Privacy Policy for E-Commerce Stores
PRIVACY POLICY
This document serves as the Privacy Policy for E-Commerce Stores Developed by MediaBank, outlining how we handle user data within our e-commerce platforms. It provides a detailed overview of our commitment to protecting user privacy and ensuring compliance with applicable privacy laws and regulations, particularly in the context of online retail transactions. We prioritize transparency and data security, implementing robust measures to safeguard user information throughout the operation of our e-commerce stores.
Introduction
MediaBank (“we,” “our,” or “us”) is committed to safeguarding the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, and disclose personal data when you interact with E-Commerce Store websites developed and managed by us for our clients. Our E-Commerce Store websites adhere to GDPR (General Data Protection Regulation) standards to ensure compliance with data protection requirements.
1. Information We Collect
For E-Commerce Stores developed and managed by MediaBank, we may collect the following types of information:
- Contact Information: Name, email address, phone number, and postal address.
- Account Information: Username, password (if registering for an account).
- Order Information: Information about products or services purchased, payment details.
- Communication Data: Information provided during customer support interactions.
- Usage Data: Information about browsing behavior and interactions with the E-Commerce Store.
- Device Information: Information about the device and browser used to access the E-Commerce Store.
- IP Addresses: Internet Protocol (IP) addresses of devices accessing the E-Commerce Store.
2. How We Use Your Information
We may collect and store your personal information for the following purpose:
- Service Enhancement: We analyze user interactions and feedback to identify areas for improvement in the functionality, design, and content of the E-Commerce Platform. This allows us to optimize the user experience and ensure that the websites effectively meet the needs and expectations of our clients and their audiences.
As MediaBank, we utilize this information solely to enhance the services we provide to our clients. However, the client who we developed the E-Commerce Store for may use the collected data for various purposes related to their business operations, including:
- Order Fulfillment: The client can use customer information to process and fulfill orders placed on their E-Commerce platform, including shipping products to customers’ addresses.
- Customer Service: Customer information enables the client to provide personalized customer support, address inquiries, and resolve issues related to orders, products, or services.
- Marketing and Sales: The client may utilize customer data to analyze purchasing behavior, preferences, and trends, allowing them to tailor marketing campaigns, promotions, and product offerings to better meet customer needs and preferences.
- Business Analytics: Analyzing customer data helps the client gain insights into sales performance, inventory management, and overall business operations, enabling informed decision-making to optimize efficiency and profitability.
- Personalization: By understanding customer preferences and behavior, the client can personalize the shopping experience, such as recommending products based on past purchases or browsing history, enhancing customer satisfaction and loyalty.
- Compliance and Legal Obligations: Ensuring compliance with applicable laws and regulations, such as data protection and privacy laws, is essential. The client may use customer data to fulfill legal obligations and respond to regulatory requirements.
Overall, the client utilizes the collected data to enhance the functionality, efficiency, and customer experience of their E-Commerce Store, driving business growth and success.
3. Legal Basis for Processing
We rely on the following legal bases for processing your personal data:
- Consent: When you provide your explicit consent for specific processing activities.
- Contractual Necessity: When processing is necessary for the performance of a contract with you.
- Legitimate Interests: When processing is based on our legitimate interests, such as improving our services or marketing our products.
4. Circumstances for Processing Personal Data
Most commonly, we will process your Personal Data in the following circumstances:
(a) Contractual: If we need to perform an agreement you have with us or it is necessary to take pre-contractual steps at your request before entering into such an agreement.
(b) Legal: Where we need to comply with a legal obligation, e.g., one arising from a law or regulation concerning taxation, accounting, financial reporting, prevention of terrorism or money laundering, or judicial or administrative process.
(c) Interest: If processing is warranted by our legitimate interests or those of a third party, and such interests are not overridden by yours or your fundamental rights and freedoms.
(d) Consent: Where we have your unambiguous consent before processing your Personal Data in that specific situation, thus allowing us to process these data on the grounds of Consent.
5. Data Sharing and Transfers
We may share your personal information with third parties as necessary to provide our services or comply with legal obligations. We may transfer your data internationally, subject to appropriate safeguards (More information about this point in the following sections). However, it’s important to note that we do not sell the personal information collected from the MediaBank website to third parties.
Access to personal information collected on E-Commerce Stores developed and managed by MediaBank is also provided to the client on whose website the user is on. This access allows clients to fulfill orders, provide customer support, and manage their E-Commerce operations effectively. We ensure that clients handle this information responsibly and in accordance with applicable data protection regulations.
6. Data Retention
At MediaBank, we adhere to storing your Personal Data only for as long as necessary in alignment with the purposes for which the data were collected. This includes fulfilling our rights and obligations under any contracts you have with us, if that was the primary purpose. Additionally, we may retain Personal Data for any additional period as required by applicable laws and regulations.
