PRIVACY POLICY (WORLDWIDE)

1. Introduction

Welcome to Sehra-e-Khaas (“we,” “our,” or “us”). We are committed to protecting your privacy and handling your personal information with the utmost care and transparency. This Privacy Policy explains in detail how we collect, use, share, store, and protect your information when you visit our website at www.sehra-e-khaas.com, make a purchase, subscribe to our newsletter, or interact with our services from anywhere in the world.

We believe in being transparent about our data practices. This policy has been designed to help you understand:

• What information we collect and why we collect it
• How we use that information
• The choices and controls you have over your data
• How we protect your information
• Your legal rights regarding your personal data

By accessing or using our website or services, you agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

Data Controller Information:
Sehra-e-Khaas
📧 Email: support@sehra-e-khaas.com
🌐 Website: www.sehra-e-khaas.com

2. Information We Collect

We collect information to provide you with the best possible shopping experience, fulfill your orders, and improve our services. The information we collect falls into three main categories:

2.1 Personal Information You Provide

This is information you actively give us when interacting with our services.

Account Information

When you create an account with Sehra-e-Khaas, we collect:

• Full name – to personalize your account and address communications
• Email address – for account verification, order confirmations, and communications
• Phone number – for order updates, delivery coordination, and customer support
• Password – stored in encrypted form using industry-standard hashing algorithms (we never store passwords in plain text)
• Date of birth (optional) – for birthday offers and age verification
• Gender (optional) – to personalize product recommendations
• Profile preferences – language, currency, and communication preferences

Billing & Shipping Information

To process and deliver your orders, we collect:

• Billing address – including street address, city, state/province, postal code, and country
• Shipping address – if different from billing address, including all relevant delivery details
• Payment information – credit/debit card details, payment method preferences (processed securely through certified third-party payment processors; we do not store complete card numbers on our servers)
• Tax identification numbers – where required by local tax laws

Order & Transaction Information

When you make a purchase, we automatically collect:

• Products purchased – item names, SKUs, quantities, sizes, colors
• Order history – complete record of all your purchases
• Transaction IDs – unique identifiers for each transaction
• Purchase dates and amounts – timestamps and total amounts including taxes and shipping
• Payment status – confirmation of successful payments or failed transactions
• Discount codes used – promotional codes, referral credits applied
• Wishlist and cart data – items saved for future purchase

Communications & Feedback

We collect information when you contact us:

• Customer support inquiries – emails, chat messages, or phone call records
• Product reviews and ratings – your opinions about products you’ve purchased
• Testimonials – if you provide feedback we may feature
• Survey responses – feedback on your shopping experience
• Social media interactions – comments, messages, or mentions on our social platforms
• Newsletter subscriptions – your email preferences and subscription status

2.2 Information Automatically Collected

When you visit our website, we automatically collect certain technical and usage information through cookies and similar technologies:

Device & Usage Data

• IP address – to determine your approximate location and prevent fraud
• Browser type and version – Chrome, Safari, Firefox, Edge, etc.
• Operating system – Windows, macOS, iOS, Android, Linux
• Device information – device type (mobile, tablet, desktop), screen resolution, device identifiers
• Pages visited – URLs of pages you view on our site
• Time spent – duration on each page and overall session length
• Click behavior – which links, buttons, and elements you interact with
• Referral URLs – which website or search engine brought you to us
• Date and time stamps – when you accessed our site
• Scroll depth – how far you scroll on each page
• Search queries – terms you search for on our website
• Shopping behavior – products viewed, added to cart, or purchased

Location Information

• Approximate location – derived from IP address (city/region level)
• Precise location – only if you explicitly grant permission through your device settings

2.3 Information from Third Parties

We may receive information about you from external sources:

Payment Processors

• Transaction verification status
• Fraud detection signals
• Payment method details (partial card numbers, expiration dates)

Shipping & Logistics Partners

• Delivery status updates
• Tracking information
• Delivery confirmation
• Failed delivery attempts

Marketing & Analytics Platforms

• Google Analytics – website performance metrics
• Facebook/Meta Pixel – ad campaign effectiveness
• Email marketing services – email open rates, click-through rates

Social Media Platforms

• Profile information if you connect your social media account
• Friends list (if you choose to share)
• Publicly available information from your social profiles

Credit Reference Agencies

• Credit checks for certain payment methods (where applicable and with your consent)

Publicly Available Sources

• Business directories
• Public social media profiles
• Data enrichment services (to verify and update contact information)

3. How We Use Your Information

We use your information for legitimate business purposes that enhance your experience and enable us to operate effectively:

3.1 Order Fulfillment & Transaction Processing

• Process payments securely and accurately
• Verify payment information and prevent fraudulent transactions
• Confirm order details with you via email or SMS
• Pick, pack, and ship your orders
• Coordinate with shipping carriers for timely delivery
• Send shipment tracking information and delivery updates
• Handle returns, exchanges, refunds, or cancellations
• Resolve disputes or address order issues
• Issue invoices and receipts
• Maintain transaction records for accounting purposes

