Privacy Policy

Brand: “Maison Haya” (the “Company”, “we”, “us”, “our”)
Website: https://www.maison-haya.com

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website, make a purchase, contact us, or interact with our content and services. We comply with applicable data-protection laws, including the EU/UK GDPR and (where relevant) the UAE PDPL.


1) Who we are & how to contact us

Controller: Maison Haya, [legal entity name], [registered address], [country].
Email: contact@maison-haya.com

2) What this policy covers

  • Visitors to our website and online shop
  • Customers, newsletter subscribers and people who contact us
  • Social media interactions and digital advertising we run

This policy does not cover third-party websites you may access via links.

3) Data we collect

a) Data you provide

  • Account & profile: name, email, password, phone, shipping/billing address
  • Orders & support: order details, returns, messages, attachments
  • Marketing preferences: newsletter opt-in, SMS consent
  • Reviews, survey responses, giveaway entries

b) Data collected automatically

  • Device & usage: IP address, browser type, device identifiers, pages viewed, time on site, referring URLs
  • Cookies/SDKs/pixels: to operate the site, remember your cart, enable payments, measure performance, and personalize content

c) Data from third parties

  • Payment providers (e.g., Stripe/PayPal): payment authorization result, masked card data, fraud signals
  • Analytics/ads partners (e.g., Google Analytics, Meta): aggregated marketing metrics
  • Address/parcel services: delivery status and updates

We do not collect or store full payment card numbers on our servers.

4) Why we use your data (and legal bases)

  • To provide the shop and fulfill purchases (create account, process orders, deliver, returns) – contract
  • Customer support & communicationscontract / legitimate interests
  • Payments & fraud preventionlegitimate interests / legal obligation
  • Personalized content, recommendations, and adsconsent / legitimate interests
  • Analytics to improve our products & site performanceconsent / legitimate interests
  • Legal compliance, accounting, taxlegal obligation
    Where consent is the basis, you can withdraw it at any time

5) Cookies & similar technologies

We use:

  • Essential cookies – site functionality, security, cart, checkout
  • Analytics cookies – traffic measurement, performance (e.g., Google Analytics)
  • Personalization/advertising cookies – save preferences, show relevant content/ads (e.g., Meta, Google Ads)

You can manage cookies via our Cookie Banner and your browser settings. Blocking essential cookies may break core features (login/checkout).

6) Sharing your data

We share data only with trusted service providers who act on our instructions:

  • E-commerce platform & hosting (e.g., WordPress/WooCommerce + hosting/CDN)
  • Payment processors & anti-fraud (e.g., Stripe, PayPal)
  • Logistics & couriers (shipping labels, delivery updates)
  • Email/SMS & CRM tools (newsletters, transactional emails)
  • Analytics/ads vendors (in aggregated or pseudonymized form where possible)
  • Professional advisors (legal, accounting), authorities when required by law

We do not “sell” personal data. If you are in California and local law treats some ad-tech uses as a “sale/share,” you may opt out (see Your rights).

7) International transfers

Your data may be processed in countries outside your own (including the EEA/UK/UAE/US). Where required, we use appropriate safeguards (e.g., EU Standard Contractual Clauses) to protect your data.

8) Retention

We keep personal data only as long as necessary:

  • Orders & invoices: 6–10 years (tax/accounting laws)
  • Customer accounts & support tickets: while active + up to 24 months after last activity
  • Marketing data (with consent): until you unsubscribe or request deletion
  • Cookies: per cookie lifetime disclosed in the banner

9) Security

We use technical and organizational measures: HTTPS, access controls, encryption in transit, least-privilege access, regular updates and monitoring. No system is 100% secure; please protect your account credentials.

10) Your rights

Depending on your location (EU/UK GDPR, UAE PDPL, California CPRA), you may have the right to:

  • Access your data and receive a copy
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing (including direct marketing)
  • Data portability (structured, commonly used format)
  • Withdraw consent (e.g., marketing, non-essential cookies)
  • California (CPRA): know/opt-out of “sale/share”, limit use of sensitive data, non-discrimination

To exercise rights, email contact@maison-haya.com

11) Children

Our services are not directed to children under 13 (or applicable local age). We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.

12) Do Not Track / Global Privacy Control

Some browsers offer “Do Not Track” or GPC signals. We honor legally required signals where applicable and are working to enhance compatibility.

13) Changes to this policy

We may update this policy from time to time. The latest version will always be posted here with a new Effective date. Material changes may be announced via email or site notice.

14) Contact & complaints

Questions or concerns?
Email: contact@maison-haya.com