We, Arab International Company for Export & Trade and our affiliates (being
other companies in our group) take the protection of your personal data very seriously and set out here in this
we take to protect such data and your rights in relation to such data.
To the extent applicable, we protect your personal data in accordance with any
local law data protection laws, the EU directive 2016/679 (“GDPR”), and this
protection to your personal data. However, we would like to make you aware that any data transfer in the
internet is subject to possible gaps.
Personal Data (Art. 4(1) GDPR) means any information relating
to an identified or identifiable natural person. An identifiable person is one who can be identified, directly
or indirectly, in particular by reference to an identification tool such as an identification number, an online
identification number, location data or information concerning his or her physical, physiological, genetic,
mental, economic, cultural or social identity. Identification may also be provided by linking such information
or other additional knowledge. The origin, form or embodiment of the information is irrelevant.
Processing (Art. 4(2) GDPR) is any operation that involves the
handling of Personal Data, whether or not with the aid of automated (i.e. technology-assisted) procedures. This
includes in particular the collection (i.e. procurement), recording, organisation, filing, storage, adaptation
or modification, reading, consultation, use, disclosure by transmission, dissemination or otherwise making
available, comparison, interconnection, restriction, deletion or destruction of Personal Data, as well as the
change of a target or purpose on which a data processing was originally based.
Controller (Art. 4(7) GDPR) is the natural or legal person,
public authority, agency or other body which alone or jointly with others determines the purposes and means of
the processing of Personal Data.
Third Party (Art. 4(10) GDPR) is any natural or legal person,
public authority, agency or body other than the person concerned, the controller, the processor and the persons
who, under the direct authority of the controller or processor, are authorised to process the Personal Data,
including other legal persons belonging to the group.
Processor (Art. 4(8) GDPR) is a natural or legal person,
public authority, agency or other body which processes Personal Data on behalf of the Controller, in particular
in accordance with the latter's instructions (e.g. IT service provider). In the sense of data protection
law, a Processor is in particular not a Third Party.
Consent (Art. 4(11) GDPR) of the person concerned means any
freely given specific, informed and unequivocal expression of his or her wishes in the form of a declaration or
other unequivocal affirmative act by which the person concerned signifies his or her Consent to the Processing
of Personal Data relating to him or her.
2. HOW TO CONTACT US
The Controller for the collection and use of Personal Data on this website is:
Arab International Company for Export & Trade (a company incorporated
in Egypt with commercial registration number 10079 and its registered office address at 27 Zohny st., ElZaher,
Cairo, Egypt. Our registered VAT number is 200 – 326 – 287)
If you have any queries regarding how we process your data, please contact our
Digital Marketing Manager by email at [email protected] and we
will try our best to resolve it.
3. INFORMATION ON DATE COLLECTION AND USE
When you access our website, create an account and/or enter into a purchase
contract for our products, your Personal Data are processed in order to ascertain the proper function of our
website and for the implementation of the purchase contract as legally permitted.
You have various rights which you can assert against us. These include the
right to object to selected Data Processing, in particular Data Processing for advertising and/or marketing
purposes. Please see section 4.3.3 for further information.
4. COLLECTION OF PERSONAL DATA WHEN ACCESSING OUR WEBSITE
When you access the Company's website/application,
various information is exchanged between your device and our server. This may also involve Personal Data. The
information collected in this way is used, among other things, to optimise our website or to display advertising
in the browser of your device.
4.1 Access to Website (Log-in/hosting)
When logging-in via our website www.alfakhershop-eg.com we collect the following Personal Data which
your browser transmits to our server during the log-in process:
IP address of the requesting internet-capable device,
Date and time of request,
Time zone difference to Greenwich Mean Time (GMT),
Content of request (specific page),
Access status/HTTP- status code
Data volume transmitted
the website/application from which the access was made (referrer URL),
Operating system and its interface,
Language and browser software version.
The data are being processed pursuant to Art. 6(1)(f) GDPR (our legitimate
interest). Our legitimate interest follows from the purposes of data collection, namely to guarantee a smooth
connection establishment and a comfortable user experience on our website/application as well as the evaluation
of system security and stability.
The data are stored for a period of 1 year and then automatically deleted,
unless we are required to retain the data for longer periods by law.
We need to process the above-mentioned data in order to make our website and
its services available to you. The data are being processed pursuant to Art. 6(1)(f) GDPR (our legitimate
interest). In this context we use the services of web hosting providers, to whom we transfer the above-mentioned
data. Furthermore, subject to your Consent we use so-called cookies, tracking tools, targeting
methods and social media plug-ins for our website/application. The exact nature of these procedures and how your
Personal Data are used for this purpose is explained in detail under Section 5 below.
If you have agreed to so-called geolocation in your browser or
operating system or other settings of your terminal device, we use this function to offer you individual
services related to your current location (e.g. the location of the nearest branch). We process your location
data in this way exclusively for this function. If you terminate the use, the data will be deleted.
