Privacy Policy

1.1 Identity and contact details

The Services are provided by Windswood General Trading LLC, a company established in the United Arab Emirates and trading under the brand name "haqme".

1.2 Data protection contact

For any privacy-related queries, to exercise your rights, or to raise concerns about how we handle your personal data, please contact us using the details on the Contact page of haqme.com or email us at info@haqme.com.

2.1 Scope

This Privacy Policy applies to personal data we collect about:

• Visitors to haqme.com
• Customers who shop as guests or create a haqme account
• Individuals who contact us (via forms, email or phone)
• Recipients of our marketing communications (where they have opted in)

2.2 Third-party services

This Privacy Policy does not cover:

• Third-party websites or services you access via links on haqme.com (such as social media platforms, external payment providers, or third-party tools)
• Lab or clinical partners who provide diagnostic test results or health services; their processing of your health data is subject to their own terms and privacy policies
• Product Partners (brands whose products we sell) who may process limited data for warranty, support or regulatory purposes under their own privacy policies

We encourage you to review the privacy policies of any third parties before providing them with your personal data.

Where you use social logins (for example, "Sign in with Google") to access the Services, the relevant provider will share certain information with us (such as your name, email address and profile image) so we can create and manage your account. Those providers are independent controllers of your data and their use of your information is governed by their own privacy policies and terms. We recommend reviewing their policies and your account settings before using social login.

3.1 Information you provide to us

• Identification and contact details: Full name, email address, mobile/phone number, billing address and delivery address(es)
• Account details: Login credentials (username/email and hashed password), saved addresses, communication and marketing preferences
• Order and transaction details: Products ordered, order numbers, order dates, delivery method selected, purchase amounts, invoices and receipts
• Customer support communications: Information you provide when you contact customer care, including messages, attachments, photos (for example, of damaged products), complaints and feedback
• Marketing and communication preferences: Your choices about receiving newsletters, offers, product recommendations and other marketing communications

3.2 Information we collect automatically

When you visit or use the Services, we automatically collect:

• Device and technical data: IP address, browser type and version, operating system, device type and identifiers, screen resolution, language settings, time zone, access times and referring website addresses
• Usage and interaction data: Pages visited, products viewed and clicked, search queries entered, time spent on pages, items added to cart, checkout steps completed, interactions with site features (such as filters, reviews or product recommendations)
• Location data: Approximate location inferred from IP address (for example, city or region), used to show relevant delivery options and comply with regional restrictions

3.3 Cookies and similar technologies

We use cookies, pixels, web beacons and similar technologies to collect data about your use of the Services. See Section 10 (Cookies and similar technologies) for detailed information about the types of cookies we use, their purposes, and how to manage your preferences.

3.4 Information we receive from other sources

We may receive limited personal data about you from third parties, including:

• Payment providers and banks (for example, confirmation of payment status or fraud indicators)
• Logistics partners (for example, delivery status, delivery attempts and returns status)
• Product Partners or service providers (for example, warranty or support information relating to a product you purchased)
• Social login providers such as Google, where you choose to sign in with those services. The information we receive may include your name, email address and profile picture, depending on the provider and your settings. We use this information to create and manage your haqme account and for authentication.

3.5 Payment data

• Payments are processed securely by our payment gateway partner Abu Dhabi Commercial Bank (ADCB) via Fiserv technology
• We do not store or have access to your full card number, CVV or complete payment instrument details on our servers
• We receive limited information from ADCB, such as payment authorisation status, masked card details (for example, last four digits), transaction references and timestamps, to manage orders, process refunds and prevent fraud

3.6 Diagnostic tests and health-related services

Where you purchase diagnostic tests or similar health services:

• haqme acts as a commerce and logistics layer only and does not store, display or process clinical test results or health data within the ecommerce platform
• Any health or test data you provide to labs or clinical partners is accessed via their own systems and is subject to their own terms and privacy policies, not this Privacy Policy
• We do not intend to process sensitive personal data (such as medical results or biometric data) as part of the haqme platform

4.1 To provide and operate the Services (contract necessity)

We use your data to:

• Create and manage your haqme account
• Process and fulfil your orders, including payment authorisation, warehousing, delivery, returns and refunds
• Send order confirmations, invoices, delivery updates, tracking information and important service messages
• Provide customer support and handle complaints, inquiries or product issues

Legal basis: Performance of the contract between you and us. Without this data, we cannot provide the Services you request.

4.2 To comply with legal and regulatory obligations

We process data where necessary to:

• Comply with applicable UAE consumer protection laws, tax regulations (VAT reporting), accounting and audit requirements
• Respond to lawful requests from regulators, law enforcement and government authorities
• Prevent, detect, investigate and report fraud, payment misuse, money laundering and other unlawful activities
• Enforce our Terms and Conditions and protect against legal claims

Legal basis: Compliance with legal obligations under UAE federal and emirate-level laws.

