PRIVACY POLICY - HMSASTORE
Effective Date: February 10, 2026 Last Updated: February 10, 2026
This Privacy Policy describes how ELSHAIMA B MOHAMMED LTD (Company Registration Number: [Insert Number]), operating the hmsastore marketplace ("hmsastore", "we", "us", or "our"), collects, uses, processes, and discloses your information when you access or use our website, mobile applications, and services (collectively, the "Platform").
We are committed to handling your data with transparency and integrity. This policy is drafted to comply with strict global and regional standards, including:
GDPR: The General Data Protection Regulation (EU/UK).
PDPL: The Personal Data Protection Law (Saudi Arabia).
DPL: The Data Protection Law No. 151/2020 (Egypt).
Applicable consumer protection laws in the GCC and Middle East.
ELSHAIMA B MOHAMMED LTD is the "Data Controller" responsible for your personal data.
For Users in the UK/EEA: We are the direct controller.
For Users in the Middle East: We act as the controller ensuring compliance with local data residency and protection laws through our appointed representatives where required.
We adhere to the principle of "Data Minimization" and only collect what is necessary.
Account Data: Name, email address, encrypted password, and phone number (for verification).
Transaction Data: Shipping address, billing address, and payment preferences.
Communication Data: Customer support history, emails, and dispute records.
Vendor Data (KYC): If you are a Vendor, we collect business registration, tax ID, and bank details for Anti-Money Laundering (AML) compliance.
Usage Data: IP address (for security and country identification), browser type, and page interactions.
Device Data: Device model and OS version. Note: We do not use device fingerprinting for cross-site tracking.
Location Data: Approximate location (City/Country) derived from IP address for shipping logistics. Precise GPS data is only collected with your explicit consent.
Cookies: We use cookies for functionality and analytics. We respect "Do Not Track" (DNT) signals.
Our Platform is strictly for users aged 18 and over. We do not knowingly collect data from minors. If we discover that we have collected data from a minor without parental consent, we will delete it immediately.
We process your data based on specific legal grounds:
Contract Performance: To process orders, manage accounts, and deliver products.
Legal Obligation: To comply with tax laws, fraud prevention, and AML regulations.
Legitimate Interests: To improve platform security and prevent fraud (balanced against your rights).
Consent: Explicitly obtained for direct marketing and non-essential cookies.
Research & Development: We use only Anonymized and Aggregated data for business intelligence; this data cannot identify you personally.
Saudi Arabia (PDPL): We process data primarily for the performance of the agreement and legitimate interests acknowledged by law. Sensitive data is processed only with strict safeguards.
Egypt (Law 151): We ensure all data processing is lawful, transparent, and compatible with the purpose of collection.
We do not sell your personal data. We share it only as follows:
With Vendors (Strict Limitation): We share only the necessary shipping details (Name, Address, Phone) with the Vendor to fulfill your order. Vendors act as Independent Controllers for this limited purpose and are contractually prohibited from using your data for their own marketing.
Service Providers: Trusted third parties (e.g., Stripe, PayPal, AWS, Logistics Partners) who process data on our behalf under strict Data Processing Agreements (DPAs).
Legal Authorities: If compelled by a court order or to report criminal activity (e.g., fraud) to authorities in your jurisdiction.
Your data may be processed globally. To ensure protection:
Transfer Mechanisms: We rely on Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs) for transfers outside the EEA.
Data Localization (KSA & Egypt): Where required by local laws, we strive to store sensitive data on local servers or ensure cross-border transfers meet regulatory approval standards (e.g., SDAIA regulations).
Regardless of your location, you have the right to:
Access & Portability: Request a copy of your data in a structured format (e.g., CSV).
Rectification: Correct inaccurate data.
Erasure ("Right to be Forgotten"): Request deletion of your data (subject to tax/legal retention periods).
Objection: You have the absolute right to stop us from using your data for direct marketing at any time.
Withdraw Consent: Withdraw consent easily via account settings.
Lodge a Complaint: File a complaint with your local authority (e.g., ICO in UK, SDAIA in KSA, Data Protection Centre in Egypt).
9. Data Retention
Active Accounts: Retained as long as the account is active.
Financial Records: Transaction data is retained for 5 to 7 years to comply with tax laws in the UK, Egypt, and GCC.
Marketing Data: Deleted immediately upon unsubscription.
Inactive Data: Personal data from inactive accounts is deleted or anonymized after a set period of inactivity (e.g., 2 years).
10. Security & Breach Notification
Measures: We use SSL encryption, firewalls, access controls, and comply with PCI-DSS standards for payments.
Breach Notification: In the event of a data breach posing a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.
11. Additional Legal Clauses
11.1 Do Not Track (DNT): Our Platform recognizes and respects "Do Not Track" signals from web browsers.
11.2 Severability: If any provision of this Privacy Policy is found to be unenforceable or invalid under applicable local law, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.
11.3 Governing Law: This policy is governed by the laws of England and Wales, without prejudice to the mandatory consumer protection rights applicable in your country of residence.
12. Contact Information
If you have any questions or wish to exercise your rights, please contact our Data Protection Officer (DPO):
ELSHAIMA B MOHAMMED LTD
ش
Address: [Insert Full Registered Address, e.g., 71-75 Shelton Street, London, UK]
Email: shwshwnana@gmail.com (or privacy@hmsastore.com)
Company Registration Number: [Insert Number]
13. Changes to This Privacy Policy
We may update this policy periodically. Material changes will be notified via email or a prominent notice on the Platform. Continued use constitutes acceptance.
لازم تسجل دخول عشان تشوف هالميزة
راح نحذف العنوان من قائمتك
sd
