Privacy Policy

Mama Hala Consulting Group (Canada) and Mama Hala Project Management (UAE) are registered and operate in both Canada and the United Arab Emirates, and provide online services to clients globally under the trade name “Mama Hala Consulting.” We aim to handle your personal information responsibly and in accordance with applicable privacy and data protection laws, including:

Where these frameworks differ, we aim to follow the approach that best protects your personal information. Nothing in this Policy is intended to limit any rights you may have under applicable law.

We process your personal data only where we have a lawful basis to do so. The legal bases we rely on depend on the applicable law and the nature of the processing:

• Consent: Where you have given clear, informed, and voluntary consent to the processing of your data for specific purposes. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. • Contract Performance: Where processing is necessary to perform our obligations under a contract with you (e.g., delivering consultation sessions you have booked and paid for). • Legal Obligation: Where processing is necessary to comply with a legal obligation (e.g., tax reporting, responding to lawful government requests, and business or tax record-retention requirements). • Legitimate Interest: Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms (e.g., improving our services, ensuring security). • Vital Interests: In exceptional circumstances, where processing is necessary to protect someone’s life or physical safety.

For sensitive information (including personal and family matters), we rely exclusively on your explicit consent, obtained before processing begins.

We share your data only with trusted third-party service providers who are essential to the operation of our Services. Each processor is bound by contractual obligations to protect your data. We do not sell or share your data with unaffiliated third parties for their own purposes.

Our data processors and their roles:

We may also disclose personal data if required by law, court order, or government request, or if necessary in good faith to protect our rights, your safety, or the safety of others, to investigate fraud, or to respond to a lawful government request in any jurisdiction where we operate.

Our Website uses a limited number of cookies, local-storage mechanisms, and basic first-party analytics, primarily for functional purposes. We do not use third-party advertising or tracking cookies.

Cookies we set:

You can manage or delete cookies through your browser settings. Disabling functional cookies may affect your ability to use certain features such as booking management and academy access. For detailed instructions on managing cookies, consult your browser’s help documentation.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are:

After the applicable retention period expires, we securely delete or anonymize the data. Where we retain aggregated or anonymized data for statistical purposes, such data cannot be used to identify you.

If you are located in the United Arab Emirates, you have the following rights under the UAE Personal Data Protection Law (PDPL), Federal Decree-Law No. 45 of 2021:

• Right of Access (Article 13): You may request access to your personal data that we hold. • Right to Rectification (Article 14): You may request correction of inaccurate personal data. • Right to Erasure (Article 15): You may request deletion of your personal data, subject to legal retention requirements. • Right to Restriction (Article 16): You may request that we restrict the processing of your data in certain circumstances. • Right to Data Portability (Article 17): You may request to receive your personal data in a structured, commonly used, machine-readable format. • Right to Object (Article 18): You may object to the processing of your personal data for specific purposes, including direct marketing. • Right Against Automated Decisions (Article 19): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you. • Right to Complain: You may file a complaint with the UAE Data Office if you believe your data protection rights have been violated.

To exercise any of these rights, contact us at admin@mamahala.ca. We will respond within 30 days. There is no fee for exercising your rights.

You may request the deletion of your personal data at any time by emailing admin@mamahala.ca with the subject line “Data Deletion Request.”

To protect your privacy, we will verify your identity before acting on the request. Once your identity is confirmed, we will:

• Acknowledge receipt of your request within 5 business days. • Complete the deletion across our primary systems within 30 days. • Notify our third-party subprocessors to purge your data from their systems, in accordance with our data processing agreements. • Provide written email confirmation once the deletion is complete.

Statutory Retention Exceptions

Certain legal and regulatory obligations require us to retain specific data beyond a standard deletion request. These exceptions are strictly limited to:

• Consultation Records — Retained for a minimum of 7 years as an internal business record-retention policy. • Financial & Transactional Records — Retained for 6 to 7 years to satisfy mandatory audit and tax requirements under the Canada Revenue Agency (CRA) and the UAE Federal Tax Authority (FTA). • Legal Compliance — Any records directly relevant to an active legal hold, ongoing litigation, or an official regulatory investigation.

In the rare event that your data falls under one of these retention mandates, we will explicitly notify you of the specific legal framework requiring its preservation and the anticipated timeline. Any data retained under these exceptions is securely isolated from active databases, limited to the absolute minimum necessary, and strictly barred from any operational use or processing.

You may also use the self-serve “Delete My Account” control in your account portal at any time; the same identity-verification, timeline, and statutory exceptions described here apply.

We send emails through a professional email delivery service. All electronic communications comply with the Canadian Anti-Spam Legislation (CASL) and applicable UAE and international anti-spam regulations.

• Transactional Emails: Booking confirmations, session reminders, payment receipts, and account notifications are sent based on your contract with us and do not require separate marketing consent. • Marketing Emails: Newsletters, service updates, and promotional content are sent only with your express opt-in consent. • Every marketing email includes a clear, one-click unsubscribe mechanism. • We honor unsubscribe requests within 10 business days (CASL requirement). • We do not purchase email lists or send unsolicited commercial messages.

If you correspond with us via email, we may retain the content of your messages, your email address, and our responses for the purpose of resolving your inquiry and maintaining a record of our communications.

We reserve the right to update this Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the “Effective Date” at the top of this page. • For material changes that significantly affect how we process your data, we will notify you via email at least 30 days before the changes take effect. • Your continued use of the Website and Services after the effective date of the revised Policy constitutes your acceptance of the changes. • If you do not agree with the revised Policy, you should discontinue use of the Services and contact us to exercise your data rights.