Privacy Policy

Sal fashion Est., as the data controller, is committed to respect the privacy rights of customers and users to its website, in accordance with the provisions of the General Data Protection Regulation UE 2016/679 (hereinafter “GDPR”). This privacy policy explains how we collect, store and use your personal data when you provide your personal data to us and your rights as with regard the processing of your personal data. These terms will apply regardless of how the site is accessed and will cover any technologies or devices by which we make the site available to you.

When we say “Thedroppedcollection”, “us”, “our” or “we” in this privacy policy, we are referring to Sal fashion Est. - with headquarters in Riyadh - Saudi Arabia, VAT No. 311112238300003.

For the purposes of the GDPR, Thedroppedcollection is the “data controller” of the personal data and it determines the purposes and means of the processing of personal data.

Under the GDPR:

  • “personal data” means any information relating to you and that identifies you, directly or indirectly;
  • “processing” means any operation or set of operations performed on personal data or on sets of personal data.

Categories of personal data, purposes of the processing and legal basis for the processing

We collect personal data directly from you, when you fulfill our forms on the site or indirectly, when you interact with us. Some of the personal data we request from you are necessary to perform a contract between you and Thedroppedcollection or to provide a service you ask to perform or to comply with the legal requirements. If you do not fulfil the mandatory gaps, we could not be able to provides the goods and services requested. 

We collect and process personal data for the following purposes:

  • customer relationship management (e.g. identification data and contact details provided by the user when filling out forms on the website, sign up a service etc.), based on the performance of a contract or on our legitimate interests to prevent fraud;
  • management of the orders (e.g. name, e-mail address, billing address, shipping address, telephone number, credit card or other payment information), based on the performance of a contract;
  • sending commercial communications, in case you give us your consent to send our newsletter to your e-mail address; 
  • management of the after-sale service and any request or communications sent by the user to our e-mail address (e.g. to report a problem or to send questions, doubts or comments regarding the website or its content);
  • management of the surveys that we may, from time to time, publish on the website for research purposes, based on the consent of the user that chooses to answer or participate in it;
  • analysis of our site through the use of cookies (e.g.  IP address and other information regarding your stay inside our website), based on our legitimate interests to improve our website and ensure the functioning. Some cookies activate with your specific consent. For more information, please refer to our “Cookie Policy” section.

Communication of personal data to third parties

The personal data of our users and customers is fundamental for us and we do not share your personal data with any third parties other than for some specific limited reasons. In particular, we only disclose data to:

  • engaged suppliers to process data on our behalf, by providing us our Internet platform, providing marketing assistance, delivering our products, providing customer service or helping us to prevent fraud. We only provide them with personal information they need to perform their services and we make our best to ensure that third parties keep personal data confidential;
  • government bodies and law enforcement agencies to comply with legal obligations or protect some rights;
  • our parent company or other entities within our group;
  • partners’ companies.

The communication of personal data to third parties does not include selling, renting, sharing, or otherwise disclosing personal information for commercial purposes in violation of the commitments set forth in this privacy policy.

Transfer of personal data

The personal data we collect may be transferred to, accessed in and stored at, a country outside the European Economic Area ("EEA") in compliance with the applicable regulations. 

Where we transfer personal data to third parties outside the EEA, we ask them to provide sufficient guarantees to implement appropriate technical and organizational measures in order to guarantee that the processing of personal data complies with the requirements of the EU regulation and ensure the protection of your rights as data subject. 

If necessary, the data transfer is carried out by virtue of the existence of a decision issued by the European Commission regarding the adequacy of the data protection level of the non-EU country pursuant to art. 45 GDPR or on the basis of the appropriate and timely guarantees provided by the articles 46 or 47 of the GDPR (e.g. the Standard Contractual Clauses adopted by the European Commission) or of the additional conditions of legitimacy for the transfer provided for by art. 49 of the GDPR.

Data retention

We will store your personal data for the period necessary to achieve the purpose for which it has been collected or to meet our legal obligations. 

  • as with regard the retention period for the account, we delete your account after your request or after a certain period of user inactivity;
  • the data relating to the order will be kept for the period of our contractual relationship that is linked to the management of the order;
  • as with regard the retention period for the sending of newsletters, we delete your account after your request or after a certain period of user inactivity;
  • the data relating to any of your requests will be kept for the time necessary to handle such request.

We may keep some personal data for a longer time to comply with legal or regulatory obligations or for reasons related to our legitimate business interests (e.g. to bring a claim before the Court).

Your rights on your personal data 

Articles 15 to 22 of the GDPR grant you, as an interested party, the exercise of specific rights.

  1. a)Right of access: pursuant to Article 15 of the GDPR, you have the right to obtain confirmation from the Data Controller as to whether or not your personal data are processed and, in this case, to obtain the access to personal data and related information;
  2. b)Right of rectification: pursuant to Article 16 of the GDPR, you have the right to obtain, without unjustified delay, the rectification of inaccurate personal data and the integration of incomplete personal data;
  3. c)Right to cancellation: pursuant to art. 17 GDPR, you have the right to obtain, without unjustified delay and at any time, the cancellation of personal data concerning him, in the cases provided for by the GDPR. The Data Controller will evaluate the possibility of accepting the request and if it is ascertained that, pursuant to the law, your request for cancellation of personal data can be accepted, the Data Controller will immediately proceed with the cancellation;
  4. d)Right to limitation: pursuant to art. 18 GDPR, you have the right to obtain the limitation of the processing, in the cases provided for by the GDPR;
  5. e)Right to portability: pursuant to art. 20 GDPR, you have has the right to receive, in a structured format, in common use and readable by an automatic device, your personal data provided to the Data Controller and to obtain that these data are transmitted to another data controller without impediments, in the cases foreseen by the GDPR;
  6. f)Right to object: pursuant to art. 21 GDPR, you have the right to oppose the processing of your personal data, unless there are legitimate reasons for the Data Controller to continue the processing;

The interested party has the right to lodge a complaint with the Supervisory Authority pursuant to art. 77 GDPR. To the extent that the processing of Personal Data is based on your consent, you also have the right to withdraw your consent at any time. Withdrawal of consent will not affect the legitimacy of any processing based on consent given prior to such withdrawal.


If you are using a computer or terminal in a public location, we recommend that you log out and close the website browser when your session is complete. We are committed to offering our customers and users a safe and secure environment, thus we take appropriate technical and organizational measures to safeguard your personal data. Please remind that no transmission over the Internet can ever be guaranteed secure. In addition, we will never ask you to confirm any account or credit card details via e-mail. For more information on the specific processing of data entered during navigation, for example those related to credit cards for the execution of the payment, please also refer to the  cookies policy, which contains all the measures taken to protect customer data, and to the terms and conditions section.


For the processing of the personal data of a child below the age of 13, the consent of the holder of parental responsibility is necessary. We do not and will not knowingly collect information from any unsupervised person under the age of 13. In addition, we shall make reasonable efforts to verify in such a case that consent is given or authorized, taking into consideration available technology.

Changes to the privacy policy

This privacy policy may change sometimes, depending on our business. You should check our website frequently to view recent changes and the date at the bottom of this privacy policy will be amended with the last update.


If you have any questions or concerns relating to the processing of your personal data by Thedroppedcollection or to exercise any of you right, please contact us at