CRF Parfums

Privacy Policy

Last updated: April 4, 2026

This Privacy Policy explains how CRF Parfums (“we”, “us”, “our”) collects, uses, and protects your personal information when you interact with our website at crfparfums.com. CRF Parfums is the data controller. Our registered address is: Mussafah, Abu Dhabi, UAE. This policy is designed to comply with applicable privacy laws including the EU/UK GDPR, US CAN-SPAM Act and CCPA, Canada’s CASL and PIPEDA, the UAE Personal Data Protection Law (PDPL), India’s Digital Personal Data Protection Act (DPDP Act 2023), and Nepal’s Electronic Transactions Act.

1. Information We Collect

When you sign up for early access, we collect:

  • Name — to personalise future communications.
  • Email address — to send you marketing and promotional updates about the CRF Parfums collection.

We do not collect payment information, government IDs, or sensitive personal data.

2. How We Use Your Information

We use your name and email address solely to:

  • Send you marketing and promotional emails about CRF Parfums products and launches.
  • Notify you of early access availability, exclusive pricing, and limited releases.
  • Respond to unsubscribe and data access requests.

We will never sell, rent, or share your personal data with third parties for their own marketing purposes.

3. Legal Basis for Processing

We process your personal data on the basis of your freely given, informed, and explicit consent, provided when you tick the consent checkbox on our sign-up form. You may withdraw consent at any time by unsubscribing.

  • EU / UK GDPR: Article 6(1)(a) — consent.
  • Canada CASL / PIPEDA: Express opt-in consent obtained via checkbox prior to sending commercial electronic messages.
  • UAE PDPL: Processing based on data subject consent under Federal Decree-Law No. 45 of 2021.
  • India DPDP Act 2023: Consent of data principal obtained before processing.
  • US CAN-SPAM / CCPA: Express consent provided; opt-out honoured immediately upon unsubscribe request.

4. Third-Party Processors

We use Resend (resend.com) to deliver emails. Resend acts as a data processor on our behalf and is SOC 2 Type II certified. Your name and email address are transmitted to Resend solely for the purpose of delivering emails. Resend’s infrastructure is hosted in the United States.

We do not use any advertising, analytics, or tracking services on this website.

5. International Data Transfers

As Resend operates in the United States, your data may be transferred internationally. We ensure appropriate safeguards are in place:

  • EU / UK: Transfers to the US are covered by Standard Contractual Clauses (SCCs) under GDPR Article 46.
  • UAE: Transfer is to a jurisdiction with appropriate protections as required under UAE PDPL Article 22.
  • India: Transfers comply with Section 16 of the DPDP Act 2023.
  • Canada / Nepal: We take reasonable steps to ensure equivalent protection as required by PIPEDA and Nepal’s Electronic Transactions Act 2008.

6. Data Retention

We retain your name and email address until you unsubscribe or request deletion, or for a maximum of 2 years from the date of your last interaction with us, whichever comes first. After this period, your data is permanently deleted from our systems.

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure (“Right to be Forgotten”): Request deletion of your personal data.
  • Restriction: Ask us to restrict processing of your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw your consent at any time by unsubscribing — this does not affect the lawfulness of prior processing.
  • CCPA (California): Right to know, right to delete, and right to opt-out of sale (we do not sell personal data).
  • Right to Lodge a Complaint (EU/UK GDPR): You have the right to lodge a complaint with your local data protection supervisory authority at any time — for example, the ICO in the UK (ico.org.uk) or the relevant EU Data Protection Authority. We would, however, appreciate the chance to address your concern directly before you contact a regulator.

To exercise any of these rights, email us at privacy@crfparfums.com. We will respond within 30 days (or as required by applicable law).

8. How to Unsubscribe

Every marketing email we send includes an unsubscribe link. Clicking it will immediately remove you from our list. You may also email privacy@crfparfums.com to request removal. Unsubscribe requests are honoured within 10 business days as required under CAN-SPAM, and within 2 business days for CASL compliance.

9. Cookies and Tracking

Our website does not use tracking cookies, advertising pixels, or behavioural analytics tools. We do not track your browsing activity across other websites.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted their data, please contact us at privacy@crfparfums.com and we will delete it promptly.

11. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Email delivery is handled via an industry-standard encrypted service (Resend). However, no internet transmission is completely secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. Continued use of the website after changes constitutes acceptance of the revised policy.

13. Contact Us

For privacy-related enquiries or to exercise your rights:

← Back to site