Privacy Policy

Sahar Al Aufi (hereinafter referred to as "Sahar Al Aufi," "Data Controller," or "Company"), with its registered office at [insert address], as the Data Controller, informs users, in accordance with EU Regulation 679/2016 (GDPR) and applicable data protection regulations, including national legislation in the Sultanate of Oman on the protection of personal data (collectively, the "Privacy Regulation"), that personal data ("Data") relating to users of the Website (www.sahar-alaufi.com) ("Data Subjects") will be processed in accordance with the methods and for the purposes outlined in this privacy policy.

Sahar Al Aufi is the Data Controller responsible for the processing of personal data ("Data") collected through this Website (www.sahar-alaufi.com).

With respect to the use of Facebook Business Tools—including, but not limited to, Facebook cookies, plug-ins, and Pixels—Sahar Al Aufi and Facebook Ireland Limited (registered office: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter "Facebook") act as joint data controllers. This arrangement is based on a specific Joint Controllership Agreement to facilitate:

  • Measurement of user interaction with the Website, tailored to the preferences of the Data Subjects; and
  • Delivery of targeted advertising within the Facebook platform.

For further information on how Facebook Ireland processes your Data, including the legal basis for such processing and instructions on how to exercise your rights concerning Facebook Ireland, please refer to Facebook Ireland's Data Policy.

In compliance with Article 37 of the General Data Protection Regulation (GDPR), the Data Controller, Sahar Al Aufi, has appointed a Data Protection Officer (hereinafter, "DPO").

The DPO can be contacted at the following email address: [email protected].

The following categories of personal data ("Data") are processed by Sahar Al Aufi:

  • Browsing Data

    • Browsing data includes information such as IP addresses or domain names of the devices used by users to access the Website, and Uniform Resource Identifier (URI) addresses of requested resources. These data are transmitted as part of standard Internet communication protocols. While these data are not collected to identify users, they could, through processing and association with data held by third parties, allow for identification.

    Browsing data are used for the following purposes:

    • To obtain anonymous statistical information on Website usage;
    • To ensure the proper functioning of the Website;
    • To ascertain responsibility in cases of suspected cybercrime or unauthorized access to the Website.

    In such cases, it may be possible, solely for the purpose of determining responsibility, to trace additional identifying information (e.g., name, surname, email address, or telephone number) based on the user's IP address and domain name.

  • Data Voluntarily Provided by the User

    • This includes:

    • Identification data (e.g., name, surname, email address, telephone number, tax identification number);
    • Any other information provided by users when:
      • Registering on the Website;
      • Completing data collection forms; or
      • Requesting services or features, such as signing up for the Newsletter Service.
  • Cookies

    • For details about cookies used on the Website, please refer to the Cookie Policy available on www.sahar-alaufi.com.

The protection of the safety and privacy of minors is of utmost importance to us. By registering on the Website (www.sahar-alaufi.com) in the appropriate section, completing any data collection forms, or subscribing to the Newsletter service, the Data Subject confirms that they are at least 16 years old or meet the minimum age requirement as stipulated by the legislation of their country of residence if it specifies a different age limit.

The personal data provided by Data Subjects through the Sahar Al Aufi website are collected and processed for the following purposes and legal bases:

A. Without Prior Consent, for Service-Related Purposes, Including:

  • Execution of Contracts and Pre-Contractual Commitments:
    • Ensuring the proper functioning of the website and providing any required technical assistance.
    • Managing contact requests submitted by Data Subjects.
    • Facilitating the registration and access to the "My Sahar Al Aufi" reserved area.
    • Managing payments and completing product purchase orders.
  • Compliance with Legal Obligations:
    • Fulfilling obligations required by laws, regulations, or directives issued by national or international authorities.
  • Pursuit of Legitimate Interests of the Data Controller:
    • Maintaining and managing the website to ensure its operational integrity and continuous improvement.
    • Profiling to analyze data collected through automated means, enabling the delivery of personalized services, offers, and initiatives based on user interests, preferences, and purchasing behaviors. This may include creating clusters of similar user profiles for targeted digital campaigns, using automated software like CRM systems.
    • Conducting statistical analyses through analytical cookies (as described in the Cookie Policy) to enhance website functionality without identifying individual users.
    • Detecting and preventing fraudulent activities or abuse of the website, protecting the Data Controller’s rights in legal proceedings, and managing disputes.
    • Sending commercial communications to existing customers about products or services similar to those previously used, aligning with the legitimate business interests of the Data Controller. Each email will include an option to opt out of future communications.

