Privacy policy

PRIVACY POLICY

By Hayat

 

1. Introduction

By Hayat ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights.

This policy applies to all customers and visitors of our online store, regardless of where you are located. Specific sections address the additional rights and requirements applicable to residents of the European Union / European Economic Area (EU/EEA), the United Kingdom (UK), Australia, California (USA), and other US states with applicable privacy laws.

 

2. Who We Are (Data Controller)

By Hayat is the data controller responsible for your personal data.

 

Contact us at any time:

Email: info@byhayat.store

 

3. What Personal Data We Collect

3.1 Data You Provide Directly

       Name and surname

       Email address

       Shipping and billing address

       Phone number

       Payment details (processed securely by our payment provider — we do not store card data)

       Messages or inquiries you send us

 

3.2 Data Collected Automatically

When you visit our website, we may automatically collect:

       IP address and approximate location

       Browser type and device information

       Pages visited, time and date of visit, and navigation behavior

       Referring website or traffic source

This data is collected through cookies and similar tracking technologies. See Section 5 for details.

 

4. How and Why We Use Your Personal Data

4.1 To Process Your Orders

We use your data to fulfill purchases, process payments, arrange delivery, send order confirmations, and handle returns or complaints.

Legal basis (EU/UK): Performance of a contract (Art. 6(1)(b) GDPR / UK GDPR).

 

4.2 Direct Marketing

With your consent, we may send you newsletters, promotional offers, and updates about By Hayat products via email or SMS.

You may withdraw your consent at any time by clicking "Unsubscribe" in any marketing email, or by contacting us at info@byhayat.store. Withdrawal does not affect the lawfulness of prior processing.

Legal basis (EU/UK): Consent (Art. 6(1)(a) GDPR / UK GDPR).

US residents: You have the right to opt out of marketing communications at any time.

 

4.3 Analytics and Advertising

We use third-party tools — including but not limited to Google Analytics, Meta (Facebook/Instagram) Pixel, Google Ads, and TikTok Pixel — to understand how our website is used and to show relevant advertising to users who have previously visited our site (retargeting).

This may involve sharing pseudonymized data (e.g., hashed email addresses or identifiers) with advertising platforms. These tools may set cookies and track your behavior across websites.

Legal basis (EU/UK): Legitimate interests (Art. 6(1)(f) GDPR / UK GDPR) and/or your consent where required by law.

You can opt out of interest-based advertising through your browser settings, our cookie consent tool, or directly through each platform's privacy settings.

 

4.4 Legal and Compliance Obligations

We may process your data to comply with applicable laws, such as tax, accounting, or fraud prevention requirements.

Legal basis (EU/UK): Legal obligation (Art. 6(1)(c) GDPR / UK GDPR).

 

5. Cookies and Tracking Technologies

Our website uses the following types of cookies:

       Essential cookies: required for the website to function (e.g., shopping cart, checkout).

       Analytics cookies: help us understand visitor behavior (e.g., Google Analytics).

       Advertising/tracking cookies: used to deliver relevant ads and measure campaign effectiveness (e.g., Meta Pixel, Google Ads, TikTok Pixel).

 

Where required by law (EU, UK, Australia), we will ask for your consent before placing non-essential cookies. You can manage or withdraw your preferences at any time through your browser settings or our cookie consent banner.

For more information on how to manage cookies, visit: www.allaboutcookies.org

 

6. Who We Share Your Data With

We do not sell your personal data. We may share your data with trusted third parties strictly to operate our business:

       Payment processors: to handle transactions securely (your card data is never stored by us).

       Shipping and logistics providers: to fulfill and deliver your orders.

       Email marketing platforms: to send communications you have consented to receive.

       Advertising platforms (Google, Meta, TikTok, etc.): for marketing and retargeting purposes.

       Analytics providers: to analyze website traffic and improve our services.

       IT and hosting service providers: to operate and maintain our website.

 

All third-party providers are contractually required to handle your data securely and in accordance with applicable data protection law.

 

7. International Data Transfers

Our business and some of our service providers are based in the United States. If you are located in the EU/EEA, UK, or Australia, your personal data may be transferred to countries that do not provide the same level of data protection as your home country.

