Privacy Policy
CoreLedger – F.Z.E is committed to protecting your personal data and respecting your privacy. This Policy explains how we collect, use, store and protect information about you in connection with your use of our website and services, in compliance with the UAE Federal Decree by Law No. (45) of 2021 on the Protection of Personal Data (PDPL).
1. Data Controller
The Data Controller within the meaning of the UAE PDPL and other applicable data protection legislation is:
Company: CoreLedger - F.Z.E
Licence No.: 44595
Address: B.C. 1305711, Ajman Free Zone C1 Building, Ajman Free Zone, Ajman, UAE
Website: www.coreledger.org
Email: privacy@coreledger.org
Jurisdiction: United Arab Emirates
2. Scope of This Policy
This Privacy Policy describes what personal information we collect and why, how we obtain and use it, and the legal grounds for processing. It explains how long we retain your data, with whom we may share it, and the measures we take to protect it. It also covers cross-border transfers — including to Switzerland, where our servers are hosted — your rights as a data subject, and our use of cookies and similar technologies.
3. Personal Information We Collect
We may collect the following categories of personal information:
3.1 Information You Provide Directly
- Name (first name, last name);
- Email address;
- Telegram username / handle;
- Any other information you voluntarily submit via our website forms.
3.2 Information Collected Automatically
- IP address and approximate geographic location;
- Browser type, version, and operating system;
- Pages visited, time spent, referral sources, and clickstream data;
- Cookie identifiers and session data (see Section 8 on Cookies);
- Device identifiers.
3.3 Information Collected in the Course of Business
- Communications and correspondence with us;
- Information provided when onboarding as a client or partner;
- Financial and transactional data necessary to provide our services;
- Professional background information relevant to our engagement;
- Any other information you provide in the course of your relationship with us.
4. How We Obtain Your Personal Information
We collect your personal information through website contact and subscription forms, the WPS Generator and similar interactive tools, and direct communication with us by email, phone, or other channels. We also collect data automatically via cookies and analytics tools when you visit our website, from third-party sources such as public registries or partners where lawful, and in the course of providing our services — including during client onboarding and ongoing engagement.
5. How We Use Your Personal Information
We use the personal information we collect for the following purposes:
- To respond to your enquiries and requests submitted via our website forms;
- To provide you with access to tools and features on the website (e.g., WPS Generator);
- To send you communications you have requested, including newsletters and updates;
- To provide, manage, and improve our services;
- To administer and manage our relationship with you as a client, partner, or prospect;
- To monitor and improve the performance, security, and user experience of our website;
- To fulfil our legal, regulatory, and contractual obligations;
- To defend or establish legal claims;
- For internal analytics and business development purposes.
6. Legal Grounds for Processing
We process your personal information on one or more of the following legal bases under the UAE PDPL:
- Consent — where you have given us your explicit consent (e.g., by submitting a form on our website);
- Contractual necessity — where processing is required to enter into or perform a contract with you;
- Legal obligation — where we are required to process your data to comply with applicable law or regulation;
- Legitimate interests — where we have a legitimate business interest that is not overridden by your rights and interests, such as improving our services, fraud prevention, and direct marketing;
- Vital interests — in rare circumstances, where necessary to protect the vital interests of an individual.
7. Retention of Personal Information
We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory, accounting, or reporting requirements. Retention periods are determined by the nature of the data, the purpose of processing, and applicable statutory limitation periods.
Where you ask us to delete your data, we will do so unless we are required or permitted by law to retain it — for example, to comply with a legal obligation, resolve a dispute, or enforce our agreements.
8. Cookies and Similar Technologies
Our website www.coreledger.org uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us operate our website, understand usage patterns, and deliver a personalised experience.
8.1 Types of Cookies We Use
- Necessary Cookies — essential for the website to function. They cannot be switched off and are set in response to your actions, such as setting your privacy preferences or completing forms.
- Marketing Attribution Cookies — first-party cookies that record the marketing source from which you arrived (e.g., the advertising campaign, channel, or referring search). They allow us to attribute leads submitted via our website to the correct source so we can evaluate marketing effectiveness. They do not track you across other websites.
