Effective date: 24th September 2024
1. Introduction
www.routine11.me – having the quality of personal data controller under the UAE data protection
legislation (UAE’s Federal Law No. 45 of 2021, DIFC Law No. 5 of 2020) – is committed to
protecting your personal data and respecting your privacy. This Privacy Policy outlines the types of
personal data we collect, how we use and protect it, your rights regarding your data and the way
you can anytime exercise these rights. By using our website, you acknowledge the practices
described in this policy.
2. Who we are
Name: Diana Luca
Contact Information: [email protected]
3. Types of Personal Data Collected
We collect the following types of personal data:
3.1. Personal Identification Information:
Full name/ Email address/ Phone number/ Postal address/ Date of birth
3.2. Account Information:
Username/ Account preferences
3.3. Payment Information:
Credit/ debit card details/ Billing address/ Transaction history/ Payment method preferences
3.4. Order Information:
Order history/ Shipping address/ Product preferences/ Wishlist items
3.5. Technical Data:
IP address/ Browser type and version/ Device type (e.g., mobile, desktop)/ Operating system/
Time zone setting and location/ Referring website URLs
3.6. Usage Data:
Pages visited/ Time spent on each page/ Clicks and navigation patterns/ Shopping cart contents/
Interaction with blog posts and comments
3.7. Marketing and Communication Data:
Preferences for receiving marketing materials/ Email communication history/ Survey responses/
Participation in promotions and contests
3.8. Social Media Data:
Social media profiles (if users log in via social media)/ Likes, shares, and other social media
interactions
3.9. Health and Beauty Preferences:
Skin type/ Hair type/ Beauty concerns/ Product reviews and ratings
3.10. Location Data:
Geographic location based on IP/ Location shared via mobile devices (with consent)
3.11. Customer Support Data:
Customer service interactions/ Support tickets and resolutions/ Feedback and complaints
3.12. Cookies and Tracking Technologies:
Session cookies/ Persistent cookies/ Tracking pixels/ Web beacons
For the category of personal data that it is considered to be sensitive, we are assuring the
appropriate level of protection by implementing specific technical and organizational measures.
4. Purpose of Data Collection
We collect and process personal data for the following purposes:
4.1. Providing and Managing User Accounts
Creating and managing user accounts
Authentication and verification of user identity
Maintaining user profiles
4.2. Processing Transactions
Facilitating and processing orders
Handling payments and refunds
Managing billing and shipping information
4.3. Customer Support
Responding to user inquiries and requests
Resolving customer service issues and support tickets
Providing product advice and beauty consultations
4.4. Personalizing User Experience
Recommending products based on user preferences and past purchases
Tailoring content and advertisements to individual user interests
Customizing website layout and features according to user behavior
4.5. Marketing and Promotions
Sending promotional emails, newsletters, and offers
Conducting marketing campaigns and contests
Analyzing user behavior for targeted marketing
4.6. Improving Website Functionality and Content
Monitoring and analyzing website usage and performance
Enhancing website design and user interface
Developing and testing new features and services
4.7. Analytics and Research
Conducting surveys and collecting feedback to improve products and services
Analyzing user behavior and trends to understand market demands
Performing data analysis for business intelligence purposes
4.8. Security and Fraud Prevention
Protecting against unauthorized access, hacking, and fraud
Ensuring the security of user data and transactions
Implementing security measures and monitoring activities
4.9. Compliance with Legal Obligations
Fulfilling legal and regulatory requirements
Responding to legal requests and government inquiries
Maintaining records for compliance purposes
4.10. Community Engagement
Managing user comments and interactions on blog posts
Facilitating user reviews and ratings for products
Encouraging participation in forums and discussion boards
4.11. Improving Products and Services
Collecting user feedback on products and services
Conducting product trials and research studies
Innovating and developing new beauty products
4.12. Location-Based Services
Providing localized content and product recommendations
Offering location-based promotions and events
Facilitating store locator services
5. Legal Basis for Processing Data
We process personal data based on the following legal grounds:
5.1. User Consent
We are obtaining through electronic means the valid consent from users to process their personal
data for specific purposes, such as subscribing to newsletters, receiving marketing
communications or participating in surveys, the use of cookies and other tracking technologies on
the website. Users can withdraw by themselves their consent anytime, by deactivating the
permission for the optional cookies in the cookie management module installed on our website.
5.2. Contractual Necessity
Processing of certain personal data is necessary to perform a transaction with the user – that
represents the exchange of the wills of the parties – such as fulfilling orders, processing payments,
and providing customer support, including handling user account management and user
authentication.
5.3. Legal Obligation
Some of the processing we perform with your data is required for us to comply with the applicable
legal obligations, such as maintaining transaction records for tax and accounting purposes,
responding to legal requests and regulatory requirements. Ensuring the security of the website
and protecting against fraud it is also a legal obligation we are to comply with.
5.4. Legitimate Interests
We may use our legitimate interest to process personal data when analyzing website usage to
improve functionality and user experience, conducting marketing and promotional activities or
engaging in data analysis and research to better understand customer needs and preferences.
