Privacy Policy

Effective date: 25 August 2025
Last updated: 25 August 2025

1) Who we are (Controller)
This Privacy Policy explains how the Institute of Communication and Data Science (ICDS) (“ICDS”, “we”, “our”, “us”) collects, uses, shares, stores, and protects personal data when you visit or interact with https://icds.institute (the “Website”) and our related services.

Primary contact for privacy matters:
info@icds.institute

ICDS acts as a Data Controller when it determines the purposes and means of processing personal data. Where vendors process data on our behalf, they act as Data Processors under contractual obligations.

2) Scope & legal frameworks
We process personal data in accordance with applicable laws, including:

GDPR (EU/EEA) and UK GDPR equivalents;
MENA data protection laws where applicable (e.g., UAE DIFC Data Protection Law, KSA PDPL, Bahrain PDPL);
Other local data protection statutes relevant to users’ jurisdictions.

This Policy applies to the Website, course pages, forms, newsletters, webinars, and related touchpoints operated by ICDS.

3) Definitions (plain language)

Personal data: any information that identifies or can identify an individual (e.g., name, email, phone, IP).
Processing: any operation on personal data (collection, storage, use, sharing, deletion).
Controller / Processor: ICDS is the Controller; selected suppliers are Processors.
Cross‑border transfer: moving personal data outside your country/region (e.g., from EEA to non‑EEA).

4) What data we collect
4.1 Data you provide directly

Identification & contact: first/last name, email, phone, country/region.
Professional info (optional): role, company, interests (e.g., selected programs).
Course/lead forms: messages, preferences, program selections (including modules for pricing calculator).
Newsletter sign‑ups: email and marketing preferences.

4.2 Data collected automatically

Device & usage data: IP address, device/browser type, OS, language, time zone, referring URLs, pages viewed, session duration, clicks and scrolls (via cookies/pixels).
Analytics & events: button clicks (e.g., “Apply”, “Enroll”, “Read article”), form submissions, depth of scroll.

4.3 Special categories / children

We do not intentionally collect special categories of data (e.g., health, beliefs) or data from children under 16 (or the age defined by local law). If you believe a minor has provided data, contact info@icds.institute to request deletion.

5) Why we process data (purposes) & legal bases
Service delivery & administration

Provide access to programs/courses, respond to inquiries, operate the site.
Legal bases: Contract; Legitimate interests.

Analytics & product improvement

Understand how the Website is used; improve UX; fix issues.
Legal bases: Legitimate interests; Consent (where required for cookies).

Marketing & newsletters

Send updates about programs, events, articles, and opportunities.
Legal bases: Consent (opt‑in); you can unsubscribe anytime.

Security & fraud prevention

Detect, prevent, and investigate misuse or cyber threats.
Legal bases: Legitimate interests; Legal obligation (where applicable).

Compliance

Meet legal, regulatory, and law‑enforcement requests.
Legal bases: Legal obligation; Public interest.

6) Cookies, pixels & tracking
We use cookies and similar technologies (e.g., pixels, tags, SDKs) to:

keep the Website secure and functioning;
remember preferences;
measure engagement and performance;
support advertising and re‑marketing.

You can manage cookies in your browser settings and (where presented) via our on‑site cookie banner / consent manager. Some non‑essential cookies will only run if you opt in.

7) How long we keep data (retention)
We keep personal data no longer than necessary for the purposes collected or as required by law. Current ceilings:

Contact/lead forms & correspondence: up to 5 years after last interaction.
Newsletter emails: until you unsubscribe or withdraw consent.
Student/course records & certificates: up to 10 years (or longer if required by accreditation/record‑keeping laws).
Technical, logs, analytics & cookies: up to 24 months (2 years).

Where feasible, we anonymize or aggregate data for statistics and research.

8) Who we share data with (categories of recipients)
We share personal data only with:

Service providers (Processors) under contracts requiring confidentiality and data protection;
Analytics & advertising vendors (see Schedule A);
Payment processors (if/when payments are enabled);
IT/hosting and security providers;
Professional advisors (legal, compliance);
Authorities where required by law.

We do not sell your personal data.

9) International transfers
Your data may be stored or processed outside your country/region (e.g., EEA, UK, UAE/MENA, US), including by our service providers.
For GDPR‑covered transfers, we rely on:

Adequacy decisions (GDPR Art. 45), where available;
Standard Contractual Clauses (SCCs) (Art. 46);
Additional safeguards where needed.

For MENA jurisdictions, we apply the transfer mechanisms required by local law (e.g., contractual safeguards, approvals, or adequacy‑style determinations where applicable).

10) Security measures
We employ organizational and technical measures appropriate to risk, including:

access controls and role‑based permissions;
encryption in transit and at rest where feasible;
network segmentation and MFA for admin access;
vendor due diligence and DPAs/SCCs;
regular audits, backups, and incident response procedures.

No method of transmission or storage is 100% secure; we strive to protect your data to industry standards.

11) Your rights (EU/UK/MENA & similar regimes)
Subject to law and possible limitations, you may:

Access your personal data and obtain a copy;
Rectify inaccurate or incomplete data;
Erase data (“right to be forgotten”);
Restrict or object to processing (including marketing);
Withdraw consent at any time (does not affect prior lawful processing);
Port data (receive it in a structured, machine‑readable format);
Complain to your supervisory authority.

To exercise your rights, contact: info@icds.institute
We may request additional information to verify your identity.

12) Marketing communications
If you opt‑in, we may send newsletters or program updates. You can unsubscribe using the link in any email or by writing to info@icds.institute. Unsubscribing from marketing does not affect essential service messages (e.g., transactional emails).

13) Automated decision‑making
We do not use automated decision‑making that produces legal or similarly significant effects on you (as defined under GDPR). If this changes, we will update this Policy and provide required notices/choices.

14) Third‑party links
Our Website may link to third‑party sites. We are not responsible for their privacy practices. Review their policies before providing data.

15) Contact details
Data Protection Team:
Email: info@icds.institute

16) Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes. The latest version will always be available at https://icds.institute/privacy-policy. Material changes will be signposted on the Website.

Schedule A — Third‑party services (processors/sub‑processors)
Depending on configuration and region, we may use one or more of the following categories/providers. Not all services run at all times; we maintain contracts and data protection terms with our active vendors.

Analytics & Tagging

Google Analytics 4, Google Tag Manager
LinkedIn Insight Tag
Meta Pixel (Facebook/Instagram)
TikTok Pixel
Yandex Metrica (if targeting RU/CIS)

Email & CRM

Mailchimp / SendGrid / UniSender
HubSpot / Salesforce / Pipedrive / Tilda CRM

Web, Content & Video

Tilda (CMS/hosting components)
Vimeo / YouTube (video hosting)
Zoom / Microsoft Teams (webinars)

Payments (if enabled)

Stripe / PayPal / CloudPayments / YooKassa

Social & Messaging Widgets

Telegram bots / WhatsApp Business API
Instagram / Facebook / LinkedIn embeds

Each vendor processes data under its own Privacy Policy and Terms, and under contractual safeguards with ICDS (including SCCs where required).