Skip to content

Store access

Enter password below to access the store:

Najila Sport

LAUNCHING SOON

Privacy Policy

Last updated: 4 July 2026

1. Who We Are and Scope of This Policy

Najila Sports Trade – FZCO is a free zone company incorporated in the United Arab Emirates with its registered office at [insert registered address, Dubai, United Arab Emirates] (licence number [insert licence number]). For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, and UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL"), we are the controller of your personal data.

This policy applies to personal data we collect through our website, our customer service channels and our marketing and advertising activity, wherever you are located. Where we give you additional or different privacy information at the point of collection, that information also applies.

As we offer goods to individuals in the United Kingdom without an establishment there, we have appointed [insert name and address of UK representative] as our representative in the UK under Article 27 of the UK GDPR. You may contact our representative on any matter relating to our processing of your personal data.

You can contact us about this policy or about your personal data at [insert contact email] or by writing to us at the address above.

This Privacy Policy explains how Najila Sport / Najila Sports Trade – FZCO (“we”, “us”, or “our”) collects, uses, and handles your personal information when you access our website or interact with us.

We take a considered approach to data. What we collect, we collect for a reason. What we keep, we keep with care.

We process personal data in accordance with applicable data protection laws, including the PDPL and its Executive Regulations, the UK GDPR, the Data Protection Act 2018 and, in relation to cookies and electronic marketing directed at individuals in the United Kingdom, the Privacy and Electronic Communications Regulations 2003 ("PECR").

We do not treat your use of the website as consent to processing. We process your personal data only where a lawful basis applies, as described in section 4 below.

2. Personal Data We Collect

We collect the information you choose to give us. When you make a purchase or contact us, this may include your name, email, phone number, billing and shipping details, and payment information. Payments are processed through authorised third‑party providers, including those supporting Stripe, Apple Pay, Google Pay, Tabby, Tamara and Paypal. We do not store full payment details ourselves.

We also retain information connected to your relationship with us; your order history, preferences, and interactions.

Some information is collected automatically. This includes your IP address, device and browser details, and how you move through the site.

We also use cookies, pixels and similar technologies provided by third parties, including Shopify Analytics, Google Analytics, Google Ads, Meta Ads, Meta Pixel and a server-side Conversions API, to understand how the website is used. These tools collect information such as page views, add-to-cart events, purchases, online identifiers, approximate location, IP address and device information. Because this information can identify you directly or indirectly, we treat it as personal data. Section 5 (Cookies and Similar Technologies) explains how to control these tools.

We do not intentionally collect special category data (such as information about your health, religion or ethnic origin) or data relating to criminal convictions and offences, and we ask that you do not provide such information to us.

Where we need personal data to comply with the law or to perform a contract with you and you do not provide it, we may be unable to complete your order or provide the service requested. We will tell you if this is the case.

3. How We Use Your Personal Data

Your information supports the fundamentals: processing orders, managing payments, arranging delivery, and responding when you reach out.

We use it for security, fraud detection, and internal operations.

If you opt in to marketing communications, we may contact you by email or WhatsApp. We also use limited, pseudonymised data to present our brand in a way that aligns with your interests, through platforms such as Meta and Google. This may include retargeting and, where enabled in the future, audience matching or advanced features such as lookalike audiences. Section 6 (Marketing Communications) explains your choices.

We do not make decisions about you based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.

4. Legal Bases for Processing

Under the UK GDPR, we rely on the following legal bases: (a) performance of a contract, where we process your personal data to fulfil an order, process payments, arrange delivery and provide customer support; (b) compliance with a legal obligation, where we retain records for tax, accounting, consumer protection and fraud prevention purposes; (c) our legitimate interests, where we secure our website, prevent fraud, analyse aggregated performance and operate and improve our business, provided those interests are not overridden by your interests, rights and freedoms; and (d) your consent, where we send you electronic marketing, place non-essential cookies or use advertising tools that require consent.

Under the PDPL, we process personal data on the basis of your consent or, where permitted, another lawful basis recognised by the PDPL, including processing necessary for a contract to which you are a party, compliance with our legal obligations, or the protection of legitimate interests as provided for in that law.

You may withdraw any consent at any time, and further information about the legitimate interests we rely on for a particular processing activity is available on request.

5. Cookies and Similar Technologies

When you first visit our website, a consent banner allows you to accept or reject non-essential cookies. Strictly necessary cookies (for example, those that operate the shopping basket and checkout) are placed without consent because the website cannot function without them. Analytics and advertising cookies, pixels and similar technologies are placed only with your consent, in accordance with PECR in the UK and the PDPL in the UAE.

You can change your cookie preferences at any time through the cookie settings link on our website or through your browser settings. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

6. Marketing Communications

Marketing may include email through Klaviyo, WhatsApp communication, and advertising across Meta and Google. This can involve retargeting, and in the future may include customer list uploads or advanced matching using hashed email addresses. Phone numbers are not shared with advertising platforms.

Every message will give you an option to opt out, should you wish to do so.

Consent for email and cookies is collected through on‑site mechanisms, including a cookie consent banner and opt‑in fields at checkout. Double opt‑in may be used where required.