We will be using this legal ground for processing only with the due diligence required by the
applicable good practices regarding the limits and conditions imposed by the relevant legislation.
5.5. Performance of a Task in the Public Interest
Informing users about product recalls or health advisories related to beauty products will not
involve the use of personal data, unless the data subject requests differently.
5.6. Protection of Vital Interests
Processing data to protect someone’s life or physical safety in an emergency situation is not
normally applicable to our website, but if and where applicable, the data subject’s vital interest
legally overrides the right to privacy.
6. Data Sharing
We share personal data with third parties for the following purposes:
6.1. Payment Processors
To process transactions, payments, and refunds
Examples: Stripe, PayPal, Square
6.2. Shipping and Logistics Providers
To handle the delivery of products to customers
Examples: FedEx, UPS, DHL
6.3. Customer Service Platforms
To manage customer inquiries, support tickets, and live chat services
Examples: Zendesk, Freshdesk, Intercom
6.4. Email Marketing Services
To send newsletters, promotional emails, and other marketing communications
Examples: Mailchimp, SendinBlue, Constant Contact
6.5. Analytics and Performance Monitoring Tools
To analyze website traffic, user behavior, and improve website functionality
Examples: Google Analytics, Hotjar, Mixpanel
6.6. Advertising and Marketing Partners
To deliver targeted advertisements and marketing campaigns
Examples: Google Ads, Facebook Ads, Instagram Ads
6.7. E-commerce Platforms
To manage the online store, including product listings, inventory, and order processing
Examples: Shopify, WooCommerce, BigCommerce
6.8. Security and Fraud Prevention Services
To ensure the security of the website and protect against fraud
Examples: Sift, Cloudflare, Norton
6.9. Web Hosting and IT Service Providers
To host the website and manage IT infrastructure
Examples: AWS (Amazon Web Services), Bluehost, GoDaddy
6.10. Legal and Compliance Advisors
To comply with legal requirements and handle legal matters
Examples: Law firms, compliance consultants
6.11. Social Media Platforms
For social media integration and user engagement
Examples: Facebook, Instagram, TikTok, YouTube, Twitter
6.12. Survey and Feedback Tools
To collect user feedback and conduct surveys
Examples: SurveyMonkey, Typeform, Qualtrics
7. Data Retention
We retain personal data for 12 months based on the following criteria:
7.1. Purpose of Data Collection
Personal data is retained for as long as necessary to fulfill the purpose for which it was collected.
For instance, data related to a purchase (e.g., order details, payment information) might be
retained for 12 months to handle returns, refunds, or customer service inquiries.
7.2. Legal and Regulatory Requirements
Compliance with legal obligations, such as tax and accounting laws, which may require retaining
transaction records for a specific period
7.3. User Consent
Data collected based on user consent (e.g., for marketing purposes) is retained until the user
withdraws consent or for the period specified at the time of consent, whichever comes first
7.4. Business Needs
Operational requirements such as maintaining customer support records, improving services, and
analyzing user behavior. For example, retaining data for 12 months allows for analyzing seasonal
trends and customer preferences
7.5. Security and Fraud Prevention
Retaining data for a certain period to detect and prevent fraud, ensure security, and resolve
disputes
7.6. Contractual Obligations
Data related to contractual agreements, such as user accounts and order processing, is retained
for the duration of the contract and any applicable limitation period
7.7. User Interaction and Engagement
Data related to user interaction with the website, such as comments on blog posts or participation
in surveys, is retained to enhance user experience and engagement
8. User Rights
Under the applicable privacy legislation, users have the following rights:
8.1. Right to Access
Users have the right to request a copy of the personal data we hold about them. For instance, a
user can ask for a record of their purchase history, account details, and any data collected through
website interactions.
How to Exercise: Users can contact our customer support at [email protected] to request
access to their personal data.
8.2. Right to Rectification
If a user notices that their address or email on their account is incorrect, they have the right to
request that we correct this information.
How to Exercise: Users can update their details directly through their account settings or contact
us for assistance at [email protected].
8.3. Right to Erasure (Right to be Forgotten)
Users can request the deletion of their personal data if they decide to close their account and no
longer wish for us to retain their information, provided there are no legal reasons for us to keep it.
How to Exercise: Users can request data deletion by contacting our support team at
[email protected].
8.4. Right to Restriction of Processing
If a user contests the accuracy of their personal data, they can request that we restrict processing
while we verify the accuracy of the data.
How to Exercise: Users can request restriction of processing through our privacy contact email at
[email protected].
8.5. Right to Data Portability
Users have the right to request their personal data in a structured, commonly used, and machinereadable format. For instance, a user could request their purchase history and account details to
be transferred to another service provider.
How to Exercise: Users can submit a data portability request via our support channels at
[email protected].
8.6. Right to Object
Users can object to the processing of their personal data for direct marketing purposes. For
example, if a user no longer wishes to receive marketing emails, they can opt-out or, if they want
to object on our legitimate interest processing, they can change the settings in the privacy module.
