology-related tools, biofeedback-based tools, intensive practices, emotional practices or safety-related participation, the Academy may process Personal Data for suitability assessment, safety screening, risk management, technical support, participation management and product delivery.

6.11. Marketing Communications

The Academy may process Personal Data to send marketing communications, newsletters, educational updates, event invitations, course announcements, offers or similar messages only where the user has subscribed, given consent or otherwise opted in where required.
Users may withdraw marketing consent or unsubscribe from marketing communications.

6.12. Testimonials, Case Studies and Public Materials

The Academy may process Personal Data in testimonials, reviews, case studies, feedback, photos, videos, comments or other user-provided materials where the user has given consent, made the information public, the content is anonymized or aggregated, the material was created in a public or promotional event context, or another lawful basis applies.

6.13. Security and Fraud Prevention

The Academy may process Personal Data to protect users, accounts, payments, Platform access, Academy Materials, systems, communications and legal rights.
This may include fraud prevention, access control, investigation of suspicious activity, prevention of unauthorized access, technical security and enforcement of the Terms and Conditions.

6.14. Legal, Compliance and Recordkeeping

The Academy may process Personal Data to comply with legal, tax, accounting, regulatory, contractual and recordkeeping obligations.
The Academy may also process Personal Data to protect legal rights, respond to lawful requests, resolve disputes, enforce agreements, investigate violations and defend against claims.

6.15. Product Improvement and Internal Administration

The Academy may process Personal Data to improve Products, learning experience, Platform functionality, support processes, educational quality, communication, safety measures, internal training, operational efficiency and service design.
Where possible and appropriate, the Academy may use anonymized or aggregated data for analysis and improvement.

7. Legal Bases for Processing

7.1. General Rule

The Academy processes Personal Data only where it has an applicable legal basis under relevant data protection laws.
The applicable legal basis may depend on the type of data, purpose of processing, user location, Product type, contractual relationship and applicable law.

7.2. Contract

The Academy may process Personal Data where processing is necessary to enter into, perform or administer a contract with the user or Business Client.
This may include registration, account creation, access activation, Product delivery, payment administration, support, participation management, certificates, B2B administration and other service-related processing.

7.3. Consent

The Academy may process Personal Data based on consent where consent is required or appropriate.
This may include marketing communications, certain recordings, testimonials, case studies, media use, optional forms, sensitive data where required, parental or guardian consent, AI-related use where applicable, VR or safety acknowledgements and other consent-based processing.

7.4. Legitimate Interests

The Academy may process Personal Data where it has a legitimate interest and such interest is not overridden by the user’s rights and interests.
Legitimate interests may include service administration, platform security, fraud prevention, product improvement, internal training, customer support, legal protection, moderation, recordkeeping, business operations and protection of Academy Materials.

7.5. Legal Obligations

The Academy may process Personal Data where processing is necessary to comply with legal, tax, accounting, regulatory, reporting or compliance obligations.
This may include invoice records, payment records, tax records, dispute records, legal requests, compliance checks and records required by applicable law.

7.6. Sensitive Data Legal Basis

Where the Academy processes Sensitive Data, the Academy will rely on an appropriate legal basis or condition under applicable law.
Depending on the context, this may include explicit consent where required, necessity to provide the relevant Product, safety and suitability purposes, legal obligations, protection of legal rights or another lawful basis available under applicable data protection requirements.

7.7. Vital Interests and Safety

In limited circumstances, the Academy may process Personal Data where necessary to protect the vital interests, health, safety or security of a user or another person, where permitted by applicable law.

7.8. B2B Legal Bases

For B2B Services, the legal basis for processing may depend on the relationship between the Academy, the Business Client and the Authorized User.
The Business Client is responsible for ensuring that it has provided required notices, obtained required consents and established appropriate lawful bases for providing Personal Data to the Academy.

7.9. Multiple Legal Bases

More than one legal basis may apply to the same Personal Data or processing activity.
For example, the Academy may process account data to perform a contract, retain payment records for legal obligations, and maintain access logs for legitimate security interests.

8. Sensitive Data

8.1. General Approach

The Academy does not require users to provide Sensitive Data unless such data is relevant to a specific Product, safety requirement, suitability assessment, consent form, legal requirement or user request.
Users should not provide Sensitive Data unless it is necessary, requested by the Academy, required by the relevant Product, or voluntarily provided in a context where such information is relevant.

8.2. Types of Sensitive Data

Depending on the Product and context, Sensitive Data may include health-related information, psychological or emotional information, pregnancy-related information, epilepsy or seizure history, motion sickness, vertigo, migraine-related information, panic attacks, severe anxiety, acute psychological condition, self-harm risk, VR suitability, safety concerns, children’s data, identification data, intimate data or other information requiring special protection.

8.3. Sensitive Data for VR, Intensive Practices and Suitability

For Products involving VR Tools, immersive tools, neurotechnology-related tools, intensive practices, emotional practices, safety screening or suitability assessment, the Academy may process Sensitive Data to assess suitability, manage safety risks, adapt participation, provide support, prevent harm or determine whether access should be refused, suspended or modified.

8.4. Sensitive Data in Chats, Groups and User Content

If a user voluntarily shares Sensitive Data in a Chat, Community, webinar, group session, assignment, support request, testimonial, form or other communication, the Academy may process that information for the relevant service purpose and, where necessary, for moderation, support, safety, service delivery, legal protection, recordkeeping and enforcement of the Terms and Conditions.
Users should avoid sharing Sensitive Data in group spaces unless they are comfortable sharing it in that environment.

8.5. No Medical or Clinical Purpose

The processing of Sensitive Data by the Academy does not mean that the Academy provides medical services, psychological therapy, psychotherapy, psychiatric treatment, diagnosis, clinical assessment, emergency support or regulated healthcare services.
The Academy processes such data only for the purposes described in this Privacy Policy and the relevant Product documents.