4.3 To protect our legitimate interests (where permitted)

Where permitted under UAE law and subject to appropriate safeguards, we may process limited personal data to pursue legitimate business interests that do not override your rights, including to:

• Improve our website, products, services and customer experience (for example, analysing how customers navigate the site, which products are popular, and where users encounter difficulties)
• Monitor performance, security, reliability and availability of the platform and related systems
• Conduct internal analytics, quality assurance and business intelligence
• Enforce our Terms and Conditions, protect our operations, intellectual property and rights, and defend against legal claims
• Prevent and detect misuse, abuse or violations of our policies

Legal basis: Legitimate interests, balanced against your rights and freedoms.

4.4 Marketing and promotions (consent)

We will use your contact details to send you marketing communications (such as newsletters, special offers, new product announcements and tailored recommendations) only where you have explicitly opted in or given valid consent, in line with UAE PDPL and Consumer Protection requirements.

• You can withdraw your consent or change your preferences at any time by using the unsubscribe link in emails, adjusting your account settings, or contacting us directly
• Withdrawing consent will not affect the lawfulness of processing before withdrawal
• We do not engage in aggressive profiling or automated decision-making with significant effects; any personalisation is limited and consent-based

Legal basis: Your explicit consent.

4.5 Cookies and analytics (consent where required)

We use cookies and similar technologies for:

• Essential site functions (strictly necessary cookies): Session management, security, shopping cart, checkout – these do not require consent as they are necessary to provide the service you request
• Analytics and performance (non-essential cookies): Understanding site usage, traffic patterns and user behaviour to improve functionality and experience
• Marketing and advertising (non-essential cookies): Delivering relevant ads, measuring campaign effectiveness and retargeting (if implemented)

For non-essential cookies, we rely on your consent and provide the ability to manage your preferences via a cookie banner and settings tool.

Legal basis: Consent (for non-essential cookies) and legitimate interest (for strictly necessary cookies).

5.1 Logistics and fulfilment partners

We share relevant order and delivery details (such as name, address, phone number, products ordered and delivery instructions) with:

• Tradeling (our primary logistics partner for warehousing, fulfilment and UAE/GCC delivery)
• Other logistics and courier providers as needed for specific delivery methods or regions

Purpose: To enable accurate and timely order fulfilment, delivery and returns processing.

5.2 Payment service providers

We share necessary transaction information with:

• Abu Dhabi Commercial Bank (ADCB) via Fiserv technology (our payment gateway) to process payments, handle refunds and verify transactions
• Your card issuer or payment provider, as required to authorise and settle payments

Purpose: To securely process payments, prevent fraud and manage refunds.

5.3 Product Partners and service providers

Where you purchase products supplied by our Product Partners (brands whose products we sell), we may share limited personal data (such as your name, contact details, product purchased and issue description) with the relevant partner or their authorised service provider to manage:

• Warranty claims and after-sales support
• Product safety notices, recalls or regulatory requirements
• Technical support or troubleshooting

Product Partners are responsible for their own use of your personal data and will process it in accordance with their own privacy policies and applicable UAE data protection laws.

We do not give Product Partners broad access to all customer data or permission to market to you directly unless required for safety or regulatory reasons.

Purpose: To facilitate warranty, support and compliance obligations for branded products.

5.4 Third-party service providers and processors

We use trusted third-party service providers to support our operations, including:

• Email service providers (for example, SendGrid) to deliver transactional and marketing emails
• Analytics providers (for example, Google Analytics) to understand site usage and performance
• Hosting and infrastructure providers (cloud services) to store data and run the platform
• Customer support tools to manage inquiries and provide assistance
• Security and fraud-prevention services to monitor threats and protect the platform

These providers act as processors under our instructions and may only use your data for the purposes we specify. They are contractually required to protect your data and comply with applicable data protection standards.

How third parties use your data

We require all third parties who receive personal data from us to keep it secure, treat it as confidential and use it only for the purposes agreed with us or as required by law. Where those third parties act as independent controllers (for example, payment providers, Product Partners or social login providers such as Google), their use of your personal data is governed by their own privacy policies, which we recommend you review.

