Introduction:

This Data Retention and Deletion Policy (“Policy”) outlines the practices of Wizbae Pvt. Ltd. (“Company”) regarding the collection, use, retention, and deletion of Personal Data (defined below) obtained through our online gifting marketplace (“Platform”). This Policy is designed to comply with the applicable data protection laws in Pakistan, including the Pakistan Data Protection Act 2023 (“Act”).

Definitions

  • Data means any information that the Company collects, processes, and stores, in any format and on any device, whether electronic or physical.
  • Data subject means any individual whose personal data is processed by the Company.
  • Data controller means the Company or any person who determines the purposes and means of the processing of data.
  • A data processor is any person who processes data on behalf of the data controller.
  • Processing means any operation or set of operations that is performed on data or sets of data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Retention means the act of keeping data for a specified period, according to the purposes and legal obligations of the Company.
  • Deletion means the act of removing data from the Company’s systems and devices, securely and irreversibly, so that it cannot be accessed, recovered, or restored.
  • Anonymization means the process of modifying data so that it can no longer be attributed to a specific data subject, without the use of additional information.
  • Pseudonymization means the process of replacing identifying information in data with artificial identifiers so that it can no longer be attributed to a specific data subject, without the use of additional information.
  • Personal Data means Any information relating to an identified or identifiable individual, such as name, email address, phone number, location data, or online identifiers.
  • Sensitive Personal Data is A special category of Personal Data, including religious beliefs, health information, political opinions, or biometric data.

Principles

The Company adheres to the following principles for data retention and deletion:

  • Lawfulness. The Company will retain and delete data per the applicable data protection laws and regulations, and any other legal obligations that may apply to the Company or its activities.
  • Necessity. The Company will retain data only for as long as necessary for the purposes for which it was collected, and delete data when it is no longer needed or when the data subject requests it unless there is a legitimate reason or legal obligation to keep it.
  • Minimization. The Company will retain and delete data in a manner that minimizes the amount and type of data that is stored and ensures that the data is relevant, accurate, and up to date.
  • Security. The Company will retain and delete data in a manner that protects the data from unauthorized or unlawful access, use, disclosure, alteration, or destruction, and ensures that the data is stored and disposed of securely and appropriately.
  • Accountability. The Company will document and monitor its data retention and deletion practices, and ensure that its employees, contractors, consultants, and third parties comply with this policy and the applicable data protection laws and regulations.

Data Collection and Use

We collect Personal Data from users of the Platform in several ways, including:

  • Account creation: Name, email address, and optional information like phone number and location.
  • Gift purchases: Recipient information, delivery details, and payment information.
  • Platform usage: Browsing history, search queries, and interactions with features.
  • Social media accounts: If linked, information is publicly available on your profile.

We use Personal Data for various purposes, including:

  • Providing and improving the Platform services.
  • Personalizing recommendations and gift suggestions.
  • Processing orders and delivering gifts.
  • Communicating with users about their accounts, orders, and Platform updates.
  • Sending marketing and promotional materials (with separate consent).

Data Retention

We retain Personal Data for different periods depending on the purpose for which it was collected and the legal requirements:

  • Essential account data: Name, email address, and basic account information are retained for the lifetime of your account.
  • Order data: Transaction details and recipient information are retained for a minimum of seven years for legal and accounting purposes.
  • Platform activity data: Browsing history and search queries are anonymized and aggregated after one year for statistical analysis.
  • Marketing data: Data used for email marketing campaigns is retained for a maximum of three years from your last interaction with a campaign.

Data Deletion

You have the right to request deletion of your Personal Data held by us, except for data we are legally obligated to retain. You can make such requests by contacting us at [data subject rights email address]. We will promptly respond to your request and delete your data unless we have legal grounds to refuse.

Security Measures

We implement appropriate technical and organizational measures to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction.

Your Rights

You have the following rights regarding your Personal Data under the Act:

  • The right to access your Personal Data.
  • The right to rectify inaccurate or incomplete Personal Data.
  • The right to restrict or object to the processing of your Personal Data.
  • The right to data portability.
  • The right to complain to the relevant data protection supervisory authority.

Changes to this Policy

We may update this Policy from time to time. We will notify you of any changes by posting the new Policy on the Platform.

Contact Us

If you have any questions about this Policy, please contact us at connect@wizbae.p