Login

Cart

Your cart is empty

Privacy Policy

 

Last Updated: [Date]

At [Our Company], a modest fashion e-commerce brand based in the United Arab Emirates (UAE), we value your privacy and are committed to protecting your personal data. We sell traditional and contemporary modest wear (such as abayas and kaftans) to customers across the Gulf Cooperation Council (GCC) countries and beyond. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you visit our website or use our services (collectively, the “Services”). It is tailored to comply with the UAE Personal Data Protection Law – Federal Decree-Law No. 45 of 2021 (the PDPL) and incorporates best practices from international standards like the EU General Data Protection Regulation (GDPR). We also strive to meet relevant privacy obligations in other GCC countries, reflecting local cultural expectations regarding privacy and modesty.

By using our Services, you agree to the collection and use of information in accordance with this Policy. We encourage you to read it carefully. If you do not agree with any part of this Policy, please discontinue use of our Services. For any questions or concerns, please contact us using the information at the end of this Policy.

1. Information We Collect

We only collect personal information that is necessary for our business purposes, and we handle it with respect for your privacy and local cultural norms. The types of personal data we collect include:

1.1 Information You Provide Directly

When you interact with our website or Services, for example by creating an account, placing an order, or contacting customer support, you may provide us with the following personal information:

  • Identity and Contact Details: Your full name, email address, phone number, and postal/shipping address. We require these details to create your account, process orders, and communicate with you about your purchases or inquiries.
  • Account Credentials: If you register an account, we collect your login details such as username and password. These are used to secure your account and allow you to access order history, wishlists, and personalized features.
  • Order and Transaction Information: Details of the products you purchase (e.g. item descriptions, sizes, quantities) and any preferences or customizations you request. We also record transaction details like order dates and amounts. This information allows us to fulfill your orders and maintain accurate purchase records.
  • Payment Information: Payment card details or other payment method information (e.g. credit/debit card number, expiration date) provided during checkout. Note: For security, we do not store full card numbers or sensitive payment data on our servers. Payments are processed securely via accredited third-party payment gateways, and only limited information (such as a payment confirmation token) is retained for transaction records.
  • Communications: The content of your communications with us, such as emails, live chat messages, or phone calls to customer service. This may include queries about products, order issues, or feedback. We use this information to assist you and improve our support services.
  • Marketing Preferences: If you sign up for our newsletter or consent to receive promotional messages, we will collect information about your preferences (e.g. categories of products you’re interested in, your marketing channel preferences) to tailor our communications. You can opt out of marketing at any time (see Section 4.2 on Your Rights).

We do not ask for or intend to collect any sensitive personal data such as racial or ethnic origin, religious beliefs, health information, or similar details, as these are not required for modest fashion retail. We only request measurements or size information for tailoring or fit purposes, and we treat such data as confidential. Please avoid submitting any sensitive personal information to us unless necessary. If you do provide it (for example, mentioning health or religious considerations in a customization request), we will handle it with strict security and only use it for the limited purpose for which you provided it.

1.2 Information We Collect Automatically

Like many e-commerce platforms, we automatically collect certain data when you visit or use our website. This helps us understand how our Services are used and enables us to improve user experience while respecting cultural sensitivities (for instance, by suggesting appropriate content). The information we may collect includes:

  • Device and Technical Information: IP address, browser type and version, device type (e.g. mobile, tablet, desktop), operating system, and platform. This information helps us optimize our website’s compatibility and performance for your device.
  • Usage Data: Your activity on our site, such as pages or products viewed, time spent on pages, search queries, clickstream data (e.g. how you navigated our pages), and the dates/times of your visits. This data is collected to understand customer interests (e.g. popular abaya styles) and to enhance functionality and content relevance.
  • Cookies and Tracking Technologies: We use cookies, pixels, and similar technologies to collect data about your interactions (see Section 6: Cookies & Tracking Technologies for details). For example, we may log that a user from Dubai browsed our “Evening Kaftans” category or added items to a cart. This helps with remembering your preferences, keeping you logged in, and providing a seamless shopping experience.
  • Location Information: We do not actively track precise GPS location, but your IP address may give a general indication of your city or country. We use this to display content in the appropriate language or currency (e.g. showing prices in AED or SAR) and to ensure compliance with regional requirements (for instance, showing the correct tax or shipping options for GCC countries). The location data we derive is approximate and is not used to pinpoint your exact address.

This automatically collected information may be obtained through third-party analytics tools (like Google Analytics) which we use to analyze site traffic and usage patterns. Such tools may use their own cookies or identifiers to help us aggregate information about how our site is used. We treat this data as personal data if it can identify you (or link to you) and combine it with other personal information. Where required by applicable law (for example, if you are in a jurisdiction that mandates cookie consent), we will obtain your permission before collecting non-essential cookies or tracking data.

