Select Your Country

Privacy Policy

This Privacy Policy explains how RAAYA Fine Jewellery (referred to as 'we', 'us', or 'our') collects, uses, stores, and protects personal data when you visit our website, make a purchase, or otherwise interact with us. We process personal data in accordance with the laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the 'PDPL') and its Executive Regulations.

DATA CONTROLLER

The data controller responsible for your personal data is:

RAAYA Fine Jewellery · Wafi Mall, Shop 6, Ground Floor, Umm Hurair Second, Dubai, United Arab Emirates.

For any privacy-related questions or to exercise your rights, please contact our Data Protection Officer at: infodubai@raayafinejewellery.com.

PERSONAL DATA WE COLLECT

We collect the following categories of personal data:

  • Identification data — name, date of birth (where required), Emirates ID or passport number (where required for high-value transactions in line with UAE anti-money-laundering rules).
  • Contact data — email address, telephone number, billing and delivery addresses.
  • Transaction data — products purchased, order history, payment method details (card information is handled by our PCI-DSS compliant payment gateway and not stored by us).
  • Technical data — IP address, browser type, device information, cookies and usage data when you visit our website.
  • Marketing data — preferences regarding marketing communications you have opted in to receive.

LEGAL BASIS FOR PROCESSING

We process your personal data on one or more of the following legal bases, as required under the PDPL:

  • Performance of a contract — where processing is necessary to fulfil your order, deliver the product, and provide after-sales service.
  • Compliance with a legal obligation — where we are required to retain transaction records under UAE tax, anti-money-laundering, or consumer protection legislation.
  • Legitimate interests — where processing supports our legitimate interests in fraud prevention, security, and improving our products and services, balanced against your rights.
  • Your consent — for direct marketing communications and non-essential cookies, where you have explicitly opted in. You may withdraw consent at any time.

YOUR RIGHTS UNDER THE PDPL

Subject to applicable conditions and exceptions, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (the 'right to be forgotten'), subject to our legal retention obligations.
  • Restrict or object to certain processing of your data, including for direct marketing.
  • Receive your data in a portable, machine-readable format and have it transferred to another controller where technically feasible.
  • Withdraw consent at any time where processing is based on your consent.
  • Lodge a complaint with the UAE Data Office if you believe your data has been mishandled.

To exercise any of these rights, please contact us at infodubai@raayafinejewellery.com. We will respond within thirty (30) calendar days.

SHARING YOUR DATA

We do not sell your personal data. We may share it with the following categories of recipient, only to the extent necessary:

  • Payment processors — our payment gateway, Network International which is licensed by the Central Bank of the UAE. They handle your card information in accordance with PCI-DSS standards.
  • Logistics partners — for delivery of your order to the address you have provided.
  • Professional advisors — auditors, lawyers, and consultants, bound by confidentiality obligations.
  • UAE government authorities — where required by law (for example, the Federal Tax Authority for tax records, or law enforcement agencies pursuant to a valid legal request).

INTERNATIONAL DATA TRANSFERS

If we transfer your personal data outside the UAE — for example, where a cloud service provider or international logistics partner is involved — we will do so only to jurisdictions with an adequate level of data protection, or under contractual safeguards that comply with the PDPL.

DATA RETENTION

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by UAE law. Transaction records are retained for a minimum of five (5) years to comply with UAE tax and anti-money-laundering requirements. Marketing preferences are retained until you withdraw consent. Inactive accounts are reviewed periodically and deleted in line with our internal retention schedule.

SECURITY

We use industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. Our payment gateway is PCI-DSS compliant. Our website uses encryption (HTTPS/TLS) for all data transmission. Access to personal data within our organisation is restricted to authorised personnel only.

COOKIES

Our website uses cookies to maintain user sessions, remember preferences, and analyse site usage. You may control or disable cookies through your browser settings. Disabling certain cookies may limit functionality on the site.

AGE OF USERS

Our website and services are intended for users who are at least 18 years of age and have full legal capacity under the laws of their country of residence. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a minor without verified parental consent, we will delete that data.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The current version is available on our website. Material changes will be communicated to registered customers by email.