Please note: this is not legal advice — you should have it reviewed by a qualified UAE-based legal professional to ensure full compliance with your exact business activities, jurisdiction (mainland vs free zone), and licensing.
Privacy Policy
Last Updated: [ Insert date ]
Effective Date: [ Insert date ]
For: DigitalMart.ae – electronics & gadgets e-commerce retailer operating in the United Arab Emirates.
1. Introduction
DigitalMart.ae (hereinafter “we”, “us”, “our”, “the Company”) respects your privacy and is committed to protecting your personal data in accordance with the UAE’s legal framework including:
Federal Decree‑Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”) which came into force 2 January 2022.
Federal Law No. 15 of 2020 on Consumer Protection (the “Consumer Protection Law”) and the related e-commerce law provisions.
Other relevant laws and regulations (e.g., cyber-crime, e-commerce, electronic transactions) as applicable.
This Privacy Policy explains:
What personal data we collect.
How we use and disclose it.
Your rights under UAE law.
How we safeguard your data.
How we handle transfers of data outside the UAE.
How you may contact us about your data.
In accessing our website, placing an order, creating an account, subscribing to communications, or using any services offered by us, you agree to the practices described in this Policy.
2. Scope & Applicability
This Policy applies to all processing of personal data by us in connection with our operations in the UAE, including:
our website, mobile applications (if any), and online store;
customer accounts, order processing, delivery and after-sales;
marketing and promotional communications (subject to your consent);
any other interactions you may have with us (e.g., customer service).
The PDPL has extra-territorial applicability: it applies to processing of personal data of individuals located in the UAE, even if the processing occurs outside the UAE.
If you are located outside the UAE, please note that your “data subject” rights may differ under your local jurisdiction.
3. Definitions
For the purposes of this Policy, the following definitions apply:
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”).
“Processing” means any operation or set of operations performed on personal data (collection, storage, disclosure, alteration, etc.).
“Controller” means the entity (us) determining the purposes and means of processing personal data.
“Processor” means any third party which processes personal data on behalf of the Controller.
“Sensitive Personal Data” means data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, biometric or genetic data, health, sex life or sexual orientation, criminal convictions, etc. (as defined under UAE/other applicable laws).
4. Types of Data We Collect
We may collect and process the following categories of personal data:
4.1 Customer/Consumer Data
Identity data: name, date of birth (if required), gender (optional).
Contact data: email address, residential or delivery address, telephone number, mobile number.
Payment & billing data: payment method details (processed via payment provider; we do not store full card details unless required and secured under PCI-DSS).
Order & transaction data: products purchased, order history, preferences, returns and refunds.
Account data: username, password (hashed or encrypted), login history.
Communications data: correspondence with our customer service, feedback, reviews.
Usage data: IP address, browser type/version, device identifiers, operating system, pages visited, time and date of visit, referring/exit pages, duration of visit, cookies and similar tracking technologies.
Marketing and communications data: your preferences in receiving marketing communications from us and our third parties; consents given.
4.2 Other Data
We may collect other data necessary for compliance with legal/regulatory obligations (e.g., anti-fraud checks, customs/exports).
If you apply for a job with us, we may collect your CV/resume, identity verification information, etc. (this is out of scope of consumer e-commerce, but applies if relevant).
If the law requires, we may collect Sensitive Personal Data under strictly controlled conditions (e.g., for warranty, service, support that requires biometric or health information where relevant), but only where you give explicit consent and it is necessary.
5. Purposes of Processing & Legal Basis
We process your personal data for the following purposes, and under the following legal bases (in UAE law, the legal bases broadly correspond to consent, contractual necessity, legal obligation, legitimate interests, etc.).
5.1 Order Processing & Contract Execution
To enable you to place orders, deliver products, provide after-sales service, manage returns, refunds and warranties; fulfil our contract with you.
Legal basis: performance of contract / taking steps at your request to enter contract.
5.2 Customer Account Management & Website Use
To allow you to register an account, maintain your profile, login functionality, track your order history, save preferences.
Legal basis: contractual necessity / legitimate interest (for our business operations) / consent (when needed).
5.3 Payment and Fraud Prevention
To process payments, verify your identity, assess and manage credit risk, detect and prevent fraud, deal with payment disputes.
Legal basis: legitimate interest (fraud prevention) and performance of contract.
5.4 Marketing & Promotional Communications
With your explicit consent, we may send you marketing communications about our products, special offers, events, and surveys.
You may withdraw your consent at any time (see Section 8).
Legal basis: your consent (required under UAE law for marketing).
5.5 Website Analytics & Improvements
To analyse how you use our website/mobile applications, improve our services, personalise your experience, develop new features, carry out customer satisfaction surveys.
Legal basis: legitimate interest and/or your consent (depending on context).
We ensure data is aggregated or anonymised where possible.
5.6 Compliance with Legal and Regulatory Obligations
To comply with applicable laws: e.g., consumer protection, tax laws, customs/import/export, anti-money laundering, cyber-security, data breach reporting.
Legal basis: legal obligation.
5.7 Data Retention
We retain your personal data for as long as necessary to fulfil the purposes in this Policy unless a longer retention period is required or permitted by law (for example tax legislation requires retention of records for a certain period).