3.2 Customer Experience & Service Operations

• Create and manage your customer account
• Remember your preferences and settings
• Enable wishlists and shopping cart functionality
• Provide personalized product recommendations based on browsing and purchase history
• Respond to customer inquiries, questions, and support requests
• Troubleshoot technical issues with the website
• Improve our website design, navigation, and functionality
• Enhance product offerings based on customer feedback
• Conduct quality assurance and training for customer service teams
• Manage loyalty programs and reward points

3.3 Marketing & Communications

With your consent where legally required, we use your information to:

• Send promotional emails about new products, collections, and exclusive offers
• Share information about sales, discounts, and special events
• Announce product launches and restocks
• Send birthday or anniversary special offers
• Provide personalized product suggestions based on your interests
• Conduct customer satisfaction surveys and request feedback
• Send abandoned cart reminders to help you complete your purchase
• Distribute our newsletter with style tips, trends, and company updates
• Retarget you with relevant ads on social media and other websites

Your control: You can unsubscribe from marketing communications at any time by:

• Clicking the “unsubscribe” link in any promotional email
• Updating your email preferences in your account settings
• Contacting us at support@sehra-e-khaas.com

Important: You will still receive transactional emails (order confirmations, shipping updates, password resets) even if you unsubscribe from marketing emails.

3.4 Legal, Security & Compliance

• Comply with applicable laws, regulations, and legal obligations
• Respond to lawful requests from law enforcement or government authorities
• Prevent, detect, and investigate fraud, security breaches, or other illegal activities
• Protect against unauthorized access to customer accounts
• Verify customer identity when necessary
• Enforce our Terms & Conditions, policies, and user agreements
• Defend our legal rights in disputes or litigation
• Maintain records as required by tax and accounting regulations
• Conduct internal audits and risk assessments
• Ensure compliance with data protection laws (GDPR, CCPA, etc.)

3.5 Analytics, Research & Performance Improvement

• Analyze website traffic patterns and user behavior
• Measure the effectiveness of marketing campaigns
• Conduct A/B testing to optimize website features
• Generate insights on customer preferences and trends
• Improve search functionality and product discovery
• Monitor website performance and uptime
• Identify and fix technical issues or bugs
• Research market trends in the fashion industry
• Develop new products and services based on customer needs
• Create aggregated, anonymized reports for business intelligence

4. Sharing of Information

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

We may share your information in the following limited circumstances:

4.1 Service Providers & Business Partners

We work with trusted third-party companies that help us operate our business. These providers act on our behalf and are contractually obligated to:

• Use your data only for specified purposes
• Implement appropriate security measures
• Comply with applicable data protection laws
• Not use your data for their own purposes

Categories of service providers include:

Payment Processing

• Stripe – credit card processing and payment gateway
• PayPal – alternative payment processing
• Local payment providers – region-specific payment methods
• Fraud detection services – to prevent fraudulent transactions

Shipping & Logistics

• International carriers – DHL, FedEx, UPS for international shipping
• Local courier services – regional delivery partners
• Fulfillment centers – warehouse and inventory management
• Tracking services – real-time shipment tracking

Technology & Infrastructure

• Web hosting providers – secure server hosting
• Cloud storage services – secure data storage (e.g., AWS, Google Cloud)
• Content delivery networks (CDNs) – fast website loading globally
• Email service providers – transactional and marketing email delivery

Analytics & Marketing

• Google Analytics – website traffic analysis
• Facebook/Meta Pixel – social media advertising
• Email marketing platforms – newsletter and campaign management
• Customer relationship management (CRM) – customer data organization

Customer Support

• Live chat providers – real-time customer assistance
• Helpdesk software – ticket management and support tracking
• Phone service providers – customer service call handling

Professional Services

• Accounting firms – financial record-keeping
• Legal advisors – compliance and legal matters
• IT security consultants – cybersecurity assessments

4.2 Legal & Regulatory Obligations

We may disclose your information when legally required or necessary to:

• Comply with court orders, subpoenas, or legal processes
• Respond to lawful requests from government authorities or law enforcement
• Investigate or prevent illegal activities, fraud, or security threats
• Protect the rights, property, or safety of Sehra-e-Khaas, our customers, or the public
• Enforce our Terms & Conditions or other agreements
• Comply with tax regulations and financial reporting requirements
• Respond to regulatory inquiries or investigations

4.3 Business Transfers

In the event of a corporate transaction, your information may be transferred:

• Merger or acquisition – if Sehra-e-Khaas is acquired by or merges with another company
• Asset sale – if we sell all or part of our business assets
• Bankruptcy or reorganization – if we undergo bankruptcy proceedings
• Corporate restructuring – if we reorganize our business structure

In such cases, we will require the receiving party to honor this Privacy Policy and notify you of any material changes to how your data is handled.

