
PRIVACY POLICY
Last Updated: June 2026.
1. Introduction
This Privacy Policy explains how Cullinan Luxury Group collects, uses, stores, protects, shares, transfers, retains, and otherwise processes personal information when you visit our website, contact our agency, submit an inquiry, request a consultation, subscribe to communications, engage with our services, interact with our digital platforms, or communicate with us in a professional capacity.
Cullinan Luxury Group is a luxury branding and marketing agency providing strategic, creative, digital, public relations, communication, e-commerce, AI-driven intelligence, and advisory services for brands, companies, founders, institutions, and professional clients seeking refined market positioning, elevated brand presence, and disciplined luxury growth.
We recognize that privacy, discretion, confidentiality, and responsible information handling are essential to the nature of our work. Visitors, prospects, clients, collaborators, suppliers, candidates, contractors, and professional contacts may share business ideas, brand concepts, campaign objectives, market information, creative materials, commercial plans, strategic ambitions, and other sensitive professional context. We process personal information only for clear, relevant, lawful, proportionate, and legitimate purposes connected to our website, communications, services, operations, and professional relationships.
This Privacy Policy should be read together with our Terms of Use, Cookies Policy, Legal Notice, and any separate proposal, service agreement, statement of work, confidentiality agreement, non-disclosure agreement, data processing agreement, invoice, or client contract entered into with Cullinan Luxury Group.
2. Table of Contents
1. Introduction
2. Table of Contents
3. Legal Entity Information
4. Who We Are and Our Role
5. Scope of this Policy
6. Privacy Principles
7. Personal Information We May Collect
8. Sensitive Personal Information
9. How We Collect Personal Information
10. How We Use Personal Information
11. Data Processing Overview
12. Lawful Bases for Processing
13. Client Inquiries and Consultation Requests
14. Client Projects and Confidential Business Information
15. Client-Supplied Personal Data
16. Data Processing Agreements
17. AI-Assisted Tools and Digital Intelligence
18. Automated Decision-Making and Profiling
19. Website Analytics and Performance Measurement
20. Cookies and Similar Technologies
21. Marketing Communications
22. Sharing Personal Information
23. Third-Party Provider Categories
24. Third-Party Websites and Platforms
25. International Data Transfers
26. Data Retention
27. Retention Schedule
28. Security
29. Security Incidents
30. Data Accuracy
31. Candidates, Suppliers, Contractors, and Collaborators
32. Your Privacy Rights
33. Privacy Request Process
34. Privacy Rights for Visitors from the European Economic Area, United Kingdom, and Similar Jurisdictions
35. Privacy Rights for Visitors from the United Arab Emirates
36. Privacy Rights for Visitors from Morocco
37. Privacy Rights for Visitors from the United States and Other Regions
38. Do Not Sell, Share, or Use Excessive Tracking
39. Portfolio, Case Studies, and Project References
40. Children’s Privacy
41. Business Transfers and Organizational Changes
42. Complaints and Supervisory Authorities
43. Changes to this Privacy Policy
44. Contact Us
3. Legal Entity Information
This website is operated by Cullinan Luxury Group.
Legal entity name: Cullinan Luxury Group LLC
Trading name: Cullinan Luxury Group
Legal form: Limited Liability Company
Jurisdiction: United Arab Emirates
Trade License Number: (Ask for it)
Issuing Authority: Dubai Department of Economy and Tourism — DET
Registered Office: Jet Set Business Center, Prime Tower - 17th Floor, Business Bay, Dubai, United Arab Emirates
Business Activity: Luxury branding, marketing strategy, creative direction, e-commerce consulting, PR management, AI-driven intelligence, digital communication, and related advisory services
Website: www.cullinanluxurygroup.com
Email: contact@cullinanluxurygroup.com
Telephone: +971 5 6183 6783
Where Cullinan Luxury Group operates through more than one entity, office, branch, representative address, commercial registration, affiliated business presence, or local representative arrangement, the relevant contracting entity may be identified in the applicable proposal, service agreement, statement of work, invoice, confidentiality agreement, data processing agreement, legal notice, or client contract.
This section is provided for transparency and should be read together with our Legal Notice, Terms of Use, Cookies Policy, and any separate agreement entered into with Cullinan Luxury Group.
Before publication, the trade license number, registration number, and any additional official company identifiers should be verified against the current commercial registration records.
4. Who We Are and Our Role
For the purposes of this Privacy Policy, Cullinan Luxury Group refers to the agency operating this website and providing luxury branding, marketing, creative, digital, public relations, e-commerce, AI-driven intelligence, and advisory services.
Unless otherwise stated in a separate agreement, Cullinan Luxury Group acts as the controller, business, or equivalent responsible party for personal information collected through its own website, inquiry forms, consultation requests, marketing communications, direct business interactions, recruitment or collaboration inquiries, and professional relationship management.
Where Cullinan Luxury Group determines the purposes and means of processing personal information, it acts as a controller or equivalent responsible party. Where Cullinan Luxury Group processes client-supplied personal data under a client’s documented instructions as part of a branding, marketing, CRM, advertising, analytics, content, AI, public relations, e-commerce, or digital strategy project, it may act as a processor, service provider, contractor, or equivalent role depending on the applicable law and the written terms agreed with the client.
The role of Cullinan Luxury Group in relation to client-supplied data will be determined by the applicable proposal, service agreement, statement of work, data processing agreement, client contract, or written instructions.
