Privacy Policy – shishaart.com
1.
INTRODUCTION
Welcome to the privacy policy of PVG Trading LLC, the
operator of shishaart.com.
We respect your privacy and are committed to protecting
your personal data.
This privacy policy tells you about how we collect, process
and look after your personal data when you visit and use our
website (regardless of where you visit it from) and tell you
about your privacy rights and how the law protects you. By
using this website, users signify their acceptance of this
privacy policy.
2.
IMPORTANT INFORMATION
2.1.
This website is intended for users aged 18
and above and we do not knowingly collect data relating
to children.
2.2.
It is important that you read this privacy policy
together with any other privacy or fair processing
notice we may provide on specific occasions when we are
collecting or processing personal data about you so that
you are fully aware of how and why we are using your
data. This privacy policy supplements other notices and
privacy policies and is not intended to override them.
3.
WHO WE ARE AND HOW TO CONTACT US
3.1.
The controller and company responsible for the collection
and use of your personal data is PVG Trading LLC, a Dubai
mainland company with trade license number 1024490,
(“shishaart”, "we",
"us" or "our"). PVG
Trading LLC trades as “shishaart” and forms part of the AIR
Global group of companies.
3.2.
If you have any questions about this privacy policy,
including any requests to exercise your legal rights, please
contact the data privacy manager on data.privacy@air.global.
3.3.
You have the right to make a complaint at any time to your
local regulator for data protection issues. If you are
resident in the UAE this is the UAE Data Office established
under Federal Decree-Law No. 44 of 2021, the UAE regulator
for data protection issues. We would, however, appreciate
the chance to deal with your concerns before you approach
the data regulator so, please contact us in the first
instance.
4.
CHANGES TO THIS PRIVACY POLICY AND YOUR
INFORMATION
4.1.
We may update this privacy policy from time to time by
posting a new policy on this website.
Changes will not
have retroactive effect so you will only be bound by
them from the date on which the new terms are posted on
our website. Please refer to the date of this privacy policy at the
bottom of the text so you are aware if the terms have
changed. Historic versions can be obtained by contacting
us at data.privacy@air.global.
4.2.
It is important that the personal data we hold about
you is accurate and current. Please keep us informed if
your personal data changes during your relationship with
us.
5.
THIRD-PARTY LINKS
5.1.
This website may include links to third-party websites,
plug-ins and applications. Clicking on those links or
enabling those connections may allow third parties to
collect or share data about you. We do not control these
third-party websites and are not responsible for their
privacy statements. When you leave our website, we
encourage you to read the privacy policy of every
website you visit.
6.
THE DATA WE COLLECT ABOUT YOU
6.1.
When you access or are directed to our website, various
information is exchanged between your terminal and our
server. This may include personal data. The information
collected in this way is used, among other things, to
implement a contract we may have with you, or to
optimise our website or to display advertising in the
browser of your terminal.
6.2.
Personal data, or personal information, means any
information about an individual from which that person
can be identified. It does not include data where the
identity has been removed (anonymous data).
6.3.
We may collect, use, store and transfer different kinds
of personal data about you which we have grouped
together as follows:
6.3.1.
Identity Data
includes first name, last name, username (if you choose to
set up an account) date of birth, age and gender.
6.3.2.
Contact Data
includes email address and telephone numbers.
6.3.3.
Financial Data
includes bank account and payment card details (to the
extent the website offers paid for services/ online
sales).
6.3.4.
Technical Data
includes internet protocol (IP) address, your login data,
browser type and version, time zone setting and location,
browser plug-in types and versions, operating system and
platform, and other technology on the devices you use to
access this website.
6.3.5.
Profile Data
includes your username and password, your interests,
preferences, feedback and survey responses.
6.3.6.
Usage Data
includes information about how you use our website, products
and services.
6.3.7.
Marketing and Communications Data
includes your preferences in receiving marketing from us and
our third parties and your communication preferences.
6.4.
We also collect, use and share Aggregated Data such
as statistical or demographic data for any purpose.
Aggregated Data could be derived from your personal data but
is not considered personal data in law as this data will not
directly or indirectly reveal your identity. For example, we
may aggregate your Usage Data to calculate the percentage of
users accessing a specific website feature. However, if we
combine or connect Aggregated Data with your personal data
so that it can directly or indirectly identify you, we treat
the combined data as personal data which will be used in
accordance with this privacy policy.
6.5.
We do not collect any
Sensitive Personal Data about you (this includes
details about your race or ethnicity, religious or
philosophical beliefs, political opinions, criminal record,
biometric data or information about your health.
6.6.
Please be aware that if you fail to provide personal
data
that we need to collect by law, or under the terms of a
contract we have with you we may not be able to perform the
contract we have or are trying to enter into with you (for
example, to provide you with goods or services). In this
case, we may have to cancel a product or service you have
with us but we will notify you if this is the case at the
time.
7.
HOW IS YOUR PERSONAL DATA COLLECTED?