8.6. Consent and Safety Acknowledgements

Certain Products may require a separate consent form, parental or guardian consent, safety acknowledgement, suitability questionnaire, VR acknowledgement or other participation form before access is granted or participation is permitted.
The Academy may refuse, suspend or modify participation if required information or consent is not provided, or if the Academy reasonably considers the Product unsuitable or unsafe for the user.

8.7. Limitation and Minimization

The Academy aims to collect only the Sensitive Data that is reasonably necessary for the relevant purpose.
Users should not provide excessive, unrelated or unnecessary Sensitive Data.

9. Children and Minors

9.1. General Age Rule

The Academy’s Services are generally intended for users who are at least eighteen (18) years old.
Minors may participate only where the relevant Product permits participation by minors and where appropriate parental or legal guardian consent and supervision are provided.

9.2. Product-Specific Minor Participation

Certain Products may be suitable for minors, while others may be limited to adults only.
The eligibility of minors, age requirements, consent requirements and supervision requirements may be stated in the relevant Product-Specific Terms, consent form, safety acknowledgement or written communication from the Academy.

9.3. Parental or Guardian Consent

Where a minor participates in a Product, the Academy may collect and process Personal Data of the parent or legal guardian, including name, email address, phone number, relationship to the minor, consent record, communication history and information necessary to verify or administer consent.

9.4. Verification of Consent

The Academy may request evidence of parental or legal guardian consent before providing, continuing or restoring access to a minor.
If required consent is not provided, cannot be verified or is withdrawn, the Academy may refuse, suspend or terminate the minor’s access to the relevant Product.

9.5. Data of Minors

The Academy may process limited Personal Data of minors where necessary to provide the relevant Product, manage access, support participation, protect safety, communicate with a parent or legal guardian, maintain records, comply with legal obligations or protect legal rights.

9.6. Sensitive Data of Minors

Where a Product involving minors requires Sensitive Data, the Academy will process such data only where appropriate under applicable law, including where parental or legal guardian consent is obtained, where the data is necessary for the Product, or where processing is necessary for safety, suitability or legal purposes.

9.7. Parent or Guardian Requests

Parents or legal guardians may contact the Academy to request access, correction, deletion or restriction of Personal Data relating to a minor, subject to verification, applicable law, recordkeeping obligations, legal rights and the nature of the relevant Product.

9.8. Unsuitable Products

The Academy may refuse, suspend or terminate access for a minor where the Academy reasonably considers that the Product is not suitable for minors, required consent is missing, safety concerns exist or participation may create legal, operational, educational or wellbeing risks.

10. AI Tools and Automated Technologies

10.1. Use of AI Tools

The Academy may use AI Tools both internally and in user-facing Products or services.

10.2. Data Processed Through AI Tools

Depending on the Product and context, AI Tools may process prompts, responses, assignments, messages, learning data, support requests, feedback, user-generated content, technical data, usage data or other information provided by users or generated through the Services.

10.3. Third-Party AI Providers

The Academy may use external AI providers or AI-enabled third-party services.
Where external AI providers are used, Personal Data may be processed by those providers in accordance with their applicable terms, privacy policies, data processing terms and technical limitations.
Additional information may be provided in the relevant Product-Specific Terms, AI notice, consent form or other written communication.

10.4. Sensitive and Confidential Data in AI Tools

Users must not submit Sensitive Data, confidential information, medical information, children’s data, passport or identity data, banking data, third-party Personal Data, intimate information, trade secrets or business-confidential information into AI Tools unless this is expressly required by the relevant Product and permitted by the Academy.

10.5. AI Output

AI-generated or AI-supported output may be inaccurate, incomplete, outdated, biased, unsuitable or misleading.
Users should not rely on AI output as professional, medical, psychological, psychiatric, legal, financial, tax, investment, emergency or regulated advice.

10.6. Automated Decisions

AI Tools or automated technologies may be used to support educational, administrative, technical or operational processes.
Automated or AI-supported decisions that materially affect access, completion status, certification, assessment or user status will be used only where this is expressly disclosed in the relevant Product-Specific Terms, AI notice or other written information, and where permitted by applicable law.

10.7. Human Review

Where appropriate and reasonably possible, the Academy may involve human review in decisions relating to access, completion, certification, participation, moderation, safety, suitability or significant user impact.
The exact review process may depend on the Product, platform, tool and applicable law.

10.8. AI Training and Improvement

The Academy may use anonymized or aggregated data to improve, test, develop or evaluate its educational tools, AI-related workflows, internal processes, product quality and service design.
The Academy will not use identifiable Personal Data to train its own AI models unless this is separately disclosed and supported by an appropriate legal basis or consent where required.

10.9. User Responsibility

Users are responsible for reviewing AI output, using AI Tools carefully and avoiding the submission of unnecessary Sensitive Data or confidential information.
Use of AI Tools does not replace the user’s own judgment or the advice of appropriate licensed professionals where such advice is required.

10.10. Changes to AI Tools

The Academy may introduce, replace, restrict, suspend or discontinue AI Tools where reasonably necessary for technical, operational, educational, legal, privacy, compliance, security or safety reasons.

11. VR, Neurotechnology and Suitability Data

11.1. Applicability

This Section applies where a Product includes VR Tools, immersive tools, neurotechnology tools, biofeedback-based tools, safety screening, suitability assessment or similar technology-supported activities.
Such tools are used only where they are included in the relevant Product, Product-Specific Terms, safety acknowledgement, consent form or other written information provided by the Academy.

11.2. Types of VR and Suitability Data

Where applicable, the Academy may process suitability and safety data, including information provided in questionnaires, consent forms, safety acknowledgements or participation forms.
The Academy may also process technical data relating to VR or immersive sessions, including device information, session duration, usage logs, access logs, errors, technical performance, troubleshooting data and other session-related technical information.

