سياسة الخصوصية

Updated: 13 October 2025

TOC The Online Cart FZ-LLC (“we,” “our,” or “us”) operates this online store and website, including all related information, content, features, tools, products, and services (the “Services”). We are committed to protecting your personal data in compliance with the UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use or interact with our Services. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

If there is any conflict between our Terms of Service and this Privacy Policy, this Privacy Policy governs the collection, processing, and disclosure of your personal data.

Personal data we collect

“Personal data” means any information relating to an identified or identifiable natural person. We may collect and process the following categories of personal data, depending on how you interact with our Services:

•    Identity & Contact Information: Name, billing and shipping addresses, phone number, and email address.
•    Financial Information: Payment details including credit/debit card information, transaction details, and payment confirmations.
•    Account Data: Username, password, preferences, and account settings.
•    Transaction Data: Items viewed, added to your cart, wish listed, purchased, returned, exchanged, or cancelled.
•    Communications: Records of your interactions with our support team or communications with us.
•    Technical Data: Device identifiers, browser type, IP address, and network information.
•    Usage Data: How and when you access or interact with our Services.

We do not intentionally collect personal data relating to children under the legal age of majority in your jurisdiction.

Lawful basis for processing

We process your personal data only where we have a lawful basis under the PDPL, including:
•    Your consent (e.g., for marketing or use of cookies).
•    Performance of a contract (e.g., fulfilling your orders and providing Services).
•    Compliance with legal obligations (e.g., responding to regulatory or government requests).
•    Legitimate interests (e.g., improving Services, fraud prevention, and security).

How we use your personal data

We may use your personal data for the following purposes:
•    To provide, manage, and improve our Services.
•    To process your orders, payments, returns, and exchanges.
•    To personalize your shopping experience and make recommendations.
•    To send you service updates, customer support communications, or marketing (with your consent).
•    To detect and prevent fraud, misuse, or security incidents.
•    To comply with applicable laws, regulatory requirements, and lawful requests.

Sharing & disclosure of personal data

We may share your personal data under the following circumstances:

•    With service providers (such as Shopify, payment processors, cloud storage, and shipping providers) to operate the Services.
•    With business and marketing partners, where you have consented or where permitted by law.
•    With affiliates and group companies for internal administrative purposes.
•    As required by law, regulation, or court order, or to enforce our legal rights.
•    In case of business transactions, such as a merger, restructuring, or sale of assets.

We do not sell your personal data.

Cross-border data transfers

Your personal data may be transferred and processed outside the UAE. Where such transfers occur, we will ensure adequate protection is in place in accordance with the PDPL, such as contractual safeguards or reliance on jurisdictions deemed to provide an adequate level of protection.

Security & retention

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction.

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Your rights under the PDPL

As a data subject under the UAE PDPL, you have the following rights (subject to applicable legal limitations):
•    Right of Access: Request confirmation of whether we process your personal data and obtain a copy.
•    Right to Rectification: Request correction of inaccurate or incomplete personal data.
•    Right to Erasure: Request deletion of your personal data where permitted by law.
•    Right to Restrict Processing: Request limitation of processing in certain cases.
•    Right to Data Portability: Request transfer of your personal data to another controller, where technically feasible.
•    Right to Object: Object to processing for direct marketing or for reasons relating to your particular situation.
•    Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
•    Right to Complain: Lodge a complaint with the UAE Data Office if you believe your data rights have been infringed.
You may exercise your rights by contacting us using the details below.

Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised “Last Updated” date

Contact Us

If you have questions regarding our Privacy Policy, please email us at: hello@toc-uae.com