5. Scope of this Policy
This Privacy Policy applies when you visit or browse our website, submit a contact form or consultation request, send us an email or business inquiry, request information about our services, subscribe to newsletters or insights, interact with our editorial content, view portfolio materials, engage with campaign pages, communicate with us on social media, attend a call or meeting, participate in a presentation or private consultation, or become a client, supplier, collaborator, contractor, candidate, or professional contact of Cullinan Luxury Group.
This Policy also applies to information collected automatically through cookies, analytics technologies, security tools, server logs, pixels, tags, scripts, local storage, consent tools, and similar technologies used on our website.
This Privacy Policy does not replace any separate confidentiality agreement, non-disclosure agreement, service agreement, statement of work, data processing agreement, proposal, invoice, or contractual document agreed between Cullinan Luxury Group and a client. Where a separate written agreement applies to a specific client relationship or project, that agreement may contain additional or more specific privacy, confidentiality, security, intellectual property, and data-processing terms.
6. Privacy Principles
Cullinan Luxury Group aims to process personal information according to principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, confidentiality, integrity, and accountability where such principles apply.
We aim to collect only information that is relevant, proportionate, and reasonably necessary for the purpose for which it was collected. We do not intentionally collect excessive personal data through website forms, inquiry flows, consultation requests, newsletters, campaign pages, or professional communications.
We aim to use personal information only for clear and legitimate purposes connected to our website, communications, services, professional relationships, business operations, legal obligations, security, and client work.
7. Personal Information We May Collect
The personal information we collect depends on how you interact with Cullinan Luxury Group.
When you contact us, we may collect your name, email address, phone number, company name, job title, country, preferred contact method, inquiry subject, message content, and any information you choose to include in your communication.
When you request a consultation or submit a business inquiry, we may collect information about your brand, company, industry, project objectives, service interests, budget range, timeline, market focus, target audience, strategic challenges, digital presence, and business expectations.
When you become a client, we may process additional business and project information such as billing details, contract details, project documentation, brand assets, campaign materials, meeting notes, strategy briefs, creative references, marketing objectives, audience information, account contacts, approval records, service deliverables, communication history, payment records, and operational records.
When you interact with our website, we may collect technical and usage information such as IP address, browser type, device type, operating system, referring website, pages visited, time spent on pages, approximate location, interaction data, cookie identifiers, analytics events, form activity, campaign identifiers, and consent preferences.
When you subscribe to communications, we may collect your name, email address, subscription preferences, communication history, newsletter engagement, consent records, unsubscribe records, and related marketing preferences.
When you engage with us through social media or third-party platforms, we may receive profile information, public interactions, messages, comments, platform identifiers, advertising engagement, or related information depending on your settings and the relevant platform’s privacy practices.
When you apply for a role, collaboration, partnership, supplier relationship, contractor opportunity, or creative collaboration, we may collect professional information such as your CV, portfolio, website, social media profile, work history, qualifications, references, availability, expected compensation, professional background, payment details where relevant, tax or invoicing details where relevant, and related correspondence.
8. Sensitive Personal Information
We do not intentionally request sensitive personal information through our website unless it is strictly necessary for a specific purpose and permitted by applicable law.
Sensitive personal information may include information relating to health, biometric data, religion, political opinions, ethnicity, criminal records, precise geolocation, trade union membership, sexual orientation, or other protected categories depending on the applicable jurisdiction.
You should not submit sensitive personal information through our website forms, email channels, inquiry forms, consultation requests, or public communication channels unless we specifically request it and explain why it is necessary. If you voluntarily provide sensitive information, we will process it only where lawful, necessary, proportionate, and appropriate to the purpose for which it was provided.
9. How We Collect Personal Information
We may collect personal information directly from you when you complete a form, send an email, request a consultation, speak with our team, subscribe to communications, sign an agreement, attend a meeting, provide project materials, submit a proposal request, or otherwise communicate with Cullinan Luxury Group.
We may collect information automatically when you visit our website through cookies, analytics tools, server logs, pixels, tags, scripts, local storage, consent tools, security technologies, and similar technologies.
We may receive information from third parties such as referral partners, clients, collaborators, social media platforms, advertising platforms, analytics providers, professional directories, event organizers, CRM systems, public business sources, recruitment platforms, payment providers, or third parties who include your details as part of a project team, supplier contact, media contact, influencer contact, or business relationship.
We may also collect publicly available professional information when evaluating a potential collaboration, client inquiry, market opportunity, partnership, candidate profile, supplier relationship, contractor relationship, media opportunity, or business communication.
10. How We Use Personal Information
Cullinan Luxury Group may use personal information to respond to inquiries, contact requests, and consultation submissions; evaluate whether our services are appropriate for a prospective client; prepare proposals, presentations, service recommendations, and project scopes; deliver branding, marketing, creative, digital, public relations, AI, e-commerce, or strategic consulting services; manage client relationships, contracts, invoices, payments, meetings, approvals, and project communications; operate, secure, maintain, and improve our website; analyse website performance and understand visitor behaviour; measure the effectiveness of marketing, campaigns, editorial content, and digital communications; send newsletters, insights, updates, invitations, or agency communications where permitted; manage events, private appointments, calls, workshops, or strategic sessions; protect legal rights, business interests, website infrastructure, systems, and confidential information; comply with legal, tax, accounting, regulatory, contractual, and administrative obligations; prevent fraud, misuse, unauthorised access, security incidents, spam, or unlawful activity; assess applications for employment, collaboration, contractor roles, supplier relationships, or partnerships; and improve the quality, relevance, and precision of our services.