11.3. Biofeedback and Neurotechnology Data

The Academy does not process biometric, neurophysiological or biofeedback data for all Products.
Such data may be processed only where a specific Product includes biofeedback, neurotechnology-related tools or similar functionality, and where this is disclosed in the relevant Product-Specific Terms, consent form, safety acknowledgement or other written information.

11.4. Sources of Suitability Data

Suitability and safety information may be provided by the user, by a parent or legal guardian for minors, or by a Business Client or organization for its Authorized Users, where permitted by applicable law.
The person or organization providing such information is responsible for ensuring that it is accurate, relevant and lawfully provided.

11.5. Purposes of VR and Suitability Processing

The Academy may process VR, neurotechnology-related and suitability data to assess participation suitability, manage safety risks, adapt the format of participation, provide technical support, troubleshoot issues, maintain records, protect users, protect legal rights and deliver the relevant Product.

11.6. Refusal, Suspension or Alternative Format

The Academy may refuse, suspend, restrict or modify participation where suitability information indicates a potential safety, health-related, psychological, technical, legal or operational risk.
Where appropriate and reasonably possible, the Academy may offer an alternative format or recommendation, but the Academy is not required to provide a Product in a format that it reasonably considers unsafe or unsuitable.

11.7. User Responsibility

Users must provide accurate and relevant information when completing safety or suitability forms.
Users should stop participation and contact the Academy or an appropriate professional if they experience dizziness, nausea, disorientation, severe discomfort, panic, unusual emotional distress or any other concerning reaction during or after a VR, immersive, intensive or technology-supported activity.

12. Recordings, Webinars, Sessions and Events

12.1. Types of Recordings

The Academy may create, receive, store or use recordings and event-related data in connection with webinars, masterclasses, workshops, group sessions, individual consultations, individual sessions, video testimonials, voice messages, materials created from chat content, public events and similar activities.
Recordings may include video, audio, image, voice, visible name, comments, questions, chat messages, screen content, attendance records and participation information.

12.2. Individual Sessions

Individual consultations or sessions may be recorded where this is stated in the relevant Product-Specific Terms, confirmed by the Academy, required for the Product, notified to the user or agreed where required by applicable law.
If an individual session is not included as a recorded service, participation in the session does not automatically create a right to receive a recording.

12.3. Purposes of Recordings

The Academy may process recordings and event-related data for educational delivery, participant access, quality control, internal review, team training, archive, service verification, product improvement, support, legal protection, dispute resolution, marketing where permitted and other purposes described in this Privacy Policy or Product-Specific Terms.

12.4. Access to Recordings

Recordings are provided to participants only where included in the relevant Product-Specific Terms, confirmed by the Academy, or made available at the Academy’s discretion.
The Academy may decide whether a recording is provided to participants, kept for internal use, used as educational material, archived, edited, restricted or deleted, subject to applicable law and Product-Specific Terms.

12.5. Participant Visibility in Events

In live events, webinars, group sessions, chats or public events, other participants may see or hear a user’s name, profile image, voice, video, questions, comments, reactions, shared files or other information voluntarily provided by the user.
The level of visibility may depend on the platform, settings, event format and user’s own participation choices.

12.6. Public, Marketing and Promotional Use

The Academy may use identifiable recordings, images, names, voices, comments, questions, testimonials, case studies, personal stories or event fragments publicly only where consent has been obtained, the event was public or promotional with appropriate notice, the content is anonymized, the user made the material public, or another lawful basis applies.
For closed educational groups, identifiable images, voices, names, personal stories or comments should not be used for public marketing purposes without separate consent, anonymization, prior clear notice or another lawful basis available to the Academy under applicable law.

12.7. Editing and Excerpts

The Academy may edit recordings, testimonials, questions, comments or event materials for length, clarity, formatting, educational structure, translation, technical quality or privacy protection, provided that the meaning is not materially distorted.

13. Communities, Chats and Group Spaces

13.1. Communication Channels

The Academy may use Communities, Chats and group spaces in connection with the Services, including Telegram, WhatsApp, platform chats, email, video-call chats, comments, announcement channels, discussion groups and other current or future communication channels.

13.2. Profile Names and Identification

Users may appear in Communities or Chats under their Telegram, WhatsApp, platform or other profile name, username, image or account identifier.
The Academy may request the user’s real name or other identifying information for administration, access control, support, safety, certification, B2B reporting, legal compliance or enforcement of the Terms and Conditions.

13.3. Visibility to Other Participants

In Communities, Chats and group spaces, other participants may see the user’s profile name, username, profile photo, messages, questions, comments, reactions, shared files, voice messages and other information the user chooses to share.
The exact visibility of such information may depend on the platform, privacy settings, Product format and user’s own choices.

13.4. User Responsibility in Group Spaces

Users should not share Personal Data of other persons, confidential information, Sensitive Data, business secrets, medical information, children’s data or third-party information in Communities or Chats unless they have the right to do so and such sharing is necessary and appropriate.
Users should understand that group spaces are not fully private because other participants may see, hear, copy or remember information shared in the group.

13.5. Moderation

The Academy may moderate Communities, Chats and group spaces, including by deleting messages, hiding content, restricting posting, placing a Chat in read-only mode, muting participants, removing participants, warning users or taking other reasonable measures to protect the educational environment, users, Academy Materials, confidentiality, safety and legal rights.

13.6. Archiving and Use of Chat Data

The Academy may retain, export, archive, review or use messages and other chat data for administration, support, moderation, evidence of service delivery, legal protection, complaints, disputes, safety, security, Product improvement and enforcement of the Terms and Conditions.
Retention of chat data is subject to applicable law, the platform used, technical limitations and the Academy’s retention practices.

