PRIVACY POLICY

Effective Date: 14 January 2026
Last Updated: 14 January 2026
‍
Vimi Joshi Beauty L.L.C (“Vimi Joshi Beauty”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy in accordance with the laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its Executive Regulations (“UAE PDPL”).
‍
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, purchase our products, or otherwise interact with us. By using our website, you consent to the practices described in this Privacy Policy.
‍
For the purposes of UAE data protection law, Vimi Joshi Beauty L.L.C acts as the Data Controller responsible for determining the purposes and means of processing your personal data.

We may collect and process the following categories of personal data:
‍
Identity Data: name, date of birth (if provided).
‍
Contact Data: email address, phone number, billing and delivery address.
‍
Transaction Data: purchase history, order details, and payment information (processed securely via third-party providers).
‍
Technical Data: IP address, device identifiers, operating systems, browser type, operating system, and website usage data.
‍
Preference Data: marketing preferences, wishlists, survey responses, feedback, and product reviews and commuincation channels, customer service interactions, saved account preferences and any information you choose to be provided when engaging with our brand through social media or other communication channels.
‍
Cookies & Tracking Data: browsing behaviour via cookies, pixels, and analytics tools.
‍
Third-Party Information: When you shop with us, your personal information may also be collected by third-party platforms we use to operate our online store (such as Shopify) and third-party payment providers for payments and courier services. These providers may collect and process your payment details and technical information directly, in accordance with their own privacy policie.
‍
Regulatory requirements: Limited information necessary to comply with fraud-prevention requirements, prevent misuse of our services, identity verification obligations, and applicable legal or regulatory duties.
‍
We only collect information necessary to process your orders, provide customer support, improve our services, or comply with legal obligations.

We process your personal data under the following legal grounds as permitted by the UAE PDPL:
‍
Contractual necessity: to fulfil and deliver your orders, process payments, and provide customer service.
‍
Legal obligations: to comply with tax, accounting, consumer protection, and regulatory requirements.
‍
Legitimate interests: to prevent fraud, enhance website security, improve products and services,  conduct business analytics, and enhancing customer experience.
‍
Consent: for marketing communications, use of non-essential cookies, and optional profiling activities.
‍
To the extent of CCPA, our processing may fall within the categories of "business purposes", "data sharing", or limited “sale” as defined by California law, depending on the technologies used for analytics or advertising.

We use your personal data for the following purposes:
‍
To fulfil and deliver your orders.
‍
To verify and process payments securely.
‍
To communicate with you about your order and provide customer support regarding post post-purchase services such as returns or exchanges.
‍
To personalise your shopping experience and recommend relevant products.
‍
To conduct analytics, market research, and website performance monitoring.
‍
To send marketing communications where you have consented.
‍
To comply with applicable UAE laws and regulations.

If you have consented, we may use your details to send you marketing communications about our products, promotions, and events. You may withdraw your consent or opt-out of marketing at any time by clicking the ‘unsubscribe’ link in our emails or by contacting us.

Some of our third-party providers, such as Shopify, international payment processors (e.g., Google and Meta), and analytics platforms, may store or process your personal data outside the UAE.
‍
Where data is transferred internationally, standard contractual clauses, adequacy decisions or other mehcanisms for appropirate safeguards are implemented approved under UAE PDPL, EU GDPR, or if applicable, the CCPA.
‍
When required, we also assess the data protection frameworks of destination jurisdictions and implement supplementary measures to address any identified risks.

We use cookies and similar technologies to:
‍
Operate essential website functions.
‍
Analyse site traffic and performance.
‍
Improve user experience.
‍
Deliver personalised content and targeted advertisements.
‍
You may manage or disable cookies through your browser settings; however, some features of the website may not function properly without them. For more details, please refer to our Cookies Policy.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
‍
Order and transaction data: retained for up to 6 years to comply with tax and accounting obligations.
‍
Marketing data: retained until you withdraw consent. If you unsubscribe from our marketing communications, only minimal information is retained to ensure you are not contacted again.
‍
Website analytics data: retained for shorter operational periods.
‍
When data is no longer required, it will be securely deleted or anonymised.

We apply technical and organisational measures to protect your personal data, including:
‍
Encryption of sensitive information.
‍
Firewalls and secure servers.
‍
Access controls and employee confidentiality obligations.
‍
Vendor due diligence before sharing data.
‍
Despite these measures, no system is completely secure, and we cannot guarantee absolute security of your data.
‍
You are responsible for keeping your account credentials and devices secure. We are not liable for unauthorised access caused by your failure to safeguard this information.
‍
Where we become aware of a personal data breach that may pose a risk to individuals, we will take appropriate steps to investigate, mitigate harm, and notify affected individuals or authorities where required by law.

You have the following rights with respect to your personal data:
‍
Right to access a copy of your personal data.
‍
Right to correct inaccurate or incomplete data.
‍
Right to request deletion of your data (“right to be forgotten”).
‍
Right to restrict or object to certain types of processing.
‍
Right to data portability.
‍
Right to withdraw consent at any time (e.g., for marketing).
‍
Right to lodge a complaint with supervisory authority in thier jurisdiction as per EU GDPR and UK GDPR.
‍
Right to lodge a complaint with the UAE Data Office if you believe your rights have been violated.
‍
To exercise these rights, please email: customer.service@vimijoshibeauty.com
‍
We will respond to valid data subject request within 30 days or within any extended period permitted by law, and will inform you if additional time is required to process your request.

You may complete a purchase without creating an account. In such cases, your personal and payment details will still be collected and processed in accordance with this Privacy Policy.

Our website is not directed at children under the age of 18. We do not knowingly collect personal data from minors without verifiable parental consent. If we become aware that we have inadvertently collected such data, we will delete it promptly.

We may update this Privacy Policy from time to time to reflect legal, operational, or technological changes. The most recent version will always be available on our website. If changes are material, we will notify you via email or website notice.

This Privacy Policy is governed by the laws of the United Arab Emirates. Any disputes shall fall under the exclusive jurisdiction of the Dubai courts.
‍
This Privacy Policy may be translated into Arabic or other languages for convenience. In the event of inconsistency, the English version shall prevail.

If you have concerns about how we process your data, please contact us first at customer.service@vimijoshibeauty.com. If we cannot resolve your concern, you also have the right to raise a complaint with the UAE Data Office.

We will respond to all valid data subject requests within 30 days, or longer where permitted by law, and may request verification of your identity before fulfilling your request.

Questions, concerns, or data-related requests may be directed to:
customer.service@vimijoshibeauty.com

We endeavour to respond to all valid requests within the timeframes required by applicable data protection laws.