1.3 Information from Third Parties

We may also receive personal information about you from third-party sources in the context of providing our services, including:

  • Social Media or Single Sign-On: If you choose to register or log in via third-party platforms (such as “Sign in with Google” or via Facebook), we obtain the personal data you authorize those platforms to share with us – typically your name and email, and possibly profile photo. We use this to create or log in to your account. These third-party login services authenticate your identity; we do not receive your passwords or other account credentials from them.
  • Payment and Order Processing Partners: We might receive limited information from payment processors or banks – for example, a payment confirmation or fraud score – to confirm that your transaction was successful. Similarly, our warehouse or shipping partners might provide updates (such as tracking numbers or delivery confirmation) which include your order ID and delivery status, helping us keep you informed.
  • Analytics and Advertising Partners: We may receive aggregated demographic or preference data from analytics providers or marketing partners. For instance, Google Analytics might provide high-level information such as “X% of our visitors in a given week were from the GCC region.” This information is not directly identifying you, but helps us tailor our offerings to customer trends. If we run advertising campaigns, we might receive info about which ad brought you to our site (via cookies/pixels), which helps evaluate and customize our marketing. We do not obtain individual personal details from third-party advertisers beyond what you’ve consented to.
  • Referral Programs or Social Influencers: If you arrived at our site via a referral link or affiliate or interacted with our brand on social media, we might receive your basic contact info from those third parties if necessary (for example, if a social media giveaway with an influencer provides us your name and address to deliver a prize). Such collection will only occur if you have consented or expect it as part of participating in such events.

We will treat information obtained from third parties according to this Privacy Policy and any additional restrictions imposed by the source. These third-party sources are carefully chosen to ensure they either have consent from you or another legal basis to share your data with us. We also ensure any third-party data integrators are compliant with privacy laws in the UAE and relevant jurisdictions.

2. How We Use Your Information

We use your personal data only for legitimate and necessary business purposes, in line with the PDPL and international best practices. We avoid any uses that are incompatible with the reasons your data was collected, and we do not use your information in ways that would violate your trust or local cultural norms. Specifically, we may use your information for the following purposes:

  • To Process and Fulfill Orders: This includes using your personal and payment details to process transactions, confirm your order, arrange for shipping, and provide you with invoices or order confirmations. For example, we use your address and phone number to ship your abaya or kaftan through our courier partners and to let you know when it’s on the way.
  • To Provide Customer Service: We maintain your contact and order information to assist with any inquiries or issues you have – such as tracking an order, processing returns or exchanges, or responding to questions about product sizing. Your communications with us (emails, chats, etc.) are referenced to ensure we address your needs promptly and effectively.
  • Account Management: If you have created an account, we use your information to maintain and personalize your account. This lets you do things like view past orders, save items to a wishlist, store addresses for faster checkout, and manage your preferences. We also use it to authenticate your access and keep your account secure.
  • Personalization of User Experience: We may use your purchase history, browsing behavior, and preferences to personalize the Services for you. For instance, we might suggest related modest fashion items you may like, show you relevant new arrivals, or customize content on the homepage to align with styles you’ve shown interest in. All such profiling is done to enhance your shopping experience in a respectful manner, and you have the right to object to or opt out of personalized recommendations if you wish (see Section 4: Your Rights).
  • Marketing and Promotional Communications: With your consent, we use your contact details (email or phone) to send you newsletters, exclusive offers, or notifications about new collections and promotions. For example, we may send an email announcing our latest seasonal abaya line, or SMS alerts for special discounts. You will only receive these communications if you have opted in, and you can unsubscribe at any time. We abide by applicable laws for marketing in the UAE and GCC – for instance, we will not send marketing SMS without your clear consent, in line with anti-spam regulations.
  • Analytics and Service Improvement: Information (particularly aggregated data) about how customers use our site is used to analyze trends and improve our Services. We study usage data to understand which pages or products are most popular, to diagnose technical issues, and to improve site navigation and design. For example, we might determine that many users from Saudi Arabia browse a certain collection, which may inform our stocking decisions or website content. We ensure this analytical processing does not conflict with your privacy rights – wherever possible, we use anonymized or aggregated data for these purposes.
  • Security and Fraud Prevention: We may process personal data as necessary to detect, prevent, and address fraud, unauthorized transactions, security breaches, or other potentially prohibited or illegal activities. For example, we might use certain automatic tools to flag suspicious orders (such as multiple high-value orders from a new account) for manual review. We also use your data for authentication and to confirm that account logins or transactions are legitimately initiated by you. Any automated decision-making for fraud prevention is done in accordance with applicable law, and you have the right to request human review of any such automated decision if it significantly affects you.
  • Legal Obligations and Rights: In some cases we need to use your information to comply with laws and regulations. This includes maintaining records for financial reporting and tax compliance, responding to lawful requests by public authorities, or fulfilling obligations under consumer protection laws (e.g. product recall notifications). If necessary, we may use and retain personal data to handle and resolve legal disputes, enforce our terms and conditions, or protect our rights or the rights of others (for example, providing information necessary for an investigation of fraud or intellectual property infringement).
  • Cultural and Community Considerations: As a modest fashion brand, we may occasionally use non-personal data (like overall purchasing trends) in initiatives that resonate with community values – for instance, deciding on designs for a special religious occasion collection based on aggregated customer interest. If we ever wish to use your personal information (like a testimonial, review, or photo) in our community stories or marketing, we will always seek your explicit consent for that specific use, honoring the importance of privacy and modesty. By default, we do not publicize any individual customer’s personal details or images without clear permission.