13.7. Third-Party Platforms

Communities and Chats may be hosted on third-party platforms such as Telegram, WhatsApp, video-call tools, social media platforms or other communication services.
Such platforms may process Personal Data according to their own terms, privacy policies, technical settings and data processing practices.

14. Marketing Communications

14.1. Types of Marketing Communications

The Academy may send marketing communications, educational updates, newsletters, event invitations, product announcements, course offers, promotions, reminders, surveys, community updates or similar messages where permitted by applicable law and this Privacy Policy.

14.2. Marketing Channels

Marketing communications may be sent by email, WhatsApp, Telegram, SMS, platform notifications, social media, messenger communications or other digital channels used by the Academy. The Academy may also use advertisements and retargeting tools where permitted by applicable law.

14.3. Consent and Subscription

The Academy generally sends marketing communications based on the user’s consent, subscription, opt-in or another lawful marketing basis.
Where required by applicable law, the Academy will obtain consent before sending marketing communications.

14.4. Existing Customer Marketing

Where permitted by applicable law, the Academy may send existing customers information about similar or related Products, events, educational content or services.
Users may object to or opt out of such marketing communications.

14.5. Service Communications Are Not Marketing

Service, transactional, legal, technical, security and operational communications are not marketing communications.
The Academy may send such messages even if the user has unsubscribed from marketing. These may include access information, payment confirmations, invoices, refund updates, schedule changes, support messages, security notices, legal notices, Product updates and account administration messages.

14.6. Unsubscribe and Opt-Out

Users may unsubscribe or opt out of marketing communications by using an unsubscribe link, replying or messaging with an opt-out request where available, contacting the Academy at info@noimann.academy or using any other consent-management method provided by the Academy.
Unsubscribe requests may take a reasonable time to process.

14.7. Advertising and Retargeting

Where applicable, the Academy may use advertising, analytics, retargeting tools, marketing pixels or similar technologies to understand user interest, measure campaign performance or present relevant content.
Such processing may depend on cookies, platform settings, user consent, browser settings and applicable law.

15. Cookies and Similar Technologies

15.1. Use of Cookies

The Academy may use cookies, pixels, tags, local storage, software development kits and similar technologies on its website, Platform, payment pages, learning environments, email communications or digital services.
Such technologies may be used to operate the website, manage login sessions, support payments, protect security, remember preferences, analyze usage, improve services, personalize experience or support marketing.

15.2. Categories of Cookies

The Academy may use the following categories of cookies and similar technologies, where applicable:
  1. essential cookies necessary for website, Platform, login, payment or security functions;
  2. functional cookies used to remember preferences or improve user experience;
  3. analytics cookies used to understand website, Platform or Product usage;
  4. marketing or retargeting cookies used to support advertising and campaign measurement;
  5. embedded third-party content cookies used by video, social media, payment, chat, analytics or other embedded tools;
  6. security cookies used to protect accounts, systems, access and communications.

15.3. Third-Party Cookies

Some cookies or similar technologies may be placed or controlled by third-party providers, including analytics providers, advertising platforms, payment providers, video platforms, social media platforms, chat tools or other service providers.
These third parties may process data according to their own terms and privacy policies.

15.4. Cookie Consent

Non-essential cookies may require consent depending on applicable law.
Where required, the Academy may use a cookie banner, consent tool, preference center or similar mechanism to request, record or manage cookie preferences.

15.5. Cookie Settings

Users may manage cookies through browser settings, device settings, cookie banners, preference tools or other mechanisms made available by the Academy or third-party providers.
Blocking or disabling certain cookies may affect website functionality, login, payment processing, user experience, analytics, personalization or access to certain features.

15.6. Cookie Policy

Further details about cookies, analytics tools, marketing pixels and similar technologies may be provided in a separate Cookie Policy.
If a Cookie Policy is provided, it should be read together with this Privacy Policy.

15.7. Changes to Cookies

The Academy may update the cookies, analytics tools, marketing pixels and similar technologies it uses from time to time.
The cookies and similar technologies used at any given time may depend on the website, Platform, product page, payment page, embedded content, service providers and technical configuration in use.

16. Third-Party Service Providers

16.1. Use of Third-Party Service Providers

The Academy may use Third-Party Service Providers to support, provide, administer, improve, secure and operate the Services.
Third-Party Service Providers may process Personal Data where necessary for the purposes described in this Privacy Policy, the Terms and Conditions, Product-Specific Terms, consent forms, B2B documentation or other applicable documents.

16.2. Categories of Third-Party Service Providers

Third-Party Service Providers may include, without limitation:
  1. payment providers;
  2. banks, card issuers and payment platforms;
  3. hosting and cloud providers;
  4. learning platforms and learning management systems;
  5. CRM and customer management systems;
  6. email and communication providers;
  7. analytics providers;
  8. marketing and advertising providers;
  9. messengers and chat platforms;
  10. video-call and webinar tools;
  11. AI providers and AI-enabled service providers;
  12. VR, neurotechnology, biofeedback or technical providers;
  13. cloud storage and file-sharing providers;
  14. legal, accounting, tax and compliance advisers;
  15. B2B, certification, academic or program partners;
  16. IT, cybersecurity, technical support and security contractors.

16.3. Examples of Third-Party Services

Third-Party Service Providers may include, without limitation, Stripe, PayPal, Zbooni, Telegram, WhatsApp, Zoom, Google Meet, Google, Meta, OpenAI, hosting providers, analytics providers, payment providers, learning platforms, CRM systems and other providers used by the Academy.
The specific providers used may change from time to time depending on the website, Platform, Product, payment method, communication channel, technical setup, B2B arrangement or operational needs.

