Welcome to Gaara Boutique (website: gaaraboutique.com). We are a Qatar-based online boutique specializing in curated luxury beauty products from Europe, the USA, Korea, and Japan.
Your privacy is important to us. This Privacy Policy explains how Gaara Boutique (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you visit our website, make a purchase, or interact with our services.
This policy complies with:
Qatar Law No. 13 of 2016 Concerning Personal Data Privacy Protection (PDPPL)
Qatar Law No. 8 of 2008 Regarding Consumer Protection (e-commerce provisions)
By using our website, you consent to the data practices described in this policy.
How you arrived at our site (search engine, social media, direct link)
This information is collected via cookies, log files, web beacons, and pixels.
2.3 Sensitive Data (Special Category Data)
We do not collect sensitive personal data, including health information, religious beliefs, biometric data, or political opinions . If you voluntarily share health-related concerns about products (e.g., allergy information), we will treat it with strict confidentiality and only use it for product safety purposes as required by Qatar law.
Children’s Data: Our website is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.
3. How We Use Your Personal Information
We use your information for the following purposes, in compliance with Qatar PDPPL:
Purpose
Legal Basis (PDPPL)
Order Processing & Fulfillment – Process payments, arrange shipping, send order confirmations, manage returns
Contract performance
Customer Service – Respond to inquiries, resolve issues, process returns
Contract performance / Legitimate interest
Account Management – Create and maintain your account, save preferences
Consent / Contract performance
Marketing Communications – Send promotional emails, newsletters, special offers (only with your explicit consent)
Consent (required by Qatari law)
Personalization – Recommend products based on browsing/purchase history
Legal Compliance – Respond to lawful requests from Qatari authorities
Legal obligation
Analytics & Improvement – Analyze website usage to improve user experience
Legitimate interest
4. Marketing Communications (Opt-In Required)
Under Qatar Law No. 8 of 2008, we cannot send you marketing communications without your explicit consent.
Opt-In: You will see a checkbox during account creation or checkout asking for your permission to receive marketing emails/SMS about new products, sales, and exclusive offers.
Opt-Out: You may unsubscribe at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly.
Transactional Messages: Order confirmations, shipping updates, and account-related communications are not considered marketing and will be sent regardless of marketing preferences, as they are necessary for contract fulfillment.
Text Messaging (SMS): If you opt in to receive SMS marketing, you may reply STOP at any time to unsubscribe . Message and data rates may apply. We never sell SMS opt-in data to third parties.
5. Sharing Your Personal Information
We do not sell your personal information to third parties. However, we may share your information in the following circumstances:
Recipient Category
Purpose
Example
Service Providers
Order fulfillment, payment processing, shipping, email delivery
Payment gateway, courier services
IT & Analytics Providers
Website hosting, analytics, security monitoring
Google Analytics, hosting provider
Marketing Partners
Targeted advertising (with your consent)
Social media platforms (Facebook, Instagram)
Legal & Regulatory Authorities
Compliance with Qatari laws, court orders, or legal requests
Ministry of Commerce and Industry, NDPO
Business Transfers
In the event of a merger, acquisition, or sale of assets
Successor entity
All third-party service providers are contractually obligated to protect your data and use it only for specified purposes .
Under Qatar PDPPL, we remain responsible for your personal data even when processed by third parties on our behalf.
6. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience.
6.1 Types of Cookies We Use
Cookie Type
Purpose
Example
Strictly Necessary
Required for website functionality (cart, checkout, login)
Session cookies
Performance/Analytical
Analyze website usage and improve performance
Google Analytics
Functional
Remember your preferences (language, region)
Language selection
Targeting/Advertising
Deliver relevant ads based on your browsing
Facebook Pixel, Google Ads
6.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality .
Under Qatar Law No. 13 of 2016, you have the following rights regarding your personal data :
Right
Description
Right to Access
Request a copy of the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Deletion
Request deletion of your data (subject to legal retention requirements)
Right to Withdraw Consent
Withdraw previously given consent for marketing or data processing
Right to Object
Object to processing based on legitimate interests
Right to Data Portability
Request transfer of your data to another controller (where technically feasible)
To exercise these rights, please contact our Data Protection Officer using the details in Section 13.
Response Time: We will respond to your request within 30 days as required by Qatari law.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by Qatari law.
Data Type
Retention Period
Order Information
5 years (for tax and legal compliance)
Account Information
As long as your account remains active + 2 years after closure
Marketing Data
Until you withdraw consent
Customer Service Records
2 years from last interaction
Payment Information
Not stored (processed by secure payment gateway)
After the retention period expires, your data will be securely deleted or anonymized.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction :
Security Measure
Implementation
Encryption
SSL/TLS encryption for all data transmitted between your browser and our website
Access Controls
Restricted access to personal data on a need-to-know basis
Secure Storage
Encrypted databases with firewalls
Regular Audits
Periodic security assessments and vulnerability scans
Payment Security
PCI-DSS compliant payment gateway (we do not store credit card details)
In the event of a data breach, we will notify affected individuals and the National Data Privacy Office (NDPO) as required under Qatari law .
10. International Data Transfers
As a Qatar-based business sourcing products from Europe, the USA, Korea, and Japan, some of your data may be transferred to or accessed from these regions .
We ensure adequate safeguards for international data transfers by:
Using Standard Contractual Clauses (SCCs) with service providers
Ensuring recipient countries have adequate data protection laws
Obtaining your explicit consent where required
For more information about how we protect your data during international transfers, please contact us.
11. Third-Party Links
Our website may contain links to third-party websites (e.g., brand websites, social media platforms). This Privacy Policy does not apply to those websites. We encourage you to read the privacy policies of any third-party sites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.
Minor updates: The “Last Updated” date at the top of this policy will be revised.
Material changes: We will notify you via email (if you have an account) or via a prominent notice on our website.
Your continued use of our website after any changes constitutes acceptance of the updated policy.
13. Contact Information
For privacy-related inquiries, data requests, or complaints, please contact:
Data Protection Officer (DPO): Name: charlas Email: support@gaaraspa.com
Postal Address: Gaara Boutique The Pearl Qatar, Porto Arabia Marina Way 22, Tower 22 & 23 Doha, Qatar
14. Complaints
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the National Data Privacy Office (NDPO) under the Ministry of Communications and Information Technology (MCIT) in Qatar