Our processing of personal data is always based on a lawful basis as required under the PDPL and other applicable laws. Depending on the context, the legal basis may be: your consent (for example, for optional marketing or cookies), contractual necessity (to fulfill your purchase contract by delivering products you ordered), compliance with a legal obligation, or, in rare cases, protection of vital interests or public interest. We do not engage in any processing of personal data that is incompatible with these purposes, and we do not sell or rent your personal data to third parties for their own marketing or other uses.

3. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to provide, personalize, and improve our Services. Cookies are small text files stored on your device by your web browser. They allow us to remember your preferences and interactions between visits. In this section, we explain how we use these technologies and your choices regarding them.

Types of Cookies We Use:

  • Essential Cookies: These cookies are necessary for our website to function properly. They enable core features such as the shopping cart, checkout process, and user login. For example, when you add an abaya to your cart, an essential cookie remembers the item so it remains in your cart as you continue browsing. Without these, basic e-commerce functionality would not work. Because they are necessary for the service you explicitly request, these cookies are generally used without requiring your consent.
  • Analytics Cookies: These cookies help us understand how visitors use our site, so we can improve it. They collect information about pages visited, time spent, and any error messages encountered, etc. For instance, analytics cookies may tell us that many users from the GCC region tend to visit our “New Arrivals” page first. The information collected is aggregated and anonymous – we do not see individual browsing sessions, only overall trends. We currently use reputable analytics tools like Google Analytics for this purpose. These tools may set their own cookies (e.g., _ga for Google Analytics) to identify unique visitors over time. We treat analytics data as personal data if it is linked to identifiers, and we will ask for your consent to use analytics cookies where required by law.
  • Marketing and Advertising Cookies: We (or our advertising partners) may use cookies and pixels to deliver and measure the effectiveness of marketing campaigns. For example, if we run an ad on a social media platform or search engine and you click it, a cookie/pixel helps us know you came from that ad so we can gauge its success. Similarly, if we partner with advertising networks, they may use cookies to show you ads for our products on other websites (this is known as retargeting). These cookies might track that you viewed certain products on our site so that we can later show you an ad for those or similar products. We only engage in such targeted advertising in a manner consistent with user privacy: we will obtain your consent for marketing cookies where required, and any data collected is used in accordance with this Policy. You will not receive behaviorally targeted ads from us if you opt out of these cookies.

Other Tracking Technologies: In addition to cookies, we might use web beacons (tiny graphic images embedded in emails or web pages) and SDKs (in mobile apps, if applicable) for similar purposes as above. For instance, we may include a beacon in our promotional emails to know if you opened the email or interacted with links, which helps us improve our newsletter content. This is standard practice, but you can choose not to load images in emails to avoid this tracking. We may also use local storage or session storage on your browser for certain preferences (which is similar to cookies).

Your Choices: You have several options to manage or limit how we and others use cookies and tracking technologies:

  • Browser Settings: Most web browsers allow you to refuse new cookies, disable existing cookies, or notify you when new cookies are set. You can typically find these options in the “settings” or “preferences” menu of your browser. However, be aware that if you block or delete cookies, some features of our site (especially Essential Cookies functions like the cart) may not work properly.
  • Cookie Banner/Preferences: When you first visit our site from certain regions, you may see a cookie notice or banner. We will give you the option to accept or reject non-essential cookies (such as analytics and marketing cookies). You can always change your preferences later by using our cookie settings tool (if available) or by contacting us. We will not set non-essential cookies on your browser unless you have given consent, in accordance with applicable law.
  • Do Not Track Signals: Our website currently does not respond to “Do Not Track” signals sent by browsers. This is because there is no consistent standard for such signals. We instead provide the direct controls described here for you to manage tracking.
  • Third-Party Opt-Outs: For third-party tools like Google Analytics, you can opt out by using tools such as the Google Analytics Opt-out Browser Add-on. For interest-based advertising, many advertising networks in the GCC and globally offer opt-out mechanisms (for example, the Digital Advertising Alliance’s opt-out site). Please note these opt-outs are typically specific to the device or browser and will not affect any data already collected.

By continuing to use our site with cookies enabled in your browser settings, you consent to our use of cookies and similar technologies as described in this Policy. We will periodically remind users of our cookie practices via the banner or notices, especially if our use of cookies changes or if required by law.

4. Sharing & Disclosure of Personal Data

We understand that your personal information is private, and we treat it with the utmost respect. We do not sell, rent, or trade your personal data to unaffiliated third parties for their own marketing purposes. However, in order to run our business and provide our Services, we do share personal data with certain trusted parties under strict conditions. This section explains who those parties are and the safeguards in place.