16.4. Payment Providers

The Academy may use third-party payment providers, banks, card issuers, payment platforms and payment processors to process payments, refunds, invoices, chargebacks, payment confirmations, payment status and related financial administration.
The Academy does not store full bank card details. Full card data is processed by the relevant payment provider, bank, card issuer or payment platform.

16.5. Communication, Platform and Learning Providers

The Academy may use email tools, messengers, learning platforms, webinar tools, video-call platforms, cloud storage, CRM systems, hosting providers and similar providers to deliver Products, manage accounts, communicate with users, provide support, host content, manage Communities or Chats, provide recordings and administer learning activities.

16.6. Professional Advisers and Compliance Providers

The Academy may share Personal Data with legal advisers, accountants, tax advisers, auditors, consultants, compliance providers, payment dispute advisers or other professional advisers where reasonably necessary for legal, accounting, compliance, tax, dispute resolution, risk management or business purposes.

16.7. B2B, Certification and Academic Partners

Where applicable, the Academy may share Personal Data with B2B clients, certification partners, academic partners, program partners or similar organizations for program administration, attendance reporting, completion records, certificate administration, corporate reporting or other agreed purposes.
Such sharing is subject to the relevant Product-Specific Terms, B2B documentation, Data Processing Addendum, consent form or other written agreement where applicable.

16.8. Third-Party Terms and Privacy Policies

Third-Party Service Providers may process Personal Data under their own terms, privacy policies, data processing terms, technical settings and legal obligations.
The Academy is not responsible for independent processing activities of third parties where such processing is outside the Academy’s reasonable control.

17. International Transfers

17.1. Cross-Border Processing

The Academy may process, store, access or transfer Personal Data in the United Arab Emirates, the European Union, the European Economic Area, the United States and other countries where the Academy, its team, service providers, platforms, payment providers, communication tools, AI providers, hosting providers, consultants or operational partners are located or operate.

17.2. Need for International Transfers

International transfers may be necessary to provide digital Services, process payments, operate the Platform, use cloud infrastructure, provide support, communicate with users, use analytics, deliver recordings, manage B2B Services, use AI Tools, provide video-call services, use messengers or administer Products.

17.3. Transfer Safeguards

Where required by applicable law, the Academy will use appropriate safeguards for international transfers.
Such measures may include contractual safeguards, standard contractual clauses or equivalent mechanisms, data processing terms, security measures, provider assessments, technical controls or other mechanisms available under applicable data protection requirements.

17.4. Different Levels of Protection

Data protection laws may differ between countries. Some countries may not provide the same level of protection as the user’s country of residence.
The Academy will take reasonable steps required by applicable law to protect Personal Data when it is transferred internationally.

17.5. Third-Party Infrastructure

Many digital services depend on third-party infrastructure, including payment systems, cloud hosting, email systems, AI providers, analytics tools, video-call platforms, messaging platforms, CRM systems, advertising platforms and file storage providers.
Use of such services may involve international processing or transfers.

18. Data Retention

18.1. General Retention Rule

The Academy retains Personal Data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.
Retention periods may depend on the type of data, Product, access period, legal obligations, accounting requirements, dispute risk, user relationship, technical systems, consent forms, Product-Specific Terms and operational needs.

18.2. Account and Contact Data

Account and contact data may be retained while the user’s account is active, while the user has access to Services, and for a reasonable period thereafter for administration, support, legal protection, recordkeeping and compliance purposes.

18.3. Payment, Invoice and Accounting Data

Payment records, invoices, transaction records, refund records, chargeback records, billing information and related financial data may be retained as required by tax, accounting, legal, audit, compliance and recordkeeping obligations.

18.4. Course, Progress and Certification Data

Course enrollment, access status, progress, attendance, homework, assignments, completion records, certificate records and participation data may be retained during the access period and for a reasonable period thereafter for educational administration, certification, support, legal protection, dispute resolution and recordkeeping purposes.

18.5. Recordings and Event Data

Recordings and event-related data may be retained for as long as reasonably necessary for education, access, quality control, archive, internal training, legal protection, dispute resolution, product improvement, compliance or other legitimate purposes.
Specific retention rules may be stated in Product-Specific Terms, consent forms, recording notices or the Academy’s internal retention practices.

18.6. Communication and Support Data

Emails, support requests, messenger communications, chat messages, complaint records, refund requests and other communications may be retained for support, administration, dispute resolution, legal protection, quality control, safety, moderation and recordkeeping purposes.

18.7. Marketing Data

Marketing consent records, subscription status, communication preferences, unsubscribe requests, suppression lists and campaign interaction records may be retained as needed to manage marketing preferences, comply with applicable law, respect opt-out requests and avoid sending unwanted marketing communications.

18.8. B2B Data

B2B data, Authorized User data, attendance records, progress reports, completion records, corporate correspondence, order forms and related corporate records may be retained for the duration of the B2B relationship and for a reasonable period thereafter, subject to the relevant B2B documentation, legal obligations, reporting requirements, dispute resolution and recordkeeping needs.

18.9. Sensitive Data

Sensitive Data is retained only for as long as reasonably necessary for the purpose for which it was collected, including safety, suitability, participation, consent, legal protection, recordkeeping or compliance purposes.
Where Sensitive Data is no longer reasonably necessary, the Academy may delete, anonymize, aggregate or restrict it, subject to applicable law and technical limitations.

18.10. Backups

Personal Data may remain in backups, archives or disaster recovery systems for a limited technical period after deletion or restriction from active systems.
Such data is generally not used for active processing and is deleted, overwritten or isolated according to backup cycles and technical processes.

18.11. Legal Hold and Extended Retention

The Academy may retain Personal Data for a longer period where necessary for legal claims, disputes, investigations, fraud prevention, security, regulatory requests, tax obligations, accounting obligations, audit, enforcement of agreements, protection of rights or compliance with applicable law.

