GDPR Compliance
Last Updated: April 14, 2026
Our Commitment to GDPR
Trolley's Supermarket is committed to protecting your personal data and respecting your privacy rights. The General Data Protection Regulation (GDPR) is a European Union regulation that gives individuals more control over their personal data. While we are based in the UAE, we comply with GDPR standards for all our customers, especially those from the European Economic Area (EEA).
Data Controller Information
For the purposes of GDPR, Trolley's Supermarket LLC is the data controller of your personal information.
- Company Name: Trolley's Supermarket LLC
- Address: Dubai, United Arab Emirates
- Email: gdpr@trolleys.ae
- Phone: +971 4 123 4567
- Data Protection Officer: privacy@trolleys.ae
Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Contractual Necessity: To fulfill orders and provide services you request
- Legal Obligation: To comply with tax, accounting, and other legal requirements
- Legitimate Interests: To improve our services, prevent fraud, and ensure security
- Consent: For marketing communications and optional data collection
Your Rights Under GDPR
As a data subject, you have the following rights:
📍 Right to Access
You have the right to request a copy of the personal data we hold about you.
✏️ Right to Rectification
You have the right to correct inaccurate or incomplete personal data.
🗑️ Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data under certain circumstances.
⛔ Right to Restrict Processing
You have the right to limit how we use your personal data.
📤 Right to Data Portability
You have the right to receive your data in a structured, commonly used format.
❌ Right to Object
You have the right to object to processing for direct marketing or legitimate interests.
🤖 Right to Withdraw Consent
You have the right to withdraw your consent at any time.
Data We Collect
Under GDPR, we collect and process the following categories of personal data:
- Identity Data: Name, date of birth, gender
- Contact Data: Email address, phone number, delivery address
- Transaction Data: Purchase history, payment information, order details
- Technical Data: IP address, browser type, device information
- Profile Data: Username, password, preferences, feedback
- Usage Data: How you use our website and services
- Marketing Data: Preferences for receiving marketing communications
How We Collect Your Data
We collect data through:
- Direct Interactions: When you create an account, place an order, or contact us
- Automated Technologies: Cookies, server logs, and similar technologies
- Third Parties: Analytics providers, payment processors, delivery partners
Data Retention Period
We retain your personal data only as long as necessary for the purposes outlined in this policy:
- Account Data: Until you delete your account + 30 days
- Transaction Data: 7 years (for tax and accounting purposes)
- Marketing Data: Until you unsubscribe + 2 years
- Cookie Data: As specified in our Cookie Policy
International Data Transfers
Your data may be transferred to and processed in countries outside the EEA, including the UAE. We ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with our service providers
- Compliance with UAE data protection laws
Data Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption: SSL/TLS encryption for data transmission
- Access Control: Strict access controls and authentication
- Regular Audits: Periodic security assessments and audits
- Employee Training: Regular data protection training for staff
- Incident Response: Procedures for data breach notification
Automated Decision Making
We do not use automated decision-making, including profiling, that produces legal effects or similarly significant effects on you. Any automated processes are limited to:
- Fraud detection and prevention
- Personalized product recommendations
- Email marketing segmentation
Children's Data
Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay
- Provide information about the breach and recommended actions
How to Exercise Your Rights
To exercise any of your GDPR rights:
- Submit a request via email to gdpr@trolleys.ae
- Include your full name, email address, and specific request
- We will verify your identity before processing
- We will respond within 30 days (free of charge)
- Complex requests may take up to 60 days (you will be notified)
Right to Lodge a Complaint
If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with:
- Our Data Protection Officer: dpo@trolleys.ae
- Your Local Supervisory Authority: Find your local authority
Changes to This GDPR Policy
We may update this GDPR Compliance policy periodically. Significant changes will be notified via email or website notice. The "Last Updated" date indicates when this policy was last revised.
Contact Information
For GDPR-related inquiries:
- Data Protection Officer: dpo@trolleys.ae
- GDPR Requests: gdpr@trolleys.ae
- Phone: +971 4 123 4567
- Mail: Trolley's Supermarket LLC, Attn: Data Protection Officer, Dubai, United Arab Emirates