Where such transfers occur, we ensure appropriate safeguards are in place, including:

       Standard Contractual Clauses (SCCs) approved by the European Commission (for EU/EEA transfers).

       The UK International Data Transfer Agreement or Addendum (for UK transfers).

       Equivalent contractual protections for transfers to or from Australia.

 

8. How Long We Retain Your Data

We retain personal data only for as long as necessary for the purposes described in this policy:

       Order and transaction data: up to 7 years to comply with tax and accounting obligations.

       Marketing data: until you withdraw consent or unsubscribe.

       Analytics and advertising data: typically up to 2 years.

       Customer service communications: up to 3 years.

 

After these periods, your data will be securely deleted or anonymized.

 

9. Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal data. We honor all valid requests regardless of your location.

 

9.1 EU / EEA Residents (GDPR)

Under the General Data Protection Regulation, you have the right to:

       Access the personal data we hold about you.

       Rectify inaccurate or incomplete data.

       Request erasure of your data ("right to be forgotten").

       Restrict how we process your data in certain circumstances.

       Receive your data in a portable, machine-readable format.

       Object to processing based on legitimate interests or for direct marketing.

       Withdraw consent at any time for consent-based processing.

       Lodge a complaint with your national data protection authority.

 

9.2 UK Residents (UK GDPR)

UK residents have the same rights as EU residents listed above, under the UK GDPR and the Data Protection Act 2018. You may also lodge a complaint with the Information Commissioner's Office (ICO):

Website: www.ico.org.uk | Phone: 0303 123 1113

 

9.3 Australian Residents (Privacy Act 1988)

Under the Australian Privacy Act and the Australian Privacy Principles (APPs), you have the right to:

       Access the personal information we hold about you.

       Request correction of inaccurate or outdated information.

       Make a complaint about how we handle your personal data.

 

If you are unsatisfied with our response to a complaint, you may contact the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au | Phone: 1300 363 992

 

9.4 California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following rights:

       Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it.

       Right to Delete: request deletion of your personal information, subject to certain exceptions.

       Right to Correct: request correction of inaccurate personal information.

       Right to Opt Out of Sale or Sharing: we do not sell personal information. However, our use of advertising cookies may constitute "sharing" under the CPRA. You may opt out via our cookie consent tool or by contacting us.

       Right to Limit Use of Sensitive Personal Information: we do not collect sensitive personal information as defined by the CPRA.

       Right to Non-Discrimination: we will not discriminate against you for exercising any of your privacy rights.

 

To submit a CCPA/CPRA request, contact us at: info@byhayat.store. We will verify your identity and respond within 45 days.

 

9.5 Other US States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other US states with applicable privacy laws may have similar rights to access, correct, delete, and opt out of certain uses of their personal data. Please contact us at info@byhayat.store to exercise these rights.

 

9.6 How to Exercise Your Rights

To exercise any of your rights, please contact us at: info@byhayat.store

We will respond within the timeframe required by applicable law (typically 30 days for EU/UK/Australia, 45 days for US states). We may need to verify your identity before processing your request.

 

10. Children's Privacy

Our website and services are not directed to children under the age of 16 (or 13 in the United States). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at info@byhayat.store and we will delete it promptly.

 

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or misuse. Our website uses SSL/TLS encryption for data transmission, and payment processing is handled by certified third-party providers.

However, no method of transmission over the internet is 100% secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant authorities as required by law.

 

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or by displaying a prominent notice on our website.

We encourage you to review this policy regularly.

 

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

 

By Hayat

Email: info@byhayat.store

 

We are committed to resolving any privacy concerns promptly and transparently.

 

Appendix: Supervisory Authorities by Region

If you are not satisfied with our response, you may contact the relevant authority:

 

European Union / EEA:

Contact your national data protection authority. Full list: https://edpb.europa.eu/about-edpb/about-edpb/members_en

 

Spain:

Agencia Española de Protección de Datos (AEPD) — www.aepd.es — Tel: 900 293 183

 

United Kingdom:

Information Commissioner's Office (ICO) — www.ico.org.uk — Tel: 0303 123 1113

 

Australia:

Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au — Tel: 1300 363 992

 

United States (Federal / FTC):

Federal Trade Commission (FTC) — www.ftc.gov

Last updated: April 2026