We do not use personal information to create intrusive, excessive, or indiscriminate marketing practices. Our processing is designed to support a professional, measured, discreet, and relevant agency experience.
11. Data Processing Overview
The following list provides a practical overview of the main categories of personal information we may process, the purposes for which we process them, the usual lawful basis where applicable, the typical retention approach, and the categories of recipients that may receive or access the information.
Contact Details
This may include your name, email address, phone number, company name, and professional role. We use this information to respond to inquiries, arrange consultations, manage communications, and maintain professional contact records. The typical lawful basis may include legitimate interests, consent, pre-contractual steps, or contractual necessity. Non-client inquiry records may usually be retained for up to 24 months, or longer if a client relationship begins. This information may be accessed by email providers, CRM providers, internal team members, and professional advisors where needed.
Inquiry and Consultation Information
This may include project objectives, budget range, timeline, service interest, market focus, brand context, and strategic expectations. We use this information to review project suitability, prepare responses, develop proposals, and recommend appropriate service paths. The typical lawful basis may include legitimate interests, pre-contractual steps, or contractual necessity. Non-client inquiry records may usually be retained for up to 24 months, or for the duration of the contract plus the applicable retention period if a client relationship begins. This information may be accessed by CRM providers, internal team members, consultants, and project collaborators where relevant.
Client Project Information
This may include briefs, brand assets, strategy notes, approvals, deliverables, creative references, campaign materials, communication records, and project documentation. We use this information to deliver services, manage projects, document approvals, maintain professional records, and protect the integrity of the client relationship. The typical lawful basis may include contractual necessity, legitimate interests, or legal obligation. Client project records may usually be retained for the duration of the client relationship plus up to 7 years, unless a longer period is required or justified. This information may be accessed by cloud storage providers, project tools, internal team members, contractors, and professional advisors.
Billing, Invoice, Payment, and Accounting Records
This may include billing details, invoice data, payment records, tax information, and accounting documentation. We use this information to manage invoices, payments, accounting, tax, financial records, and legal obligations. The typical lawful basis may include contractual necessity, legal obligation, or legitimate interests. These records are usually retained for up to 7 years or longer where required by law or dispute. This information may be accessed by accounting providers, payment providers, banks, tax advisors, and legal advisors.
Website Technical and Analytics Data
This may include IP address, device data, browser information, pages visited, interaction events, approximate location, and website usage information. We use this information for website security, performance measurement, analytics, user experience improvement, and technical diagnostics. The typical lawful basis may include legitimate interests or consent where required. Analytics data is usually retained according to cookie settings and provider configuration, commonly between 14 and 26 months where configured. This information may be accessed by analytics providers, hosting providers, security providers, and consent tool providers.
Cookie Identifiers, Campaign Identifiers, and Consent Records
This may include cookie identifiers, campaign identifiers, analytics events, advertising identifiers, and consent preference records. We use this information for consent management, campaign measurement, analytics, advertising attribution where permitted, and compliance accountability. The typical lawful basis may include consent, legitimate interests, or legal obligation where applicable. Consent records are usually retained for 6 to 12 months or as required for accountability, while advertising data may be retained according to provider settings. This information may be accessed by consent platforms, analytics providers, advertising platforms, and website tools.
Newsletter and Marketing Information
This may include email address, subscription preferences, communication history, engagement data, unsubscribe records, and marketing preferences. We use this information to send insights, updates, invitations, editorial content, and agency communications. The typical lawful basis may include consent, legitimate interests where permitted, or an existing business relationship. Marketing information is usually retained until unsubscribe, withdrawal of consent, objection, or inactivity review. This information may be accessed by email marketing providers, CRM providers, and analytics providers.
Social Media and Platform Interaction Data
This may include profile information, public interactions, messages, comments, platform identifiers, and advertising engagement depending on your settings and the relevant platform. We use this information to respond to messages, review engagement, manage professional communications, and understand platform interaction. The typical lawful basis may include legitimate interests or consent where applicable. Retention may depend on platform settings and internal communication needs. This information may be accessed by social media platforms, internal team members, and CRM tools where integrated.
Candidate, Contractor, Supplier, and Collaborator Data
This may include CVs, portfolios, professional history, qualifications, references, availability, expected compensation, tax or invoicing details, payment details where relevant, and related correspondence. We use this information to review applications, manage collaborations, onboard suppliers or contractors, process payments, and maintain professional records. The typical lawful basis may include pre-contractual steps, contractual necessity, legitimate interests, or legal obligation. Candidate data is usually retained for up to 24 months unless the candidate is engaged, while supplier and contractor records may be retained for up to 7 years where required. This information may be accessed by internal team members, HR or recruitment tools, accounting providers, and professional advisors.
Client-Supplied Personal Data
This may include CRM data, audience data, media contacts, influencer contacts, subscriber data, customer data, advertising data, or other personal data supplied by a client for an agreed project. We use this information to deliver agreed client services under client instructions. The lawful basis may be determined by the client, depending on the applicable role and project context, and may be governed by a data processing agreement or equivalent contractual terms. Retention is usually defined in the client agreement, project scope, or data processing agreement. This information may be accessed by project tools, advertising platforms, CRM platforms, contractors, and client-approved providers.
