The
Maison Noor
GloballyCurated
Legal

Privacy Policy

Last updated: June 2025

1. Who We Are

Maison Noor ("we", "our", "us") is a globally curated design house operating under the trading name The Maison Noor, with its principal place of business in the United Arab Emirates. Our website is located at https://themaisonnoor.com.

For all privacy-related queries, contact us at business@themaisonnoor.com.

2. Information We Collect

We may collect the following personal information:

  • Identity & Contact — name, email address, phone number (including WhatsApp)
  • Order & Payment — billing address, shipping address, transaction details (processed securely via Shopify Payments; we never store card numbers)
  • Usage Data — pages visited, time on site, device type, browser, IP address (anonymised where required)
  • Communication Data — enquiries submitted through our contact form or WhatsApp
  • Cookie Data — preferences, session identifiers, and analytics data (see Section 6)

3. How We Use Your Information

We use your data to:

  • Process and fulfil your orders, including white-glove delivery coordination
  • Respond to enquiries and provide concierge assistance
  • Send order confirmation, shipping, and delivery updates (transactional emails only)
  • Improve our website and product offerings using aggregated analytics
  • Comply with legal obligations and prevent fraud

We do not sell your personal data to third parties. We do not send unsolicited marketing emails unless you have explicitly opted in.

4. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (EU/UK GDPR) applies, we process your data on the following legal bases:

  • Contract — to fulfil purchases and enquiries you initiate
  • Legitimate Interests — to improve the site and prevent fraud
  • Legal Obligation — to comply with applicable laws
  • Consent — for optional marketing communications and analytics cookies

5. Third-Party Services

We share data only with trusted processors necessary to operate our business:

  • Shopify Inc. — e-commerce platform, payment processing, and order management. Shopify is PCI-DSS compliant. Shopify Privacy Policy
  • Google Analytics 4 (Google LLC) — anonymised website usage analytics. Data may be stored in the US. Google Privacy Policy
  • Web3Forms — contact form delivery service to route your enquiry to our inbox
  • Cloudflare — CDN, DDoS protection, and edge hosting
  • WhatsApp (Meta) — if you choose to contact us via WhatsApp, Meta's own privacy policy applies

6. Cookies

We use essential cookies required for the site to function (cart, session, currency preference). We also use optional analytics cookies (Google Analytics) to understand how visitors use our site.

You may disable non-essential cookies in your browser settings at any time. Disabling analytics cookies does not affect your ability to browse or purchase.

7. Data Retention

We retain order data for a minimum of 7 years to comply with UAE and international tax obligations. Contact enquiry data is retained for 2 years. Analytics data is retained as per Google Analytics' default retention period (14 months).

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure ("right to be forgotten") where no legal obligation requires retention
  • Object to or restrict certain processing
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent at any time (for consent-based processing)

To exercise any right, email business@themaisonnoor.com. We will respond within 30 days.

9. International Transfers

As an internationally operating business, your data may be processed in countries outside your own (including the UAE, the US, and the EU). Where required, we rely on standard contractual clauses or equivalent safeguards for such transfers.

10. Security

We implement appropriate technical and organisational measures to protect your data, including HTTPS encryption, access controls, and reliance on PCI-DSS compliant payment infrastructure. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Children

Our website is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. The "last updated" date at the top of this page will reflect any changes. Continued use of the site after changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or requests:

← Back to Home