The Golden Path

Effective date: 5.11.2025

License No. 2538330.01
Address: Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
Founder & CEO: Dr. Maximilian Takara Ulmer
European Contact: Tiefensteinerstr. 455 · D-55743 Idar-Oberstein · Germany

 

PRIVACY & DATA PROTECTION POLICY

 

1. Purpose & Scope

This Policy explains how The Golden Path L.L.C-FZ (“Company”, “we”, “us”) collects, uses, protects, and transfers personal data in compliance with: UAE PDPL (Federal Decree-Law No. 45 of 2021); EU GDPR (EU 2016/679); UK-GDPR & UK Data Protection Act 2018; and U.S. privacy principles (including CCPA/CPRA).

It applies to all personal data processed via our services, retreats, website, Kajabi pages/emails/checkout, and other digital platforms.

 

2. Controller & Contact

Data Controller: The Golden Path L.L.C-FZ

License No.: 2538330.01

Email: [email protected]

Responsible Officer: Dr. Maximilian Takara Ulmer

We determine the purposes and means of processing. If and where required under GDPR/UK-GDPR Art. 27, we will designate an EU/UK representative; contact details available upon request.

 

3. Data We Collect

  1. Identification & Contact: name, email, phone, billing details, country.

  2. Engagement: bookings, enrollments, session notes, communications.

  3. Recordings & Transcripts: audio/video sessions (Read.AI and/or Otter AI), stored in encrypted Google Drive client folders.

  4. Payment: transactions via Stripe or PayPal (we do not store card numbers).

  5. Technical: device, IP, browser, usage (security & analytics, including Kajabi analytics).

  6. We do not intentionally collect medical/health data. If you voluntarily share such data for context, we process it with explicit consent and data-minimization.

 

4. Lawful Bases & Purposes

We process personal data only where a lawful basis applies, in accordance with Art. 6 GDPR, UK GDPR, and UAE Federal Decree-Law No. 45 of 2021 (PDPL). Depending on the context, processing is based on one or more of the following legal grounds:

  • Contractual necessity
    Pursuant to Art. 6(1)(b) GDPR and corresponding provisions under UK GDPR and PDPL, processing is required to enter into or perform a contract with you. This includes booking and delivery of services, mentoring sessions, retreats, digital programs, billing, and client support.

  • Consent
    Where required by law, processing is based on your freely given, specific, informed, and unambiguous consentin accordance with Art. 6(1)(a) GDPR, Art. 7 GDPR, and PDPL consent requirements.
    Consent is relied upon in particular for:

    • session recordings and transcripts,

    • testimonials (text, audio, or video),

    • embedded external media (e.g., YouTube),

    • optional communications.
      Consent may be withdrawn at any time with future effect, without affecting the lawfulness of processing carried out prior to withdrawal.

  • Legitimate interests
    Processing may be carried out pursuant to Art. 6(1)(f) GDPR and corresponding UK GDPR and PDPL provisions where necessary to ensure platform security, prevent fraud, maintain service integrity, manage communications, and protect our legal rights, provided that such interests are not overridden by your fundamental rights and freedoms.

  • Legal obligations
    Processing may be required to comply with legal obligations under Art. 6(1)(c) GDPR, applicable UK law, and UAE PDPL, including tax, accounting, regulatory, and authority requirements.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal but may limit access to certain features or materials.

5. Processors & Trusted Tools

We use vetted processors under DPAs and recognized transfer safeguards:

We review vendors periodically and keep a sub-processor register (available upon request).

 

6. Recordings & Confidentiality

Sessions may be recorded to support integration and quality assurance; stored under Company control with AES-256encryption; never used for marketing without separate written consent; retained 3 years then erased. Group participants must maintain mutual confidentiality and may not record independently. Clients may opt out of recording (access to review materials may then be unavailable).

 

7. Retention & Deletion

Personal data is retained only for as long as necessary in accordance with the principles of storage limitation and data minimization under Art. 5(1)(c) and (e) GDPR, corresponding UK GDPR provisions, and UAE PDPL.

Retention periods vary depending on the data category, contractual requirements, and applicable legal obligations:

  • Client account, booking, and communication data:
    retained for the duration of the contractual relationship and up to 6 years thereafter, in line with statutory limitation periods, accounting obligations, and Art. 6(1)(c) GDPR (legal obligation).