4.1 Third-Party Service Providers (Processors)

We employ other companies and individuals to perform functions on our behalf – for example, to deliver packages or process payments. These third-party service providers act as “data processors” under the instruction of [Our Company]. They only receive the information necessary to perform their specific services. Key categories of such providers include:

  • Couriers and Shipping Partners: We share your name, delivery address, contact number, and order details with shipping companies to deliver your purchases. For instance, we might share relevant data with logistics providers such as Aramex, DHL, or local courier services common in the GCC, so they can transport and deliver your package. These partners are contractually obligated to use your data only for delivery purposes and to handle it confidentially.
  • Payment Processors and Financial Services: When you make a payment, your payment details are transmitted securely to third-party payment gateways (such as credit card processors or banks). Examples include [Visa/MasterCard payment gateway, PayPal, or local GCC payment providers]. These entities process your payment on our behalf. We share only necessary information (like your order amount, currency, and card token or transaction ID) to complete the transaction. They may also carry out fraud screening. Such providers are responsible for complying with PCI DSS and relevant data protection laws; we ensure they have robust security measures. We do not receive or store your full financial account numbers or CVV codes.
  • IT and Cloud Infrastructure: We use third-party hosting providers and cloud storage services to host our website and data. Your personal data may be stored on cloud servers provided by reputable companies (for example, Amazon Web Services or Microsoft Azure) with whom we have agreements. These providers may technically have access to data for storage/backup, but they are not allowed to use it for any other purpose. All such storage is protected by encryption and strict access controls.
  • Analytics and Marketing Tools: As noted, we utilize analytics platforms (e.g. Google Analytics) and marketing tools (e.g. email newsletter platforms or advertising networks) to help us analyze data or reach out to customers. We may share certain online identifiers or email addresses with these partners to facilitate specific tasks – for example, using your email with an email service provider to send you a newsletter, or sharing a hashed version of your email with a social media ad platform to show you tailored ads (if you’ve consented). Any such sharing is conducted under agreements that protect your data. For instance, our analytics provider will be restricted from using your data beyond providing aggregated insights to us, and our marketing email platform cannot sell or access your contact list for their own purposes.
  • Customer Support and Communication Tools: We sometimes use third-party tools to enhance customer support (for example, a live chat widget or a CRM system to track support tickets). If you use the chat feature on our site or email us, your communication might pass through these systems. We ensure any such service provider is reputable and contractually bound to privacy obligations.
  • Other Specialized Services: We may rely on other vendors for services like identity verification (to prevent fraud), content personalization, or surveys/feedback collection. We will only share data with these vendors as needed and after ensuring compliance with privacy requirements.

All our service providers are carefully vetted for their data protection practices. We sign Data Processing Agreements (DPAs) with them where required, obligating them to safeguard personal data in line with the PDPL, GDPR, and other applicable laws. They must not use your data for anything other than the agreed service. We remain responsible for the handling of your personal data by these providers and ensure that appropriate confidentiality and security measures are in place.

4.2 Sharing of Personal Data with Fulfillment Partner (IQ Fulfillment)

To fulfill your orders and facilitate deliveries/returns, we must share certain personal information with our logistics partner, IQ Fulfillment. IQ Fulfillment is the third-party service provider that manages our warehousing and shipping operations. We only share the minimum necessary data for them to perform these duties – typically, your name, delivery address, contact phone number, and order details (contents of your order) are provided so they can pick, pack, label, and dispatch your package, and contact you if needed for delivery. This information is used solely for the purpose of fulfilling your order, arranging delivery, handling returns, and communicating about shipment status. IQ Fulfillment does not receive or process any of your payment information or other unrelated personal data not needed for logistics.

Data Processor Role: In privacy terms, IQ Fulfillment acts as a “data processor” to Alvirah/Biljon Dinaro LLC, which remains the principal “data controller.” This means IQ Fulfillment only processes your personal data under our instructions and for our specified purposes, in accordance with the UAE’s Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, PDPL). We have a data processing agreement in place with IQ Fulfillment, obligating them to protect your information and keep it confidential. They are contractually required to use your data only for performing the logistics services we’ve contracted (e.g. storing the product, delivering to your address, contacting you about delivery or pickup) and for no other purpose. IQ Fulfillment may not sell, exploit, or otherwise use your personal information for their own needs – it remains under our control at all times. We also ensure that IQ Fulfillment implements appropriate security measures to safeguard your data in transit and at rest, and handles it in compliance with PDPL and any other applicable data protection regulations in the region.

Confidentiality and Compliance: All employees or sub-contractors of IQ Fulfillment who might handle customer data (for example, a delivery agent calling you for directions) are bound by strict confidentiality agreements. IQ Fulfillment, as our processor, must adhere to the same standards of data protection that we follow. We remain responsible for safeguarding your personal data throughout the fulfillment process. If you have any concerns about how your information is being handled in the delivery process, you can contact us and we will address them with our partner. In summary, sharing your name and address with our courier/fulfillment partner is necessary to deliver your order – we limit this to what is needed, and we ensure your data is respected and protected by IQ Fulfillment as if it were ourselves handling it. Alvirah (Biljon Dinaro LLC) will not authorize any logistics partner to use your details beyond what is required to get your orders to you and process any returns. These measures are in place to remain transparent and compliant with privacy laws, and to give you peace of mind about your personal data when you shop with us.

