Privacy Policy

Privacy Policy

 

Thank you for visiting and shopping at Altura Enterprises W.L.L (the “Company”).  Following are the terms and conditions that constitute the manner with which the Company handles personal data collected from its customers in accordance with the Bahrain Personal Data Protection Law (No. 30 of 2018) (the “Law”) and any other applicable data protection laws (“Privacy Policy”).

This Privacy Policy outlines how the Company collects, processes, stores, and protects personal data through various channels, including but not limited to its corporate offices, websites, and online store.  It also applies to additional personal data collected during other interactions with the Company, whether directly or through authorised data processors.

The Company takes the protection of Your personal and sensitive data seriously and ensures that it is processed lawfully, fairly, and transparently in compliance with the Law. This Privacy Policy should be read in conjunction with any other privacy notices, fair processing notices, and product terms and conditions that the Company may provide on specific occasions when it is collecting or processing Personal Data.

1.                Definitions and Interpretation

1.1.           Definitions

For the purposes of this Privacy Policy, the following words and expressions have the following meanings:

Country

the Kingdom of Bahrain.

Data Controller

a natural or legal  person, who decides solely or in association with others, the purposes and means of processing certain personal data. Where such purposes and means are prescribed by the Law, the Data Controller shall be the person legally responsible for processing all relevant personal data.

Data Processor

the person who processes personal data for and on behalf of the Data Controller, excluding employees acting within their employment scope.

Data Processing

any operation or set of operations carried out on personal data by automated or non-automated means, including but not limited to: collecting, recording, organising, classifying in groups, storing, modifying, amending, retrieving, using or revealing such data by broadcasting, publishing, transmitting, making them available to others, integrating, blocking, deleting or destroying them.

Direct Marketing

any communication directed to a specific individual, by any means, that contains marketing or advertising materials intended to promote goods, services, or ideas.

Personal Data

any information in any form relating to an identifiable individual, or an individual who can be identified, directly or indirectly, particularly through his/her personal ID number, or one or more of his/her physical, physiological, intellectual, cultural or economic characteristics or social identity, including but not limited to:

(a)         name;

(b)         contact information (including email address, telephone number(s) and physical address);

(c)         job title, level, job function or role;

(d)         company or organisation name;

(e)         company data;

(f)          demographic information, such as industry, country, preferences and interests;

(g)         other information relevant to client surveys or similar research;

(h)         information pertinent to fulfilling its services to You; and

(i)          any other personal data that You voluntarily provide to us.

In order to determine whether an individual could be identified, all the means used by, or that may be available to, the Data Controller or any other person shall be taken in consideration.

The type of personal data and supporting documentation that the Company may obtain from You is as set out in contact form or in this Privacy Policy.

Sensitive Personal Data

any personal information that reveals, directly or indirectly, the individual’s race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record or any data related to his/her health or sexual life.

Service

the Website.

Website

www.alturaenterprise.com

You

the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable

 

1.2.           Interpretation

All capitalised terms shall have specific meanings as defined above, unless otherwise defined, regardless of whether they appear in singular or in plural.

2.                Data We Collect

2.1.           Information Requested and Collected by Us

For the purpose of providing relevant services, the Company must and does collect and process the following categories of Personal Data from past, existing and prospective customers:

Data Class

Indicative data elements (not an exhaustive list)

Identifiers

Name (first and last)

Contact Information

Email, phone number (mobile and fixed), physical address

Documents

Any service terms and conditions and/or application forms You conclude between Yourself and the Company

Usage Information

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, the Company may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. The Company may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Web Beacons (Clear GIFs, Pixel Tags, Single-Pixel GIFs)

These may be embedded in the Company’s services or emails to track interactions, such as email opens or web page visits, for analytical purposes.

Cookies

Small files stored on Your device to enhance browsing experience. You may modify Your browser settings to reject or delete cookies, though this may affect service functionality.

Persistent Cookies

Persistent cookies remain on Your device after the browser is closed.

Session Cookies

Session cookies are deleted upon closing Your browser.

 

Personal Data collected and processed is restricted to the minimum information required in order to provide services to customers, or to comply with any regulatory provisions or directions as may apply. Not having this information could result in the Company’s inability to provide the services requested by its customers or could affect the quality of those services.

In addition to processing Personal Data, the Company may also aggregate, stratify and analyse anonymised personal data. As personal data that is aggregated and analysed in this manner is rendered anonymous (i.e. it cannot identity or be linked to individuals) such data is not considered Personal Data for the purposes of this Privacy Policy.

Aggregated data may include pages visited, time spent You have browsed on Your mobile, device or PC. This data is used to analyse and improve the quality of services to You.

2.2.           Information That You Provide Voluntarily

(a)    The Company collects Personal Data that You provide voluntarily through the Website: for example, when completing online forms to contact us, or completing online forms to apply for a job position.

(b)    The Company does not intentionally collect Sensitive Personal Data unless explicitly required by the Law or with Your explicit consent.

(c)    If You provide Personal Data on behalf of another individual, such as a wholly or partially incompetent person, You must be legally authorised (e.g., legal guardian, executor, or custodian) to do so.

