Privacy Policy

Effective 1 September 2025.

This Privacy Policy outlines how Fiona Brenninkmeijer (“We,” “Our,” “Us”) accesses, manages, uses, and protects personal data in relation to www.fionabrenninkmeijer.com (the “Website”)  and any related services delivered directly (the "Services").

We are deeply committed to protecting personal information in accordance with applicable data protection laws, including the UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (PDPL), DIFC Data Protection Law No. 5 of 2020, ADGM Data Protection Regulations 2021, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), as applicable.

By accessing the Website or engaging with Services, you acknowledge and agree to the processing and management of your personal data in accordance with this Policy. This does not affect any rights you may have under applicable law.


I. Scope of Policy

This Privacy Policy governs the access, management, use, and protection of personal data by Fiona Brenninkmeijer in connection with:
i. Visitors to this Website, including any passive and active interactions
ii. Individuals who contact, subscribe to communications, or otherwise engage with us via the Website or other digital platforms
iii. Clients and prospective clients engaging with our Services in any capacity, whether paid or exploratory

This Policy does not extend to third-party or affiliate websites accessed via links, integrations, or referrals on the Website. We are not responsible for the privacy practices or content of such third-party platforms. However, this Policy covers any data processed through third-party services acting on our behalf under strict contractual or regulatory obligations.

The protections and obligations described herein apply regardless of your location; however, applicable regional laws may also govern certain aspects of data processing.

II. Definitions

  1. "Personal Data” means any information relating to an identified or identifiable individual

  2. "Processing” means any operation performed on Personal Data, including acquisition, management, use, disclosure, or deletion

  3. "Data Controller” means the person or entity determining the purpose and means of processing

  4. "Data Processor” means any party processing data on behalf of the Data Controller

We act as the Data Controller for the Personal Data processed through this website.


III. Personal Data

We may acquire the following Personal Data:

  1. Identifiers: Name, email, phone number, location

  2. Professional Information: Role, organisation, sector

  3. Health and Wellbeing: Relevant clinical history, priorities, non-clinical wellbeing or performance interests, and preferences for promotional or educational material

  4. Technical: IP address, device type, browser, operating system, and usage data

  5. Marketing & Communications: Preferences for receiving communications, promotional or educational material

We do not knowingly acquire any health information unless voluntarily provided and explicitly consented to, and we do not provide clinical medical advice through this website.


IV. Processing

We process Personal Data under one or more of the following conditions:

  1. Explicit or Implicit Consent: ie. Subscription to The Network or information voluntarily provided through the inquiry form

  2. Contractual Necessity: ie. For the provision of requested services

  3. Legitimate Interests: ie. Improvement of website functionality, system security and enhancement/targeting of user experience

  4. Legal Obligation: ie. Compliance with applicable UAE, EU, or other regulatory frameworks

V. Purpose of Processing

We process your Personal Data to:

  1. Deliver our website and services

  2. Respond to inquiries and provide requested information

  3. Email updates and curated promotional and educational material, where opted-in

  4. Personalise and enhance user experience

  5. Ensure system security and detect/prevent fraud

  6. Comply with applicable legal, regulatory, or professional obligations


VI. Cookies & Tracking Technologies

We use cookies and other relevant tools for:

  1. Website functionality and optimisation

  2. Performance monitoring and analytics

  3. Marketing and personalisation, only where consent is granted

You may disable cookies in your browser settings; however, this may effect site functionality.


VII. Data Retention

We retain Personal Data only as long as necessary for the purposes for which it was collected, and in line with statutory obligations. When retention is no longer required, data will be securely deleted or anonymised.


VIII. Data Sharing & Transfers

We do not sell Personal Data. We may disseminate information only with:

  1. Service Providers engaged to support website hosting, analytics, or communications

  2. Professional Advisors (legal, regulatory, IT security) where required

  3. Regulatory Authorities, where required by law or court order

Cross-Border Transfers:
If data is transferred outside the UAE or EU, it will be done in compliance with applicable transfer mechanisms (adequacy decisions, standard contractual clauses, or equivalent safeguards).