4.3       Other Parties and Circumstances for Sharing

Aside from our core service providers, we may also disclose personal information in these scenarios:

  • Within Our Corporate Group: If [Our Company] is part of a group of related companies, your data might be shared with our parent company, subsidiaries, or affiliates as needed to carry out the purposes described (for example, if an affiliated company handles centralized customer service or warehousing). All entities in our group follow this Privacy Policy and are bound by confidentiality.
  • Business Transfers: If we undergo a business transition, such as a merger, acquisition by another company, or sale of all or part of our assets, your personal data may be transferred to the new ownership or entity as part of that transaction. In such cases, we will ensure the new owners understand that they must honor the commitments we have made in this Privacy Policy. We will notify you (for example, via email or a notice on our website) of any such change in ownership or control of your personal information.
  • Legal Requirements and Protection of Rights: We may disclose personal information if required to do so by UAE law or other applicable laws (including laws of other GCC countries if they apply to our operations or to your data). For example, we might need to respond to a court order, subpoena, or a lawful request by a government authority. We may also share information when we believe in good faith that disclosure is necessary to protect our rights, investigate fraud, enforce our Terms of Service, or protect you or others’ safety. In all cases, we will carefully review such requests and only provide the minimum data necessary (ensuring any transfer is lawful). If not legally prohibited, we will inform you of such requests.
  • Professional Advisors: On occasion, we may need to share certain information with our professional advisors (lawyers, accountants, auditors) for auditing, compliance, or legal advice. These parties are under duties of confidentiality and will only use the information for the relevant professional services.
  • With Your Consent: In situations not covered by the above, if we ever need to share your information for other purposes, we will do so only with your explicit consent. For instance, if you ask us to share your testimonial with a partner organization, or you agree to participate in a joint marketing event, we will share data as directed by you.

Rest assured, any third party that receives personal data from us is contractually or legally bound to protect it. We do not allow any third party with whom we share data to use it for their own independent marketing or purposes outside the scope of our agreement. We also strive to limit the personal data shared to the minimum required for each situation.

5. International Data Transfers

As we operate our e-commerce business from the UAE and serve customers across the GCC and beyond, your personal data may be transferred across international borders. For example, if you are in Saudi Arabia or Kuwait, your order details will be processed on our servers in the UAE; or if we use a cloud service or support team located outside the UAE, your information might be accessible from that location. We understand the importance of safeguarding personal data during such cross-border transfers and comply with all applicable rules under the UAE PDPL and other relevant data protection laws when transferring data out of the country.

Transfers out of the UAE: The PDPL imposes conditions on transferring personal data outside the UAE to ensure that the data remains protected. In general, we will only transfer your data to another country if one of the following is true:

  • The destination country has been officially deemed to have an adequate level of data protection by the UAE authorities (the UAE Data Office). This means its privacy laws are comparable to the PDPL’s standards. For instance, if we store data on servers in the European Union (EU), this is permissible because the EU’s GDPR is considered a robust data protection regime (and we anticipate the UAE may treat it as adequate).
  • We have put in place appropriate safeguards to protect the data in the destination country. Typically, this involves using standard contractual clauses or similar legal agreements binding the recipient to protect your data. For example, if we use a U.S.-based service provider (where local law may differ), we will have a contract that requires them to uphold privacy protections equivalent to UAE/GDPR standards. We may also rely on Binding Corporate Rules if transferring data within our corporate group across borders.
  • A specific derogation or exception applies. In rare cases, if neither an adequacy decision nor safeguards are in place, we might transfer data based on exceptions allowed by law, such as: your explicit consent for the proposed transfer, the transfer is necessary to perform a contract with you (e.g. to fulfill an international order delivery), to establish or defend legal claims, to protect vital interests (e.g. life-and-death emergency), or other limited circumstances provided by law. We will always rely on these exceptions only as a last resort and when permitted by the PDPL.
  • We may also seek approval from the UAE Data Office for certain transfers if required. As the regulatory landscape evolves, the UAE Data Office may issue further guidance or requirements for cross-border data flows, and we will comply with any such directives.

Transfers within the GCC: If you reside in another GCC country (such as Saudi Arabia, Qatar, Oman, Bahrain, or Kuwait), your data will likely be transferred to our servers in the UAE as part of providing you the service. We consider this transfer necessary for performing our contract with you (i.e., fulfilling your order and providing customer support). Nonetheless, we ensure that equivalent data protection measures apply. GCC countries are in the process of developing their own data protection regulations, and we monitor these developments. For example, Saudi Arabia has issued its Personal Data Protection Law (2021) which has specific requirements for cross-border transfers, like obtaining consent or regulatory approval in some cases. If such local laws apply to a transfer of your data, we will comply by obtaining any required consent or approvals in addition to the UAE’s requirements. We want all our GCC customers to have consistent and high levels of privacy protection.