4.2. Order Process
4.2.1 Data Processing at conclusion/for implementation of
Contact for ordering
The object of our Company is the distance selling of tobacco and non-tobacco
products, retail trade and the development and manufacturing of the goods to be offered. When you visit our
website and set up an account for ordering or order products without an account, we process the data required
for the conclusion, execution or termination of a contract with you. Some external service
providers are also involved in the implementation of the contract, e.g. logistics companies and
payment service providers, and your data will be passed on to them to the extent necessary in each case. Details
of the external service providers we currently use are available on request by emailing: [email protected]. The
data processed include:
first name, surname
Invoice and delivery address
Billing and payment data
date of birth/age (see note on age-restricted products below)
The legal basis for this is Art. 6(1)(b) GDPR, i.e. you provide us with data
which we process so that we can fulfil the contract between you and us.
The data collected for the processing of the contract are stored until the
expiry of the statutory or possible contractual warranty and guarantee rights. After expiry of this period, we
shall store the information required under commercial and tax law for the contractual relationship for the
legally specified periods on the basis of Art. 6(1)(c) GDPR in a blocked form. For this period (usually 6 to 10
years after the end of the year in which the contract is concluded), the data will be reprocessed solely in the
event of a review by the tax authorities.
Our products are only available to customers over the age of 18, and we may be
required by law to verify compliance with the age limit. Therefore, we verify your age
information when you order such age-restricted products by using information from service providers (currently,
our third party courier at the point of delivery). The legal basis for this is Art. 6(1)(b) and (f) GDPR
(processing is necessary for the fulfilment of the contract between you and us and for our legitimate interests,
which are to ensure our products are only sold to customers of an appropriate age).
The primary method of payment via the website will be cash on delivery.
However, if the website functionality changes such that you can pay via the
website and you choose this payment method, we will pass on the necessary payment data to a
payment service provider commissioned by us. These data include:
name as on credit card
credit card/bank account/payment method
Delay in Payment
In the event of a delay in payment, we transmit the necessary
data to a company commissioned with the assertion of the claim, provided that the other legal requirements are
met. The legal bases for this are both Art.°6(1)(b) and Art.°6(1)(f) GDPR. The assertion of a
contractual claim is to be regarded as a legitimate interest. If the other legal requirements are met, we will
also forward information about the delay in payment to credit agencies cooperating with us. The legal basis for
this is Art.°6(1)(f) GDPR. Our legitimate interest results from our and third parties' interest in
reducing contractual risks for future contracts.
We will pass on your name, delivery
address and your phone number to a third party logistics company engaged by us. We
will transmit your name,e-mail address and, if applicable, your phone
number to the logistics company to ensure that the goods are delivered according to your wishes.
The logistics company will contact you in advance of the delivery to inform you of the delivery time or to agree
details of the delivery with you. The data will be transmitted solely for this purpose and deleted after
delivery. The legal basis for this is Art. 6(1)(b) GDPR (processing is necessary for the fulfilment of the
contract between you and us).
We may pass on your name, address, phone number, e-mail address and information
on products returned as well as reasons for return to our third-party service provider(s) in order to ensure
proper handling of your complaints and prompt returns and refunds. The legal basis for this is Art. 6(1)(b) GDPR
(processing is necessary for the fulfilment of the contract between you and us).
Certain of the Personal Data required to confirm proper implementation of your
order (confirmation of order, confirmation of payment, confirmation of delivery) require the processing of the
respective data by us or a third-party service provider as applicable. The legal basis for this is Art. 6(1)(b)
GDPR (processing is necessary for the fulfilment of the contract between you and us).
4.2.2 Customer account
There is no requirement for you to create an account in order to place an order
with us on our website but you may, if you wish, create a password-protected customer
account, which allows your Personal Data to be stored until it is deleted. We will
continue to store such data whilst you are actively using your account. If you have not accessed your
account for more than 6 months, we will send you an email asking you to login within 30 days. If no login
attempt is made within 30 days, we will delete your account and all data related to it. The creation of an
account is voluntary and takes place on the basis of your Consent in accordance with
Art.°6(1)(a)°GDPR. After setting up an account, no new data entry is required. In addition, you can view
and change the data stored in your account at any time.
If you choose to set up an account, you must enter a password
of your own choice. Together with your e-mail address, this password is used to access your account. Please
treat your personal access data confidentially and do not make them available to unauthorized third parties. We
cannot accept liability for misused passwords unless we are responsible for the misuse. Please note that even
after leaving our website you will remain logged in automatically unless you actively log out. You can also
delete your account at any time by following the steps below, unless there is an order, refund or return in
progress, in which case your account can only be deleted after the outstanding transaction is resolved.