Security Logs and Access Records
This may include IP addresses, access records, security logs, device data, and anti-abuse information. We use this information to detect misuse, prevent fraud, protect systems, investigate incidents, and secure our website and digital infrastructure. The typical lawful basis may include legitimate interests or legal obligation where applicable. Security logs are usually retained for up to 12 months unless needed for security, investigation, legal protection, or dispute management. This information may be accessed by hosting providers, security providers, IT support, and legal advisors.
Legal, Dispute, and Compliance Records
This may include legal correspondence, authority requests, dispute files, contractual records, compliance documentation, and evidence required to establish, exercise, or defend legal claims. We use this information for legal, regulatory, dispute, compliance, and risk management purposes. The typical lawful basis may include legal obligation or legitimate interests. These records are retained for as long as necessary for the relevant legal, regulatory, dispute, or limitation period. This information may be accessed by legal advisors, courts, authorities, insurers, and professional advisors.
The exact lawful basis, retention period, and recipient categories may vary depending on the context, jurisdiction, relationship, applicable law, and separate written agreement.
12. Lawful Bases for Processing
Where applicable data protection laws require a lawful basis, we rely on one or more legal grounds depending on the context.
We may process personal information based on contractual necessity where processing is required to respond to a request before entering into a contract, prepare a proposal, provide services, manage a client relationship, deliver agreed work, issue invoices, process payments, or perform obligations under an agreement.
We may process personal information based on legitimate interests where necessary for the operation of our agency, website security, business development, service improvement, client relationship management, project administration, marketing performance measurement, fraud prevention, professional communications, and protection of our rights, provided those interests are not overridden by your rights and freedoms.
We may process personal information based on consent where required, such as for certain marketing communications, non-essential cookies, optional tracking technologies, newsletter subscriptions, or specific optional processing activities.
We may process personal information based on legal obligation where necessary to comply with accounting, tax, corporate, regulatory, recordkeeping, dispute resolution, court, authority, or legal requirements.
We may process personal information based on vital interests only in rare circumstances where processing is necessary to protect someone’s life or safety.
Where we process personal information on behalf of a client, the client may be responsible for identifying the lawful basis or legal permission for that processing, depending on the applicable law and the agreed contractual role.
13. Client Inquiries and Consultation Requests
When you submit an inquiry, we use the information provided to understand your request, identify the relevant service area, assess project compatibility, and respond appropriately.
This may include reviewing your company, brand, market position, digital presence, project expectations, timeline, budget indication, preferred services, and strategic objectives. We may store inquiry information in our internal systems or CRM to manage communication, avoid duplication, preserve business context, and improve the quality of future interactions.
Submitting an inquiry, booking a call, or sending project information does not create a client relationship unless and until a separate agreement, proposal, statement of work, or service agreement is accepted by the relevant parties, as explained in our Terms of Use.
14. Client Projects and Confidential Business Information
As a luxury branding and marketing agency, Cullinan Luxury Group may receive information that is commercially sensitive, strategically important, or confidential. This may include brand strategies, business plans, campaign concepts, creative assets, customer insights, market research, launch plans, product information, internal presentations, pricing information, audience data, media plans, brand positioning, advertising accounts, website analytics, CRM records, e-commerce information, and communications plans.
We use such information only for the purpose of evaluating, preparing, delivering, managing, improving, documenting, or protecting the relevant project, unless otherwise agreed with the client or required by law.
Where required, confidentiality obligations may be governed by a separate non-disclosure agreement, service agreement, proposal, statement of work, data processing agreement, or client contract. In case of conflict between this Privacy Policy and a signed client agreement, the signed agreement will usually govern the specific client relationship.
You should not submit confidential business information, trade secrets, unreleased brand strategies, private financial information, regulated information, personal data of third parties, credentials, access tokens, or restricted materials through public website forms unless we have requested it or an appropriate confidentiality arrangement is already in place.
15. Client-Supplied Personal Data
During certain projects, clients may provide Cullinan Luxury Group with personal information relating to their employees, customers, prospects, subscribers, influencers, media contacts, partners, suppliers, audiences, website users, social media audiences, advertising audiences, CRM records, or other third parties.
Where this occurs, the client is responsible for ensuring that it has the right to provide such data to Cullinan Luxury Group and that all necessary notices, consents, lawful bases, contractual permissions, platform permissions, and regulatory requirements have been satisfied.
Cullinan Luxury Group will process client-supplied personal data according to the relevant agreement, project scope, client instructions where applicable, and applicable data protection requirements.
16. Data Processing Agreements
Where required by applicable law or by the nature of the project, client-supplied personal data will be governed by a Data Processing Agreement or equivalent contractual data protection terms.
Such terms may address the subject matter and duration of processing, categories of personal data, categories of data subjects, processing instructions, confidentiality, security measures, sub processors, international transfers, assistance with rights requests, deletion or return of data, audit rights, and incident management.
Where Cullinan Luxury Group acts as a processor, service provider, contractor, or equivalent role, it will process client-supplied personal data according to the client’s documented instructions and the applicable written agreement.
