Privacy policy

Effective Date: 6 June 2026

1. Introduction

This Privacy Policy explains how Arcal Trading FZE, trading as Ziyaa ("we," "our," "us"), collects, uses, discloses, and protects your personal information when you visit Ziyaa.ae, purchase our Products, subscribe to our newsletter, or interact with our brand on third-party platforms.

This Policy is governed by the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and other applicable UAE laws.

Data Controller details:

  • Legal Name: Arcal Trading FZE
  • Trade License Number: 4418749.01
  • VAT TRN: 104859827800001
  • Registered Office: Business Centre, Sharjah Publishing City Freezone, Sharjah, UAE
  • Contact: support@ziyaa.ae | +971 50 376 3022

By using Ziyaa.ae or providing personal information to us, you acknowledge and accept the practices described in this Privacy Policy.

2. Information We Collect

We collect the following categories of personal information:

a. Information You Provide Directly

When you place an order, create an account, subscribe to our newsletter, contact customer support, or submit a review, we may collect:

  • Identity data: First and last name
  • Contact data: Email address, phone number, shipping and billing addresses
  • Account data: Login credentials, account preferences, order history
  • Payment data: Card details are entered directly into our payment processors and are not stored by us
  • Subscription data: Subscription frequency, product selections, scheduled delivery dates
  • Communication data: Customer support enquiries, product reviews, social media interactions referencing our brand

b. Information Collected Automatically

When you visit Ziyaa.ae, we automatically collect:

  • Technical data: IP address, device type, browser type and version, operating system, time zone
  • Usage data: Pages visited, time spent on pages, click paths, referring URL, search queries used to find us
  • Marketing data: Source of your visit (e.g., Instagram ad, Google search), advertising identifiers, attribution data

c. Information from Third Parties

We may receive information about you from:

  • Social media platforms if you interact with our brand pages (Instagram, Facebook, TikTok, X)
  • Advertising partners providing audience and attribution data (Meta, Google)
  • Third-party retailers such as Amazon, Noon, or grocery partners where you may purchase our Products
  • Analytics providers delivering aggregate insights about how customers find and use our Website

3. How We Use Your Information

We process your personal data for the following purposes:

  • Order fulfilment: Processing payments, dispatching orders, providing tracking, managing returns
  • Subscription management: Charging recurring payments, scheduling shipments, processing modifications
  • Customer support: Responding to enquiries, handling complaints, processing refunds
  • Account management: Maintaining your account, login verification, password resets
  • Marketing: Sending newsletters, product updates, and promotional offers (where you have opted in)
  • Personalisation: Recommending products, customising your shopping experience
  • Analytics & improvement: Understanding how customers use our Website, identifying bugs, improving features
  • Advertising: Showing relevant ads on Meta, Google, and other platforms (subject to your preferences)
  • Fraud prevention & security: Detecting suspicious activity, preventing payment fraud, protecting account integrity
  • Legal compliance: Meeting tax, accounting, regulatory, and reporting obligations under UAE law

4. Legal Basis for Processing

We process your personal data based on one or more of the following lawful grounds:

  • Performance of a contract — when processing your order, managing your subscription, or providing customer support
  • Your consent — when sending marketing communications, placing optional cookies, or processing data for personalised advertising
  • Legitimate interests — when improving our products and services, preventing fraud, securing our Website, and operating our business
  • Legal obligation — when complying with UAE tax law, anti-fraud requirements, or responding to lawful regulatory requests

You may withdraw consent at any time (see Section 9).

5. How We Share Your Information

We do not sell, trade, or rent your personal information. We share data only with the following categories of recipients:

a. Service Providers (Data Processors)

To operate the Website and fulfil orders, we use the following named processors:

  • Shopify Inc. — e-commerce platform, customer account hosting, order management
  • Payment processors — including Stripe, Shopify Payments, and other UAE-licensed gateways (for secure transaction processing)
  • Courier and logistics partners — for shipping and delivery (changes from time to time; current partners may include Swftbox, Aramex, and others)
  • Subscription platform providers — for managing recurring subscription orders
  • Email service providers — including Shopify Email (for transactional and marketing email delivery)
  • Customer reviews platform — Judge.me (for collecting, displaying, and managing product reviews)
  • Customer support tools — for handling email enquiries and tickets
  • Analytics providers — Google Analytics, Shopify Analytics (for aggregated Website usage data)
  • Advertising partners — Meta (Facebook, Instagram), Google Ads, TikTok Ads (for targeted advertising and attribution measurement)

All processors are contractually bound to keep your data confidential and use it only for the services they provide to us.

b. Legal and Regulatory Authorities

We may disclose personal data where required by UAE law, including:

  • To comply with court orders, subpoenas, or lawful regulatory requests
  • To prevent or investigate suspected fraud, security incidents, or unlawful activity
  • To enforce our Terms and Conditions
  • To protect the rights, property, or safety of Ziyaa, our customers, or the public

c. Business Transfers

If we are involved in a merger, acquisition, reorganisation, or sale of business assets, customer data may be transferred as part of that transaction, subject to confidentiality protections.

