PRIVACY
POLICY

INTRODUCTION

Hanging On By Fingertips (“we”, “us”, “our”, or “the Company”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase our products, or interact with our services.

This Privacy Policy applies to all information collected through our website, mobile applications, and any related services, sales, marketing, or events (collectively, the “Services”). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use our Services.

We comply with applicable data protection laws including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, the European Union General Data Protection Regulation (GDPR), and any other relevant local and international data protection regulations.

WHO WE ARE

Hanging On By Fingertips is a retail and e-commerce brand operating primarily within the United Arab Emirates. We offer a range of products through our online platform and physical locations.

For the purposes of this Privacy Policy, the “Data Controller” is Hanging On By Fingertips, responsible for deciding how and why your personal data is processed. Our registered office and primary place of business is located in the United Arab Emirates.

If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided in the “Contact Us” section below.

DATA WE COLLECT

We collect and process the following categories of personal data:

• Full name (first name, last name)
• Email address
• Phone number
• Physical billing and shipping address
• Date of birth (where required for age verification)
• Gender (optional)

• Credit/debit card details (processed securely through our payment providers; we do not store full card numbers)
• Payment method type (Visa, Mastercard, PayPal, etc.)
• Billing address associated with the payment method

• IP address and geolocation data
• Browser type and version
• Operating system
• Pages visited, time spent on pages, and click patterns
• Referring website or source
• Device type and unique device identifiers
• Cookie and tracking pixel data

• Content of any emails, messages, or correspondence you send to us
• Customer support chat transcripts
• Survey responses and feedback

• Your preferences in receiving marketing communications
• Interaction with our email campaigns (opens, clicks)
• Social media interaction data when you engage with our profiles

HOW WE USE YOUR DATA

We use the personal data we collect for the following purposes:

• Order Processing & Fulfillment: To process your purchases, deliver products, provide order confirmations, shipping notifications, and handle returns or refunds.
• Account Management: To create and manage your customer account, maintain your preferences, and provide personalized experiences.
• Customer Support: To respond to your inquiries, resolve disputes, and provide technical or product-related assistance.
• Communication: To send transactional communications, updates about your orders, and changes to our services or policies.
• Marketing & Personalization: With your consent, to send promotional materials, newsletters, product recommendations, and personalized offers.
• Analytics & Improvement: To analyze website usage, identify trends, measure content effectiveness, and improve our products and services.
• Fraud Prevention & Security: To detect, prevent, and address fraud, unauthorized transactions, and other illegal activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

LEGAL BASIS FOR PROCESSING

We process your personal data only when we have a lawful basis to do so. The legal bases depend on the specific context and purpose of processing:

• Consent: Where you have given clear, informed consent for specific purposes such as marketing communications.
• Contractual Necessity: Where processing is necessary to perform a contract with you, such as processing your order.
• Legitimate Interests: Where processing is necessary for business interests such as improving services, preventing fraud, and securing our website.
• Legal Obligation: Where processing is necessary to comply with tax, accounting, regulatory, or legal requirements.

DATA SHARING & DISCLOSURE

We do not sell, trade, or rent your personal data to third parties. We may share your information in the following circumstances:

• Service Providers: Trusted third-party providers who help operate our website, process payments, deliver orders, send emails, and analyze data.
• Shipping & Logistics Partners: Partners who need your name, shipping address, and contact details to fulfill orders.
• Payment Processors: Payment data shared with processors in accordance with PCI DSS standards.
• Legal Requirements: Disclosure required by law, valid legal process, or to protect rights, privacy, safety, or property.
• Business Transfers: Data transferred as part of a merger, acquisition, reorganization, bankruptcy, or asset sale.

DATA RETENTION

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

• Order Data: Retained for a minimum of 5 years from the transaction date to comply with UAE commercial and tax regulations.
• Account Data: Retained while your account is active plus 2 years of inactivity.
• Marketing Data: Retained until you withdraw consent or request deletion.
• Technical/Analytics Data: Retained for up to 26 months from collection.

YOUR RIGHTS

Depending on your location and applicable law, you may have rights regarding your personal data.

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal exceptions.
• Right to Restrict Processing: Request limits on processing under certain circumstances.
• Right to Data Portability: Request a copy of your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: Contact a supervisory authority if you believe processing violates applicable law.

COOKIES

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and personalize content.

• Strictly Necessary Cookies: Essential cookies required for core website functionality.
• Performance & Analytics Cookies: Cookies that help us understand how visitors use the website.
• Functionality Cookies: Cookies that remember choices such as language, region, or display preferences.
• Targeting/Advertising Cookies: Cookies used to deliver relevant advertising and measure campaign performance.

DATA SECURITY

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

• SSL/TLS encryption for data transmitted between your browser and our servers
• Secure and encrypted storage of personal data
• Restricted access to personal data on a need-to-know basis
• Regular security assessments and vulnerability testing
• Employee training on data protection and security practices
• Incident response procedures for data breaches

No method of transmission over the Internet or electronic storage is 100% secure, so absolute security cannot be guaranteed.

UAE FEDERAL LAW COMPLIANCE

In accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, we are committed to ensuring personal data processing complies with the requirements of this law.

• Processing personal data lawfully, fairly, and transparently
• Collecting personal data for specified, explicit, and legitimate purposes
• Ensuring personal data is accurate, complete, and kept up to date
• Retaining personal data only for as long as necessary
• Implementing appropriate security measures to protect personal data
• Obtaining consent where required, particularly for sensitive personal data
• Notifying the relevant supervisory authority in the event of a personal data breach
• Appointing a Data Protection Officer where required by law

GDPR COMPLIANCE

For individuals located in the EEA, United Kingdom, or other GDPR jurisdictions, we ensure that data processing activities comply with GDPR requirements.

• Processing personal data only on lawful bases set out in Article 6 of the GDPR
• Providing clear and transparent privacy notices at the point of data collection
• Honoring data subject rights as outlined in Articles 15-22 of the GDPR
• Implementing data protection by design and by default principles
• Conducting Data Protection Impact Assessments for high-risk processing activities
• Maintaining records of processing activities as required by Article 30
• Ensuring appropriate safeguards for international data transfers
• Ensuring third-party processors are bound by compliant Data Processing Agreements

CHILDREN’S PRIVACY

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18 years of age.

If we discover that we have inadvertently collected personal data from a child under 18, we will take prompt steps to delete that information from our systems.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in practices, technologies, legal requirements, or other factors.

• Posting a prominent notice on our website homepage
• Sending an email notification to registered users
• Displaying a pop-up or banner when you next visit our website

CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at:

Hanging On By Fingertips
Email: privacy@hangingonbyfingertips.com
Website: www.hangingonbyfingertips.com

We will endeavor to respond to all legitimate requests within 30 days of receipt.

GLOSSARY

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Processing” means any operation performed on personal data, whether or not by automated means.
• “Data Controller” means the person or organization that determines the purposes and means of processing personal data.
• “Data Processor” means a person or organization that processes personal data on behalf of the Data Controller.
• “Data Subject” means the identified or identifiable person to whom personal data relates.
• “Cookies” means small text files placed on your device by websites you visit.
• “GDPR” means the General Data Protection Regulation (EU) 2016/679.
• “UAE Data Protection Law” means UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.