Last Updated: May 14, 2026
1. Introduction
Welcome to Gaara Boutique (website: gaaraboutique.com). We are a Qatar-based online boutique specializing in curated luxury beauty products from Europe, the USA, Korea, and Japan.
Your privacy is important to us. This Privacy Policy explains how Gaara Boutique (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you visit our website, make a purchase, or interact with our services.
This policy complies with:
- Qatar Law No. 13 of 2016 Concerning Personal Data Privacy Protection (PDPPL)
- Qatar Law No. 8 of 2008 Regarding Consumer Protection (e-commerce provisions)
By using our website, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Information You Provide to Us
| Category | Examples | Purpose |
|---|---|---|
| Identity Data | Full name, date of birth | Account creation, order fulfillment |
| Contact Data | Email address, phone number, billing/shipping address | Order delivery, customer service, shipping updates |
| Transaction Data | Products purchased, order history, payment information | Order processing, returns, warranty |
| Account Data | Username, password (encrypted), wishlist items | Account management, personalized experience |
| Communication Data | Messages sent via contact forms, live chat, email | Customer support, query resolution |
2.2 Information Automatically Collected (Device & Usage Data)
When you visit our website, we automatically collect:
| Data Type | Examples |
|---|---|
| Technical Data | IP address, browser type, device type, operating system |
| Usage Data | Pages viewed, time spent, products viewed, search queries |
| Location Data | Approximate geographic location (country/city level) |
| Referral Data | How you arrived at our site (search engine, social media, direct link) |
This information is collected via cookies, log files, web beacons, and pixels .
2.3 Sensitive Data (Special Category Data)
We do not collect sensitive personal data, including health information, religious beliefs, biometric data, or political opinions . If you voluntarily share health-related concerns about products (e.g., allergy information), we will treat it with strict confidentiality and only use it for product safety purposes as required by Qatar law.
Children’s Data: Our website is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.
3. How We Use Your Personal Information
We use your information for the following purposes, in compliance with Qatar PDPPL:
4. Marketing Communications (Opt-In Required)
Under Qatar Law No. 8 of 2008, we cannot send you marketing communications without your explicit consent .
- Opt-In: You will see a checkbox during account creation or checkout asking for your permission to receive marketing emails/SMS about new products, sales, and exclusive offers.
- Opt-Out: You may unsubscribe at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly.
- Transactional Messages: Order confirmations, shipping updates, and account-related communications are not considered marketing and will be sent regardless of marketing preferences, as they are necessary for contract fulfillment.
Text Messaging (SMS): If you opt in to receive SMS marketing, you may reply STOP at any time to unsubscribe . Message and data rates may apply. We never sell SMS opt-in data to third parties.
5. Sharing Your Personal Information
We do not sell your personal information to third parties. However, we may share your information in the following circumstances:
| Recipient Category | Purpose | Example |
|---|---|---|
| Service Providers | Order fulfillment, payment processing, shipping, email delivery | Payment gateway, courier services |
| IT & Analytics Providers | Website hosting, analytics, security monitoring | Google Analytics, hosting provider |
| Marketing Partners | Targeted advertising (with your consent) | Social media platforms (Facebook, Instagram) |
| Legal & Regulatory Authorities | Compliance with Qatari laws, court orders, or legal requests | Ministry of Commerce and Industry, NDPO |
| Business Transfers | In the event of a merger, acquisition, or sale of assets | Successor entity |
All third-party service providers are contractually obligated to protect your data and use it only for specified purposes .
Under Qatar PDPPL, we remain responsible for your personal data even when processed by third parties on our behalf .
6. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience.
6.1 Types of Cookies We Use
| Cookie Type | Purpose | Example |
|---|---|---|
| Strictly Necessary | Required for website functionality (cart, checkout, login) | Session cookies |
| Performance/Analytical | Analyze website usage and improve performance | Google Analytics |
| Functional | Remember your preferences (language, region) | Language selection |
| Targeting/Advertising | Deliver relevant ads based on your browsing | Facebook Pixel, Google Ads |
6.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality .
For more information about cookies: Visit www.allaboutcookies.org
6.3 Opt-Out Options for Targeted Advertising
You can opt out of targeted advertising through the following links:
- Google Ads: https://www.google.com/settings/ads
- Facebook: https://www.facebook.com/settings/?tab=ads
- Digital Advertising Alliance: http://optout.aboutads.info
7. Your Rights Under Qatar PDPPL
Under Qatar Law No. 13 of 2016, you have the following rights regarding your personal data :
| Right | Description |
|---|---|
| Right to Access | Request a copy of the personal data we hold about you |
| Right to Rectification | Request correction of inaccurate or incomplete data |
| Right to Deletion | Request deletion of your data (subject to legal retention requirements) |
| Right to Withdraw Consent | Withdraw previously given consent for marketing or data processing |
| Right to Object | Object to processing based on legitimate interests |
| Right to Data Portability | Request transfer of your data to another controller (where technically feasible) |
To exercise these rights, please contact our Data Protection Officer using the details in Section 13.
Response Time: We will respond to your request within 30 days as required by Qatari law.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by Qatari law.
| Data Type | Retention Period |
|---|---|
| Order Information | 5 years (for tax and legal compliance) |
| Account Information | As long as your account remains active + 2 years after closure |
| Marketing Data | Until you withdraw consent |
| Customer Service Records | 2 years from last interaction |
| Payment Information | Not stored (processed by secure payment gateway) |
After the retention period expires, your data will be securely deleted or anonymized.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction :
| Security Measure | Implementation |
|---|---|
| Encryption | SSL/TLS encryption for all data transmitted between your browser and our website |
| Access Controls | Restricted access to personal data on a need-to-know basis |
| Secure Storage | Encrypted databases with firewalls |
| Regular Audits | Periodic security assessments and vulnerability scans |
| Payment Security | PCI-DSS compliant payment gateway (we do not store credit card details) |
In the event of a data breach, we will notify affected individuals and the National Data Privacy Office (NDPO) as required under Qatari law .
10. International Data Transfers
As a Qatar-based business sourcing products from Europe, the USA, Korea, and Japan, some of your data may be transferred to or accessed from these regions .
We ensure adequate safeguards for international data transfers by:
- Using Standard Contractual Clauses (SCCs) with service providers
- Ensuring recipient countries have adequate data protection laws
- Obtaining your explicit consent where required
For more information about how we protect your data during international transfers, please contact us.
11. Third-Party Links
Our website may contain links to third-party websites (e.g., brand websites, social media platforms). This Privacy Policy does not apply to those websites. We encourage you to read the privacy policies of any third-party sites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.
- Minor updates: The “Last Updated” date at the top of this policy will be revised.
- Material changes: We will notify you via email (if you have an account) or via a prominent notice on our website.
Your continued use of our website after any changes constitutes acceptance of the updated policy.
13. Contact Information
For privacy-related inquiries, data requests, or complaints, please contact:
Gaara Boutique
Email: support@gaaraspa.com
Phone: +974 3382 2288
Data Protection Officer (DPO):
Name: charlas
Email: support@gaaraspa.com
Postal Address:
Gaara Boutique
The Pearl Qatar, Porto Arabia
Marina Way 22, Tower 22 & 23
Doha, Qatar
14. Complaints
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the National Data Privacy Office (NDPO) under the Ministry of Communications and Information Technology (MCIT) in Qatar