After retention, we securely delete or anonymise your data.
6. Disclosure of Personal Data
We may disclose your personal data to:
Service providers and partners who provide services on our behalf, such as payment processors, logistics and delivery companies, IT/hosting/maintenance providers, customer service providers, marketing agencies (with your consent), analytics providers.
Third-party vendors for the purpose of fulfilling your order (e.g., manufacturers, wholesalers).
Legal and regulatory authorities when required by law (e.g., tax authority, data protection authority, customs, consumer protection).
Business transfers: In the event our business is sold, merged or reorganised, your personal data may be transferred as part of that transaction, subject to appropriate safeguards.
We ensure that any third-party recipients act in accordance with applicable laws and, where required, we have appropriate contracts/agreements in place to protect your personal data.
7. Cross-Border Transfer and International Data Transfers
Because we operate in the UAE, your personal data may be stored and processed in the UAE and, in some cases, transferred to or accessed by recipients in other jurisdictions (e.g., global cloud services, overseas support centres).
Under the PDPL, cross-border transfers require adequate safeguards or consent.
Where data is transferred outside the UAE, we will ensure one or more of the following:
The recipient country ensures an adequate level of protection for personal data; or
We implement binding safeguards (e.g., contracts, standard contractual clauses) or by obtaining your explicit consent;
Or where permitted by law.
We will inform you of such transfers and your rights relating thereto.
8. Consent & Your Rights
8.1 Consent
Where processing is based on your consent (for example, for marketing communications), such consent must be freely given, specific, informed and unambiguous.
You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
To withdraw consent, please contact us (see Section 12) or use the unsubscribe option in our communications.
8.2 Your Rights as a Data Subject
Under the PDPL and other relevant laws, you have the right to:
Request access to your personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request erasure (right to be forgotten) of your personal data (subject to legal exceptions).
Request restriction of processing in certain circumstances.
Request data portability (receive your data in a structured form) if applicable.
Object to processing of your personal data (where applicable).
Lodge a complaint with the UAE Data Office (or other competent authority) if you believe we have violated the law.
We may request proof of identity before responding to your request. We reserve the right to charge a reasonable fee for excessive or manifestly unfounded requests, to the extent permitted by law.
8.3 Exercising Your Rights
To exercise any of these rights, please contact us using the details in Section 12. We will respond within the timeframe required by applicable law.
We may ask you for information to verify your identity and to locate your data.
9. Security of Your Data
We take appropriate technical and organisational measures to ensure your personal data is processed securely. These measures are designed to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, including:
Encryption of data in transit and at rest where applicable.
Secure servers and infrastructure managed by reputable providers.
Access controls and user authentication.
Regular testing of our systems and internal processes.
Staff training and confidentiality obligations for our employees and contractors.
Incident response plan in place to address data breaches promptly.
Under the PDPL and related laws, we are obligated to report certain data breaches to the UAE Data Office (or relevant authority) and affected individuals without undue delay.
10. Cookies & Tracking Technologies
We may use cookies, web beacons, pixels and other tracking technologies on our website and mobile applications to:
Remember your preferences and settings.
Analyse website usage and performance.
Offer personalised content, including adverts.
You may refuse or withdraw your consent to cookies by changing your browser settings (or via our cookie-consent tool). However, disabling certain cookies may affect your ability to use some features of our website.
11. Retention of Personal Data
We retain personal data for as long as is necessary for the purposes listed in Section 5, unless longer retention is required or permitted by law (for example for tax, accounting or legal claims). When we no longer need the personal data for such purposes, we will securely delete or anonymise it.
12. Contact, Complaints & Data Protection Officer
If you have any questions, require assistance exercising your rights, wish to withdraw consent, or have concerns about how we handle your personal data, you may contact us:
DigitalMart.ae
Address: [ Insert business address in UAE ]
Email: [ Insert email e.g., support@digitalmart.ae ]
Telephone: [ Insert phone number]
If applicable:
Data Protection Officer (DPO): [ Insert DPO name, if appointed ]
Email: [ Insert DPO email]
Telephone: [ Insert DPO phone number]
You also have the right to lodge a complaint with the UAE Data Office or other relevant authority if you believe your data subject rights have been breached.
13. Changes to This Policy
We may update this Privacy Policy from time to time (for example, to reflect changes in law, our business practices, or technologies). We will publish the updated version on our website and indicate the “Last Updated” date. We encourage you to check back periodically.
If the changes are significant (for example, new purposes of processing or new data sharing) we may notify you directly (for example by email) if you have provided us with your contact information and we are permitted to do so.
14. Miscellaneous
14.1 Language & Interpretation
This Policy is provided in English. To the extent another language version is published, the English version prevails in case of any discrepancy (but we may provide an Arabic version to comply with local language requirements).
14.2 Governing Law & Jurisdiction
This Policy and any disputes relating to it are governed by the laws of the United Arab Emirates and the relevant courts (or arbitration) having competent jurisdiction.
14.3 Severability
If any provision of this Policy is found to be invalid or unenforceable under applicable law, that provision will be deemed superseded by a valid provision that most closely matches the intention of the original, and the remainder of the Policy will continue in effect.