Login

Cart

Your cart is empty

Privacy Policy

Last updated: 01 April 2026


1. Introduction

Joe Luke is operated by MGH Group FZC, a company incorporated under the laws of the United Arab Emirates. In this Privacy Policy, "Joe Luke," "we," "our," or "us" refers to MGH Group FZC and the Joe Luke brand.

We respect your privacy and are committed to protecting your personal information in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL") and its Executive Regulation (Cabinet Resolution No. 33 of 2024), as well as any other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, create an account, place an order, contact us, or otherwise interact with Joe Luke. It applies to personal information collected through our website, customer support channels, social media interactions, and any other services or communications that link to or reference this Privacy Policy.

By using our website or services, you confirm that you have read and understood this Privacy Policy.


2. What Information We Collect

We may collect the following categories of personal information:

2.1 Information you provide directly to us

We collect personal information you provide when you:

  • place an order
  • create or manage an account
  • subscribe to our newsletter or marketing communications
  • contact us with an enquiry, request, or complaint
  • request a return, exchange, or refund
  • participate in promotions, campaigns, or surveys

This information may include:

  • full name
  • email address
  • mobile number
  • billing and shipping address
  • account login credentials
  • order details and purchase history
  • payment-related details processed through our authorised payment service providers
  • any personal information included in messages, enquiries, or support interactions

Where required by law or for fraud prevention purposes, we may request additional information to verify your identity or complete a transaction.

2.2 Information collected automatically

When you use our website, we may automatically collect certain technical and usage information, including:

  • IP address
  • browser type and version
  • device type and operating system
  • referral source and exit pages
  • pages viewed and time spent on pages
  • website interactions and click behaviour
  • data collected through cookies, pixels, and similar tracking technologies

Please refer to our Cookie Policy for further information on how we use these technologies and how you can manage your preferences.

2.3 Information received from third parties

We may receive limited personal information from third parties, including:

  • payment processors and financial service providers
  • shipping, logistics, and delivery providers
  • analytics and audience measurement providers
  • advertising and marketing platforms
  • social media platforms where you interact with our brand
  • fraud prevention, identity verification, and security providers

We use information received from third parties only where necessary to operate, improve, and protect our business and services.


3. How We Collect Your Information

We collect personal information:

  • directly from you when you interact with us
  • automatically through your use of our website and digital channels
  • from third-party service providers who support our operations
  • from social media and other platforms where you engage with our brand


4. Legal Basis for Processing

In accordance with the UAE PDPL, we process your personal information on one or more of the following legal bases:

  • Contractual Necessity: To perform a contract with you, such as processing your order, arranging delivery, or managing your account.
  • Legal Obligation: To comply with applicable legal, tax, accounting, financial, or regulatory requirements.
  • Legitimate Interests: For our legitimate business interests — including preventing fraud, ensuring the security of our website and systems, improving our services, and communicating relevant updates — provided those interests are not overridden by your fundamental rights and freedoms.
  • Consent: Where you have given us your explicit consent, such as subscribing to marketing communications. You may withdraw your consent at any time.


5. How We Use Your Personal Information

We may use your personal information for the following purposes:

5.1 To provide our products and services

  • Process and fulfil orders
  • Process payments securely through our authorised providers
  • Arrange and track shipping and delivery
  • Send order confirmations, updates, and delivery notifications
  • Manage returns, exchanges, refunds, and customer support requests

5.2 To manage your account

  • Register and maintain your account
  • Allow you to access your order history and saved preferences
  • Provide account-related notifications and support

5.3 To communicate with you

  • Respond to enquiries, complaints, and support requests
  • Send service-related and transactional communications
  • Notify you about changes to our services, policies, or terms and conditions

5.4 To improve our website, products, and customer experience

  • Understand how customers interact with our website and products
  • Improve website functionality, navigation, and performance
  • Optimise product presentation and marketing effectiveness
  • Enhance service quality and customer experience

5.5 For marketing communications

Where permitted by applicable law and based on your opt-in consent, we may send you marketing communications about Joe Luke products, launches, collections, offers, and updates by email, SMS, WhatsApp, or similar channels.

You can opt out of marketing communications at any time. Please see Section 7 below for further details.

5.6 For security, fraud prevention, and legal compliance

  • Prevent fraud and unauthorised transactions
  • Protect our website, customers, and business operations
  • Comply with legal, regulatory, tax, and accounting obligations
  • Exercise or defend legal claims and rights


6. Data Retention

We retain your personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including to:

  • provide our products and services
  • maintain business, financial, and transactional records
  • resolve disputes and enforce our agreements
  • comply with applicable legal and regulatory obligations

As a general guide, we typically retain:

  • Transaction and order records: up to 5 years following the date of the transaction, in accordance with applicable UAE commercial and tax regulations.
  • Account information: for the duration of your active account, and for a reasonable period thereafter in case of dispute or legal claim.
  • Marketing preferences and consent records: for as long as you remain subscribed, and for a period thereafter as required to evidence consent.
  • Customer support communications: up to 3 years from the date of the last interaction.

Retention periods may vary depending on the type of information, the purpose for which it was collected, and applicable legal requirements. When personal information is no longer required, we will securely delete or anonymise it.