17. AI-Assisted Tools and Digital Intelligence
Cullinan Luxury Group may use selected digital tools, analytics systems, automation technologies, and AI-assisted processes to support research, strategic planning, creative development, operational efficiency, content review, campaign measurement, market analysis, reporting, and service delivery.
Where AI-assisted tools are used, we aim to apply reasonable safeguards, limit unnecessary personal data input, and avoid using confidential client material in a manner that would compromise professional confidentiality or applicable data protection obligations.
We do not intentionally submit confidential client material, trade secrets, unreleased strategy, sensitive personal data, regulated information, proprietary information, or restricted materials into AI-assisted tools unless the use has been approved, is necessary for the agreed purpose, and is subject to appropriate confidentiality, security, contractual, and data protection safeguards.
Clients should not submit highly sensitive personal data, regulated information, confidential trade secrets, unreleased strategic materials, or proprietary information for AI-related analysis unless the permitted use has been clearly agreed in writing.
AI-assisted outputs, automated insights, predictive analysis, and digital intelligence tools may support professional review, but they do not replace human judgement, legal review, regulatory review, client approval, or strategic responsibility.
18. Automated Decision-Making and Profiling
We do not intentionally use personal information for automated decisions that produce legal or similarly significant effects concerning visitors, prospects, clients, candidates, suppliers, or collaborators without appropriate notice, lawful basis, and human oversight where required by applicable law.
We may use analytics, segmentation, campaign measurement, or digital intelligence to understand website performance, audience engagement, communication relevance, inquiry quality, campaign attribution, or service interest. These activities are designed to support business analysis and communication improvement, not to make legally significant decisions about individuals without review.
Where applicable law gives you rights relating to automated decision-making or profiling, you may contact us using the details provided in this Privacy Policy.
19. Website Analytics and Performance Measurement
We use analytics and performance tools to understand how visitors interact with our website. This may include measuring visits to service pages, editorial articles, case studies, contact pages, inquiry forms, newsletter forms, and campaign landing pages.
Analytics information helps us improve navigation, content relevance, technical performance, service presentation, user experience, and communication quality.
Where required by law, non-essential analytics cookies or similar tracking technologies will be used only with your consent. You may manage cookie preferences through our cookie banner, preference centre, or browser settings, where available.
Analytics information is generally reviewed in aggregated or statistical form where possible. Where individual identifiers are used, we aim to limit unnecessary identification and use analytics data for website improvement, performance measurement, and service relevance rather than excessive individual profiling.
20. Cookies and Similar Technologies
Our website may use cookies, pixels, tags, scripts, local storage, server logs, consent tools, analytics identifiers, campaign identifiers, and similar technologies to provide essential website functionality, remember preferences, protect the website, analyze performance, measure communication effectiveness, support relevant marketing measurement, and manage consent choices.
Cookies may be placed by Cullinan Luxury Group or by selected third-party providers that support analytics, security, hosting, marketing, embedded content, CRM, appointment booking, contact forms, website performance, or campaign reporting.
Where cookie-related information qualifies as personal data under applicable law, we process it in accordance with this Privacy Policy and our Cookies Policy.
For more detail about the categories of cookies we use, the purposes of cookie-related processing, cookie duration, provider categories, consent choices, and how to manage your preferences, please review our Cookies Policy.
21. Marketing Communications
We may use your contact details to send agency updates, insights, invitations, newsletters, service information, event notices, editorial content, or relevant communications about Cullinan Luxury Group.
We will send direct marketing communications where permitted by law, based on your consent, an existing business relationship, legitimate interest where applicable, or another lawful basis depending on the relevant jurisdiction.
You may unsubscribe from marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly.
Even if you unsubscribe from marketing communications, we may still send non-marketing messages relating to active services, contracts, meetings, invoices, proposals, legal notices, security matters, administrative updates, or client relationship management.
22. Sharing Personal Information
We may share personal information with selected third parties where necessary for legitimate business, operational, legal, technical, security, or service-related purposes.
These third parties may include website hosting providers, email providers, CRM platforms, analytics providers, marketing platforms, advertising platforms, security providers, cloud storage providers, payment and accounting providers, legal advisors, professional consultants, contractors, creative collaborators, public relations partners, production partners, media partners, scheduling tools, consent management platforms, and technology providers.
Where we engage service providers, we aim to ensure that they process information only for authorized purposes and apply appropriate confidentiality, security, and data protection measures.
We may also share personal information where required by law, court order, regulator request, tax authority requirement, legal claim, dispute, investigation, business restructuring, merger, acquisition, asset transfer, enforcement of rights, or protection of Cullinan Luxury Group, our clients, our systems, or other parties.
We do not allow third parties to use personal information for their own unrelated marketing purposes unless you have given consent or applicable law otherwise permits it.
23. Third-Party Provider Categories
Depending on the tools used by Cullinan Luxury Group and the configuration of the website, personal information may be processed by selected categories of third-party providers.
Website Hosting and Domain Providers
These providers support hosting, domain management, technical availability, website performance, and infrastructure stability. They may process IP addresses, server logs, technical data, and related website operation information.
Email and Communication Providers
These providers support business communication, contact management, inquiry responses, and professional correspondence. They may process names, email addresses, message content, communication history, and related contact information.
CRM and Inquiry Management Providers
These providers help manage leads, consultation requests, client relationships, project opportunities, and professional contact records. They may process contact details, inquiry information, project interest, consultation notes, and communication history.
