Privacy Policy

Sand & Brew Coffee Trading LLC

Effective date: May 12, 2026
Last updated: May 12, 2026

📋 Section 1 — Information We Collect

We collect the following information from you:

Personal information:

Full name
Billing address
Shipping address
Email address
Phone number
Date of birth (for age verification — coffee equipment restrictions apply)

Payment information:

Credit card number (processed by third-party payment gateway — we do not store full card numbers)
Bank account details (for bank transfers)
Billing ZIP code

Order information:

Products purchased
Order history
Shipping preferences
Customer service communications

Technical information (automatically collected):

IP address
Browser type and version
Device type
Time zone
Referring website
Pages viewed on our site
Date and time of visit

🔍 Section 2 — How We Collect Your Information

We collect information in the following ways:

When you create an account on our website
When you place an order (online, phone, or email)
When you subscribe to our newsletter
When you contact customer support
When you participate in promotions or surveys
Automatically via cookies and similar tracking technologies
From our payment processing partners

🎯 Section 3 — How We Use Your Information

We use your information for the following purposes:

To process and deliver your orders
To verify your identity and prevent fraud
To communicate order status and updates
To provide customer support
To process returns and refunds (see Refunds & Returns Policy)
To send marketing emails (only with your explicit consent)
To improve our website and products
To comply with legal obligations (UAE VAT Law, Consumer Protection Law)
To detect and prevent fraudulent transactions

⚖️ Section 4 — Legal Basis for Processing (UAE & International Compliance)

We process your personal data under the following legal bases:

Purpose	Legal basis
Order processing and delivery	Contractual necessity
Customer service	Contractual necessity
Fraud prevention	Legitimate interest
Legal compliance (tax, consumer law)	Legal obligation
Marketing emails	Explicit consent
Website improvement	Legitimate interest

This policy complies with:

UAE Federal Decree-Law No. 45 of 2021 on Protection of Personal Data
Dubai Data Protection Law (Law No. 26 of 2015)
GDPR (for customers in the European Union — see Section 13)

🍪 Section 5 — Cookies and Tracking Technologies

We use the following types of cookies:

Type	Purpose	Duration
Essential cookies	Enable shopping cart and checkout	Session
Preference cookies	Remember your language and shipping preferences	12 months
Analytics cookies	Track website usage (Google Analytics)	24 months
Marketing cookies	Track campaign performance	6 months

You can disable cookies via your browser settings.

Warning: Disabling essential cookies will prevent you from making purchases on our website.

🤝 Section 6 — Third Parties With Whom We Share Your Information

We share your information with the following parties:

Third party	Purpose	Data shared
Payment gateway (Stripe / PayTabs)	Processing payments	Name, email, card token, billing amount
Shipping carriers (Aramex, DHL, FedEx)	Delivering your order	Name, shipping address, phone number
Cloud hosting provider (Amazon AWS)	Storing order data	Order history, contact information
Email marketing platform	Sending newsletters (with consent)	Email address, name
Customer support platform	Managing tickets	Name, email, order details
Legal authorities (UAE)	Complying with court orders	As required by law

We do not sell your personal information to any third party.

📅 Section 7 — Data Retention Period

We retain your personal data for the following periods:

Data type	Retention period	Reason
Order history	10 years	UAE VAT Law requirement
Customer support tickets	5 years	Resolution of disputes
Marketing consent records	Until you withdraw consent	Legal compliance
Account information	Until you delete your account + 2 years	Inactive account cleanup
Cookie data	As specified in Section 5	Tracking purposes

After the retention period expires, your data is permanently deleted or anonymized.

✋ Section 8 — Your Rights

Under UAE and applicable international law, you have the following rights:

Right	Description	How to exercise
Right to access	Request a copy of all data we hold about you	Email `privacy@sandbrewcoffee.ae`
Right to correction	Correct inaccurate or incomplete data	Email `privacy@sandbrewcoffee.ae`
Right to deletion	Request permanent deletion of your data	Email `privacy@sandbrewcoffee.ae`
Right to restrict processing	Limit how we use your data	Email `privacy@sandbrewcoffee.ae`
Right to data portability	Receive your data in a machine-readable format	Email `privacy@sandbrewcoffee.ae`
Right to object	Object to processing for direct marketing	Click “Unsubscribe” in any marketing email
Right to withdraw consent	Withdraw any previously given consent	Email `privacy@sandbrewcoffee.ae`

Response time: We respond to all requests within 30 days. Complex requests may take up to 60 days — we will notify you if this occurs.