5.5 Regulatory, legal and fraud-prevention sharing

We may disclose personal data:

• Where required by law or in response to valid legal requests from regulators, courts, law enforcement or government authorities
• To enforce our Terms and Conditions, investigate suspected fraud or misuse, protect our rights or defend against legal claims
• With banks, payment providers and fraud-prevention agencies to prevent, detect and investigate fraudulent activity or payment misuse

5.6 Business transfers

If we undergo a restructuring, merger, acquisition or sale of all or part of our business, personal data may be transferred to the new entity as part of the transaction, subject to:

• Continued protections under this Privacy Policy or an equivalent policy
• Compliance with applicable data protection laws
• No negative effect on your rights

5.7 Aggregated and anonymised data

We may use transactional and account data in aggregate form for analytics and business reporting (such as overall sales trends, popular product categories or site performance metrics) without identifying individual users.

5.8 What we do NOT do

We do not sell your personal data to third parties for monetary consideration.

6.1 Transfers outside the UAE

Some of our service providers, partners or systems may be located outside the UAE (for example, cloud hosting providers, analytics services or email platforms), which may result in your personal data being transferred to or accessed from other countries.

6.2 Safeguards for cross-border transfers

Where we transfer personal data internationally, we will:

• Ensure that the receiving country offers an adequate level of data protection as recognised by UAE authorities; or
• Put in place appropriate safeguards (such as data transfer agreements, standard contractual clauses or binding corporate rules) consistent with UAE PDPL requirements and international best practices

6.3 Categories of overseas processors

Personal data may be transferred to processors in the following categories (subject to appropriate safeguards):

• Email and communication service providers
• Analytics and advertising platforms
• Cloud hosting and infrastructure providers
• Payment gateway and fraud-prevention services

By using the Services, you acknowledge that such cross-border transfers may occur as described in this Privacy Policy, subject to applicable legal requirements and safeguards.

7.1 Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, disclosure or destruction, taking into account:

• The nature and sensitivity of the data
• The risks of processing
• Current technology and industry best practices

These measures include, for example:

• Encryption in transit: HTTPS (TLS/SSL) for all website traffic and secure API connections
• Access controls: Role-based access restrictions, strong authentication requirements and logging of access to personal data
• Secure development practices: Code reviews, security testing, vulnerability scanning and penetration testing
• Monitoring and incident response: Real-time monitoring, logging, intrusion detection and incident response procedures
• Delegated PCI DSS compliance: Payment card data is handled by ADCB and Fiserv; we do not store full card details on our servers, reducing PCI scope

No system is completely secure, but we continuously review and improve our security measures to protect your data.

7.2 Data retention – how long we keep your data

We keep your personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy or to comply with legal, regulatory, tax or accounting requirements.

General retention periods:

When data is no longer needed, we will delete or anonymise it in a secure manner, subject to any legal obligations to retain it for longer.

8.1 Right of access

To request confirmation of whether we process your personal data and to obtain a copy of that data, along with information about how it is used, with whom it is shared, and how long it is retained.

8.2 Right to correction

To request that inaccurate, incomplete or outdated personal data is corrected or updated.

8.3 Right to deletion (right to be forgotten)

To request deletion of your personal data in certain circumstances, such as:

• The data is no longer needed for the purposes for which it was collected
• You withdraw consent (where processing is based on consent) and there is no other legal ground for processing
• The data has been unlawfully processed

This right is subject to our legal obligations to retain data for tax, accounting, fraud prevention or legal defence purposes.

8.4 Right to restriction

To request that we limit processing of your data in certain situations, such as:

• While we verify the accuracy of your data following a correction request
• While we assess an objection you have raised to processing
• Where processing is unlawful but you do not want the data deleted

8.5 Right to data portability

To request a copy of your personal data in a structured, commonly used and machine-readable format (for example, CSV or JSON), and to have that data transmitted to another service provider where technically feasible.

8.6 Right to object

To object to certain processing activities, including:

• Direct marketing: You can object to receiving marketing communications at any time, and we will stop processing your data for that purpose
• Processing based on legitimate interests: You can object where we rely on legitimate interests as the legal basis, and we will stop processing unless we have compelling legitimate grounds that override your interests

8.7 Right to withdraw consent

Where processing is based on your consent (for example, marketing or non-essential cookies), you can withdraw your consent at any time by:

• Clicking the unsubscribe link in marketing emails
• Adjusting your cookie preferences via the cookie settings tool
• Contacting us directly via the Contact page or privacy email

Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.

8.8 How to exercise your rights

To exercise any of these rights, please contact us using the details on the Contact page of haqme.com or email info@haqme.com, clearly stating:

• Your request (which right you wish to exercise)
• Sufficient information for us to identify you (such as name, email address and order number if applicable)

We will:

• Respond within a reasonable timeframe (typically within 30 days, in line with PDPL guidance)
• Verify your identity before acting on your request to protect your data
• Explain any reasons if we are unable to fully comply (for example, due to overriding legal obligations or legitimate grounds)

8.9 Right to complain

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to escalate your concern to the relevant UAE supervisory or consumer protection authority. Details of such authorities are published on official UAE government portals.