How to Exercise: Users can update their marketing preferences in their account settings or use the
unsubscribe link in marketing emails.
8.7. Right to Withdraw Consent
If we process personal data based on user consent (e.g., for newsletters), users have the right to
withdraw their consent at any time.
How to Exercise: Users can withdraw consent by changing their preferences in their account
settings or contacting our support team at [email protected].
8.8. Right to Withdraw Consent
You have the right to object to automated decisions made by automated processing of your
personal data.
How to Exercise: Users can request human intervention when their personal data is processed by
automated electronic means by contacting our support team at [email protected].
8.9. Right to Lodge a Complaint
If a user believes that we are not complying with privacy regulations, they have the right to lodge a
complaint with the national data protection authority. Data subjects can file a complaint with The
Data Office if they have reason to believe that the Law has been breached by a controller or
processor. For more information, please visit https://u.ae/en/about-the-uae/digital-uae/data/dataprotection-laws.
How to Exercise: Users can find details on how to lodge a complaint in our privacy policy and
contact the relevant data protection authority.
The right to data protection is one of the fundamental human rights, but it is important for you to
understand that none of the rights mentioned above is absolute, being subject to analysis on a
case-to-case basis.
9. Data Protection Implemented Measures
We implement a variety of security measures to protect personal data, including:
9.1. Encryption
All data transmitted between users and our website uses SSL/TLS technology – asymmetric and
symmetric encryption to protect the confidentiality and integrity of data in transit.
9.2. Access Controls
Access to personal data is restricted to authorized personnel only, based on their role and
responsibilities, under the appropriate confidentiality safeguards.
9.3. Regular Security Audits
We conduct regular security audits and assessments to identify and address potential
vulnerabilities.
9.4. Data Anonymization
Where appropriate or necessary, we anonymize or pseudonymize personal data to protect our
user identities.
9.5. Firewalls and Anti-Malware
Our website and IT infrastructure are protected by firewalls and anti-malware software to prevent
unauthorized access and attacks.
9.6. Secure Payment Processing
Payment information is processed using secure payment gateways that comply with industry
standards.
9.7. Regular Software Updates
We ensure that all software and systems are regularly updated to protect against security threats.
10. Cookies and Tracking Technologies
We use cookies and other tracking technologies to enhance user experience and analyze website
usage. These include:
10.1. Types of Cookies
Session Cookies: Temporary cookies that expire when the user closes their browser.
Persistent Cookies: Cookies that remain on the user’s device for a set period or until manually
deleted.
Tracking Pixels/Web Beacons: Small graphic images used to monitor user interactions.
Relevant information about cookie usage on our website can be found in our privacy section.
10.2. Managing Preferences
Cookie Consent Banner: Users are informed about the use of cookies through a consent banner
and can choose to accept or reject them.
Browser Settings: Users can manage cookie preferences through their browser settings, including
blocking or deleting cookies.
Opt-Out Links: We provide opt-out links for specific third-party tracking technologies, such as
Google Analytics and advertising partners.
11.International Data Transfers
We primarily process personal of data subjects from regions such as the MENA region and Asia.
When it is necessary to transfer personal data outside these regions, we are committed to
ensuring an adequate level of data protection, by implementing the following safeguards:
11.1. Standard Contractual Clauses
We use standard contractual clauses approved by international regulators to ensure an adequate
level of protection for personal data transferred outside our declared place of business.
11.2. Data Transfer Agreements
We enter into data transfer agreements with third parties to ensure they comply with data
protection legal requirements.
11.3. Additional Safeguards
We implement additional technical and organizational measures, such as encryption and access
controls, to protect personal data during international transfers.
12. Complaint Mechanism
If you have any concerns or complaints regarding your data privacy, you can contact us at
[email protected]. Additionally, you have the right to lodge a complaint with the relevant data
protection authority.
13.Policy Updates
We may update this Privacy Policy from time to time. Users will be notified of any significant
changes via:
13.1. Notification Methods
Email Notifications: Users will receive an email outlining the changes.
Website Announcements: Updates will be posted on our website with a prominent notice.
Account Dashboard: Users may see notifications in their account dashboard.
13.2. Review Period
Users will have 30 days to review and accept the updated policy. Continued use of the website
after this period constitutes acceptance of the changes.
14. Children’s Privacy
We recognize the importance of protecting children’s privacy. Our website is accessible to children
under 16 years old, and we take special measures to safeguard their data.
14.1. Parental Consent
We require parental consent for collecting and processing personal data from children under 16.
14.2. Data Minimization
We collect only the necessary data from children and avoid collecting sensitive information.
14.3. Parental Control
Parents can review and request the deletion of their child’s data by contacting us at
[email protected].
14.4. Education and Awareness
We provide information to parents and children about safe online practices and data privacy.
By using www.routine11.me, you declare that you read, understood, and agreed to the terms of
this Privacy Policy. If you have any questions or concerns, please contact us at
[email protected].