Last updated: 19/12/2025
Privacy Policy
This Privacy Policy (“Policy”) explains how Modern Bakery (“Company”, “we”, “our”, or “us”) collects, uses, discloses, and safeguards personal data when you use our website, mobile application, and related services (collectively, the “Site”). We are committed to protecting your privacy in line with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), its Implementing Regulations, and other applicable GCC data protection laws. By using our Site, you consent to this Policy. Where consent is required by law, you will be asked clearly and separately.
Information We Collect
We collect and process personal data when you interact with our Site, such as when you place an order, subscribe to newsletters, or contact our customer support. The information we may collect includes your identity and contact details, such as your name, email address, postal address, and telephone number, as well as transactional information relating to purchases. We also collect technical data such as your IP address, browser type, device identifiers, cookies, and records of your interactions with the Site, including session replays and heatmaps. This information allows us to personalize your experience, improve our services, and maintain the security of our systems.
Log Data
When you access or use our Site, our servers automatically record certain technical information that your browser sends, commonly referred to as 'Log Data'. This Log Data may include details such as your Internet Protocol (IP) address, the type and version of your browser, the pages you visit on our Site, the date and time of your access, the amount of time you spend on each page, and other diagnostic information. We use this data to better understand user behavior, monitor traffic patterns, detect potential security incidents, and improve the performance and stability of our Site. Log Data is analyzed on an aggregated basis, but it may also be linked with other personal information you provide, where appropriate and lawful, in order to enhance your experience and protect the integrity of our services.
Web Beacons
Our Site and certain email communications may contain electronic images known as web beacons (also referred to as pixel tags or clear GIFs). These are small, transparent images embedded within web pages or emails that help us recognize users, measure traffic, and assess engagement. For example, web beacons allow us to determine whether an email has been opened, whether links within the email have been clicked, and how users interact with specific content on our Site. The data collected through web beacons is generally aggregated for analytical purposes; however, where appropriate, it may be combined with other data you have provided to us. This enables us to deliver more relevant content, measure the effectiveness of our marketing campaigns, and optimize the user experience across our digital platforms. While web beacons themselves do not collect personal data, they can be used in combination with cookies or other tracking technologies, and we encourage you to review our section on Cookies and Tracking Technologies for more details.
Legal Basis for Processing
We process your personal data only where there is a lawful basis to do so. In many cases, we process your information to perform a contract with you, such as fulfilling your orders and delivering products. In other circumstances, we process data because you have provided your consent, for instance when you opt into receiving marketing communications. We also process data when required to comply with legal obligations, such as accounting or regulatory requirements, or where it is in our legitimate interests to do so, such as preventing fraud, improving our Site, and enhancing our services. In some situations, we may process data to protect your vital interests or those of another person.
Use of Data
The personal data we collect is used to provide, maintain, and improve our products and services. This includes handling transactions, responding to customer service inquiries, and tailoring the Site to your preferences. We may also use data for marketing purposes, but only where you have given us your consent. Furthermore, we use personal information to ensure the security of our systems, to detect and prevent fraudulent activity, and to comply with legal and regulatory obligations.
Cookies and Tracking Technologies
Our Site makes use of cookies and other tracking technologies to enhance functionality and analyze usage. Cookies are small files placed on your device that help us remember your preferences and track how you interact with the Site. We use different types of cookies, including those that are strictly necessary for the functioning of the Site, as well as cookies used for analytics and advertising purposes. You may adjust your browser settings to decline cookies, though this may affect the Site’s functionality. We also employ advanced tracking technologies such as session replays and heatmaps to better understand user interactions and improve the user experience.
Sharing of Data with Third Parties
We may share your personal data with carefully selected third parties who provide services on our behalf, such as IT service providers, analytics companies, marketing agencies, and delivery partners. These third parties are contractually required to protect your data and may only use it for the purposes specified by us. In some cases, we may also be required to share your data with regulatory authorities or other entities where disclosure is mandated by law. We will never sell your personal data to third parties.
Storage and Cross-Border Transfers of Data
All personal data we collect is primarily stored and processed on secure servers located within the United Arab Emirates. By keeping your data within the UAE, we ensure that it benefits from the protections and oversight established under the UAE Personal Data Protection Law (PDPL). Where it becomes necessary to store or process data outside the UAE, for example, when engaging international service providers, we implement additional safeguards, such as contractual protections or transfer mechanisms approved by the UAE Data Office, to ensure your data remains protected to the same standard.
Your personal data may be transferred to and processed in countries outside the United Arab Emirates. Where such transfers occur, we ensure that they are carried out in accordance with the requirements of the PDPL. This means that transfers are permitted only where the destination country has been recognized by the UAE Data Office as providing an adequate level of protection, or where appropriate safeguards, such as standard contractual clauses, are in place to ensure your data remains protected.
Data Retention
We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including providing services, complying with legal obligations, and resolving disputes. Once the retention period has ended, your personal data will be securely deleted or anonymized. If you request deletion of your data, we will comply in accordance with the law, except where retention is necessary for legitimate business or legal purposes.
In some cases, such as financial and transactional records, we may be legally required to retain information for a minimum statutory period. Where you have exercised your right to request deletion, we will act in accordance with applicable law while retaining only the limited data necessary to comply with our legal obligations or to protect our legitimate interests, such as preventing fraud.
Data Security
We take appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes the use of encryption, secure servers, access controls, and regular security audits. While we strive to safeguard your data, no transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute protection.
Data Breach Notification
In the unlikely event of a personal data breach that may result in a risk to your rights and freedoms, we will notify the UAE Data Office without undue delay and, where required, inform you directly so that you may take any necessary precautions. We maintain internal procedures to ensure that breaches are promptly identified, contained, and remedied.
Your Rights
As a user, you enjoy a number of rights under the PDPL. These include the right to access your personal data, to request correction of inaccuracies, and to request deletion where the data is no longer necessary. You also have the right to restrict or object to certain types of processing, to request that your data be transferred to another service provider in a structured format, and to withdraw consent where processing is based on consent. Furthermore, you have the right not to be subject to automated decision-making that produces legal or similarly significant effects. To exercise your rights, you may contact us using the details provided below. We may ask you to verify your identity before responding to your request.
Children’s Data
Our services are not directed to children under the age of 18, and we do not knowingly collect personal information from minors. If we become aware that we have collected data from a child without appropriate parental consent, we will delete it promptly in accordance with the law.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, industry practices, or our own procedures. When we make material changes, we will notify you through our Site or other appropriate channels. We encourage you to review this Policy regularly to stay informed about how we handle your personal data.
Contact and Data Protection Officer
If you have any questions about this Policy or wish to exercise your rights, please contact us at:
Modern Bakery
Email: info@modernbakery.com
If applicable, you may also contact our appointed Data Protection Officer (DPO) at the above address for matters relating to data protection and privacy compliance.