9.1 What marketing we send

Where you have opted in, we may use your contact details to send:

• Newsletters and editorial content about longevity, health and wellness
• Promotions, special offers, discount codes and exclusive deals
• New product announcements and curated recommendations
• Surveys, feedback requests or invitations to participate in customer research

9.2 Your consent and our compliance

• We will not use your personal data for direct marketing or promotions without your prior explicit consent, in line with UAE Consumer Protection Law and PDPL consent requirements
• We do not engage in aggressive profiling, automated decision-making with significant effects, or high-frequency unsolicited marketing
• Any personalisation or recommendations are limited, transparent and consent-based

9.3 How to opt out or change preferences

You can stop receiving marketing communications at any time by:

• Clicking the unsubscribe link at the bottom of any marketing email
• Updating your preferences in your haqme account settings (where available)
• Contacting us via the details on the Contact page or emailing info@haqme.com

Please note that even if you opt out of marketing, we may still send you service-related communications, such as:

• Order confirmations and delivery updates
• Invoices and receipts
• Security alerts or changes to your account
• Important updates to our Terms and Conditions or Privacy Policy

These are necessary to provide the Services you have requested and are not considered marketing.

10.1 What are cookies?

Cookies are small text files placed on your device (computer, tablet or smartphone) when you visit a website. They allow the site to recognise your device and store certain information about your preferences, session state or actions.

We also use similar technologies such as:

• Pixels (web beacons): Invisible images embedded in web pages or emails to track views, clicks and interactions
• Local storage: Browser-based storage (for example, HTML5 local storage) to save data locally on your device

10.2 Types of cookies we use

We categorise cookies into the following types:

10.3 Specific cookies we use

Below is a summary of key cookies; a full cookie table is available in our dedicated Cookie Policy (linked in the footer of haqme.com):

10.4 Legal basis for cookies

• Strictly necessary cookies: The legal basis is our legitimate interest in providing a secure and functioning ecommerce service. These cookies cannot be switched off as they are essential to the Services.
• Non-essential cookies (analytics, functionality, advertising): The legal basis is your consent, obtained through a cookie banner and preference centre, in line with UAE PDPL and best practices.

10.5 Cookie consent and preferences

When you first visit haqme.com, you will see a cookie banner that:

• Explains what cookies we use and why
• Provides clear options to Accept All, Reject Non-Essential or Manage Preferences
• Ensures non-essential cookies are off by default until you consent

You can change your cookie preferences at any time by:

• Clicking Cookie Settings in the footer of haqme.com
• Adjusting your browser settings to block or delete cookies (note: this may impact your ability to use some features of the site or complete purchases)
• Opting out of Google Analytics via the Google Analytics Opt-out Browser Add-on

10.6 Third-party cookies

Some cookies may be set by third parties (such as analytics providers, payment gateways or advertising networks) when you visit haqme.com. This may include cookies or similar technologies set by social media platforms when you interact with our content, share products, or use social login features.

We do not control these cookies; they are subject to the third parties' own privacy policies. We recommend reviewing their policies to understand how they use cookies and your data.

11.1 Age restriction

The Services are intended for adults and are not directed at individuals under 18 years of age, in line with our Terms and Conditions.

11.2 No intentional collection of children's data

We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us immediately using the details on the Contact page or email info@haqme.com so we can take appropriate steps, such as:

• Deleting the data
• Obtaining proper parental or guardian consent where required by law
• Restricting account access

12.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our Services, business practices or operations
• New legal or regulatory requirements
• Improvements to our data protection practices

12.2 Notification

When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Provide additional notice where appropriate (for example, via email, a prominent banner on the website, or in-app notification)

12.3 Your acceptance

Your continued use of the Services after the updated Privacy Policy becomes effective will be treated as acceptance of the changes. If you do not agree with the updated Policy, you should:

• Stop using the Services
• Request closure of your account (subject to data retention obligations)

13.1 Privacy and data protection inquiries

If you have any questions, concerns or requests about this Privacy Policy or how we handle your personal data, or if you wish to exercise your rights, please contact us:

• Via the Contact page on haqme.com
• Email: info@haqme.com
• By post or phone using the details shown in your order confirmation or on the Contact page

13.2 Escalation to authorities

Where applicable under UAE law, if you are not satisfied with our response or how we handle your personal data, you may have the right to escalate unresolved concerns to:

• The relevant UAE supervisory or consumer protection authority
• The UAE Data Office or other competent authority as designated under the PDPL

Details of such authorities and how to contact them are published on official UAE government portals (for example, u.ae).

End of Privacy Policy