18.12. Anonymized and Aggregated Data

The Academy may retain anonymized or aggregated data for analytics, research, product improvement, internal reporting, AI-related workflow improvement, educational quality and business planning, provided that such data no longer identifies a user.

19. Data Security

19.1. General Security Measures

The Academy takes reasonable administrative, technical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss, destruction, damage, misuse, alteration or disclosure.
The level of protection may depend on the nature of the data, processing purpose, available technology, cost of implementation, risk level and applicable legal requirements.

19.2. Examples of Security Measures

The Academy’s security measures may include, where appropriate:
  1. access controls;
  2. limited access to Personal Data on a need-to-know basis;
  3. account and login controls;
  4. security logs and access logs;
  5. use of reputable service providers;
  6. review of security controls offered by service providers;
  7. confidentiality obligations for staff, contractors and service providers;
  8. backups and recovery processes;
  9. technical monitoring;
  10. data minimization;
  11. internal procedures for support, complaints, refunds and privacy requests;
  12. organizational measures to reduce unauthorized access or misuse.

19.3. Access by Staff and Contractors

Access to Personal Data is limited to persons who reasonably need access for service delivery, administration, support, technical operations, payment administration, legal compliance, moderation, security, B2B administration or other authorized purposes.
Staff, contractors and service providers who access Personal Data are expected to handle it in accordance with applicable confidentiality, security and data protection requirements.

19.4. Security of Third-Party Providers

The Academy may rely on Third-Party Service Providers for hosting, payments, communications, analytics, AI, video calls, messengers, storage and other operational services.
The Academy aims to use providers that offer appropriate security measures for the relevant service, but the Academy cannot guarantee that third-party systems will be completely secure or uninterrupted.

19.5. No Absolute Security

No website, Platform, digital system, email system, messenger, cloud service, payment system, AI tool, video-call tool or internet transmission can be guaranteed to be completely secure.
Users should use the Services carefully and protect their own accounts, passwords, devices, email accounts, messenger accounts and communication channels.

19.6. User Security Responsibilities

Users are responsible for keeping login details confidential, using secure devices and networks, avoiding unauthorized sharing of access, monitoring their accounts and notifying the Academy if they suspect unauthorized access, account compromise or misuse.

19.7. Security Incidents

If a security incident affects Personal Data, the Academy will assess the incident and take steps required by applicable law.
Where required by applicable law, the Academy will notify affected users, Business Clients, service providers, authorities or other relevant parties.

19.8. Data Accuracy and Updates

Users should keep their account, contact, billing and communication information accurate and up to date.
The Academy may not be able to provide notices, access, support, refunds, certificates or privacy responses if user information is inaccurate or outdated.

20. User Rights

20.1. Rights Subject to Applicable Law

Depending on applicable law and the user’s location, users may have certain rights in relation to their Personal Data.
These rights may be subject to legal conditions, exceptions, verification requirements, technical limitations, retention obligations, rights of other persons and the nature of the relevant Product or processing activity.

20.2. Right to Be Informed

Users may have the right to receive information about how their Personal Data is collected, used, shared, retained and protected.
This Privacy Policy is intended to provide such information.

20.3. Right of Access

Users may have the right to request access to Personal Data that the Academy holds about them and to receive information about how that data is processed.

20.4. Right to Correction

Users may have the right to request correction of inaccurate Personal Data or completion of incomplete Personal Data.

20.5. Right to Deletion

Users may have the right to request deletion of Personal Data, subject to applicable law and limitations.
Deletion may be limited where data is required for legal obligations, accounting, tax, dispute resolution, recordkeeping, fraud prevention, safety, security, rights of other users, recordings involving multiple participants, legal claims or other legitimate purposes.

20.6. Right to Restrict Processing

Users may have the right to request restriction of processing of their Personal Data in certain circumstances, subject to applicable law.

20.7. Right to Object

Users may have the right to object to certain processing activities, including processing based on legitimate interests or direct marketing, where applicable.

20.8. Right to Data Portability

Users may have the right to receive certain Personal Data in a structured, commonly used and machine-readable format, or request transfer of such data to another controller, where applicable.

20.9. Right to Withdraw Consent

Where processing is based on consent, users may withdraw consent at any time.
Withdrawal of consent does not affect processing carried out before withdrawal and may affect the user’s ability to access or participate in certain Services where the relevant data is necessary.

20.10. Right to Opt Out of Marketing

Users may opt out of marketing communications at any time by using an unsubscribe link, sending an opt-out request, contacting the Academy or using any available consent-management mechanism.
The Academy may still send service, transactional, legal, technical, security or operational communications.

20.11. Rights Related to Automated Decisions

Where automated decision-making or profiling has a significant effect on a user and applicable law provides related rights, the user may have the right to request information, human review, contest the decision or exercise other rights available under applicable law.

20.12. Right to Complain

Users may have the right to lodge a complaint with a competent data protection authority, regulator or other authority where such right is available under applicable law.
The Academy encourages users to contact the Academy first so that the issue can be reviewed and, where appropriate, resolved.

20.13. Authorized Requests

Privacy requests may be submitted by the user, a parent or legal guardian for a minor, an authorized representative, a legal representative or a Business Client in relation to corporate data, where applicable.
The Academy may request evidence of identity, authority or relationship before responding to such request.

21. How to Submit Privacy Requests

21.1. Privacy Contact

Users may submit privacy, data protection and requests concerning Personal Data to the Academy by email at:
info@noimann.academy
This is the official contact email for privacy requests unless the Academy later provides a separate privacy contact or written instruction.

21.2. Types of Requests

Users may use this contact to request access, correction, deletion, restriction, portability, withdrawal of consent, objection to processing, marketing opt-out, information about processing, or other privacy-related action available under applicable law.