Clients of MediaBank, whose E-Commerce Stores users interact with, are also expected to adhere to similar data retention principles. As part of our contractual agreements with clients, we ensure that they understand their obligations regarding the storage and retention of Personal Data collected through their respective E-Commerce Stores. This ensures consistency and compliance with data protection regulations across all aspects of our services.
7. Disclosure of Personal Data to Third Parties
We engage third-party service providers to assist us in providing, maintaining, and improving our services, including hosting the website, sending communications, providing customer support, and analyzing usage patterns. These service providers may have access to your Personal Data for the limited purpose of providing the services we have engaged them to provide. Additionally, we may store Personal Data in locations outside our direct control, such as on third-party cloud infrastructure or platforms. Importantly, our use of such service providers may involve transmitting your Personal Data to jurisdictions other than the one you reside in.
In addition to our own use, clients whose E-Commerce Stores users interact with may also engage third-party service providers for similar purposes. As part of our contractual agreements with clients, we ensure that they understand their obligations regarding the disclosure of Personal Data to third parties and the importance of ensuring the security and confidentiality of such data.
We may also share your Personal Data with our corporate subsidiaries, as well as outside accountants, legal counsels, and auditors, including those engaged by our clients for their own business purposes.
In the event of a merger, acquisition, division, or similar transaction, your Personal Data may be shared with or transferred to relevant parties involved in the transaction, subject to standard confidentiality arrangements. Clients are informed of any such potential transaction and its implications for the handling of Personal Data collected through their E-Commerce Stores.
There may be situations where we are legally obliged to disclose some or all of your Personal Data, such as in response to an information request from an authority or to comply with national or international measures against terrorism or money laundering. We may also be compelled to disclose your Personal Data by a judicial, arbitral, administrative, or otherwise mandatory order or judgment. In such cases, we ensure that clients are notified of the disclosure unless prohibited by law.
Additionally, we may disclose your Personal Data when necessary to exercise, enforce, or defend our rights, freedoms, or legitimate interests, or to protect the rights, freedoms, or legitimate interests of a third party. Clients are made aware of such disclosures and their implications for data protection and privacy.
Finally, we shall disclose your Personal Data at your request or upon your consent, unless legally prohibited or impracticable. Clients are informed of any such requests or consents and collaborate with us in facilitating the disclosure in accordance with applicable laws and regulations.
8. International Transfers of Personal Data
We may transfer your Personal Data to jurisdictions other than the one you reside in, subject to this section.
We shall not transfer your Personal Data from countries participating in the European Economic Area (“EEA”) to those which do not, or from the EEA to international organizations, unless the recipient country or the particular person or entity receiving the data ensures an adequate level of protection for the data received. If such adequate protection is not ensured, we will implement safeguards as legally required and/or subject the transfer to other conditions as provided by law.
For example, if we are to transfer your Personal Data from the EEA to an infrastructure provider or another service provider necessary for the provision of our services, such as those mentioned under the section regarding third-party service providers, we will ensure that the provider ensures an adequate level of protection for the Personal Data received. This may include implementing Standard Contractual Clauses in service agreements between us and the service providers to ensure a level of protection equivalent to the GDPR. We regularly review and update our agreements with service providers to align with any changes in legal requirements, such as those related to the US Foreign Intelligence Surveillance Act (FISA).
We prioritize selecting service providers that promise to ensure an adequate level of personal data protection according to GDPR standards. Additionally, we assess the risk of being subject to FISA or other US law enforcement-related acts when considering international transfers of Personal Data, particularly concerning communication data.
This adaptation ensures that MediaBank’s Privacy Policy reflects the company’s approach to international transfers of Personal Data and compliance with relevant data protection laws, such as the GDPR.
9. Personal Data Security
At MediaBank, we prioritize the security of your Personal Data and maintain adequate technical and organizational measures to ensure its protection in accordance with the given circumstances. When determining the appropriate level of security, we consider various factors, including the nature of the Personal Data, the processing operations involved, associated risks, technological advancements, implementation costs, and other relevant considerations. These measures are detailed in our Data Protection Policy.
Our security measures are designed to address the following key aspects:
- Protecting Personal Data against unauthorized or unlawful processing, accidental loss, alteration, or destruction.
- Ensuring the integrity and confidentiality of Personal Data throughout its processing lifecycle.
- Maintaining the availability and resilience of Service features essential for processing Personal Data.
- Facilitating the timely restoration of availability and access to Personal Data following any Service incidents.
However, it’s important to acknowledge that while we implement robust security measures, no system is entirely immune to risks. We cannot guarantee that your Personal Data, whether during transmission over the internet, storage in our systems or those of our service providers, or otherwise under our care, will be completely safeguarded from unauthorized or unlawful processing, accidental loss, alteration, or destruction. Additionally, we cannot ensure that your Personal Data will always remain intact and confidential, or that they will be promptly available after any Service incident. Moreover, we cannot control the actions of other parties with whom you choose to share or instruct us to share your Personal Data.
