GDPR Policy

GDPR Compliance and Data Protection Policy

Last Updated: August 8, 2025

1. INTRODUCTION AND COMMITMENT

UAE Luxury Insider (“we,” “us,” “our”) is deeply committed to the privacy and protection of data for all our users. This policy outlines our practices in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). It is designed to provide transparency regarding how we process the Personal Data of individuals within the European Economic Area (EEA).

This GDPR Policy should be read in conjunction with our main Privacy Policy. For the purpose of this policy, UAE Luxury Insider is the Data Controller of the Personal Data you provide to us via our website, shobdojaal.com (the “Site”).

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The individual to whom the Personal Data relates.
  • Processing: Any operation performed on Personal Data, such as collection, recording, storage, use, and erasure.2. DATA PROTECTION PRINCIPLES

We adhere to the principles of data protection as outlined in the GDPR. Your Personal Data will be: a. Processed lawfully, fairly, and in a transparent manner. b. Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. c. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimization). d. Accurate and, where necessary, kept up to date. e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data are processed. f. Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

3. LAWFUL BASIS FOR PROCESSING DATA

We only process your Personal Data when we have a lawful basis to do so. The lawful bases we rely on include:

  • Consent: Where you have given us clear, unambiguous consent to process your Personal Data for a specific purpose (e.g., subscribing to our newsletter). You have the right to withdraw this consent at any time.
  • Legitimate Interests: Where the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your Personal Data which overrides those legitimate interests. Our legitimate interests include operating and improving our Site, providing high-quality content, ensuring the security of our network, and responding to your inquiries.

4. YOUR RIGHTS AS A DATA SUBJECT

Under the GDPR, you have several important rights regarding your Personal Data. We are committed to upholding these rights.

  1. The Right to Be Informed You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Policy.
  2. The Right of Access You have the right to obtain access to your Personal Data that we hold and certain other information (similar to that provided in this Privacy Policy). This is often referred to as a Data Subject Access Request (DSAR).
  3. The Right to Rectification You are entitled to have your Personal Data corrected if it is inaccurate or incomplete.

d. The Right to Erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.e. The Right to Restrict Processing You have rights to ‘block’ or suppress further use of your Personal Data. When processing is restricted, we can still store your information, but may not use it further.

  1. The Right to Data Portability You have the right to obtain and reuse your Personal Data for your own purposes across different services. It allows you to move, copy or transfer your Personal Data easily from our IT systems to another, safely and securely, without affecting its usability.
  2. The Right to Object You have the right to object to certain types of processing, including processing for direct marketing (which we only do with your consent). You can object to processing based on our legitimate interests.
  3. Rights in Relation to Automated Decision Making and Profiling You have the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you. UAE Luxury Insider does not engage in such automated decision-making.

5. HOW TO EXERCISE YOUR RIGHTS

To exercise any of the rights described above, please submit a verifiable request to us by email. Please send your request to our dedicated data protection contact:

Email: gdpr@shobdojaal.com

We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

6. DATA TRANSFERS OUTSIDE THE EEA

Your information may be transferred to and maintained on servers located outside of the European Economic Area (EEA), where data protection laws may differ. We use third-party service providers (such as web hosting and analytics services) that may be based in countries outside the EEA.

When we transfer your data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe (Standard Contractual Clauses).

7. DATA SECURITY AND BREACH NOTIFICATION

We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Data we process. In the event of a data breach that is likely to result in a high risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it. We will also communicate the data breach to you, the data subject, without undue delay if it is likely to result in a high risk.

8. CONTACT US

For any questions, concerns, or requests relating to this GDPR Policy or your data protection rights, please contact our Data Protection representative:

Email: gdpr@shobdojaal.com

You also have the right to lodge a complaint with your local data protection authority if you are unsatisfied with our response to your concerns.