- Analytics Cookies — allow us to count visits and understand how visitors use our website via Google Analytics (Google LLC) and Yandex Metrica (Yandex LLC). Information collected is aggregated and partially anonymised (we enable IP anonymisation in Google Analytics).
- Advertising Cookies — set by Google when you arrive via a Google Ads click (the GCLID identifier and related Conversion Linker cookies). They allow us to measure the effectiveness of our Google Ads campaigns and avoid showing repeated ads to people who already interacted with us.
8.2 Cookie Table
The following cookies are currently in use on this website:
Necessary
| Cookie | Duration | Purpose |
|---|---|---|
| cl_cc_consent | 1 year | Stores user cookie consent preferences (the action chosen in our cookie banner). |
| cl_lang_seen | 1 year | Marks that a language-detection check has already run for your browser, so we do not redirect you to the localised site (EN ↔ RU) more than once. |
| PHPSESSID | Session | PHP server session identifier. |
Marketing Attribution
| Cookie | Duration | Purpose |
|---|---|---|
| cl_first_touch | 180 days | Records the first marketing source that brought you to the site (UTM parameters, landing page, timestamp). Sent with your form submission so we can attribute leads correctly. |
| cl_last_touch | 180 days | Records the most recent marketing source for ongoing attribution. |
| cl_gclid | 180 days | Stores the Google Ads click identifier (GCLID) so that conversions can be linked back to specific Google Ads clicks. |
Analytics
| Cookie | Duration | Purpose |
|---|---|---|
| _ga | 2 years | Google Analytics — distinguishes users, tracks sessions and campaigns. |
| _ga_* | 2 years | Google Analytics — persists session state for the GA4 property. |
| _gid | 24 hours | Google Analytics — distinguishes users on a daily basis. |
| _gat | 1 minute | Google Analytics — throttles request rate to GA servers. |
| _ym_uid | 1 year | Yandex Metrica — unique user identifier. |
| _ym_d | 1 year | Yandex Metrica — date of the user's first visit. |
| _ym_isad | 1 day | Yandex Metrica — detects ad blocker usage. |
| _ym_visorc | 30 minutes | Yandex Metrica — WebVisor session replay data. |
Advertising (Google Ads)
| Cookie | Duration | Purpose |
|---|---|---|
| _gcl_au | 90 days | Google Ads Conversion Linker — links website conversions to Google Ads clicks for accurate measurement. |
| _gcl_aw | 90 days | Google Ads — stores conversion attribution data. |
| NID, _gads, _gac_* | Up to 2 years | Google — used for ad personalisation and frequency capping; set by Google's advertising domains only when you have given consent (or where local law permits) and have interacted with a Google Ads campaign. |
Local Storage (browser storage, not cookies)
In addition to cookies, our website uses your browser's local storage for a small number of strictly functional purposes. Local storage entries are not transmitted with HTTP requests and are accessible only to scripts served from our domain.
| Key | Duration | Purpose |
|---|---|---|
| tb-ct-{year}, tb-einv-{year} | 7 days | Remembers that you dismissed our deadline reminder bar (corporate tax filing / e-invoicing notices) so it does not reappear in the same week. |
8.3 Google Consent Mode v2 and Regional Differences
Our website uses Google Consent Mode v2 — a Google technology that adjusts how analytics and advertising tags behave based on your consent state and your jurisdiction:
- Visitors from the European Economic Area (EEA), United Kingdom, Switzerland and Gibraltar: analytics and advertising cookies are set to a "denied" state by default. You will see a full consent banner on your first visit with options to Accept All, Reject All, or Customise. Cookies in those categories are loaded only after you provide explicit consent. You can revisit your choice at any time via the "Cookie preferences" button in the page footer or the floating button in the lower-left corner of the screen.
- Visitors from all other jurisdictions (including the UAE, CIS countries, Asia and the Americas): analytics and advertising cookies are activated by default in accordance with applicable local data protection laws, which permit implied consent for analytics purposes (UAE Federal Decree by Law No. 45 of 2021 and equivalent legislation). A minimal informational notice is displayed on your first visit. You may opt out at any time via the "Cookie preferences" link in the page footer or through your browser settings.
