Privacy Policy

Shimr (Shimr, "we", "us") operates the online store at shimr.ae from Abu Dhabi, United Arab Emirates. We sell fashion accessories to customers in the UAE and process orders in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and applicable regulations of the UAE.

Data controller contact: privacy@shimr.ae. Registered address: Abu Dhabi, United Arab Emirates.

When you use Shimr, we may collect:

• Account data: name, email address, phone number, and password (stored as a secure hash — we never store plain-text passwords).
• Order data: delivery address (including emirate), items purchased, order totals, VAT, and order status.
• Payment status: confirmation from our payment partner Ziina. We do not store full card numbers on our servers.
• Technical data: IP address, browser type, and cookies necessary for session security and checkout (see Section 7).
• Communications: emails you send to support and transactional emails we send about your orders.

We use personal data to:

• Create and manage your account, including password reset and profile updates.
• Process orders, arrange UAE delivery, and provide customer support.
• Send transactional emails (order confirmation, shipping updates, account notices).
• Comply with UAE tax, consumer protection, and legal obligations.
• Prevent fraud, secure our platform, and improve our services.

We do not sell your personal data. Marketing emails are sent only where you have opted in or where permitted by UAE law.

Under the PDPL and UAE consumer regulations, you may have the right to access, correct, erase, or restrict processing of your personal data, and to object to certain processing where applicable. To exercise these rights, email privacy@shimr.ae. We will respond within a reasonable period as required by law.

You may lodge a complaint with the UAE Office of Data Protection if you believe your rights have been infringed.

We share data only as needed to operate the store:

• Ziina:payment processing and refund status (see Ziina's privacy policy at ziina.com).
• Email providers: Resend or configured SMTP to deliver transactional email.
• Hosting: our VPS infrastructure within secure environments.
• Authorities: when required by UAE law, court order, or regulatory request.

We retain account and order records for as long as needed to fulfil orders, handle returns, meet UAE tax and commercial record-keeping requirements (typically up to 5 years for financial records), and resolve disputes. Password reset tokens expire after 1 hour.

We use HTTPS, encrypted session tokens, AES-256 encryption for sensitive admin settings, and access controls. No method of transmission over the internet is 100% secure; please use a strong unique password.

We use essential cookies and similar technologies for authentication, cart persistence, and security. We do not use third-party advertising cookies on the storefront. You can control cookies through your browser settings; disabling essential cookies may limit checkout functionality.

Primary processing occurs in the UAE. Where data is processed outside the UAE (for example, by an email or payment provider), we ensure appropriate safeguards consistent with PDPL requirements.

We may update this policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Continued use of the site after changes constitutes acceptance where permitted by law.