1. PREAMBLE
Laylaa Truffles & Bites LLC ("the Company"), a duly registered e-commerce entity under the laws of the United Arab Emirates, is committed to safeguarding the privacy and confidentiality of personal data in strict compliance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations. This Privacy Policy ("Policy") delineates the lawful basis for the collection, processing, storage, and transfer of personal data acquired through the Company’s digital platform, http://www.laylaa.ae ("the Website").
By accessing or utilizing the Website, you ("Data Subject") expressly consent to the terms herein, which constitute a binding legal agreement under UAE law.

2. CATEGORIES OF PERSONAL DATA COLLECTED
The Company shall collect and process the following data in accordance with Article 5 of the PDPL:
(a) Identifiable Personal Data
Full name, contact details (email address, mobile number), and physical delivery address.
Payment verification details (processed via PCI DSS-compliant third-party gateways; no financial data is retained post-transaction).
(b) Non-Identifiable Technical Data
Device identifiers (IP address, browser type), usage patterns, and cookies (see Section 7).

3. LAWFUL PURPOSES OF PROCESSING
Pursuant to Article 6 of the PDPL, personal data is processed exclusively for the following legitimate purposes:
- Order Fulfillment: Execution of contractual obligations, including order processing, delivery, and invoicing.
- Customer Engagement: Communication regarding transactional updates (e.g., order confirmations, shipping notifications).
- Legal Compliance: Adherence to UAE tax regulations (Federal Decree-Law No. 8 of 2017 on VAT) and commercial record-keeping mandates.
- Direct Marketing: Promotional communications via email/SMS, subject to prior explicit consent (Article 12, PDPL).

4. DATA TRANSFER TO AUTHORIZED THIRD PARTIES
The Company may disclose personal data to the following entities, ensuring compliance with Article 14 of the PDPL:
- Payment Processors: Accredited third-party financial intermediaries (e.g., PayPal, Stripe) for transaction completion.
- Logistics Providers: Licensed UAE courier services (e.g., Emirates Post, Aramex) for product delivery.
- Regulatory Authorities: Disclosure mandated by UAE law, including but not limited to the UAE Data Office or Ras Al Khaimah Economic Department.
Under no circumstances shall personal data be sold, leased, or otherwise commercialized.

5. DATA SECURITY MEASURES

In alignment with Article 10 of the PDPL, the Company implements robust technical and organizational safeguards, including:
- Encryption Protocols: SSL/TLS encryption for data-in-transit.
- Access Controls: Role-based access restrictions to personal data.
- Audit Trails: Regular security assessments to mitigate risks of unauthorized access, destruction, or alteration.

6. DATA SUBJECT RIGHTS
Under Articles 13–16 of the PDPL, Data Subjects retain the right to:
1. Access: Request a copy of processed personal data.
2. Rectification: Demand correction of inaccurate or incomplete data.
3. Erasure: Seek deletion of data absent a lawful basis for retention.
4. Objection: Contest processing for direct marketing purposes.
To exercise these rights, submit a written request to the Data Controller at purchase@laylaa.ae, accompanied by valid Emirates ID/passport verification. The Company shall respond within 30 business days, per PDPL timelines.

7. COOKIES AND TRACKING TECHNOLOGIES
The Website employs first-party cookies (essential for functionality) and third-party analytical cookies (e.g., Google Analytics). Non-essential cookies require prior consent via the Website’s cookie banner, as per PDPL Article 19.

8. DATA RETENTION PERIOD
Personal data is retained only for the duration necessary to fulfill the purposes outlined herein, or as mandated by UAE law (e.g., commercial transaction records for 5 years under Federal Law No. 18 of 1993).

9. MINORS’ DATA PROTECTION
The Website is not directed toward individuals under 18 years of age. The Company shall not knowingly collect or process minors’ data absent verified parental consent, per PDPL Article 17.

10. AMENDMENTS TO POLICY
The Company reserves the right to modify this Policy to reflect regulatory updates. Revised terms become effective immediately upon publication on the Website. Continued use constitutes acceptance of amendments.

CONTACT THE DATA CONTROLLER
For inquiries or to lodge a complaint:
Email: purchase@laylaa.ae
Registered Address: Al Juwais, Ras Al Khaimah, UAE

By utilizing the Website, you irrevocably acknowledge and accept the terms of this Privacy Policy.