B. With Prior Consent, for the Following Purposes:

  • Marketing Activities:
    • Sending promotional messages, commercial proposals, and advertising materials related to Sahar Al Aufi products and services. This includes catalogs, brochures, event invitations, market research, and customer satisfaction surveys through various channels such as email, SMS, MMS, telephone, social media, and more.
  • Use of Facebook Tools:
    • Measuring and analyzing interactions with the website using Facebook Business Tools (e.g., cookies, plugins, and Facebook Pixel) to provide targeted advertising on the Facebook platform. Information collected through these interactions may be transmitted directly to Facebook for processing, as described in Facebook's Data Policy.
  • Facebook Custom Audiences:
    • With the Data Subject's consent, analyzing preferences and behaviors on the website to create custom audience lists for targeted advertising within Facebook's platform. Data may be shared with Facebook for this purpose, and Facebook acts as a data processor. For further details, refer to Facebook’s Terms and Conditions.

For more information on the use of cookies, profiling, and social plugins, please refer to the Cookie Policy available on the Sahar Al Aufi website.

The provision of personal data for the purposes outlined in Paragraph A is mandatory. Failure to provide such data will prevent Sahar Al Aufi from fulfilling its contractual obligations, complying with legal requirements, or responding to requests submitted by Data Subjects.

For the purposes described in Paragraph B, the provision of personal data is optional and depends on the explicit consent of the Data Subject. Refusal to grant consent will have the following consequences:

  • The Data Subject will not receive information about initiatives, offers, or promotional activities that might interest them.
  • Sahar Al Aufi will not be able to analyze the Data Subject's purchasing habits and preferences.
  • Tools for measuring interactions and preferences, such as Facebook Business Tools, cannot be utilized to provide targeted advertising or personalized experiences.

    • Such refusal will not otherwise affect the Data Subject's ability to use the Sahar Al Aufi website or access its core services.

The processing of personal data is conducted electronically, encompassing the following operations: collection, registration, updating, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, usage, interconnection, blocking, deletion, and destruction of data. These processes are carried out by Sahar Al Aufi and its authorized personnel using both automated and manual methods.

Data processing adheres to the principles of fairness, integrity, and transparency, as outlined in applicable data protection laws. The confidentiality and rights of Data Subjects are safeguarded through the implementation of appropriate technical and organizational measures designed to ensure a level of security proportional to the risks involved.

Specific security measures are in place to:

  • Prevent data loss,
  • Guard against unlawful or improper use,
  • Protect against unauthorized access.

These measures aim to uphold the integrity and confidentiality of the personal data being processed.

  • Retention of Data for Primary Purposes

    • In relation to the purposes outlined in point A) of paragraph 5 (Purposes of Processing), the personal data shall be processed for the entire duration of the relationship, in order to fulfill the aforementioned purposes. Data necessary for compliance with applicable legal obligations will also be retained beyond the duration of the relationship, in accordance with such obligations and the retention periods prescribed by the relevant laws and regulations in force from time to time.

  • Retention of Data for Secondary Purposes
    • Marketing and Profiling

      • For personal data processed for the purposes outlined in point B, subpoints 1 (marketing) and 2 (profiling) in paragraph 5 (Purposes of Processing), considering the nature of the high-end products involved and the average annual frequency of purchase by each customer, such data shall be retained for a maximum period of seven (7) years. This retention period is deemed appropriate and proportionate to the purposes pursued and the nature of the data processed. Upon expiration of this retention period, the personal data shall be permanently deleted or anonymized. However, Data Subjects retain the right to provide new consent for the continuation of processing for the same purposes.

    • Facebook Business Tools

      • For personal data processed under point B, subpoint 3 (use of Facebook Business Tools) of paragraph 5 (Purposes of Processing), such data shall be handled in accordance with Facebook's Data Policy, which is accessible at Facebook Data Policy.

    • Facebook Custom Audience Services

      • For personal data processed under point B, subpoint 4 (use of Facebook Custom Audience services) of paragraph 5 (Purposes of Processing), the data shall be processed by Sahar Al Aufi in accordance with the contractual arrangements with Facebook and retained until such time as the Data Subject modifies their consent or requests the cancellation of the data.

