Privacy Policy

de Savary International – UAE Website Privacy Policy


Last updated: 06 November 2025


1) Who we are and scope

This Privacy Policy explains how de Savary International (“we”, “us”, “our”) collects, uses,
discloses and protects your personal data when you visit and shop on our UAE website www.desavarylondon.com, our related microsites, and our official social media storefronts that link to this policy (collectively, the “Site”).

Controller: de Savary International FZCO, registered in the United Arab Emirates under 66260, with its registered address at Building A1 IFZA Business Park, Dubai. Contact: info@desavarylondon.com.

This Site is not intended for children. If you are under 18, please do not use the Site or provide personal data without verifiable consent of a parent/guardian. (The PDPL does not set a fixed child age threshold; we apply 18 as a protective standard.) Baker McKenzie Resource Hub 

2) The laws that apply 

We process your personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and related guidance. If you are located in a UAE financial free zone with its own data law (e.g., DIFC), see the DIFC addendum below. DataGuidance+1


3) What data we collect

  •  Identity & Contact: name, title, billing/shipping address, email, phone, account details.
  • Order & Payment: items purchased, prices, transaction and delivery details; payment method tokens (handled via PCI-compliant providers; we do not store full card numbers).
  • Technical & Usage: IP address, device and browser, login data, session IDs, referrers,
    clickstream, and cookie/pixel IDs (see Cookie section).
  • Profile & Marketing: preferences, wish lists, surveys/reviews, marketing consents and opt-out status.
  • Social & UGC: your handles and content you choose to share/tag with us.
  • Customer Care: inquiries, call/email/chat records. We may aggregate or de-identify data for analytics; aggregated data is not personal data.

4) How we collect it

  • Directly from you: checkout, account registration, forms, customer care.
  • Automatically: when you browse the Site (cookies, pixels, server logs).
  • From service partners: payment, delivery, analytics/advertising platforms (where
    permitted).


5) Why we use your data (legal bases under PDPL)


We process personal data only with consent or where another PDPL basis applies, including
contract, legal obligation, protection of public interest, or legitimate interests that do not
prejudice your rights. Main purposes include:

  • Sales & fulfilment (contract): process orders, payments, delivery, returns, warranties.
  • Account & support (contract/legitimate interests): create and maintain your account;
    respond to inquiries; fraud prevention and security.
  • Service operation (legitimate interests/legal obligation): troubleshooting, audits,
    incident management, regulatory requests.
  • Marketing & personalisation (consent/legitimate interests): emails, in-site and social ads, abandoned-cart reminders, and experience tailoring. You may opt-out any time (see Section 9).
  • Analytics (legitimate interests): improve Site, products and campaigns.
  • Legal/compliance (legal obligation): tax, accounting, sanctions/anti-fraud screening. DLA Piper Data Protection


6) Cookies and similar tech
We use strictly necessary, performance, functional, and advertising cookies/SDKs. You
can manage preferences via our Cookie Banner/Manager and your browser/device settings; some features may not function without certain cookies. See our Cookie Policy for details on categories, retention and vendors.


7) Who we share data with
We share only what’s necessary with trusted processors and partners under contract, such as: payment providers, banks, anti-fraud tools, e-commerce/hosting and cloud platforms, logistics/delivery partners, analytics and ad-tech platforms, customer support tools, and professional advisers. Where required, we will share data with competent authorities and regulators. We do not sell your personal data.


8) International transfers
We may store or process your data outside the UAE (e.g., in the UK/EU), and with global
service providers. When we transfer personal data, we rely on PDPL-compliant mechanisms such as adequate jurisdictions (once designated by the UAE Data Office), contractual safeguards, your explicit consent, or other PDPL derogations where applicable. Details are available on request. DLA Piper Data Protection


9) Marketing, SMS, and telemarketing

  • Email & in-app: We send you marketing only with your consent (or as otherwise
    permitted). You can unsubscribe via any marketing email or your account settings.
  • SMS/Calls in the UAE: We follow TDRA’s Unsolicited Electronic Communications
    framework. We obtain opt-in before promotional SMS, identify ourselves in each
    message/call, and provide a clear STOP/opt-out method. Network operators may
    enforce these rules and block non-compliant campaigns. TDGRA+1

10) How long we keep your data
We retain personal data only as long as needed for the purposes above and to comply with legal/ accounting requirements. Typical periods (subject to legal holds):

  • Orders & invoices: 7 years;
  • Customer care and complaints: up to 5 years after last interaction;
  • Marketing preferences & suppression lists: while active + 3–5 years after opt-out.
  • Technical logs: 12–24 months (shorter for security logs where feasible).
    On expiry, we securely delete or anonymise data.

11) Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or loss (encryption in transit, access controls, network segmentation, vulnerability management, staff training). No online service is 100% secure; please use a strong, unique password and keep it confidential.


12) Your rights under the UAE PDPL
You can exercise the following rights (subject to limits in law):

  • Right to obtain information/access about our processing;
  • Correction/erasure of inaccurate or unnecessary data;
  • Restriction/stop processing in specified cases;
  • Data portability (where processing is by consent/contract and automated);
  • Objection to automated decisions, including profiling, with certain exceptions;
  • Withdraw consent at any time (does not affect prior lawful processing);
  • File a complaint with the UAE Data Office (once operational complaint channels are available). To exercise your rights, contact info@desavaryinternational.com. We aim to respond within 30 days. DLA Piper Data Protection+2Global Practice Guides+2

13) Children’s data
We do not knowingly collect personal data from individuals under 18 on the UAE Site. If you believe a minor has provided data, please contact us to remove it and close any related account. (Where lawful processing of minors’ data is necessary, we will obtain and verify parental/guardian consent.) Baker McKenzie Resource Hub

14) Third-party links and platforms
The Site may link to third-party sites, apps, or plug-ins. Those have their own privacy terms. We are not responsible for their practices.

15) Changes to this policy
We may update this policy from time to time. We’ll post the new version with a new “Last
updated” date and, where appropriate, notify you by email/account notice. Changes take effect on posting unless a different date is stated.

16) How to contact us

  • Data Protection Contact (UAE): de Savary International FZCO, Building A1 IFZA Business Park, Dubai, info@desavaryinternational.com

  • UK contact: Data Protection Manager, de Savary London Limited, 21 Heathman’s
    Road, London, SW6 4TJ, info@desavarylondon.com