Privacy Policy

1. Who We Are

The Hayaa Collective is a UAE-registered business operating the website hayaacollective.me. We are committed to protecting your privacy and handling your personal data with transparency and care.

For any questions regarding this Privacy Policy or how we handle your data, you may contact us at hello@thehayaacollective.com.

This policy applies to all personal data collected through our website, checkout process, and any direct communications with us. It has been prepared in accordance with the EU General Data Protection Regulation (GDPR) and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

2. What Data We Collect

We collect personal data that you voluntarily provide to us when you place an order, subscribe to communications, or contact us directly. We also collect certain data automatically when you browse our website.

Information You Provide

• Full name
• Email address
• Phone number
• Delivery address (street address, city, emirate, postal code, country)
• Any additional information you include in messages sent to us

Information Collected Automatically

• Browser type and version
• Device type and operating system
• Pages visited, time spent on pages, and navigation paths
• Referring website or source
• IP address (anonymised where possible)
• Cookie identifiers (see Section 6 below)

3. How We Use Your Data

We process your personal data only for legitimate, clearly defined purposes. The legal bases for processing under GDPR and UAE PDPL are noted alongside each purpose.

• Process and fulfil your orders — including confirming your purchase, arranging shipping, and providing delivery updates. (Legal basis: contractual necessity)
• Send order confirmations and shipping notifications — transactional communications related to your purchase. (Legal basis: contractual necessity)
• Respond to your enquiries — when you contact us via email or through the website. (Legal basis: legitimate interest)
• Improve our website and services — by analysing browsing behaviour and usage patterns in aggregate. (Legal basis: legitimate interest)
• Send marketing communications — only if you have given explicit consent, such as subscribing to our mailing list. You may withdraw consent at any time. (Legal basis: consent)
• Comply with legal and regulatory obligations — including tax record-keeping requirements in the UAE. (Legal basis: legal obligation)

4. Payment Processing

All payments on our website are processed securely through Ziina, a third-party payment provider. When you make a purchase, your payment details (including credit or debit card information) are collected and processed directly by Ziina.

We do not store, access, or have visibility of your full card details at any point. Your financial information is handled entirely within Ziina's secure, PCI-compliant infrastructure.

For more information about how Ziina handles your payment data, please refer to Ziina's Privacy Policy.

5. Data Sharing

We do not sell, rent, or trade your personal data to any third party. We share your information only with the following service providers, strictly to the extent necessary to operate our business and fulfil your orders:

• Ziina — our payment processor, who receives the information necessary to process your transaction securely.
• Shipping partners — courier and logistics providers who receive your name, phone number, and delivery address in order to deliver your order.
• Hostinger — our web hosting provider, whose servers store and serve the data associated with our website.

Each of these providers is bound by their own privacy policies and data protection obligations. We select partners who maintain appropriate technical and organisational safeguards for personal data.

We may also disclose your data if required to do so by law, regulation, or valid legal process.

6. Cookies

Our website uses cookies — small text files stored on your device — to ensure the site functions correctly and to help us understand how visitors use our pages.

Essential Cookies

These are necessary for the basic operation of the website, including maintaining your shopping cart and enabling the checkout process. They cannot be disabled without affecting site functionality.

Analytics Cookies

We use analytics cookies to collect anonymised data about how visitors interact with our site. This helps us improve the browsing experience, identify popular products, and optimise page performance. Analytics cookies are only placed with your consent.

You can manage your cookie preferences at any time through your browser settings. For full details on the cookies we use, their purposes, and how to control them, please see our Cookie Policy.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

• Order and transaction data — retained for a period of 2 years from the date of purchase, in order to comply with UAE tax regulations and to handle any post-sale queries, returns, or legal claims.
• Marketing and subscription data — retained until you unsubscribe or withdraw your consent. Upon unsubscribing, your data will be removed from our marketing lists within 30 days.
• Enquiry and correspondence data — retained for up to 12 months after the last communication, unless a longer period is required to resolve an ongoing matter.
• Analytics data — collected in anonymised or aggregated form and retained for up to 12 months.

Once the applicable retention period expires, your personal data will be securely deleted or anonymised.

8. Your Rights

Under both the GDPR and the UAE PDPL, you have a number of rights regarding your personal data. You may exercise any of these rights at any time by contacting us at hello@thehayaacollective.com.

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct any inaccurate or incomplete data.
• Right to erasure — you may request that we delete your personal data, subject to any legal obligations that require us to retain it.
• Right to restrict processing — you may ask us to limit how we use your data in certain circumstances.
• Right to data portability — you may request that we provide your data in a structured, commonly used, machine-readable format so that it can be transferred to another provider.
• Right to withdraw consent — where processing is based on your consent (such as marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right to object — you may object to processing based on legitimate interests, and we will cease processing unless we can demonstrate compelling legitimate grounds.

We will respond to all valid requests within 30 days. If a request is particularly complex, we may extend this by an additional 60 days and will notify you accordingly.

If you are located in the European Economic Area and believe that your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local Data Protection Authority. If you are located in the UAE, you may contact the UAE Data Office.

9. International Transfers

Our website is hosted by Hostinger, whose servers may be located outside the UAE and the European Economic Area. As a result, your personal data may be transferred to, and processed in, countries that may have different data protection standards.

Where such transfers occur, we ensure that appropriate safeguards are in place, which may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognising the destination country's data protection framework
• Binding contractual commitments by service providers to protect your data

If you would like more information about the safeguards we apply to international transfers, please contact us.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age.

If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that information from our records. If you believe that a child under 16 has provided us with personal data, please contact us at hello@thehayaacollective.com so that we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Any changes will be posted on this page with an updated revision date at the top.

For material changes that significantly affect how we process your data, we will make reasonable efforts to notify you — for example, by posting a prominent notice on our website or sending an email to customers with active orders.

We encourage you to review this page periodically to stay informed about how we protect your personal data.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to get in touch:

• Email: hello@thehayaacollective.com
• Website: hayaacollective.me

We aim to respond to all enquiries within 48 hours during business days.