7.1.
We use different methods to collect data from and about
you including through:
7.1.1.
Direct interactions. You may give us your Identity, Contact and Financial Data
by filling in forms or by corresponding with us by email.
This includes personal data you provide when you:
7.1.1.1.
request our products or services;
7.1.1.2.
create an account on our website;
7.1.1.3.
subscribe to our service or publications;
7.1.1.4.
request marketing to be sent to you;
7.1.1.5.
enter a competition, promotion or survey; or
7.1.1.6.
give us feedback or contact us.
7.1.2.
Automated technologies or interactions.
As you interact with our website, we may automatically
collect Technical Data about your equipment, browsing
actions and patterns. If we collect this personal data we
will do so by using cookies, server logs and other similar
technologies and will provide information about the specific
cookies used and how you can adjust your cookie settings in
a cookie policy. There is some more information about
cookies set out in section 10
below.
7.1.3.
Third parties or publicly available sources. We will receive personal data about you from various
third parties as set out below:
7.1.4.
Technical Data
from
analytics providers such as Google;
and
7.1.5.
Contact, Financial and Transaction Data
from providers of technical, payment and delivery services
(if the Website offers paid for services/ online
sales).
8.
HOW WE USE YOUR PERSONAL DATA
8.1.
We will only use your personal data when the law allows
us to. Most commonly, we will use your personal data in
the following circumstances:
8.1.1.
Where we need to perform the contract we are about to enter
into or have entered into with you.
8.1.2.
Where we need to comply with a legal obligation.
8.2.
Generally, we do not rely on consent as a legal basis
for processing your personal data although we will get
your consent before sending marketing communications to
you via email or text message. You have the right to
withdraw consent to marketing at any time for the future
free of charge by contacting us at data.privacy@air.global.
8.3.
We set out below a description of the ways we plan to
use your personal data, and which of the legal bases we
rely on to do so.
Note that we may process your personal data for more
than one lawful ground depending on the specific purpose
for which we are using your data. Please contact us at
data.privacy@air.global
if you need details about the specific legal ground we
are relying on to process your personal data where more
than one ground has been set out in the table below.
Purpose/Activity | Type of data | Lawful basis for processing including basis
of legitimate interest |
To register you as a new customer | (a) Identity (b) Contact | (a) Performance of a contract with you |
To process and deliver your order
including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you
|
To manage our relationship with you which will
include: (a) Notifying you about changes to our terms or
privacy policy (b) Asking you to leave a review or take a
survey | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) Performance of a contract with you
(b) Necessary to comply with a legal
obligation |
To enable you to take part in a prize draw,
competition or complete a survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications | (a) Performance of a contract with you
|
To administer and protect our business and this
website (including troubleshooting, data
analysis, testing, system maintenance, support,
reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary to comply with a legal
obligation |
To deliver relevant website content and
advertisements to you and measure or understand
the effectiveness of the advertising we serve to
you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | (a) Your consent |
To use data analytics to improve our website,
products/services, marketing, customer
relationships and experiences | (a) Technical (b) Usage | (a) Your consent |
To make suggestions and recommendations to you
about goods or services that may be of interest
to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications | (a) Your consent |
9.
MARKETING/ PROMOTIONAL OFFERS FROM US
9.1.
We strive to provide you with choices regarding certain
personal data uses, particularly around marketing and
advertising. We have established the following personal
data control mechanisms:
9.1.1.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and
Profile Data to form a view on what we think you may
want or need, or what may be of interest to you. This is
how we decide which products, services and offers may be
relevant for you.
You will receive marketing communications from us if
you have:
- given your
consent,
- requested
information from us, or
- purchased
goods or services from us and you have not opted out of
receiving that marketing.
9.1.2.
Third-party marketing
We will get your express opt-in consent before we share
your personal data with any third party for marketing
purposes.
Opting out. You can ask us or third parties to stop sending you
marketing messages at any time for the future free of
charge by following the opt-out links on the footer of
any marketing message sent to you
or by
contacting us at any time at
data.privacy@shisha.com.
Where you opt out of receiving these marketing
messages, this will not apply to personal data provided
to us as a result of a product/service purchase,
product/service experience or other transactions.
10.
COOKIES
Cookies are small files automatically created by your
browser and stored on your end device when you visit or
are redirected to a website. The use of cookies serves
to make the use of our website more pleasant and
relevant for you. Most browsers accept cookies
automatically. You can set your browser to refuse all or
some browser cookies, or to alert you when websites set
or access cookies. If you disable or refuse cookies,
please note that some parts of a website may become
inaccessible or not function properly.
11.
SHARING YOUR PERSONAL DATA
11.1.
We may share your personal data with the parties set
out below for the purposes set out in the table
above
and any other reasons set out:
11.1.1.
Our Other Group Companies
- other companies in the AIR group which PVG Trading
LLC is part of who are based both in and outside of the
UAE for the provision of IT and system administration
services, for audit and reporting purposes and so that
our group companies can share with you information about
new initiatives and/or product launches that they are
involved in.