Our Safeguards: Regardless of destination, we apply the same security measures and privacy standards to your data. Contracts with our international partners include confidentiality clauses and data protection commitments. Where we use standard contractual clauses (SCCs) or similar instruments, these are approved legal tools that bind the receiver of your data to protect it to a standard comparable to PDPL/GDPR. We also perform risk assessments for data transfers to ensure there’s no undue risk to your personal information.

If you would like more information about the specific mechanisms we use for transferring data across borders (for example, to see a copy of applicable contractual safeguards), you can contact us as described at the end of this Policy.

Note: By using our Services or submitting your information to us, you understand that your personal data may be transferred to and stored in the UAE and other countries which may have different data protection rules than your country. However, we will always protect your information as described in this Privacy Policy, no matter where it is processed.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, and to comply with legal or business requirements. The PDPL and good privacy practice dictate that personal data should not be kept longer than needed for the specified purpose. In line with this, we apply the following retention guidelines:

  • Customer Account Data: If you create an account with us, we retain your account information (such as name, email, login credentials, address book, order history) for as long as your account remains active. If you decide to close your account or it remains inactive for an extended period, we will either delete or anonymize the personal data associated with it after a reasonable time, unless we need to keep it for legal reasons. We may retain minimal information to honor your opt-out preferences or to keep a record that you had an account (to prevent fraud or if required by law).
  • Purchase and Transaction Data: We retain records of your purchases and transactions to provide customer service (e.g., returns, warranty) and to comply with financial and accounting regulations. For example, UAE laws may require us to keep invoice data for a certain number of years for VAT and auditing purposes. Typically, we retain transaction records for [X] years (insert appropriate number, e.g., 5-7 years or as required by local law). After that period, we will either securely erase the data or anonymize it (e.g., keep sales figures without personal identifiers).
  • Customer Service Communications: Communications you have with us (emails, chat logs, call records) are kept as long as needed to address your inquiry or issue, and for a short period after to ensure follow-up. We might keep a record of support conversations for up to [Y] years for training and quality assurance, or to defend against any legal claims, unless you request their earlier deletion and we have no overriding need to retain them.
  • Marketing Data: If you have consented to receive marketing communications, we will retain the information necessary for that (such as your email and marketing preferences) until you unsubscribe or withdraw consent. Once you opt out, we will stop sending you marketing messages and will either delete or anonymize your contact details from our marketing list, or at least move them to a “do not contact” list to ensure we respect your opt-out. We may retain proof of your consent and the date you unsubscribed to demonstrate our compliance with laws (this is usually minimal data).
  • Analytics Data: Aggregated analytics data that does not identify you may be kept indefinitely for historical analysis. However, any analytics or cookie data that can be linked to you is either deleted or anonymized once it’s no longer needed for our analysis. For example, raw web server logs are generally kept for a short period (a few months) unless required longer for security analysis.
  • Legal Compliance and Enforcement: We may need to keep certain data for longer periods if required by law or if it is needed for legitimate legal purposes. For instance, if we are handling a dispute with you or there is an investigation, we will retain relevant information until the issue is resolved and no further action is needed. Similarly, information related to fraud or misuse may be kept to prevent future incidents.

Once the retention period expires or the purpose of processing has been fulfilled, we will securely erase, anonymize, or delete the personal data. “Anonymize” means we alter the data in such a way that it can no longer be associated with you (irreversibly), so it is no longer “personal data” under law. For example, we might keep sales statistics by region but remove any personal identifiers from those records.

If deletion is not immediately possible (for example, because the data is stored in secure backups), we will isolate the data from any further use until deletion is possible. Backup retention is also subject to time limits, after which data is overwritten or deleted.

7. Data Security

We are committed to protecting your personal data from unauthorized access, use, disclosure, alteration, or destruction. We implement a variety of technical and organizational security measures to safeguard the information we collect and process. These measures are designed to provide a level of security appropriate to the sensitivity of the personal data and the risk of harm to you. Our security practices include:

  • Encryption: We use encryption protocols to protect data in transit and at rest. For instance, our website is secured via HTTPS; information you enter on our site (such as your login credentials or payment details) is transmitted securely over the internet using SSL/TLS encryption. Sensitive fields like passwords are stored in encrypted form. Payment transactions are handled via encrypted channels directly with payment processors.
  • Access Controls: Personal data is accessible only by authorized personnel who have a legitimate need to know in order to perform their job duties. For example, only staff in our fulfillment team can see your address to arrange delivery, and only trained customer service agents can access your order details to assist you. We restrict administrative access to our systems and require strong authentication (passwords, two-factor authentication) for any access to sensitive systems.
  • Firewalls and Network Security: We protect our IT systems with up-to-date firewalls, intrusion detection systems, and anti-malware tools. Our servers are monitored for vulnerabilities, and we regularly apply security patches and updates to guard against threats.
  • Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. Regular security audits, vulnerability scans, and penetration tests are conducted (either internally or by third-party experts) to evaluate the strength of our security and to proactively address any weaknesses.
  • Organizational Measures: Our staff are trained on the importance of privacy and security. We have internal policies and incident response plans to handle any suspected data security issues. Only a limited number of employees have access to personal data, and they are bound by confidentiality obligations. We also ensure that our physical premises and devices are secure – for example, using secure facilities for servers, and ensuring that any printed documents containing personal data are stored safely or shredded when not needed.
  • Data Minimization: As an added security approach, we strive to collect only the personal data we truly need. By minimizing what we store, we reduce the risk associated with larger databases. For instance, as stated, we do not store full payment card numbers on our systems to eliminate the risk associated with that sensitive data.