21.3. Required Information

A privacy request should include enough information for the Academy to identify the requester and understand the request.
The request should include, where relevant:
  1. full name;
  2. email address used for registration, purchase or communication with the Academy;
  3. Product or Service concerned;
  4. type of request;
  5. description of the request;
  6. relevant dates, communications or transaction details, if applicable;
  7. proof of identity or authority, where requested by the Academy.

21.4. Identity and Authority Verification

The Academy may request information necessary to verify the identity of the requester before responding to a privacy request.
Where a request is submitted by a parent, legal guardian, authorized representative, legal representative or Business Client, the Academy may request evidence of authority, relationship or authorization before taking action.

21.5. Requests from Parents or Legal Guardians

A parent or legal guardian may submit a privacy request relating to a minor where the minor participates in a Product or where the parent or legal guardian has provided consent.
The Academy may verify the relationship, identity and authority of the parent or legal guardian before responding.

21.6. Requests from Authorized Representatives

An authorized representative or legal representative may submit a privacy request on behalf of a user where permitted by applicable law.
The Academy may request proof that the representative is authorized to act on behalf of the user.

21.7. Response Time

The Academy will respond to privacy requests within the period required by applicable law and, where reasonably possible, within thirty (30) days.
The response period may be extended where permitted by applicable law if the request is complex, repeated, unclear or excessive, requires identity verification, involves a large volume of data, involves third parties, relates to recordings with multiple participants, or requires coordination with a Business Client or service provider.

21.8. Incomplete Requests

If a request is incomplete, unclear or does not contain sufficient information, the Academy may request clarification or additional information.
The response period may begin or continue after the necessary information is provided, where permitted by applicable law.

21.9. Manifestly Unfounded, Excessive or Abusive Requests

Where permitted by applicable law, the Academy may refuse, limit, delay or charge a reasonable fee for requests that are manifestly unfounded, excessive, repeated, abusive, fraudulent, disproportionate or intended to interfere with the Academy’s operations or rights.

21.10. Method of Response

The Academy may respond by email or by another reasonable written digital method.
Where appropriate, the Academy may provide information electronically, in written form or through a secure access method.

22. Limits on Deletion and Access Requests

22.1. General Limitation

User rights are not absolute and may be subject to legal, technical, contractual, operational and rights-based limitations.
The Academy may refuse, limit or delay a deletion, access, correction, portability, restriction or objection request where permitted by applicable law.

22.2. Legal, Tax and Accounting Records

The Academy may retain Personal Data where necessary for legal obligations, tax obligations, accounting records, audit, financial reporting, payment administration, invoices, refunds, chargebacks, transaction records or other mandatory recordkeeping requirements.

22.3. Disputes, Claims and Legal Protection

The Academy may retain or restrict access to Personal Data where necessary for complaints, disputes, legal claims, investigations, enforcement of agreements, fraud prevention, chargeback disputes, safety issues, security issues, regulatory requests or protection of the Academy’s legal rights.

22.4. Rights of Other Users

Access or deletion requests may be limited where fulfilling the request would adversely affect the rights, privacy, safety, confidentiality or legal interests of other users, participants, staff, contractors, Business Clients or third parties.

22.5. Recordings with Multiple Participants

Where a recording includes multiple participants, full deletion of the recording may not be possible or appropriate.
Where reasonably feasible and legally required or appropriate, the Academy may consider alternatives such as anonymization, blurring, muting, removing excerpts, limiting access, editing, restricting use or removing specific identifiable portions.

22.6. Academy Materials and Intellectual Property

A deletion or access request does not require the Academy to delete, disclose, transfer or provide access to Academy Materials, methodology, educational content, course structure, internal materials, prompts, AI workflows, platform logic, analytics, anonymized data, aggregated data, intellectual property, trade secrets or confidential business information.

22.7. Certificates, Completion Records and Learning Records

The Academy may retain limited learning, attendance, completion, certificate or participation records where necessary for educational administration, certificate verification, B2B reporting, legal protection, dispute resolution, recordkeeping or compliance purposes.

22.8. B2B Reporting and Corporate Records

Where Personal Data is processed in a B2B context, deletion or access requests may be affected by B2B documentation, Data Processing Addendum, reporting obligations, Business Client instructions, corporate recordkeeping, employment-related context or the rights and obligations of the Business Client.

22.9. Security and Fraud Prevention

The Academy may retain certain data where necessary to protect accounts, systems, users, payments, Platform access, Academy Materials, legal rights, fraud prevention, misuse prevention or security.

22.10. Practical and Technical Limits

Some requests may be limited by technical feasibility, platform limitations, third-party systems, legal obligations, records already shared with authorized recipients, or the nature of the relevant Product or Service.

23. B2B Data Processing

23.1. B2B Scope

This Section applies where the Academy provides Services to a Business Client, including corporate programs, group training, employee access, Authorized User access, B2B reporting, certification administration, corporate onboarding or related services.

23.2. Data Roles in B2B Services

Depending on the relevant B2B Order Form, Product-Specific Terms, Data Processing Addendum, written agreement and applicable law, the Academy may act as a Data Controller, Data Processor, service provider, independent controller, joint controller or similar role recognized under applicable law.
The applicable role should be determined by the relevant B2B documentation and the actual processing activity.

23.3. Business Client Responsibilities

The Business Client is responsible for ensuring that it has provided all required privacy notices, obtained all required consents, established appropriate lawful bases, verified authority and complied with applicable data protection obligations before providing Personal Data to the Academy.
This includes Personal Data of employees, contractors, representatives, clients, students, participants, Authorized Users and other individuals.

23.4. Authorized User Data

The Academy may process Authorized User data to provide access, administer Products, manage attendance, track progress, provide support, issue certificates, maintain records, communicate with users, provide reports where agreed and perform the relevant B2B Services.

