Privacy Policy

Last updated: 1 June 2026

This Privacy Policy explains how Al Ghadeer Flowers ("DubaiFlora", "we", "us", or "our"), trading since 1994, collects, uses, stores, shares, and protects your personal data when you visit dubaiflora.com (the "Website"), order our products, or interact with us through WhatsApp, phone, email, or in-person at our shop.

We process personal data in accordance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), the EU General Data Protection Regulation (GDPR) where applicable, and other relevant data protection laws.

1. Data Controller

The data controller is:
Al Ghadeer Flowers (trading as DubaiFlora)
Al Muteena Street, Deira, Dubai, UAE
Email: info@dubaiflora.com
Phone: +971 50 586 1001

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Data you provide directly

  • Name, email address, phone number (sender and recipient)
  • Delivery address and gate/building details
  • Billing information (we do not store full card numbers — payment is processed by Stripe, Tabby, or Tamara)
  • Order details and gift messages
  • Account credentials (if you create an account)
  • Communications you send us via WhatsApp, email, phone, or contact forms

2.2 Data we collect automatically

  • IP address, browser type, device type, operating system
  • Pages visited, time spent, referring website
  • Cookies and similar tracking technologies (see Section 8)
  • Approximate location based on IP address

3. How We Use Your Data

We process your data for the following purposes:

  • Order fulfillment: processing orders, arranging delivery, sending order confirmations and tracking updates — lawful basis: contract performance
  • Customer service: responding to enquiries, handling returns and complaints — lawful basis: contract / legitimate interest
  • Payment processing: completing transactions and preventing fraud — lawful basis: contract / legal obligation
  • Marketing communications: sending promotional offers via email/SMS (only with your consent) — lawful basis: consent
  • Website analytics: improving site performance and user experience — lawful basis: legitimate interest
  • Legal compliance: tax records, VAT reporting, dispute resolution — lawful basis: legal obligation

4. Sharing Your Data

We share data only with trusted third parties who help us deliver our services. These include:

  • Payment processors: Stripe (Ireland), Tabby (UAE), Tamara (UAE)
  • Delivery partners: our own drivers and, when required, third-party courier services
  • Hosting and infrastructure: server providers, CDN (Bunny CDN), email delivery (MX Route)
  • Analytics: Google Analytics 4 (with IP anonymization enabled)
  • Marketing tools: email marketing platforms (only if you have opted in)
  • Legal & regulatory: UAE Federal Tax Authority, courts, law enforcement (only when legally required)

We do not sell your personal data to any third party.

5. International Data Transfers

Some of our service providers (such as Stripe, Google, and our CDN) process data outside the UAE. Where data is transferred internationally, we ensure adequate protections through Standard Contractual Clauses (SCCs) or equivalent safeguards as required by UAE PDPL and GDPR.

6. Data Retention

  • Order records: 7 years (UAE VAT and commercial law requirements)
  • Account data: until you request deletion, or 3 years of inactivity
  • Marketing consents: until you withdraw consent or unsubscribe
  • Website analytics: 14 months
  • WhatsApp / email conversations: 2 years

7. Your Rights

Under UAE PDPL and GDPR (where applicable), you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right of correction: ask us to correct inaccurate or incomplete data
  • Right of deletion: request deletion of your data (subject to legal retention requirements)
  • Right to object: object to processing based on legitimate interest or marketing
  • Right to restrict processing: limit how we use your data in certain situations
  • Right to data portability: receive your data in a machine-readable format
  • Right to withdraw consent: where processing is based on consent
  • Right to lodge a complaint: with the UAE Data Office or your local data protection authority

To exercise any of these rights, contact us at info@dubaiflora.com. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies to operate and improve the Website. Cookies fall into four categories:

  • Strictly necessary: required for cart, checkout, login (cannot be disabled)
  • Functional: remember your preferences (language, currency)
  • Analytics: Google Analytics, Hotjar — only set if you accept
  • Marketing: remarketing pixels — only set if you accept

You can manage cookie preferences via the cookie banner on first visit, and at any time via your browser settings.

9. Children's Privacy

Our services are not directed to children under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS/TLS encryption for all data in transit
  • Secure password hashing
  • Limited access to personal data on a need-to-know basis
  • Regular security audits and malware scanning
  • PCI-DSS compliance for payment data (handled by Stripe, Tabby, Tamara)

In the event of a data breach, we will notify affected users and the relevant authorities within 72 hours as required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email or a notice on the Website.

12. Contact & Complaints

For any privacy questions, requests, or complaints:

DubaiFlora Privacy Contact
Email: info@dubaiflora.com
Subject line: "Privacy Request"
Postal: Al Muteena Street, Deira, Dubai, UAE

If you are not satisfied with our response, you may lodge a complaint with the UAE Data Office (u.ae) or, for EU/EEA residents, your local data protection supervisory authority.