Once you have deleted your account, we will not hold any data related to your account.
How to delete your account?
Step1: Login to your account
Step2: Click on my account
Step3: Click on privacy tools
Step4: Delete account
If necessary, we will verify your identity (name,
address, date of birth)using a third-party service provider. The legal basis for this is
Art. 6(1)(b) and (f) GDPR (processing is necessary for the fulfilment of the contract between you and us and for
our legitimate interests). Our legitimate interests are the protection of your identity, compliance with legal
requirements (age restrictions) and the avoidance of any fraudulent transactions. The existence and result of
any such check will be noted on your account and kept for the periods set out in section 4.2.2.
You can revoke your consent at any time with future effect by
sending an email to this effect to the email address given under the "How to Contact Us" section. The
revocation of your Consent does not affect the legality of the processing of Personal Data until the revocation.
If you do not wish to give the above consent, you will not be able to continue with an online order but can
continue to browse our website.
If you have already made a purchase with us, your data stored by us can be
supplemented by so-called score values. By Scoring, we meanthe
creation of a prognosis of future events based on collected information and experience from the past. Such
processing is based on Art.°6(1)(f)°GDPR (our legitimate interests). Our legitimate interest in this
case is to better understand and ultimately improve our business offering and customer journey using a
well-established mathematical-statistical method for forecasting risk probabilities that has been in practice
for a long time.
4.3. Processing of Personal Data for Advertising Purposes for Arab
International Company for Export & Trade and Affiliates
We may also use the email address and phone number you
provide in the course of setting up an account and placing an online order with us for the purpose of
informing you from time to time about new products, offers and, campaigns we are
running and also market research activities (such as surveys) that we carry out to better understand our
customers and products. We will obtain your prior consent for such processing
when you create an account.
You can unsubscribe from our mailing list by following the steps below:
If you wish to unsubscribe from our newsletter, please follow the steps below;
Step1: Login to your account
Step2: Click on newsletter subscription
Step3: Click on unsubscribe
We will continue to store such data whilst you are actively using your account.
If you have not accessed your account for more than 6 months, we will send you an email asking you to
login within 30 days. If no login attempt is made within 30 days, we will delete your account and all data
related to it
4.3.2 Advertising in line with your interests
To ensure that you only receive advertising information that is of interest to
you, we categorize and supplement your customer profile with additional information. Both
statistical information and information about you personally (e.g. basic data of your customer profile) are used
for this purpose. The aim is to provide you with advertising that is solely oriented towards your actual or
supposed needs and not to bother you with useless advertising.
4.3.3 Right of objection
You can object to data processing for advertising purposes at any time
free of charge, separately for the respective communication channel and with effect for the future. For this
purpose, an e-mail to the contact data mentioned under section 2 (How to Contact Us) is sufficient.
If you file an objection, the contact address concerned will be blocked for
further advertising data processing. We would like to point out that in exceptional cases, even after receipt of
your objection, advertising material may still be sent temporarily. This is technically due to the necessary
lead time of advertisements and does not mean that we will not implement your objection.
5. ONLINE PRESENCE AND WEBSITE OPTIMISATION – COOKIES AND ANALYSIS
used on the basis of Art.°6(1)(f)°GDPR (our legitimate interest). Our interest in optimising our website
and addressing you in advertising on the basis of your visit to our website is considered to be a legitimate
Cookies are small files which are automatically created by your browser and
stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. Information is
stored in the cookie that is related to the specific device used. This does not mean, however, that we obtain
example, we use so-called session cookies to recognize that you have already visited individual
pages of our website or that you have already logged into your customer account. These are automatically deleted
when you leave our website. In addition, we also use temporary cookies for the purpose of
user-friendliness, which are stored on your end device for a certain defined period of time. If you visit our
website again to use our services, it will be automatically recognized that you have visited before and which
entries and settings you have made so that you do not have to enter them again.
If you have a customer account with Arab International Company
for Export & Trade and are logged in or activate the "stay logged in"
function, the information stored in cookies will be added to your customer account.
statistically and to evaluate it for the purpose of optimising our offer for you. These cookies
enable us to automatically recognize that you have already visited our website when you visit our website again.
These cookies are automatically deleted after a defined time.
Most browsers accept cookies automatically. However, you can configure your
browser so that no cookies are stored on your computer or so that a message always appears before a new cookie
is created. However, completely deactivating cookies may mean that you cannot use all the functions of our
website. The duration cookies are stored depends on their intended use and is not the same for every cookie.
We use Google Analytics, a web analysis service by Google
Inc. (https://www.google.de/intl/de/about/) of Google Inc.