9. Data Subject Rights


You have the following rights under UAE PDPL, GDPR, and other applicable laws:

  • Access: Request a copy of your Personal Data.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure: Request deletion of your data (subject to legal retention requirements).

  • Restriction: Request limitation of processing.

  • Objection: Object to processing based on legitimate interests or direct marketing.

  • Portability: Receive your data in a structured, commonly used format.

  • Withdrawal of Consent: Withdraw consent at any time (without affecting prior processing).

Requests may be submitted to: admin@fionabrenninkmeijer.com. Identity verification may be required.


10. Data Security

We implement industry-standard technical and organizational measures to protect Personal Data from unauthorized access, disclosure, alteration, or destruction. However, no online transmission or storage is entirely secure, and we cannot guarantee absolute security.


11. Special Provisions for UAE Residents

In compliance with UAE PDPL:

  • Data will not be processed or transferred outside the UAE unless adequate protections exist.

  • Sensitive personal data (e.g., health-related data) will only be processed with explicit consent.

  • Individuals may lodge complaints with the UAE Data Office if rights are infringed.

For users in DIFC or ADGM, local data protection laws apply, and we ensure compliance with those frameworks where applicable.


12. Data of Minors

This website is not directed to children under 18. We do not knowingly collect data from minors without parental consent. If such data is discovered, it will be deleted promptly where identified.


13. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices. Users are encouraged to review the privacy policies of third-party sites before disclosing information.


14. Updates to This Policy

We may amend this Policy from time to time to reflect legal, technical, or operational changes. The latest version will always be available on our website.


15. Contact Information

For questions, complaints, or to exercise your rights, please contact:
Data Protection Officer (DPO): Lucy Morley
Email: info@ayu.agency

If unresolved, you may escalate complaints to:

  • UAE Data Office (under PDPL)

  • DIFC Commissioner of Data Protection (if relevant)

  • ADGM Office of Data Protection (if relevant)

  • Your local supervisory authority (if outside UAE)

Effective 1 September 2025.

This Privacy Policy outlines how Fiona Brenninkmeijer (“We,” “Our,” “Us”) accesses, manages, uses, and protects personal data in relation to www.fionabrenninkmeijer.com (the “Website”)  and any related services delivered directly (the "Services").

We are deeply committed to protecting personal information in accordance with applicable data protection laws, including the UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (PDPL), DIFC Data Protection Law No. 5 of 2020, ADGM Data Protection Regulations 2021, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), as applicable.

By accessing the Website or engaging with Services, you acknowledge and agree to the processing and management of your personal data in accordance with this Policy. This does not affect any rights you may have under applicable law.


I. Scope of Policy

This Privacy Policy governs the access, management, use, and protection of personal data by Fiona Brenninkmeijer in connection with:
i. Visitors to this Website, including any passive and active interactions
ii. Individuals who contact, subscribe to communications, or otherwise engage with us via the Website or other digital platforms
iii. Clients and prospective clients engaging with our Services in any capacity, whether paid or exploratory

This Policy does not extend to third-party or affiliate websites accessed via links, integrations, or referrals on the Website. We are not responsible for the privacy practices or content of such third-party platforms. However, this Policy covers any data processed through third-party services acting on our behalf under strict contractual or regulatory obligations.

The protections and obligations described herein apply regardless of your location; however, applicable regional laws may also govern certain aspects of data processing.

II. Definitions

  1. "Personal Data” means any information relating to an identified or identifiable individual

  2. "Processing” means any operation performed on Personal Data, including acquisition, management, use, disclosure, or deletion

  3. "Data Controller” means the person or entity determining the purpose and means of processing

  4. "Data Processor” means any party processing data on behalf of the Data Controller

We act as the Data Controller for the Personal Data processed through this website.