11.1.2.
External Third Parties
·
Service providers acting as processors based in and outside
of the UAE who provide IT and system administration
services, a secure payment gateway and marketing
communications automation.
·
Professional advisers acting as processors including
lawyers, bankers, auditors and insurers based in both in and
outside of the UAE) who provide consultancy, banking, legal,
insurance and accounting services.
·
Regulators and other authorities based both in and outside
the UAE who require reporting of processing activities in
certain circumstances.
·
Third parties to whom we may choose to sell, transfer or
merge parts of our business or our assets. Alternatively, we
may seek to acquire other businesses or merge with them. If
a change happens to our business, then the new owners may
use your personal data in the same way as set out in this
privacy policy.
11.2.
We require all third parties to respect the security of
your personal data and to treat it in accordance with
the law. We do not allow our third-party service
providers to use your personal data for their own
purposes and only permit them to process your personal
data for specified purposes and in accordance with our
instructions. Our current service
partners and their tasks can be made available to you on
request at the e-mail address data.privacy@air.global.
12.
INTERNATIONAL TRANSFERS
12.1.
We may share your personal data within the global AIR
Global group. This may involve transferring your data
outside the UAE.
12.2.
In addition, some of our external third parties are
based outside the UAE so their processing of your
personal data will involve a transfer of data outside
the UAE.
12.3.
Whenever we transfer your personal data out of the UAE,
we ensure a similar degree of protection is afforded to
it by ensuring at least one of the following safeguards
is implemented:
12.3.1.
We will only transfer your personal data to countries that
have been deemed to provide an adequate level of protection
for personal data; or
12.3.2.
Where we use certain service providers, we may use
contractual protections to give personal data the same
protection it has in the UAE.
12.4.
Please contact us if you want further information on
the specific mechanism used by us when transferring your
personal data out of the
UAE.
13.
DATA SECURITY
13.1.
We have put in place appropriate security measures to
prevent your personal data from being accidentally lost,
used or accessed in an unauthorised way, altered or
disclosed. In addition, we limit access to your personal
data to those employees, agents, contractors and other
third parties who have a business need to know. They
will only process your personal data on our
instructions, and they are subject to a duty of
confidentiality.
13.2.
We have put in place procedures to deal with any
suspected personal data breach and will notify you and
any applicable regulator of a breach where we are
legally required to do so.
14.
DATA RETENTION– HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
14.1.
We will only retain your personal data for as long as
reasonably necessary to fulfil the purposes we collected
it for. Unless
we are required to keep it longer to comply with any
legal, regulatory, tax, accounting or reporting
requirements, we will review the personal data we hold
every 2 years. If users have been completely inactive
during the previous 2-year period, we will delete
your data.
14.2.
To determine the appropriate retention period for
personal data, we consider the amount, nature and
sensitivity of the personal data, the potential risk of
harm from unauthorised use or disclosure of your
personal data, the purposes for which we process your
personal data and whether we can achieve those purposes
through other means, and the applicable legal,
regulatory, tax, accounting or other requirements.
14.3.
Details of retention periods for different aspects of
your personal data are available by contacting us
at
data.privacy@air.global.
14.4.
In some circumstances we will anonymise your personal
data (so that it can no longer be associated with you)
for research or statistical purposes, in which case we
may use this information indefinitely without further
notice to you.
15.
YOUR LEGAL RIGHTS
15.1.
You have the right to:
15.1.1.
Access your personal data and information on the
personal data stored, the purpose of processing, the
category of personal data and recipients to whom the
data have been or will be disclosed, the planned storage
period and eventually the origin of your data if not
collected directly from you;
15.1.2.
Request correction of inaccurate personal data or
completion of accurate personal data;
15.1.3.
Request deletion of your personal data, insofar as no
legal or contractual retention periods are to be
observed;
15.1.4.
Object to processing of your personal data or request
restriction of processing your personal data (e.g. for
marketing purposes); and/or
15.1.5.
Request transfer of your personal data to another
controller.
15.2.
If you wish to exercise any of the rights set out
above, please email us at data.privacy@air.global.
In addition, in any case data processing may be objected to
on grounds arising from reasons of overriding importance
(e.g. possible risk to life or health). In addition, you
have the option of contacting the supervisory authority
responsible, or the data protection officer(s).
15.3.
You will not have to pay a fee to access your personal
data (or to exercise any of the other rights). However,
we may charge a reasonable fee if your request is
clearly unfounded, repetitive or excessive.
Alternatively, we could refuse to comply with your
request in these circumstances.
15.4.
We may need to request specific information from you to
help us confirm your identity and ensure your right to
access your personal data (or to exercise any of your
other rights). This is a security measure to ensure that
personal data is not disclosed to any person who has no
right to receive it. We may also contact you to ask you
for further information in relation to your request to
speed up our response.
Version 1 – September 2022