Furthermore, clients whose E-Commerce Stores users interact with are also subject to the protection of the data disclosed to them. As part of our contractual agreements with clients, we ensure that they understand their obligations regarding the security and confidentiality of Personal Data collected through their respective E-Commerce Stores. This ensures a comprehensive approach to data security and privacy across all aspects of our services.
10. Cookies and Tracking Technologies
MediaBank utilizes cookies and similar tracking technologies to enhance your browsing experience, analyze usage patterns, and deliver targeted advertising. By continuing to use our website, you consent to the use of cookies in accordance with our Cookie Policy and accept our Privacy Policy.
Cookies are small text files that are stored on your device when you visit a website. They serve various purposes, including remembering your preferences, improving website performance, and providing personalized content.
We may also use tracking technologies such as web beacons, pixels, and tags to collect information about your interactions with our website, such as the pages you visit and the links you click on. This information helps us understand how users engage with our website and allows us to optimize our content and services accordingly.
You have the option to decline the use of cookies, which may limit certain functionalities of our website. However, by accepting cookies, you can continue to enjoy a personalized browsing experience. If you have any questions or concerns about our use of cookies and tracking technologies, please contact us using the provided contact details.
11. Your Rights as a Data Subject
Data subjects in the EEA have certain statutory rights under the GDPR concerning the Personal Data that we have on them. This part of the Policy aims to provide a general understanding of these rights, and we encourage you to further explore the GDPR for deeper comprehension.
Specifically, your data subject rights include:
Right of Access (GDPR Article 15): You have the right to inquire and receive confirmation from us as to whether we process any of your Personal Data. If so, you may request access to those data and obtain a copy of them. Users can access most of the Personal Data we have about them by logging into their User Account and visiting their profile page. If you do not have a User Account or wish to exercise your right of access, please use the contact details provided at the end of this Policy.
Right to Rectification (GDPR Article 16): If the Personal Data we have about you is incorrect, you have the right to request that we correct those data. In some circumstances, you may also request that incomplete Personal Data be completed. Users are encouraged to update the Personal Data under their User Accounts themselves.
Right to Erasure (Right to be Forgotten) (GDPR Article 17): You have the right to request that we delete or remove the Personal Data we have on you where there is no valid reason for us to continue processing them. Please note that we may not always be able to comply with your request due to specific legal reasons, in which case we will inform you accordingly.
Right to Object (GDPR Article 21): You have the right to object to our processing of your Personal Data, particularly when the processing is based on our legitimate interests. You may also object to processing for direct marketing purposes.
Right to Restriction of Processing (GDPR Article 18): You have the right to request that we suspend the processing of your Personal Data under certain circumstances, such as when the accuracy of the data is contested or when you have objected to processing.
Right to Data Portability (GDPR Article 20): If our processing of your Personal Data is based on contractual grounds or consent and carried out by automated means, you are entitled to receive those data in a structured, commonly used, and machine-readable format. You may also request that we transmit these data directly to another controller if technically feasible.
Right to Withdraw Consent (GDPR Article 13(2)(c)): If we are processing your Personal Data based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing activities carried out before the withdrawal.
You can exercise some of your data subject rights through your User Account. If you are unable to do so or if the right cannot be exercised through your account, please use the contact details provided at the end of this Policy to get in touch with us, and we will do our best to facilitate the exercise of your rights.
We aim to respond to any legitimate request within a month of its receipt, but it may take longer if the request is particularly complex or if multiple requests have been made. In such cases, we will keep you updated on the progress of your request.
We do not charge any fee for exercising the above rights unless your requests are clearly unfounded or excessive, in which case we may charge a reasonable fee or decline your request.
Your Rights Under Egyptian Law
In addition to the rights granted under the GDPR, individuals residing in Egypt are entitled to certain rights under Egyptian law concerning their Personal Data. MediaBank is committed to upholding these rights and ensuring compliance with relevant Egyptian data protection regulations. While specific details may vary, individuals in Egypt generally have the right to access their Personal Data held by MediaBank, request the rectification or deletion of inaccurate or incomplete data, and object to the processing of their Personal Data for certain purposes. To exercise these rights or inquire about your Personal Data as an Egyptian resident, please contact us using the provided contact details at the end of this Policy.
12. Updates to this Privacy Policy
We may revise this Policy periodically to reflect changes to the Service, Websites, applicable laws, regulations, or standards, or other developments in our business operations. Any revisions will be posted on the same webpage where this Policy is published or on another webpage commonly used for publishing such materials. Additionally, we may notify Users of policy changes through the Service, email, or other means.
The revised Policy will become effective upon posting unless otherwise specified within the document itself. It is advisable to review this Policy regularly for any updates. Your continued use of the Service or Websites after the posting of any revisions indicates your acceptance of the updated terms.
13. Contact Us
Feel free to get in touch with us if you have any questions about this Policy or our data processing practices or if you would like to exercise any of your ‘data subject’ rights with respect to the Personal Data we maintain on you.
Email us: [email protected]
Last updated: [Sunday, 19th May 2024]