2.3.           Information That We Collect Automatically

(a)    When You visit the Website, certain personal data is automatically collected from Your device such as:

(i)         IP address;

(ii)       device type;

(iii)     unique device identification number (such as MAC address);

(iv)      browser type and version;

(v)       broad geographic location (city or country level); and

(vi)      other technical information.

(b)    The Company also collects information about how Your device has interacted with the Website, including webpages accessed and links clicked. Collecting this information enables the Company to better understand visitors who come to the Website, such as where they come from and what content on the Website is of interest to them. The Company uses this information for internal analytics and to improve the quality and relevance of the Website for visitors.

2.4.           Third Party Websites & Plugins

The Company is not responsible for any Personal Data collected or processed by third-party plugins, external websites, or services linked from the Website. The Company recommends reviewing their respective privacy policies before interacting with their services.

3.                Use of Personal Data

3.1.           The Company may process Your Personal Data for any or all of the following lawful purposes:

(a)    to provide services to You, including services and products offered by subsidiaries, or by online store;

(b)    to administer the relationship with You and maintain contractual relations;

(c)    for marketing and business development;

(d)    to comply with legal and regulatory obligations;

(e)    to establish, exercise or defend legal rights;

(f)     for historical and statistical purposes, ensuring data is anonymised where appropriate; and

(g)    for research, analytics and enhancement of its services.

3.2.           Where required by applicable law, the Company will obtain Your consent before processing Personal Data for certain purposes, such as direct marketing.

4.                Data Sharing & Third-Party Disclosures

4.1.           The Company may disclose Personal Data to third-parties outside of the Company (including but not limited to service providers, legal authorities or business partners) when necessary, in the following circumstances:

(a)     requested by You;

(b)    to perform its obligations under a contractual arrangement with You; or

(c)    as compelled by a court order or by any other legal or regulatory requirement.

4.2.           Third-party recipients of Personal Data may include:

(a)    professional advisors such as law firms, tax advisors or auditors;

(b)    insurers;

(c)    audit regulators;

(d)    tax and customs and excise authorities;

(e)    regulatory and other professional bodies;

(f)     providers of identity verification services;

(g)    credit reference agencies;

(h)    the courts, police and law enforcement agencies;

(i)     government departments and agencies;

(j)     service providers; and

(k)    emergency services.

4.3.           The Website may include links to third-party websites, plug-ins and applications which are not maintained or controlled by the Company. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. The Company do not control these third-party websites and are not responsible for their privacy statements. When You look at other websites, the Company encourage You to read the Privacy Policy of every website You visit before providing any personal date.

5.                Data Retention

5.1.           The Company’s policy is to retain Personal Data only for as long as it is necessary for the purpose for which it was collected, or to meet specific legal or regulatory requirements.. Retention periods are set in accordance with local regulatory and professional retention requirements to meet professional and legal requirements, to establish, exercise or defend the Company’s legal rights, and for archival purposes.

5.2.           For historical statistical analysis, the Company may need to retain information for significant periods of time after suitably anonymising the information. Once retention periods expire, personal data is securely deleted or anonymised.

6.                Transfer of Data Outside the Country

6.1.           Your information, including Personal Data, is processed at the Company's operating offices and in any other places where third party or parties involved in the processing are located. It means that this information may be transferred to and maintained on computers located outside of the Country where the data protection laws may differ than those from the Country.

6.2.           Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

6.3.           The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with the Law and this Privacy Policy and no transfer of Your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of Your data and other personal information.

7.                Security

7.1.           The Company is committed to safeguarding and ensuring the application of technical and organizational measures capable of protecting Personal Data against unintentional or unauthorised destruction, accidental loss, unauthorised alteration, disclosure or access, or any other form of processing.

7.2.           Various security measures include encryption, firewalls and access controls. Personal Data is shared within the Company (including employees, contractors, agents, etc.) on a need to know basis and under strict confidentiality arrangements.

7.3.           Notwithstanding this, despite the Company’s best efforts, it cannot absolutely guarantee the security of data against all threats. The Company has implemented suitable measures to identify, monitor and report any breaches to Personal Data in line with the requirements of the Law.

8.                User Rights Under the Law

8.1.           Under the provisions of the Law, You are provided with the following rights in relation to the processing of Your Personal Data, including but not limited to other rights under the Law:

(a)    right to access: request access to Your Personal Data;

(b)    right to rectification: request correction of inaccurate or incomplete data;

(c)    right to erasure: request deletion of Your data, subject to legal exceptions;

(d)    right to object: object to specific types of processing, such as Direct Marketing;

(e)    right to restrict processing: limit processing under certain conditions; and

(f)     right to withdraw consent: withdraw previously given consent at any time, where applicable.

8.2.           To exercise these rights, please contact us at helloaltura@alturaenterprise.com. The Company may require proof of identity to process Your request.

9.                Changes to this Policy

The Company reserves the right, at its sole discretion, to modify or replace this Privacy Policy at any time.  Any material changes will be communicated through official channels, including website notifications and, where appropriate, direct communication with affected individuals. What constitutes a material change will be determined at the Company’s sole discretion. Please review it periodically for any changes.