  • Session recordings and transcripts:
    retained for up to 3 years for client access, integration, and quality assurance purposes, based on Art. 6(1)(b) GDPR (contract) and Art. 6(1)(a) GDPR (consent).
    Thereafter, data is securely deleted or anonymized, unless earlier deletion is requested or longer retention is expressly agreed in writing.

  • Financial and transaction records:
    retained for 7–10 years, as required under UAE tax law, EU/UK accounting regulations, and Art. 6(1)(c) GDPR(legal obligation).

  • Technical, security, and access logs:
    retained for up to 12 months based on Art. 6(1)(f) GDPR (legitimate interests), unless extended retention is required for fraud prevention, system security, or the establishment, exercise, or defense of legal claims.

Once personal data is no longer required for the purposes stated above, it is securely erased, anonymized, or aggregatedusing industry-standard deletion procedures.
Requests for deletion are honored in accordance with Art. 17 GDPR and corresponding UK GDPR and PDPLprovisions, unless retention is required to comply with legal obligations or to establish, exercise, or defend legal claims.

 

8. International Transfers

Data may move between UAE, EU, UK, U.S. using EU SCCs (2021/914), UK IDTA Addendum, PDPL Art. 22 clauses, encryption, and access controls.

 

9. Data Sharing

We do not sell personal data. Sharing occurs only for payment/platform support, professional advisers (legal/accounting/insurance), lawful government requests (e.g., Meydan Authority, UAE Data Office, FTA), or to defend legal rights.

 

10. Your Rights

You may request access, rectification, erasure, restriction/objection, portability, withdraw consent, and lodge a complaint (UAE Data Office / EU DPA / UK ICO). We may request identity verification to process your request.

Contact: [email protected] (we reply within 30 days, extendable by 60 with notice).

 

11. Security Measures

Multi-layered controls: encryption in transit/at rest, MFA, role-based access, audit logs, vendor due diligence, and confidentiality agreements for staff/contractors.

 

12. Data Breach Procedure

If a breach risks your rights, we will investigate immediately, notify affected clients and relevant authorities without undue delay, implement remediation, and maintain incident records.

 

13. Cookies & Analytics

 

Our website and Kajabi pages use strictly necessary cookies that are required for core functionality, security, session management, and checkout processes. These cookies are essential for the operation of the website and cannot be disabled.

Examples include infrastructure and security cookies provided by our hosting and platform providers (e.g., AWS/Kajabi) to ensure stable performance, fraud prevention, and system integrity.

External Media (e.g., YouTube)

Our website may embed external media content (such as YouTube videos).
Such content is blocked by default and loaded only after you provide explicit consent via the cookie consent banner.
Before consent is given, no connection to the external provider is established and no data is transmitted.

Analytics

We do not use advertising, profiling, or retargeting cookies.

At present, we do not operate independent third-party analytics tools (such as Google Analytics) for marketing or behavioral tracking purposes.
Any platform-internal, privacy-preserving measurements provided by our service providers (e.g., Kajabi) are limited to technical performance and security purposes.

If analytics tools requiring consent were to be enabled in the future, they would be activated only after prior explicit consent and this Policy would be updated accordingly.

Managing Preferences

You can manage or withdraw your consent at any time via:

  • the cookie consent banner (“Cookie Settings”), or

  • your browser settings.

 

14. Marketing & Testimonials

Marketing is opt-in and can be revoked anytime. Testimonials (text/audio/video) require separate written authorizationand can be withdrawn.

 

15. Children

Services are for adults (18+). If we learn we hold minor data without proper consent, we delete it.

 

16. Policy Updates

We may update this Policy for legal/operational reasons. The current version is on our site; material changes will be emailed to active clients.

 

17. Governing Law & Language

This Policy is governed by UAE law and Meydan Free Zone regulations. EU/UK mandatory rights remain unaffected. English prevails. Electronic consents are valid under UAE Federal Law No. 46 of 2021.

 

Contact Us

If you have any questions, concerns or complaints about this License No. 2538330.01 please contact us:

  • The Golden Path L.L.C-FZ 
  • Founder & CEO: Dr. Maximilian Takara Ulmer
  • Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
  • Email: [email protected]