Last updated: 25 May 2026
This Privacy Policy explains how Winning the Long Game (winningthelonggame.health, “we”, “us”, “our”) collects, uses, and protects personal data when you visit this website.
Winning the Long Game is operated by a natural person resident in the United Arab Emirates. Our processing of personal data is governed primarily by UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”) and its implementing regulations.
Because the website is accessible globally, we also honor the privacy rights of visitors located in the European Economic Area, the United Kingdom, and the United States (including California) to the extent the General Data Protection Regulation (GDPR), UK GDPR, and California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) apply to our processing of their data.
The data controller is Viktoria Auguste, a natural person resident in Dubai, United Arab Emirates. Contact: vik.auguste@gmail.com
1. What We Collect
We collect personal data only when it is necessary to operate the site, fulfill your requests, or comply with the law.
Information you give us directly:
- Your name and email address if you subscribe to a future newsletter, leave a comment, or contact us
- Any message content you submit through a contact form
- Any preferences or interests you communicate
Information collected automatically:
- Pseudonymized analytics data (page views, session duration, country, device type, referrer) via Google Analytics 4
- Server log data (IP address, browser type, timestamps) collected by our hosting provider for security and abuse prevention
- Cookies and similar technologies as described in Section 7
We do not collect sensitive personal data (health records, biometric, financial, religious, or political data), and we do not ask visitors to disclose any.
2. Legal Basis for Processing
| Purpose | UAE PDPL Basis (Art. 4) | GDPR Equivalent | CCPA Purpose |
|---|---|---|---|
| Responding to messages you send us | Performance of a request the data subject initiated | Art. 6(1)(b) Contract | Operational |
| Future newsletter delivery | Consent | Art. 6(1)(a) Consent | Operational, opt-in |
| Analytics, site security, abuse prevention | Legitimate interests of the controller, balanced against the data subject’s rights | Art. 6(1)(f) Legitimate interests | Operational |
| Affiliate link tracking | Legitimate interests | Art. 6(1)(f) Legitimate interests | Operational |
| Complying with UAE legal obligations | Legal obligation | Art. 6(1)(c) Legal obligation | Compliance |
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on visitors.
3. How We Use Your Data
We use personal data to:
- Deliver content you requested (newsletter, comment replies, message responses)
- Reply to your questions
- Understand which content is most useful and improve the site
- Detect abuse, fraud, or security threats
- Comply with UAE legal obligations and lawful requests from UAE authorities
We do not sell personal data. We do not share it with advertising networks for behavioral advertising or cross-context behavioral advertising.
For California residents: we do not “sell” or “share” personal information as those terms are defined under the CCPA/CPRA. You nonetheless have the right to confirm this — see Section 6.
4. Who We Share Data With
We share personal data only with service providers who help us operate the site, under contracts requiring them to process data confidentially and in line with applicable data protection laws.
| Provider | Purpose | Location |
|---|---|---|
| Our hosting provider (e.g. Siteground / Kinsta) | Website hosting and operations | EU / US |
| Google LLC (Google Analytics 4) | Pseudonymised traffic analytics | US, with EU regional processing |
| Email service provider (when newsletter launches) | Newsletter delivery | EU / US |
| Affiliate platforms (e.g. Amazon Associates, Awin, Impact Radius, ShareASale) | Referral tracking | Varies by platform |
We may also disclose personal data when required by UAE law, court order, or lawful request from competent UAE authorities.
5. International Data Transfers
Because we use service providers outside the UAE, your data may be transferred to and processed in the United States, the European Union, and other jurisdictions. We rely on the following safeguards:
- From the UAE: transfers comply with UAE PDPL cross-border transfer provisions (Articles 22–23), including transfers to jurisdictions with an adequate level of protection or under appropriate contractual safeguards.
- From the EU/UK: transfers outside the EEA are made under the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Addendum), and supplementary measures where required.
You may request a copy of the safeguards in place by emailing vik.auguste@gmail.com
6. Your Rights
Your rights depend on where you are located. We honor the rights granted under whichever law gives you the strongest protection.
Under UAE PDPL (Articles 13–19), you have the right to:
- Request information about the personal data we hold on you
- Request correction of inaccurate or incomplete data
- Request erasure of your data
- Restrict or object to certain processing
- Receive your data in a portable, machine-readable format
- Withdraw consent at any time, where processing is based on consent
- Complain to the UAE Data Office (the supervisory authority under the PDPL)
Under GDPR / UK GDPR (EU and UK visitors), you additionally have the right to:
- Object to processing based on legitimate interests
- Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, the CNIL in France, etc.)
Under CCPA / CPRA (California residents), you have the right to:
- Know what categories of personal information we collect, the sources, purposes, and recipients
- Request access to the specific personal information we hold on you
- Request deletion of your personal information
- Request correction of inaccurate personal information
- Opt out of “sale” or “sharing” of personal information (we do not engage in either, but you can confirm this)
- Be free from retaliation for exercising any of these rights
To exercise any of these rights, email vik.auguste@gmail.com. We will respond within 30 days (PDPL and GDPR) or 45 days (CCPA), with one possible 15-day extension if necessary.
We may need to verify your identity before responding, particularly for access or deletion requests.
7. Cookies
This site uses a limited set of cookies. When you first visit the site, you are presented with a cookie consent banner that lets you accept or reject non-essential cookies.
| Type | Purpose | Set on | Duration |
|---|---|---|---|
| Essential | Site functionality, session management, security | First visit | Session |
| Analytics (Google Analytics 4) | Pseudonymised traffic analysis | After consent | Up to 13 months |
| Affiliate | Referral attribution to merchant sites | On clicking an affiliate link | Per merchant |
You can withdraw consent at any time via the “Manage Cookies” link in the footer or by clearing cookies in your browser.
8. How Long We Keep Data
We keep your data only as long as necessary for the purpose it was collected:
- Newsletter subscribers: until you unsubscribe, or after 24 months of inactivity
- Contact form messages: up to 24 months, then deleted
- Comments: retained while published; deleted on author request
- Analytics: Google Analytics 4 retention is set to 14 months
- Server logs: approximately 30 days, per hosting provider policy
We may keep data longer where required by UAE law or to defend legal claims.
9. Security
We take reasonable technical and organizational measures appropriate to the risk: HTTPS encryption in transit, restricted administrative access, strong passwords + two-factor authentication on all admin accounts, and a managed hosting environment with active security monitoring.
In the event of a personal data breach that is likely to pose a risk to data subjects’ rights, we will notify the UAE Data Office and, where required, affected individuals within the timeframes set by the PDPL implementing regulations.
10. Children
This site is not directed at children under the age of 18, and we do not knowingly collect personal data from children. If you believe a child has provided data, please contact us, and we will delete it.
11. Changes to This Policy
We may update this policy from time to time. The “Last updated” date above will always reflect the most recent revision. Material changes will be communicated on the site or, where appropriate, by email.
12. Contact
For any privacy-related question or request: vik.auguste@gmail.com
Data controller: Viktoria Auguste, a natural person in Dubai, United Arab Emirates
EU/UK visitors may also contact their national or supranational supervisory authority. California residents may also contact the California Privacy Protection Agency.
This Privacy Policy is governed by the laws of the United Arab Emirates, including UAE Federal Decree-Law No. 45 of 2021 (PDPL). Disputes shall be subject to the exclusive jurisdiction of the courts of the United Arab Emirates, save where mandatory consumer protection rules of your jurisdiction of residence apply.