23.5. B2B Reports

The Academy may provide attendance, progress, completion, access, participation, certificate or other Product-related reports to the Business Client only where such reporting is stated in the relevant B2B Order Form, Product-Specific Terms, Data Processing Addendum, consent form or other written agreement.

23.6. Authorized User Requests

If an Authorized User submits a privacy request directly to the Academy, the Academy may respond directly where the Academy acts as controller, coordinate with the Business Client where the Business Client controls the relevant data, request verification, refer the request to the Business Client, or take another appropriate action depending on applicable law and the relevant B2B documents.

23.7. Business Client Instructions

Where the Academy acts as a processor or service provider, the Academy may process Personal Data in accordance with the Business Client’s documented instructions, the applicable Data Processing Addendum, Product-Specific Terms, B2B Order Form or written agreement.

23.8. Accuracy of B2B Data

The Business Client is responsible for the accuracy, completeness and lawfulness of Personal Data it provides to the Academy.
The Business Client should notify the Academy if an Authorized User should be added, removed, replaced, restricted or updated.

23.9. Corporate Materials and Third-Party Data

If the Business Client provides corporate materials, employee data, client data, participant data, files, case materials or other third-party data, the Business Client is responsible for ensuring that such data is lawfully provided and may be processed by the Academy for the relevant B2B purposes.

23.10. Data Processing Addendum

A separate Data Processing Addendum may apply where required by law, requested by the Business Client, or considered appropriate by the Academy.
Where a Data Processing Addendum applies, it should be read together with this Privacy Policy, the Terms and Conditions, Product-Specific Terms and relevant B2B documentation.

24. Links to Third-Party Websites and Services

24.1. External Links

The Academy’s website, Platform, Products, Materials, emails, Chats, Communities, recordings or communications may contain links to third-party websites, platforms, tools, payment pages, video platforms, social media pages, resources or services.

24.2. No Control Over Third Parties

The Academy does not control all third-party websites, platforms, tools or services that may be linked, embedded or referenced in connection with the Services.
The Academy is not responsible for third-party privacy practices, security practices, content, terms, cookies, tracking technologies or data processing activities where such activities are outside the Academy’s reasonable control.

24.3. Embedded Third-Party Services

The Services may include embedded or integrated third-party services, including payment checkout, video content, social media content, analytics tools, chat widgets, AI tools, maps, forms, webinar tools or other digital functions.
Such services may collect or process Personal Data according to their own terms, privacy policies, cookie policies and technical settings.

24.4. Review Third-Party Policies

Users should review the privacy policies, cookie policies and terms of third-party services before using them or providing Personal Data through them.
Use of third-party services may be subject to separate legal terms between the user and the third-party provider.

24.5. Third-Party Account Settings

Where a user accesses the Services through a third-party account, messenger, platform, payment service, social media account or video-call tool, the privacy settings and data practices of that third-party service may affect what Personal Data is collected, displayed, shared or retained.

25. Updates to this Privacy Policy

25.1. Right to Update

The Academy may update, revise, replace or amend this Privacy Policy from time to time.
Updates may be necessary for legal, regulatory, technical, operational, security, business, product, platform, provider, cookie, AI, VR, B2B, marketing or service-related reasons.

25.2. Publication of Updates

Updated versions of this Privacy Policy may be published on the Academy’s website or made available through the Platform, email, Product page, checkout page or other written digital channel.

25.3. Effective Date of Updates

Updates may take effect from the date of publication, the date stated in the updated Privacy Policy, or another date communicated by the Academy.

25.4. Material Changes

Where reasonably possible, the Academy may notify users of material changes to this Privacy Policy.
Such notice may be provided through the website, Platform, email, Product page, account notice, communication channel or other written digital method.

25.5. Continued Use

Continued use of the website, Platform, Products or Services after an updated Privacy Policy becomes effective will be treated as acknowledgement of the updated Privacy Policy where permitted by applicable law.

25.6. Previous Versions

The Academy may retain previous versions of this Privacy Policy for recordkeeping, compliance, audit, dispute resolution, legal protection and administrative purposes.

25.7. Review by Users

Users should review this Privacy Policy periodically to understand how the Academy processes Personal Data.
If a user does not agree with an updated Privacy Policy, the user should stop using the Services and contact the Academy where necessary to discuss available options, subject to applicable law and existing contractual obligations.

26. Contact Details

26.1. Formal Privacy Requests

Formal privacy requests should be sent to info@noimann.academy and are accepted by email only, unless the Academy expressly provides another written instruction.
Messages sent to personal accounts, private messengers, personal social media accounts or individual contacts of employees, managers, curators, mentors, teachers, speakers or contractors are not considered formal privacy requests to the Academy.

26.2. Informal Communications

The Academy may, at its discretion, respond to informal messages concerning privacy or Personal Data received through other communication channels.
However, the Academy may ask the user to resend the request to the official privacy contact email before treating it as a formal privacy request.

26.3. Accuracy of Contact Information

Users are responsible for providing accurate contact information and keeping their email address and communication details up to date.
The Academy may not be able to respond properly to privacy requests, provide notices or verify identity if the information provided by the user is inaccurate, incomplete or outdated.

27. Effective Date and Version

27.1. Effective Date

This Privacy Policy is effective from the date it is published on the Academy’s website, unless another effective date is stated below:
Effective Date: 03 June 2026

27.2. Last Updated

This Privacy Policy was last updated on:
Last Updated: 03 June 2026

27.3. Version

Version: 1.0

27.4. Application of this Privacy Policy

This Privacy Policy applies to the processing of Personal Data carried out on or after the Effective Date.
It may also apply to existing users where they continue to access or use the website, Platform, Products or Services after this Privacy Policy is published, subject to applicable law and any mandatory rights of the user.