6. International Data Transfers

Some of our service providers — including Shopify, Meta, Google, and our email and analytics providers — are headquartered outside the UAE (primarily in the United States, the European Union, and Canada). As a result, your personal data may be transferred, stored, and processed outside the UAE.

When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Contractual obligations on the recipient to protect your data
  • Use of providers that operate under recognised data protection frameworks
  • Compliance with UAE PDPL cross-border transfer requirements

By using Ziyaa.ae, you acknowledge that your data may be processed outside the UAE under these safeguards.

7. Cookies & Tracking Technologies

Ziyaa.ae uses cookies and similar tracking technologies (pixels, web beacons, local storage) to operate the Website, understand how visitors use it, and deliver relevant marketing.

a. Categories of cookies we use

  • Strictly necessary cookies — required for basic Website functions (login, shopping cart, checkout). These cannot be disabled.
  • Analytics cookies — help us understand how visitors interact with our Website (e.g., Google Analytics, Shopify Analytics).
  • Marketing cookies — used by advertising partners (e.g., Meta Pixel, Google Ads) to deliver relevant ads and measure their effectiveness.
  • Preference cookies — remember your language, region, and personalised settings.

b. Managing cookies

You can control or disable cookies through your browser settings. Disabling certain cookies may affect Website functionality.

Where available, you can also opt out of personalised advertising directly through:

  • Meta: facebook.com/help/568137493302217
  • Google: adssettings.google.com
  • TikTok: within the TikTok app settings

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Order and transaction records: Retained for 5 years to comply with UAE tax and accounting law
  • Account data: Retained while your account is active; deleted on request or after 24 months of inactivity, subject to legal retention requirements
  • Marketing data: Retained until you unsubscribe or for 24 months after your last engagement, whichever is sooner
  • Customer support communications: Retained for 2 years for service quality and dispute resolution purposes
  • Analytics and aggregated data: May be retained indefinitely in anonymised form for business intelligence purposes

9. Your Rights Under UAE Law

Under the UAE PDPL and other applicable laws, you have the following rights:

  • Right to be informed — You have the right to be told how we collect and use your data — this Privacy Policy fulfils that.
  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to correction — You can ask us to correct inaccurate or incomplete data.
  • Right to deletion — You can request deletion of your data, subject to legal retention requirements.
  • Right to object — You can object to certain types of processing, including direct marketing.
  • Right to restrict processing — You can ask us to limit how we use your data in certain circumstances.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to withdraw consent — Where processing relies on consent, you can withdraw it at any time.

To exercise any of these rights, email support@ziyaa.ae with your request. We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.

You also have the right to lodge a complaint with the UAE Data Office (the supervisory authority responsible for PDPL enforcement).

10. Marketing Communications

We send marketing emails only to customers who have opted in by:

  • Creating an account
  • Subscribing via our newsletter form
  • Placing an order and accepting marketing communications at checkout

You may unsubscribe at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Updating your preferences in your account at account.ziyaa.ae
  • Emailing support@ziyaa.ae

Transactional communications (order confirmations, shipping notifications, account alerts) will continue to be sent as required to service your account or order, and are not subject to marketing preferences.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • SSL/TLS encryption for all data transmitted to and from our Website
  • Access controls ensuring only authorised personnel handle customer data
  • Payment data security — we use PCI-DSS compliant payment processors and do not store full card details ourselves
  • Regular security reviews of our platforms, processors, and access logs
  • Staff data protection awareness to minimise human error

In the unlikely event of a data breach that risks your rights or freedoms, we will notify affected customers and the UAE Data Office as required by law.

While we take security seriously, no method of online transmission or storage is 100% secure. We encourage you to use strong, unique passwords and be cautious when sharing personal information online.

12. Children's Privacy

Ziyaa.ae is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at support@ziyaa.ae and we will delete it.

13. Third-Party Links and Marketplaces

Our Website and marketing communications may contain links to third-party websites, platforms, or marketplaces (e.g., Amazon, Noon, Instagram, retail partners). When you click these links and provide personal information to those services, their privacy policies apply, not ours. We recommend reviewing their privacy practices before sharing data.

14. Automated Decision-Making

We do not make solely automated decisions that produce legal or similarly significant effects on you. Some advertising and product recommendations on Ziyaa.ae use algorithmic personalisation; however, no purchases, refusals, or account decisions are made without human review where required.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:

  • Update the Effective Date at the top of this Policy
  • Post the updated version on Ziyaa.ae
  • Notify subscribers via email where the change materially affects them

Continued use of the Website after the Effective Date constitutes acceptance of the revised Policy.

16. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

  • Email: support@ziyaa.ae
  • Phone: +971 50 376 3022
  • Hours: Monday – Friday, 9:00 AM – 5:00 PM (UAE time)
  • Registered Office: Business Centre, Sharjah Publishing City Freezone, Sharjah, UAE

© 2026 Arcal Trading FZE. All rights reserved. Ziyaa® is a registered trademark of Arcal Trading FZE in the UAE under Class 3.