For individuals in the United Kingdom, we send email marketing only with your consent or, in limited cases, under the "soft opt-in" in regulation 22 of PECR, where you have purchased or negotiated to purchase similar goods from us and were given a clear opportunity to opt out when your details were collected and in every message since. WhatsApp marketing is sent only with your prior consent.

Customer list uploads and advanced matching using hashed email addresses will be used only where we have an appropriate lawful basis and, where required, your consent. You may object to or opt out of such use at any time by contacting us.

Opting out of marketing does not affect service communications, such as order confirmations and delivery updates.

7. How We Share Your Personal Data

Your information is shared where necessary, with service providers who support the operation of the business, including Shopify, payment processors, delivery partners, and platforms such as Meta, Google, and Klaviyo.

Categories of recipients include: (a) e-commerce and hosting providers, including Shopify; (b) payment processors and fraud prevention services; (c) delivery and logistics partners; (d) marketing, analytics and advertising platforms, including Meta, Google and Klaviyo; (e) professional advisers, insurers and auditors; and (f) regulators, courts and law enforcement authorities where required.

They access only what is needed to perform their functions.

Where these parties process personal data on our behalf, they do so as processors under written contracts that meet the requirements of Article 28 of the UK GDPR and the PDPL, and they may not use your personal data for their own purposes. Certain platforms, such as Meta and Google, act as independent or joint controllers for some processing; their own privacy policies apply to that processing.

We do not sell your personal data.

We may disclose information where required by law, or where necessary to protect the business and those who interact with it.

If the structure of the business changes through sale, merger, or acquisition, your information may be transferred as part of that process. It remains subject to appropriate safeguards.

8. International Data Transfers

We are based in the UAE but operate through global systems.

Your personal data may be processed outside the UAE and the United Kingdom, including in the United States, Canada and the European Economic Area, where our service providers operate.

Where personal data of individuals in the UK is transferred outside the UK, we rely on one or more of the following safeguards: (a) UK adequacy regulations recognising the destination country; (b) the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; or (c) in limited cases, an exception permitted under Article 49 of the UK GDPR. You may request a copy of the relevant safeguard by contacting us.

Where personal data is transferred outside the UAE, we do so in accordance with Articles 22 and 23 of the PDPL, transferring either to jurisdictions that provide an adequate level of protection or subject to appropriate contractual safeguards, or otherwise with your express consent or on another basis permitted by the PDPL.

9. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax and reporting requirements. In determining retention periods, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes of the processing and applicable legal requirements.

As a guide: order and transaction records are retained for up to [6] years after the transaction to meet legal and accounting obligations and to establish or defend legal claims; marketing data is retained until you opt out or your account has been inactive for [24] months, after which it is deleted or suppressed; and analytics data is retained in accordance with the retention settings of the relevant tool. When personal data is no longer required, we delete it or irreversibly anonymise it.

10. Your Rights

Depending on where you are located, you have the following rights in relation to your personal data: (a) to be informed about how we use it; (b) to access it and receive a copy; (c) to have inaccurate or incomplete data corrected; (d) to have it erased in certain circumstances; (e) to restrict or object to its processing, including an absolute right to object to direct marketing; (f) to receive it in a structured, commonly used and machine-readable format and to have it transmitted to another controller (data portability); (g) not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects; and (h) to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Individuals in the UAE have corresponding rights under the PDPL, including rights of access, correction, erasure, restriction, objection (including to processing for direct marketing purposes) and data portability.

To exercise any of these rights, contact us at [insert contact email]. We do not charge a fee unless a request is manifestly unfounded or excessive. We may ask you to verify your identity before acting on a request. We respond within one month to requests under the UK GDPR (extendable by up to two further months for complex or numerous requests, in which case we will tell you) and within the periods required by the PDPL.

If you are in the UK, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or on 0303 123 1113. If you are in the UAE, you may complain to the UAE Data Office. We would, however, appreciate the opportunity to address your concerns before you approach a regulator.

11. Security

We take appropriate measures to protect your information. That includes secure systems, controlled access, and the use of reputable third‑party platforms.

Our measures include encryption of data in transit, access controls and confidentiality obligations on those who handle personal data. No method of transmission or storage is completely secure, but we keep our measures under review.

If a personal data breach occurs, we will assess it promptly and, where required, notify the ICO without undue delay and, where feasible, within 72 hours of becoming aware of it, notify the UAE Data Office in accordance with the PDPL, and inform affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

12. Third-Party Websites

If we direct you to external sites, they operate independently. Their practices are their own.

We encourage you to review the privacy policy of any third-party website you visit.

13. Children

This website is not intended for individuals under 18. We do not knowingly collect their information.

If we become aware that we have collected personal data from a person under 18, we will delete it. If you believe this has happened, please contact us.

14. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this policy shows when it was last revised. If we make material changes, we will take reasonable steps to bring them to your attention, for example by email or by a prominent notice on our website, and where a change involves new processing that requires your consent, we will seek that consent.

15. How to Contact Us

Najila Sports Trade – FZCO, IFZA Business Park, DDP. Email: Info@najilasport.com.