Even where cookies are loaded by default, our Google Analytics integration is configured to anonymise IP addresses and to redact advertising identifiers where appropriate. We do not sell or rent cookie data to third parties.
8.4 Managing Cookies
You can control and manage cookies through any of the following methods:
- Cookie preferences link in the footer of every page — opens the full settings panel with category-level toggles.
- The consent banner displayed on your first visit (EEA visitors only).
- Your browser settings — most browsers let you view, delete and block cookies from specific sites. Refer to the help section of your browser (Chrome, Safari, Firefox, Edge) for instructions.
- Google Analytics opt-out browser add-on — available at tools.google.com/dlpage/gaoptout.
- Google Ads personalisation controls — manage at adssettings.google.com.
- Yandex Metrica opt-out — available at yandex.com/support/metrica/general/opt-out.html.
Disabling certain cookies may affect the functionality of the website (for example, the WPS Generator and contact forms rely on session cookies to operate).
9. Sharing Your Information
We may share your personal information with trusted third parties in the following circumstances:
- Technology and IT service providers supporting our website and operations;
- Analytics and advertising providers — including Google LLC (Google Analytics, Google Tag Manager, Google Ads) and Yandex LLC (Yandex Metrica) — for measuring site usage and the effectiveness of our marketing campaigns;
- Professional advisers including legal, financial, and compliance consultants;
- Regulatory authorities, courts, and law enforcement agencies where required by law;
- Business partners or counterparties in the course of delivering services, with your knowledge;
- Successors or acquirers of our business in the event of a merger, acquisition, or restructuring.
We do not sell, rent, or otherwise make your personal information commercially available to third parties without your prior consent.
10. International Data Transfers
Our website is hosted on servers located in Switzerland. This means that when you submit any form on our website — including contact forms, the WPS Generator, subscription forms, or any other data entry tool — your personal information is transferred to and processed on servers in Switzerland.
Switzerland is recognised as a jurisdiction providing an adequate level of data protection. The Swiss Federal Act on Data Protection (nFADP) has been assessed as offering protection equivalent to leading international standards and is compatible with the requirements of the UAE Federal Decree by Law No. (45) of 2021 (PDPL). Accordingly, the transfer of your personal data to our Swiss-hosted servers does not require additional safeguard mechanisms beyond the protections already in place under this Policy.
In addition to Switzerland, your data may in certain circumstances be processed by third-party service providers — such as analytics or communications platforms — operating in other jurisdictions. In such cases, we apply appropriate safeguards in accordance with Article 23 of the UAE PDPL, which may include contractual data protection clauses and data processing agreements.
We do not transfer your personal data to countries that do not provide an adequate level of data protection, unless the transfer is necessary for the performance of a contract, the establishment or defence of legal claims, or is subject to your explicit consent.
11. Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, alteration, or disclosure. These measures include:
- Encrypted data transmission (SSL/TLS);
- Access controls and role-based permissions;
- Regular security reviews and vulnerability assessments;
- Contractual obligations on third parties who process data on our behalf.
While we take significant steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and we encourage you to take reasonable steps to protect your own personal information online.
12. Your Rights
Under the UAE PDPL and other applicable legislation, you have the following rights in relation to your personal information:
- The right to access the personal information we hold about you;
- The right to rectification of inaccurate or incomplete information;
- The right to erasure ('right to be forgotten'), subject to legal retention obligations;
- The right to restrict or object to certain processing activities;
- The right to data portability, where technically feasible;
- The right to withdraw consent at any time, without affecting the lawfulness of prior processing;
- The right to lodge a complaint with the UAE Data Bureau.
To exercise any of these rights, please contact us at: privacy@coreledger.org. We will respond to your request within the timeframe prescribed by applicable law.
13. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies independently.
14. Children's Privacy
Our website and services are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately and we will take appropriate steps to delete it.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The current version will always be available on our website. We will notify you of material changes by email or via a prominent notice on our website prior to the changes taking effect.
16. Contact
Email: privacy@coreledger.org
Website: www.coreledger.org