7. Marketing Communications and Opting Out

If you no longer wish to receive marketing communications from us, you may opt out at any time by:

  • clicking the unsubscribe link in any marketing email we send you
  • following the opt-out instructions in any SMS or WhatsApp message
  • contacting us directly using the details provided in Section 14

We will process your opt-out request promptly. Please note that even after opting out of marketing communications, we may still send you non-promotional communications related to your orders, account, support requests, security notices, or legal and policy updates. These communications are necessary for the performance of our contract with you or our compliance with legal obligations, and are not subject to marketing opt-out.


8. How We Share Your Information

We do not sell your personal information to third parties.

We may share your personal information only as necessary and only with the following categories of recipients:

  • Payment processors and financial providers: to process transactions securely
  • Shipping, logistics, and delivery providers: to fulfil and track your orders
  • Website hosting, cloud storage, and IT service providers: to operate and maintain our digital infrastructure
  • Analytics, advertising, and marketing platforms: to optimise communications and customer experience
  • Customer support and communications technology providers: to manage interactions with customers
  • Professional advisers: including lawyers, auditors, accountants, and insurers
  • Regulators, courts, law enforcement agencies, or government authorities: where required or permitted by applicable law
  • A buyer, investor, or successor entity: in connection with a merger, acquisition, restructuring, or sale of all or part of our business assets, subject to appropriate confidentiality obligations

We require all third-party service providers who handle personal information on our behalf to implement appropriate security measures and to process such information only for authorised purposes and in accordance with our instructions. We do not authorise service providers to use or disclose your personal information for their own independent purposes.


9. International Transfers

Joe Luke operates primarily in the United Arab Emirates. As we grow and extend our services to other countries, your personal information may be stored or processed in the UAE or in other countries where our service providers or operational partners are located.

Where personal information is transferred outside the UAE or another relevant jurisdiction, we take reasonable and appropriate steps to ensure that such transfers are subject to adequate safeguards in accordance with the UAE PDPL and other applicable data protection laws. This may include implementing contractual protections or relying on other lawful transfer mechanisms.


10. Data Security

We implement reasonable and appropriate technical, administrative, and organisational safeguards to protect your personal information from unauthorised access, use, disclosure, alteration, loss, or destruction.

Our security measures include, but are not limited to:

  • restricted access controls limiting personal data access to authorised personnel only
  • encrypted payment processing through PCI-compliant service providers
  • secure systems, networks, and infrastructure
  • confidentiality obligations for employees, contractors, and service providers
  • ongoing monitoring and controls to protect our website and data systems

In the event of a personal data breach that is likely to result in a risk to your rights and interests, we will notify the UAE Data Office and, where required by law, affected individuals, within the timeframes prescribed by the UAE PDPL and its Executive Regulation.

However, no system or transmission over the internet can be guaranteed to be completely secure. While we work to protect your personal information, you provide information to us at your own risk, and we encourage you to take appropriate steps to protect your own data, including using strong and unique passwords and securing your devices.


11. Your Rights

Under the UAE PDPL and, where applicable, other data protection laws, you may have the following rights in relation to your personal information:

  • Right of Access: Request a copy of the personal information we hold about you.
  • Right to Correction: Request that we correct inaccurate, incomplete, or outdated personal information.
  • Right to Erasure: Request the deletion of your personal information in certain circumstances.
  • Right to Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Right to Data Portability: Request that we transfer your personal information to you or a third party in a structured and commonly used format, where technically feasible.
  • Right to Object: Object to the processing of your personal information based on our legitimate interests, or to the use of your personal information for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
  • Right to Lodge a Complaint: Lodge a complaint with the UAE Data Office (the competent supervisory authority for the purposes of the UAE PDPL) or any other relevant data protection authority in your jurisdiction if you believe we have not handled your personal information in accordance with applicable law.

These rights are not absolute and may be subject to limitations under applicable law, including where we are legally required or otherwise permitted to retain or continue processing certain information.

To exercise any of the rights above, please contact us using the details provided in Section 14. We may need to verify your identity before processing your request, and we will respond within the timeframes required by applicable law.


12. Children's Privacy

Our website and services are intended for individuals aged 18 and over. We do not knowingly collect or process personal information from children under the age of 18 without appropriate parental or guardian consent as required by applicable law.

If you are a parent or guardian and believe that a child under the age of 18 has provided us with personal information without appropriate consent, please contact us using the details in Section 14. We will investigate and, where appropriate, delete the relevant information promptly.


13. Third-Party Links

Our website may contain links to third-party websites, platforms, or services. This Privacy Policy applies only to Joe Luke and does not cover the privacy practices of any third party. We are not responsible for the content or privacy practices of any third-party websites, and we encourage you to review their privacy policies before providing any personal information.


14. Contact Us

If you have any questions, requests, concerns, or complaints about this Privacy Policy or about how we handle your personal information, please contact us at:

Joe Luke / MGH Group FZC Email: hello@byjoeluke.com

We will endeavour to respond to all legitimate enquiries within a reasonable timeframe and in accordance with applicable legal requirements.


15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or the way we handle personal information. The updated version will be posted on this page with the revised "Last updated" date at the top.

Where changes are material, we will take reasonable steps to notify you — for example, by posting a notice on our website or sending you a direct communication where appropriate.

Your continued use of our website or services after any changes to this Privacy Policy become effective constitutes your acceptance of the updated policy to the extent permitted by applicable law. We encourage you to review this page periodically to stay informed about how we protect your information.


This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates.