سياسة الخصوصية
Purpose of This Document
This Privacy Policy is intended to inform natural persons (hereinafter referred to as the ‘Data Subject’) regarding the processing of their personal data.
Updates and Acceptance
Categories of Personal Data Processed
The Data Controller may process the following categories of Personal Data provided voluntarily by the Data Subject:
– Contact Data: first name, last name, address, email address, phone number, profile picture, authentication credentials, and any additional information voluntarily provided.
– Fiscal and Payment Data: tax code, VAT number, credit card details, bank account information.
– Usage Data: e.g., pages visited, number of clicks, actions performed, session duration.
If the Data Subject fails to provide Personal Data that is legally or contractually required, or essential to entering into a contract with the Data Controller, such a contract cannot be concluded or continued.
The Data Subject assumes full responsibility for Personal Data relating to third parties, ensuring its lawful acquisition and disclosure.
Legal Basis and Purposes of Processing
Personal Data is processed for the following purposes:
– Fulfilment of contractual or pre-contractual obligations
– Registration and authentication (including via external platforms)
– Responding to user inquiries
– Payment processing through various payment methods
– Compliance with applicable laws and regulations, particularly in fiscal and tax matters
– Direct marketing of similar products/services via email to existing clients
– Monitoring, optimizing, and securing the technical infrastructure
– Anti-fraud measures
– Anonymous statistical analysis to improve services
4. Consent-Based Activities:
– Profiling to personalize marketing content based on preferences and behavior
– Retargeting/remarketing campaigns (with opt-out options available via the Network Advertising Initiative)
5. Use of Social Media or Third-Party Platforms:
Processing Methods and Data Access
Personal Data is processed exclusively by:
- Personnel authorized by the Data Controller who are bound by confidentiality obligations.
- Independent third-party data controllers or data processors (e.g., consultants, service providers, IT and hosting companies).
- Legal authorities or regulatory bodies, when required by law.
These parties are contractually obligated to use appropriate security measures and may only access data essential for their duties.
Third-Party Sharing
Payment processors (Stripe, PayPal) to enforce fee disputes.
Logistics partners (DHL) for delivery verification.
Legal authorities if required to investigate fraud
Banks for payment disputes
Location of Data Processing
Personal Data is stored and processed within the European Economic Area (EEA). No cross-border data transfers are conducted.
We retain personal data for 3 years after account closure to comply with legal obligations and prevent fraud. Upon expiry of retention periods, Personal Data will be securely deleted or anonymized.
Rights of the Data Subject
- Be informed about the use of their Personal Data
- Withdraw consent at any time
- Restrict or object to data processing
- Access, correct, or delete their Personal Data
- Request data portability to another controller
- File a complaint with a data protection authority or pursue legal action