Despite all our efforts, please note that no method of transmission over the Internet, or method of electronic storage, is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. It is important for you as well to protect against unauthorized access to your account and personal information by keeping your account credentials (passwords, etc.) secure and logging out after use, especially on shared devices.

In the unfortunate event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by the PDPL and other applicable laws. PDPL requires us to report certain data breaches to the UAE Data Office and possibly to affected individuals in a timely manner. We will abide by those requirements and work to mitigate any potential harm.

8. Your Rights and Choices

We respect your rights to know about and control your personal data. Under the UAE PDPL and other applicable data protection laws (such as the GDPR for certain users), individuals have various rights regarding their personal data. We have summarized those rights below and how you can exercise them. Please note that these rights are subject to certain legal conditions and exemptions – in some cases, we may not be able to fulfill a request if doing so would conflict with law or another person’s rights, but we will always explain our reasoning.

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to access that data. You can ask for a copy of the personal information we hold about you. For example, you can request a copy of the data you provided when signing up, or details of your order history in our system. We will provide this in a common electronic format, and usually free of charge (unless the requests are excessive or repetitive, in which case a nominal fee may be charged as permitted by law).
  • Right to Rectification: If you believe that any personal data we have about you is incorrect or incomplete, you have the right to request that we correct or update it. For instance, if you move to a new address or change your phone number, you can update this in your account profile or ask us to do so. We strive to keep your data accurate and will act on such requests promptly.
  • Right to Erasure (Right to be Forgotten): You may request the deletion of your personal data in certain circumstances. For example, if you no longer want us to have your information, and we have no legal reason to keep it, you can ask that we erase it. This could apply if you withdraw consent from marketing and want your contact removed, or if you had an account and wish to close it entirely. Do note that we cannot delete data that is required for us to fulfill our obligations (like an order that is still in process) or data we are legally required to keep (such as transaction records for audits). We will inform you of any data we must retain and why. Otherwise, we will comply with verified deletion requests and also instruct any processors who have your data to delete it as well.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your data under certain scenarios. This means we would store your data but pause any further use of it. You can exercise this right, for instance, if you contest the accuracy of your data (until we verify or correct it), or if you need us to preserve data for a legal claim while not using it otherwise, or if you object to processing and we are evaluating that objection. When processing is restricted, we will make it clear in our systems that the data is not to be used except for specific reasons (like with your consent or for legal compliance).
  • Right to Data Portability: For data you have provided to us, you have the right to obtain it in a structured, commonly used, machine-readable format, and you have the right to have that data transmitted to another controller where technically feasible. In simpler terms, you can ask for a digital file of the basic personal data you gave us (for example, your profile information and perhaps your order history) and we will provide it in a format like CSV or JSON that you could then import into another service. This right applies when processing was based on your consent or on a contract and carried out by automated means. If you request it, and it’s technically feasible, we can also directly transfer that data to a third-party service you designate.
  • Right to Object: You have the right to object to our processing of your personal data in certain situations. Specifically, you can object to processing that is based on public interest or our legitimate interests (if we were relying on those) and you believe it impacts your rights. Since the UAE PDPL does not use “legitimate interest” as a basis in the same way as GDPR, this might rarely apply; however, one practical use is you can object to direct marketing at any time. If you object to us using your data for marketing (e.g. profiling to send tailored offers), we will stop that use. If we ever process data for some public interest or official purpose (unlikely in our retail context), you could object due to your particular situation. We would then stop processing unless we have compelling legitimate grounds that override your rights (or if it’s needed for legal claims). In all cases, we will honor objections to marketing promptly.
  • Right to Withdraw Consent: Where we rely on your consent to process data, you have the right to withdraw that consent at any time. For example, you can withdraw consent for receiving newsletters or for non-essential cookies. This will not affect the lawfulness of any processing we did prior to withdrawal, but it means we will cease the specific processing going forward. You can withdraw consent by adjusting your account settings (for things like marketing), using the unsubscribe link in emails, using our cookie management tool for cookies, or by contacting us.
  • Right Not to be Subject to Automated Decisions: You have the right not to be subject to decisions made solely on automated processing, including profiling, that produce legal or similarly significant effects on you. This means if we ever use algorithms to make a decision that significantly affects you (for example, an automated fraud filter canceling an order or varying pricing), you can request human intervention or an explanation. In our normal operations, we do not make any such consequential decisions without human review. Any automated processes (like basic fraud screening or product recommendations) either do not have significant effects or are always overseen by a human. We include this right for completeness and to assure you that we value human-centric service.
  • Right to Lodge a Complaint: If you believe your privacy rights have been violated or you are unsatisfied with our handling of your data, you have the right to complain to the relevant data protection authority. In the UAE, the supervisory authority is the UAE Data Office established under the PDPL. In other GCC countries, there may be local authorities (for example, Saudi Arabia’s Data & AI Authority for their PDPL). We would appreciate the chance to address your concerns first – so please consider reaching out to us directly. But if you wish to contact the authorities, we will cooperate fully with any investigation. We can provide details of how to contact the UAE Data Office or other relevant regulators upon request.