Analytics Providers
These providers support website performance measurement and visitor interaction analysis. They may process device data, pages visited, interaction data, approximate location, analytics events, referral sources, and usage information.
Advertising and Campaign Platforms
These providers support campaign measurement, attribution, remarketing where permitted, audience analysis, and conversion reporting. They may process cookie identifiers, campaign events, conversion events, advertising identifiers, and interaction data.
Newsletter and Email Marketing Providers
These providers support the delivery of insights, invitations, updates, editorial communications, and agency newsletters. They may process email addresses, subscription preferences, engagement data, communication history, and unsubscribe records.
Scheduling and Appointment Providers
These providers support consultation booking, call scheduling, calendar coordination, and meeting management. They may process names, email addresses, phone numbers, appointment details, time zone information, and communication preferences.
Cloud Storage and Project Management Providers
These providers support project delivery, secure file storage, collaboration, recordkeeping, and internal workflow management. They may process client files, project materials, communication records, approvals, briefs, and operational records.
Accounting, Payment, and Invoicing Providers
These providers support payment administration, accounting, tax, invoicing, financial recordkeeping, and related business operations. They may process billing details, invoice data, payment records, tax information, and financial correspondence.
Security and Anti-Spam Providers
These providers support website protection, fraud prevention, abuse detection, form protection, bot detection, and infrastructure security. They may process IP addresses, security logs, device data, access records, and technical identifiers.
AI and Automation Tools
These providers may support research, analysis, productivity, content review, reporting, operational efficiency, and digital intelligence where appropriate. They may process limited project or business data only where permitted, necessary, and subject to appropriate confidentiality, security, and data protection safeguards.
Professional Advisors
These may include legal advisors, accounting advisors, tax advisors, compliance advisors, insurers, and dispute management professionals. They may process relevant business, contract, financial, legal, or compliance records where necessary for advice, compliance, protection of rights, or dispute management.
The exact providers used may change over time depending on our website configuration, agency tools, service providers, operational needs, security requirements, and legal obligations.
24. Third-Party Websites and Platforms
Our website may contain links to third-party websites, platforms, social media pages, embedded media, maps, video players, scheduling tools, CRM forms, analytics services, advertising platforms, or other external services.
These third-party services are not controlled by Cullinan Luxury Group. We are not responsible for their content, privacy practices, cookie practices, security standards, terms of use, availability, accuracy, policies, or business operations.
When you visit or interact with a third-party platform, your information will be governed by that platform’s own privacy policy, cookie policy, and terms.
We recommend reviewing third-party privacy notices before submitting personal information or interacting with external platforms.
25. International Data Transfers
Cullinan Luxury Group may work with clients, service providers, contractors, collaborators, and technology platforms located in different countries. As a result, personal information may be transferred to, stored in, or accessed from jurisdictions outside your country of residence.
Where required by applicable law, we use appropriate safeguards for international transfers. These may include adequacy mechanisms, standard contractual clauses, data processing agreements, transfer risk assessments where required, technical protections, access controls, encryption where appropriate, limited permissions, and other lawful transfer measures.
Because digital agency work often involves global tools and cross-border collaboration, some information may be processed through international platforms used for hosting, analytics, communication, project management, CRM, creative production, marketing operations, security, AI-assisted productivity, or service delivery.
Mandatory local privacy, electronic communications, marketing, consumer, or data protection laws may apply regardless of the jurisdiction identified in our Terms of Use or client agreements.
26. Data Retention
We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Inquiry records may be kept for a reasonable period to manage follow-up, avoid duplication, analyse business development activity, preserve communication history, and maintain professional context.
Client project records may be retained for the duration of the client relationship and for a further period necessary for legal, accounting, tax, contractual, portfolio, audit, dispute resolution, professional, or legitimate business purposes.
Marketing records may be retained until you unsubscribe, withdraw consent, object to processing, or your data is no longer required for communication purposes.
Technical logs, analytics information, security records, and cookie-related data are retained according to the purpose, system settings, provider settings, and applicable legal requirements.
When information is no longer required, we may delete it, anonymise it, securely archive it, restrict access to it, or retain it only where necessary for legal, contractual, security, or legitimate business reasons.
27. Retention Schedule
The following list provides typical retention periods. Actual retention periods may vary depending on applicable law, contract terms, dispute needs, technical settings, provider settings, professional obligations, or legitimate business requirements.
Non-Client Inquiry Records
Non-client inquiry records are usually retained for up to 24 months after the last meaningful interaction.
Consultation Request Records
Consultation request records are usually retained for up to 24 months, unless a client relationship begins.
Client Project Records
Client project records are usually retained for the duration of the client relationship plus up to 7 years.
Contracts, Invoices, Payment, Tax, and Accounting Records
Contracts, invoices, payment records, tax records, and accounting records are usually retained for up to 7 years or longer where required by law.
Marketing Subscription Records
Marketing subscription records are retained until unsubscribe, withdrawal of consent, objection, or inactivity review.
Unsubscribe and Suppression Records
Unsubscribe and suppression records are retained for as long as necessary to respect opt-out choices.
Website Analytics Data
Website analytics data is usually retained for 14 to 26 months depending on tool configuration.
Cookie Consent Records
Cookie consent records are usually retained for 6 to 12 months or as required for accountability.
