Privacy Policy

360 Health & Performance — Learning Platform

Version: 2.0 Effective Date: 7 April 2026 Entity: THREE SIXTY HEALTH & PERFORMANCE MANAGEMENT CONSULTANCIES — FZCO Registered in: Dubai, United Arab Emirates Governing Law: UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law)

1. Purpose of This Policy

This Privacy Policy explains how THREE SIXTY HEALTH & PERFORMANCE MANAGEMENT CONSULTANCIES — FZCO ("we," "us," or "360") collects, uses, protects, and discloses personal data from individuals who access our learning platform at learn.360healthperformance.com ("the Platform"). This includes enrolment in the 360 OS Foundation Certification, the 360 OS Level II Certification, and the 360 Private Member Platform.

2. Information We Collect

We may collect the following categories of personal data:

• Identification Data: Name, email address, profession, and country of residence
• Account Data: Login credentials, course enrolment records, progress tracking, and course interactions
• Communication Data: Email correspondence, support requests, and survey responses
• Technical Data: IP address, browser type, device identifiers, and session analytics
• Payment Data: Transaction records processed by our third-party payment provider (we do not store card details directly)

3. How We Use Your Data

We process your personal data for the following purposes:

• To deliver our learning programmes and manage your enrolment
• To personalise your learning experience and record course progress
• To issue certificates and maintain certification records
• To send important programme updates, reminders, or policy changes
• To provide technical and customer support
• To maintain legal and financial records as required by UAE law
• To improve our platform and services

4. Legal Basis for Processing

In accordance with the UAE Personal Data Protection Law, we process your data on the following grounds:

• Contractual necessity — to deliver the programmes you have enrolled in and fulfil our obligations to you
• Legitimate interests — for internal reporting, platform improvement, fraud prevention, and security
• Legal obligation — to comply with applicable UAE laws, regulations, and regulatory requirements
• Consent — for optional feedback collection and marketing communications, where you have given explicit consent. You may withdraw consent at any time by contacting us

5. Data Sharing

We do not sell your personal data. We may share your information only with:

• Service providers who help us deliver the Platform, including Thinkific (platform hosting), Stripe (payment processing), and email communication tools — strictly as required to operate our services
• Legal or regulatory authorities if required by UAE law or in response to a valid legal request
• Professional advisers such as auditors or legal counsel, where necessary

All third-party service providers are contractually required to protect your data and process it only as we instruct.

6. International Data Transfers

Our Platform is hosted by Thinkific (based in Canada), and certain service providers operate outside the UAE. Where your data is transferred internationally, we ensure that appropriate safeguards are in place, including contractual protections that meet the requirements of the UAE Personal Data Protection Law.

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide access to the programmes you have enrolled in
• Maintain certification records and verification capability
• Comply with legal, financial, and regulatory obligations under UAE law
• Maintain support records and prevent misuse

Upon request, we will delete your personal data where we are not legally required to retain it.

8. Data Security

We implement appropriate technical and organisational measures to protect your data from accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures are reviewed periodically to ensure their continued effectiveness.

9. Your Rights

Under the UAE Personal Data Protection Law, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data, subject to our legal obligations
• Withdraw consent where processing is based on your consent
• Object to processing in certain circumstances
• Request restriction of processing in certain circumstances
• Data portability — receive your data in a structured, commonly used format

To exercise any of these rights, contact us at: [email protected]

We will respond to your request within 30 days.

10. Cookies and Tracking

The Platform uses cookies and similar technologies to provide core functionality, remember your preferences, and analyse usage patterns. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality.

11. Children's Data

Our Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When material changes are made, we will notify you by email or via a notice on the Platform before the updated terms take effect. The "Effective Date" at the top of this policy indicates when it was last revised.

13. Contact Details

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, contact:

Data Protection Contact THREE SIXTY HEALTH & PERFORMANCE MANAGEMENT CONSULTANCIES — FZCO Email: [email protected]

14. Complaints

If you are not satisfied with our response to a data protection concern, you may lodge a complaint with the UAE Data Office established under the UAE Personal Data Protection Law.

END OF POLICY