How to Exercise Your Rights: You can exercise your rights by contacting us (see Section 11: Contact Information). Please clearly state your request – e.g., "I wish to access my data" or "Please delete my account data." For security, we will need to verify your identity before fulfilling certain requests (we don’t want to give your data to an impostor). Verification might involve confirming information we already have on file or asking for identification. We will respond to your request within a reasonable timeframe and in accordance with applicable law (under PDPL, expected to be within 30 days in many cases, and under GDPR typically one month). If we need more time or cannot comply, we will inform you and explain the reason.

There is no fee for making a reasonable request. However, if you make repeated, excessive requests, we might charge a fee or refuse, as permitted by law. Again, we will always inform you of any such decisions.

9. Children’s Privacy

Our services are generally intended for adult or teenage use with parental guidance. If you are under 18, you may only use our website and services with the involvement and consent of a parent or legal guardian.

We understand that different jurisdictions define “children” at different ages (for example, some laws define under 13 as children for online data consent, others use 18 for minors). We have chosen 18 as a general guideline in line with the common age of majority in many regions and the fact that entering into purchase contracts typically requires an adult. We do not intend to collect any information from those under this age without parental consent.

If you are a parent or guardian and believe that a child under your care has provided us with personal information without your consent, please contact us immediately. Upon verification, we will take steps to promptly remove that information from our records and, if necessary, delete the child’s account. If deletion is not possible (for example, if required for legal reasons), we will ensure the information is not used for any purpose or disclosed further.

We may, in limited cases, process personal data of minors (for instance, if a teenager between 13–18 uses our Services with permission, or if we run a modest fashion campaign involving youth designs). In any such cases, we will ensure compliance with applicable laws regarding minors’ data. This may include obtaining parental consent verification if required and applying heightened privacy protections to those individuals’ data.

10. Third-Party Websites and Links

Our website may contain links to third-party websites or integrate third-party services (such as social media sharing buttons, map services for address entry, or embedded content). Examples might include links to our pages on Instagram or Facebook, or a YouTube video showcasing a fashion event. If you click on those links or interact with those plugins, you may be providing information to the third-party and not directly to us.

This Privacy Policy applies only to personal data processed by [Our Company] through our Services. We are not responsible for the privacy practices of external sites or services that are operated by third parties. For example, if you follow a link to a courier’s parcel tracking page, or you share one of our product pages on Twitter, those activities are governed by the respective third party’s privacy policy.

We encourage you to review the privacy policies of any third-party websites or services before providing any personal information to them. If you have questions about how those parties handle your data, please read their privacy statements and proceed accordingly.

That being said, if any third-party integration on our site does collect personal data (for instance, if we feature a trusted payment gateway or analytics script), we have attempted to detail those in this Policy (see earlier sections on cookies and third-party processors). We aim to ensure that any such integrations uphold privacy standards. If you suspect any external party is misusing data in relation to your interactions with us, please let us know and we will do our best to assist or clarify.

11. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will not reduce your rights under this Policy without your explicit consent. Any updates will be posted on this page with a new “Last Updated” date at the top.

If the changes are significant, we may also provide a more prominent notice, such as by email notification or a banner on our website, prior to the change becoming effective. Significant changes might include, for example, using your data for a new purpose that we didn’t originally list, or transferring your data to a new country or partner under different conditions.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after we make changes indicates that you have read and understood the updated Privacy Policy.

If you do not agree with any changes to the Policy, you should stop using our Services and you may request that we delete your personal data or exercise other rights as described above.

12. Contact Information

Thank you for reading our Privacy Policy. Your trust is important to us, and we are always available to address any questions or concerns you may have about your privacy.

If you have any questions, requests, or complaints regarding this Privacy Policy or our handling of your personal data, please contact us using the details below:

[Our Company] – Privacy Office
Address: [Business Address, e.g., Dubai, UAE (full mailing address)]
Email: privacy@ourcompany.com
Phone: [Contact Number] (available during business hours for privacy inquiries)

When contacting us, please provide sufficient information for us to verify your identity (if applicable) and to understand your request. We will respond as promptly as possible, and no later than any timeframe required by law.

We are committed to resolving any issues amicably and promptly. If you’ve contacted us but feel that we have not adequately addressed your concerns, remember you have the right to contact the UAE Data Office or your local data protection regulator (as noted in Section 8 above). We sincerely hope that will not be necessary and that we can maintain your confidence by being transparent and responsive.

By using our website and services, you acknowledge that you have read this Privacy Policy. We hope this document has clearly explained our data practices in a comprehensive way that reflects both legal requirements and the cultural values of privacy and modesty that we uphold. Thank you for trusting [Our Company] with your personal information – we will continue to honor that trust through our actions and policies.