The processing of personal data is carried out by Sahar Al Aufi's internal staff, designated for this purpose as Data Processors or persons authorized to process such data. For the purposes mentioned above, the collected data may also be processed by third parties designated as external Data Processors or, where applicable, communicated to such parties as independent Data Controllers. Specifically, the data may be communicated to the following recipients:

RECIPIENT/SCOPE OF DATA COMMUNICATION DATA SHARED
Companies within our corporate group for the purposes specified above. Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, and Website usage information.
Persons, companies, associations, or professional firms providing assistance and consultancy to Sahar Al Aufi, including but not limited to accounting, administrative, legal, tax, and financial matters. Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, and Website usage information.
Service providers, companies, and organizations that perform services related to and instrumental for enabling Website navigation, delivery of catalogs or purchased products, in-store services, customer service, market research, payment processing, or maintenance of IT systems. Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, and Website usage information.
Payment providers (such as Klarna, if available in your country). For further information regarding Klarna’s role as an independent Data Controller, you can refer to the following links: EU: https://docs.klarna.com/klarna-payments/legal-and-privacy/eu/, US: https://docs.klarna.com/klarna-payments/legal-and-privacy/us/. Name, billing address, shipping address, email address, phone number, date of birth, payment information, etc.
Public administrations for the performance of institutional functions, in accordance with applicable laws and regulations. Name, email address, residence, phone number, date of birth, demographic information, order history, IP address, payment information, preferences, transaction information, and Website usage information.

In addition, data may be made accessible, communicated, and transferred to public bodies, judicial authorities, and law enforcement agencies that process data as independent controllers, in response to official requests or as expressly required by law.

The full and updated list of entities processing personal data as Data Processors or Independent Data Controllers is available upon request from Sahar Al Aufi, at the registered office in [insert applicable address for Sahar Al Aufi].

The Company may transfer personal data outside of Oman, including to countries outside the European Union or the Gulf Cooperation Council (GCC). In doing so, the Company complies with applicable data protection regulations and assesses the impact of such transfers to ensure that personal data is adequately safeguarded. Where required, the Company implements appropriate safeguards, such as reliance on adequacy decisions, Standard Contractual Clauses, or other legally recognized mechanisms to ensure data protection during transfer.

For details regarding the transfer of personal data collected via cookies, including third-party cookies, please refer to Sahar Al Aufi’s Cookie Policy and the respective privacy policies of third-party providers. Links to these third-party policies are included in the Cookie Policy for reference.

Data Subjects are entitled to exercise the following rights under applicable data protection laws:

  • Right of Access: To confirm whether personal data is processed and to access such data.
  • Right to Rectification: To request updates, modifications, or corrections to personal data.
  • Right to Erasure ("Right to Be Forgotten"): To request deletion of data that is no longer necessary or processed unlawfully.
  • Right to Restriction: To limit the processing of data under specific circumstances.
  • Right to Object: To object to data processing based on legitimate interests.
  • Right to Withdraw Consent: To withdraw consent at any time, without affecting the lawfulness of processing based on prior consent.
  • Right to Data Portability: To receive personal data in a structured, commonly used, machine-readable format and request its transfer to another Data Controller.
  • Right to Lodge a Complaint: To file a complaint with the competent Supervisory Authority in the event of a data protection violation.

    • Requests related to these rights can be addressed to the Company via:

    • Email: [email protected]
    • Postal Address: [Insert Sahar Al Aufi's physical address here]

The Company's Website may utilize social plug-ins, which are special tools that integrate functionalities of social networks directly into the Website (e.g., the “Like” button for Facebook). All social plug-ins on the Website are clearly identifiable by the respective logos of the social network platforms.

When a user visits a page on the Website and interacts with a plug-in (e.g., by clicking the “Like” button) or leaves a comment, the corresponding information is transmitted by the user's browser directly to the relevant social networking platform (e.g., Facebook) and stored there. For more details about the purpose, type, and manner of collection, processing, use, and storage of personal data by these platforms, as well as how to exercise your rights, please refer to the privacy policy of the respective social network. For Facebook, you can access this information at Facebook Data Policy.

Additionally, the Company's Website may contain links, including hyperlinks, widgets, banners, or cross-references to external websites or platforms operated by third parties. The Company does not control these external websites or platforms. For details on the collection, processing, use, and storage of personal data by such third-party platforms, users are encouraged to review the privacy policies available on the respective platforms.

This Privacy Policy may be updated or amended from time to time. Users are encouraged to review this page periodically to stay informed about any changes. The most recent version of the Privacy Policy will always indicate the date of its last update.

Version January 2025