Security Logs and Anti-Abuse Records
Security logs and anti-abuse records are usually retained for up to 12 months unless needed for investigation, legal protection, security review, or dispute management.
Candidate Applications
Candidate applications are usually retained for up to 24 months unless the candidate is engaged or a longer period is justified.
Supplier, Contractor, and Collaborator Records
Supplier, contractor, and collaborator records are usually retained for the duration of the relationship plus up to 7 years where relevant.
Legal Claims, Disputes, Complaints, and Authority Requests
Legal claims, disputes, complaints, and authority request records are retained for as long as necessary for the relevant matter and applicable limitation periods.
Client-Supplied Personal Data
Client-supplied personal data is retained as stated in the applicable client agreement, project scope, data processing agreement, or documented client instruction.
28. Security
We use reasonable technical, organizational, and administrative measures designed to protect personal information against unauthorized access, disclosure, alteration, loss, misuse, destruction, or unlawful processing.
These measures may include access controls, password protection, limited internal permissions, secure hosting, confidentiality practices, secure communication tools, system monitoring, backup procedures, malware protection, provider review, restricted file access, confidentiality obligations, and careful selection of technology services.
No digital system, website, email channel, cloud tool, or internet transmission can be guaranteed to be completely secure. You are responsible for ensuring that any information you send to us is transmitted through appropriate channels, especially where the information is confidential, commercially sensitive, strategically important, or regulated.
If a specific project requires enhanced security, private file transfer, restricted access, or a dedicated confidentiality process, this should be agreed in writing before sensitive information is exchanged.
29. Security Incidents
If a security incident affects personal information and notification is required by applicable law, Cullinan Luxury Group will notify affected individuals, clients, authorities, regulators, service providers, or other relevant parties in accordance with applicable legal requirements.
Where appropriate, we may investigate the incident, take steps to reduce harm, secure affected systems, review relevant provider activity, preserve evidence, and communicate with affected parties according to the nature of the incident and applicable obligations.
30. Data Accuracy
Please ensure that any personal information you provide to Cullinan Luxury Group is accurate, complete, and up to date.
If your information changes, you may contact us to request correction or update of relevant records.
Cullinan Luxury Group is not responsible for errors, delays, failed communications, incorrect proposals, inaccurate records, or misdirected communications caused by incomplete, outdated, unauthorized, or inaccurate information submitted by a visitor, client, supplier, collaborator, candidate, contractor, or third party.
31. Candidates, Suppliers, Contractors, and Collaborators
If you apply for a role, submit a portfolio, propose a collaboration, become a supplier, work as a contractor, participate in a creative project, or communicate with us about a professional opportunity, we may process personal information relevant to that relationship.
This may include your name, contact details, CV, portfolio, professional history, qualifications, references, website, social media profiles, availability, expected compensation, tax or invoicing details where relevant, payment information where relevant, contracts, communication records, and professional materials.
We use this information to assess suitability, communicate with you, manage the relationship, process payments where relevant, maintain records, comply with legal obligations, protect our rights, and manage professional collaborations.
Candidate, supplier, contractor, and collaborator data may be shared with internal decision-makers, professional advisors, accounting providers, project tools, payment providers, or other relevant parties where necessary and lawful.
32. Your Privacy Rights
Depending on your location and the applicable law, you may have rights in relation to your personal information.
These rights may include the right to request access to your personal information, request correction of inaccurate information, request deletion, object to certain processing, restrict processing, withdraw consent, request data portability, opt out of certain marketing communications, limit certain uses, object to automated decision-making where applicable, or lodge a complaint with a competent data protection authority.
Some rights may be subject to legal limitations. For example, we may need to retain certain information for legal, contractual, accounting, tax, security, confidentiality, professional, or dispute resolution purposes.
Where processing is based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
33. Privacy Request Process
To exercise your privacy rights, please contact us using the details provided in this Privacy Policy.
We may request information necessary to verify your identity, authority, or relationship to the relevant data before fulfilling a request, especially where disclosure could affect another person’s privacy, confidentiality, security, trade secrets, client information, or legal rights.
We aim to respond to valid privacy rights requests within the timeframe required by applicable law. Where permitted, we may extend the response period for complex or multiple requests and will inform you where required.
We may refuse or limit a request where permitted by law, including where a request is manifestly unfounded, excessive, impossible to fulfil, conflicts with legal obligations, compromises another person’s rights, affects confidential client information, or concerns information we are required or permitted to retain.
34. Privacy Rights for Visitors from the European Economic Area, United Kingdom, and Similar Jurisdictions
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar data protection rules, you may have additional rights under applicable privacy laws.
These rights may include access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and the right to complain to a supervisory authority.
Where required, we will provide information about the purposes of processing, categories of data, lawful bases, recipients, retention periods, international transfers, automated processing where applicable, and data subject rights.
Where we rely on legitimate interests, you may have the right to object to certain processing. Where we use direct marketing, you may object to marketing at any time.
35. Privacy Rights for Visitors from the United Arab Emirates
If you are located in the United Arab Emirates, your personal data may be protected under applicable UAE data protection laws, including the UAE Personal Data Protection Law where relevant.
Depending on the circumstances, you may have rights relating to access, correction, deletion, restriction, objection, portability, withdrawal of consent, and information about processing.
For UAE-related interactions, relevant considerations may include personal data protection, electronic communications, digital transactions, website use, online business activity, commercial records, security, and applicable regulatory requirements.