III. Personal Data

We may acquire the following Personal Data:

  1. Identifiers: Name, email, phone number, location

  2. Professional Information: Role, organisation, sector

  3. Health and Wellbeing: Relevant clinical history, priorities, non-clinical wellbeing or performance interests, and preferences for promotional or educational material

  4. Technical: IP address, device type, browser, operating system, and usage data

  5. Marketing & Communications: Preferences for receiving communications, promotional or educational material

We do not knowingly acquire any health information unless voluntarily provided and explicitly consented to, and we do not provide clinical medical advice through this website.


IV. Processing

We process Personal Data under one or more of the following conditions:

  1. Explicit or Implicit Consent: ie. Subscription to The Network or information voluntarily provided through the inquiry form

  2. Contractual Necessity: ie. For the provision of requested services

  3. Legitimate Interests: ie. Improvement of website functionality, system security and enhancement/targeting of user experience

  4. Legal Obligation: ie. Compliance with applicable UAE, EU, or other regulatory frameworks


V. Purpose of Processing

We process your Personal Data to:

  1. Deliver our website and services

  2. Respond to inquiries and provide requested information

  3. Email updates and curated promotional and educational material, where opted-in

  4. Personalise and enhance user experience

  5. Ensure system security and detect/prevent fraud

  6. Comply with applicable legal, regulatory, or professional obligations


VI. Cookies & Tracking Technologies

We use cookies and other relevant tools for:

  1. Website functionality and optimisation

  2. Performance monitoring and analytics

  3. Marketing and personalisation, only where consent is granted

You may disable cookies in your browser settings; however, this may effect site functionality.


VII. Data Retention

We retain Personal Data only as long as necessary for the purposes for which it was collected, and in line with statutory obligations. When retention is no longer required, data will be securely deleted or anonymised.


VIII. Data Sharing & Transfers

We do not sell Personal Data. We may disseminate information only with:

  1. Service Providers engaged to support website hosting, analytics, or communications

  2. Professional Advisors (legal, regulatory, IT security) where required

  3. Regulatory Authorities, where required by law or court order

Cross-Border Transfers:
If data is transferred outside the UAE or EU, it will be done in compliance with applicable transfer mechanisms (adequacy decisions, standard contractual clauses, or equivalent safeguards).



9. Data Subject Rights


You have the following rights under UAE PDPL, GDPR, and other applicable laws:

  • Access: Request a copy of your Personal Data.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure: Request deletion of your data (subject to legal retention requirements).

  • Restriction: Request limitation of processing.

  • Objection: Object to processing based on legitimate interests or direct marketing.

  • Portability: Receive your data in a structured, commonly used format.

  • Withdrawal of Consent: Withdraw consent at any time (without affecting prior processing).

Requests may be submitted to: admin@fionabrenninkmeijer.com. Identity verification may be required.


10. Data Security

We implement industry-standard technical and organizational measures to protect Personal Data from unauthorized access, disclosure, alteration, or destruction. However, no online transmission or storage is entirely secure, and we cannot guarantee absolute security.


11. Special Provisions for UAE Residents

In compliance with UAE PDPL:

  • Data will not be processed or transferred outside the UAE unless adequate protections exist.

  • Sensitive personal data (e.g., health-related data) will only be processed with explicit consent.

  • Individuals may lodge complaints with the UAE Data Office if rights are infringed.

For users in DIFC or ADGM, local data protection laws apply, and we ensure compliance with those frameworks where applicable.


12. Data of Minors

This website is not directed to children under 18. We do not knowingly collect data from minors without parental consent. If such data is discovered, it will be deleted promptly where identified.


13. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices. Users are encouraged to review the privacy policies of third-party sites before disclosing information.


14. Updates to This Policy

We may amend this Policy from time to time to reflect legal, technical, or operational changes. The latest version will always be available on our website.


15. Contact Information

For questions, complaints, or to exercise your rights, please contact:
Data Protection Officer (DPO): Lucy Morley
Email: info@ayu.agency

If unresolved, you may escalate complaints to:

  • UAE Data Office (under PDPL)

  • DIFC Commissioner of Data Protection (if relevant)

  • ADGM Office of Data Protection (if relevant)

  • Your local supervisory authority (if outside UAE)