Fees: No fee for the first request. Repeated or excessive requests may incur a AED 50 administrative fee.

🔒 Section 9 — Data Security Measures

We implement the following security measures to protect your data:

SSL/TLS encryption for all data transmitted between your browser and our website
AES-256 encryption for stored payment tokens
Two-factor authentication for all admin access
Regular security audits (quarterly)
Employee training on data handling practices
Access controls — only authorized personnel can access personal data

In the event of a data breach:

We will notify affected customers within 72 hours of discovery
We will notify UAE Data Protection Authorities within 72 hours
We will provide free credit monitoring for 12 months (if financial data is compromised)

👶 Section 10 — Children’s Privacy

Our website and products are not intended for individuals under the age of 18.

We do not knowingly collect personal information from anyone under 18 years of age.

Note: If you believe we have collected data from a minor, please contact us immediately at privacy@sandbrewcoffee.ae. We will delete the data within 72 hours.

🌍 Section 11 — International Data Transfers

Your data may be transferred to and processed in the following countries:

United Arab Emirates (primary storage location)
United States (cloud hosting — Amazon AWS US-East-1 region)
European Union (for EU customer data — Frankfurt, Germany)

For data transferred outside the UAE:

We use Standard Contractual Clauses (SCCs) approved by UAE Data Protection Authorities
We ensure the recipient country provides adequate data protection
You have the right to request a copy of these safeguards

📨 Section 12 — Marketing Communications

We send two types of emails:

Type	Requires consent	How to opt out
Transactional emails (order confirmation, shipping updates, return status)	No — required for order fulfillment	Cannot opt out (unless you delete your account)
Marketing emails (newsletters, promotions, new product announcements)	Yes — explicit opt-in	Click “Unsubscribe” at the bottom of any marketing email

After unsubscribing: you will no longer receive marketing emails within 10 business days.

Note: Withdrawing marketing consent does not affect transactional emails.

🇪🇺 Section 13 — GDPR Compliance (for EU Customers)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

Right to lodge a complaint with your local supervisory authority
Right to know the specific legal basis for each processing activity
Right to human review of automated decision-making

Our EU representative (for GDPR purposes):

GDPR-Rep
3rd Floor, 12 Bishopsbridge Road
London, W2 6AA, United Kingdom
Email: sandbrew@gdpr-rep.com

🌴 Section 14 — California Consumer Privacy Act (CCPA) Compliance

If you are a California resident, you have the following additional rights:

Right to know what personal information we have collected about you
Right to opt out of the sale of your personal information (we do not sell your data)
Right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights:

Email: privacy@sandbrewcoffee.ae
Subject line: CCPA Request – California Resident

🚦 Section 15 — Do Not Track Signals

Our website does not respond to browser “Do Not Track” (DNT) signals.

Reason: There is no industry standard for handling DNT signals. We continue to use analytics cookies regardless of DNT settings.

📝 Section 16 — Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When we make material changes:

We will notify you by email (sent to the email address associated with your account)
We will post a banner on our website for 30 days
The “Last updated” date at the top of this page will change

Your continued use of our website after 30 days constitutes acceptance of the updated policy.

Important: If you do not agree with the changes, you must delete your account and stop using our website.

📞 Section 17 — Contact Information for Privacy Concerns

Issue	Email	Extension	Response time
Privacy Officer	`privacy@sandbrewcoffee.ae`	Ext. 7	24 hours
Data deletion requests	`delete@sandbrewcoffee.ae`	Ext. 8	48 hours
Data breach reporting	`breach@sandbrewcoffee.ae`	Ext. 9	Immediate (24/7)
Legal / DPO	`dpo@sandbrewcoffee.ae`	Ext. 10	48 hours

Physical address for formal privacy requests:

Sand & Brew Coffee Trading LLC – Privacy Department
Warehouse 7, Al Quoz Industrial Area 3
Dubai, United Arab Emirates
P.O. Box 12345

Registered UAE Data Protection Officer (DPO):

Saif Al Mansori
Certified DPO — UAE PDPL
Certificate No. DPO-DXB-2024-0892

✅ Section 18 — Acceptance of This Policy

By using our website, placing an order, or providing us with your personal information, you acknowledge that you have read and understand this Privacy Policy.

Important: If you do not agree with any part of this policy, you must not use our website or provide us with any personal information.

This is your complete Privacy Policy. No softer version exists.

END OF PRIVACY POLICY

Coffee Store UAE

Browse

Want to chat?