Where applicable, Cullinan Luxury Group aims to process personal data in a lawful, fair, transparent, proportionate, and secure manner.
36. Privacy Rights for Visitors from Morocco
If you are located in Morocco, personal data processing may be subject to Law No. 09-08 relating to the protection of individuals with regard to the processing of personal data and applicable CNDP requirements where relevant.
Where applicable, you may have rights to access, rectify, and object to the processing of your personal information. Certain processing activities may also be subject to formalities, declarations, authorizations, or requirements before the competent Moroccan authority where applicable.
For Morocco-related interactions, relevant considerations may include lawful processing, purpose limitation, transparency, proportionality, rights of access, rectification and objection, data security, and any required formalities before competent authorities.
Cullinan Luxury Group aims to process personal information with respect for privacy, professional discretion, proportionality, transparency, and the purpose for which the information was collected.
37. Privacy Rights for Visitors from the United States and Other Regions
If you are located in the United States or another jurisdiction with specific privacy laws, you may have additional rights depending on your state, country, or region.
These rights may include the right to know what personal information is collected, request access, request correction, request deletion, opt out of certain processing, limit certain uses of personal information, opt out of sale or sharing where applicable, opt out of targeted advertising where applicable, or receive information about disclosures.
Cullinan Luxury Group will review applicable requests according to the law that applies to the relevant individual, processing activity, and business relationship.
38. Do Not Sell, Share, or Use Excessive Tracking
Cullinan Luxury Group does not sell personal information as a business model.
Where applicable law defines “sale,” “sharing,” “targeted advertising,” or “cross-context behavioral advertising” broadly, visitors may have the right to opt out of certain advertising, analytics, or marketing-related processing.
We do not use personal information to create intrusive, excessive, or indiscriminate marketing practices. Where non-essential cookies, advertising pixels, or similar tracking technologies require consent or opt-out rights, we aim to provide appropriate controls through our Cookies Policy, cookie banner, preference centre, or other available mechanisms.
39. Portfolio, Case Studies, and Project References
Cullinan Luxury Group may wish to refer to selected projects, collaborations, public work, concepts, outcomes, or professional references in its portfolio, case studies, credentials, presentations, proposals, social media, or private business development materials.
We will not intentionally disclose confidential client information, private project details, unpublished brand strategies, restricted campaign materials, non-public business information, or non-public personal data in public-facing portfolio materials without appropriate permission or another lawful basis.
Where a project is confidential, under embargo, subject to a non-disclosure agreement, or governed by a separate client agreement, that agreement will guide how project information may be used, referenced, displayed, anonymized, aggregated, or withheld.
40. Children’s Privacy
Our website and services are intended for business, professional, and adult users. They are not directed to children.
We do not knowingly collect personal information from children through our website or agency services.
If you believe that a child has provided personal information to Cullinan Luxury Group without appropriate consent, please contact us so that we can review the matter and take appropriate action.
41. Business Transfers and Organisational Changes
If Cullinan Luxury Group is involved in a business restructuring, merger, acquisition, sale, transfer of assets, financing, reorganization, change of control, branch formation, or similar transaction, personal information may be transferred or disclosed as part of that process where permitted by law.
Where appropriate, we will seek to ensure that any successor, acquiring party, or relevant recipient handles personal information in a manner consistent with this Privacy Policy or provides appropriate notice of any material changes.
42. Complaints and Supervisory Authorities
If you have concerns about how Cullinan Luxury Group handles personal information, you may contact us using the details provided in this Privacy Policy.
Depending on your location and the applicable law, you may also have the right to lodge a complaint with a competent data protection authority, regulator, supervisory authority, or other relevant body.
We encourage you to contact us first where appropriate, so that we can review your concern and respond in a professional manner.
43. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, website, technologies, legal requirements, data practices, agency operations, business structure, service providers, AI tools, cookie tools, or professional standards.
When we update this Policy, we will revise the “Last Updated” date at the top of the page. Where required, we may provide additional notice, request renewed consent, or update related website notices.
Your continued use of the website after an updated Privacy Policy is published means that you have had the opportunity to review the updated Policy.
We encourage visitors, clients, and professional contacts to review this Privacy Policy periodically to remain informed about how Cullinan Luxury Group handles personal information.
44. Contact Us
For questions about this Privacy Policy, personal data, privacy rights, cookies, consent choices, or the way Cullinan Luxury Group handles information, please contact:
Cullinan Luxury Group
Legal entity name: Cullinan Luxury Group LLC
Trading name: Cullinan Luxury Group
Legal form: Limited Liability Company
Trade License Number: (Ask for it)
Issuing Authority: Dubai Department of Economy and Tourism — DET
Registered address: Jet Set Business Center, Prime Tower - 17th Floor, Business Bay, Dubai, United Arab Emirates
Website: www.cullinanluxurygroup.com
Email: contact@cullinanluxurygroup.com
Telephone: +971 5 6183 6783
When contacting us, please include enough information for us to understand your request and respond appropriately. We may ask for verification of identity, authority, or relationship to the relevant information before fulfilling certain privacy rights requests.
Submitting a privacy, website, cookie, legal, or service-related inquiry does not automatically create a client relationship, legal mandate, service engagement, agency relationship, or contractual obligation unless separately agreed in writing.