("Google"). In this context, pseudonymised user profiles are created
and cookies are used. The information generated by the cookie about your use of this website such as
Hostname of accessing computer (IP-address),
Time of server request,
are transmitted to a Google server in the USA and stored there. The information
is used to evaluate the use of the website, to compile reports on the website activities and to provide further
services associated with the use of the website and the Internet for the purposes of market research and the
design of these Internet pages in line with requirements. This information may also be transferred to third
parties if required by law or if third parties process this data on our behalf. Under no circumstances will your
IP address be merged with other Google data. The Processing serves the purpose of designing and continuously
optimizing our pages for optimized offering of our products which is a legitimate interest under
The IP addresses are made anonymous, so that an allocation is
not possible (so-called IP masking).
appropriate settings on your browser, however, please note that if you do this you may not be able to use the
full functionality of this website. You can also prevent the collection of data generated by the cookie and
related to your use of the website (including your IP address) and the processing of this data by Google by
downloading and installing this browser add-on. As an alternative to the browser add-on, especially for browsers
on mobile devices, you can also prevent the collection by Google Analytics by clicking on this
link. An opt-out cookie is set to prevent future collection of your information when you
visit this website. The opt-out cookie is valid only in this browser and only for our website and is stored on
your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again. You can
find further information on data protection in connection with Google Analytics on the Google website
In addition to the deactivation methods described above, you can also
generally prevent the targeting technologies described above by making the appropriate cookie settings in
7. RECIPIENTS OUTSIDE THE EU
With the exception of the processing described under Sections 4.2, 4.3 and 5
above, we do not pass on your data to recipients based outside the EU. The processing described under Sections
4.2, 4.3 and 5 causes a data transfer to the servers of the companies we work with (including for example,
Magento Inc, Rocket Science Group t/a MailChimp and LiveChat). These servers are located, principally, in the
United States and these data transfers are carried out according to the principles of so-called standard
contract clauses of the EU Commission . Whilst we try to work with external service providers
in respect of which an EU Commission adequacy decision has been made with regards the transfer of data outside
the EEA, there may be occasions where this is not achievable in the circumstances.
8. YOUR RIGHTS
In addition to the right to revoke your Consent, you are entitled to the
following further rights if the respective legal requirements are met:
Right to information on your Personal Data stored with us (Art. 15 GDPR); in particular, you can obtain
information about the purposes of Processing, the category of Personal Data, the categories of
recipients to whom your data has been or will be disclosed, the planned storage period, the origin of
your data, unless it was collected directly from you,
Right to correct incorrect data or to complete correct data (Art. 16 GDPR),
Right to delete your Personal Data stored with us (Art. 17 GDPR) insofar as no legal or contractual
retention periods or other legal obligations or rights to further storage must be observed,
Right to limit the processing of your Personal Data (Art. 18 GDPR), if you dispute the accuracy of the
data, if the processing is unlawful but you refuse to delete it; if the Controller no longer needs the
data, but you need it to assert, exercise or defend legal claims or if you have lodged an objection to
the processing (Art. 21 GDPR),
Right to data transferability (Art. 20 GDPR), i.e. the right to have selected data stored by us
transferred in a common, machine-readable format, or to demand transfer to another Controller
Right to appeal to a supervisory authority. As a rule, you can contact the supervisory authority at your
usual place of residence or workplace or at our company headquarters.
8.2 Right of objection
Under the conditions of Art.°21(1)°GDPR, data processing may be
objected to for reasons arising from the specific situation of the person concerned.
The general right of objection applies to all processing purposes described in
this Data Protection Information which are processed on the basis of Art.°6(1)(f)°GDPR (our legitimate
interest). In contrast to the special right of objection aimed at data processing for advertising purposes (see
4.3.1 above), we are only obliged under the GDPR to implement such a general right of objection if you give us
reasons of overriding importance (e.g. a possible danger to life or health). In addition, there is the
possibility of contacting the supervisory authority responsible for Arab International Company for Export
& Trade or the relevant contact in section 2 (How to Contact Us).
If you assert one or more of the above listed data subject rights against us,
we will store this circumstance in anonymised form on the basis of Art.°6(1)(f)°GDPR (our legitimate
interest). The fact that we can also prove that we have duly complied with your request in cases of doubt is to
be regarded as a legitimate interest within the meaning of this provision. We will not delete this
anonymous information, i.e. information that can no longer be associated with your person.
9. DURATION OF STORAGE/ DATA SECURITY
As a general rule, Personal Data are being stored by us only for so long as
required by the purposes for which such data have been processed or until you have objected processing, as
applicable. under certain legal requirements data storage can last for up to 10 years.
All data transmitted by you personally, including your payment details, are
transmitted using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and
proven standard that is also used, for example, in online banking. You can recognise a secure SSL connection by,
among other things, the attached s at http (i.e. https://...) in the address bar of your browser or by the lock
symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect
your Personal Data stored with us against manipulation, partial or complete loss and against unauthorised access
by third parties and our security measures are continuously improved in line with technological development.
The further development of our website, processes and/ or a change in legal