4.4 Aggregated & Anonymized Data

We may share aggregated or anonymized data that cannot identify you personally:

• Industry reports and market research
• Website traffic statistics
• General demographic trends
• Performance benchmarks

This data does not contain personal identifiers and cannot be traced back to individual users.

4.5 With Your Consent

We may share your information with third parties when you explicitly give us permission to do so, such as:

• Connecting your account to social media platforms
• Participating in co-branded promotions with partners
• Referring friends through our referral program

5. International Data Transfers

Understanding International Data Flows

Sehra-e-Khaas is headquartered in Pakistan and serves customers globally. The internet is a global environment, and using our services necessarily involves the transmission of data across international borders.

5.1 Where Your Data May Be Processed

By using our services, you acknowledge and agree that your personal information may be transferred to, stored, and processed in:

• Pakistan – where our primary operations are located
• United States – where some of our technology partners operate (e.g., cloud services)
• European Union – where some analytics and marketing tools are hosted
• Other countries – where our shipping partners, payment processors, or other service providers operate

These countries may have data protection laws that differ from those in your country of residence. Some countries may not provide the same level of protection as your home country.

5.2 Safeguards We Implement

To protect your data during international transfers, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs) – EU-approved contract terms with service providers
• Data Processing Agreements – legally binding agreements requiring providers to protect your data
• GDPR compliance measures – for transfers involving EU/UK residents
• Encryption in transit – SSL/TLS encryption for data transmission
• Encryption at rest – secure storage of data on servers
• Access controls – limiting who can access your data
• Regular audits – of our service providers’ security practices

5.3 Your Rights Regarding International Transfers

If you are located in the EU, UK, or other jurisdictions with specific data transfer requirements:

• You have the right to obtain information about the safeguards we use for international transfers
• You can request copies of the Standard Contractual Clauses we have in place
• You can object to the transfer of your data to certain countries
• You can lodge a complaint with your local data protection authority

To exercise these rights or learn more about our data transfer practices, contact us at support@sehra-e-khaas.com.

6. Your Privacy Rights

We respect your rights regarding your personal data. Depending on your location, you may have different rights under applicable laws.

6.1 Universal Rights (All Users)

Regardless of where you’re located, we aim to provide you with:

Right to Access

• Request a copy of the personal information we hold about you
• Receive information about how we use your data
• Understand who we share your data with

Right to Correction

• Update or correct inaccurate personal information
• Complete incomplete personal information

Right to Deletion (Right to be Forgotten)

• Request deletion of your personal data
• Subject to legal obligations that may require us to retain certain information (e.g., transaction records for tax purposes)

Right to Object

• Object to certain types of data processing (e.g., direct marketing)
• Object to automated decision-making or profiling

Right to Withdraw Consent

• Withdraw consent for marketing communications at any time
• Unsubscribe from newsletters and promotional emails

Right to Data Portability

• Receive your personal data in a structured, commonly used, machine-readable format
• Transfer your data to another service provider (where technically feasible)

6.2 GDPR Rights (European Economic Area & United Kingdom)

If you are located in the EU, UK, or EEA, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access (Article 15)

• Confirm whether we process your personal data
• Obtain a copy of your data and details about processing

Right to Rectification (Article 16)

• Correct inaccurate or incomplete personal data

Right to Erasure (Article 17)

• Request deletion when data is no longer necessary
• When you withdraw consent
• When you object to processing
• When data has been unlawfully processed

Right to Restriction of Processing (Article 18)

• Limit how we use your data while verifying accuracy
• When processing is unlawful but you don’t want deletion
• When we no longer need the data but you need it for legal claims

Right to Data Portability (Article 20)

• Receive data in a structured, machine-readable format
• Transmit data directly to another controller (where feasible)

Right to Object (Article 21)

• Object to processing based on legitimate interests
• Object to direct marketing (we will always honor this)
• Object to automated decision-making and profiling

Right to Lodge a Complaint

• File a complaint with your local supervisory authority (Data Protection Authority)
• For UK residents: Information Commissioner’s Office (ICO)
• For EU residents: Your country’s Data Protection Authority

Legal Basis for Processing

We process your data under the following legal bases:

• Contract performance – to fulfill orders and provide services
• Legitimate interests – to improve our business, prevent fraud
• Legal obligation – to comply with laws and regulations
• Consent – for marketing communications (where required)

6.3 CCPA Rights (California Residents, USA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Right to Know

• Categories of personal information we collect
• Categories of sources from which information is collected
• Business purpose for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

Right to Delete

• Request deletion of personal information we collected
• Subject to certain exceptions (legal obligations, fraud prevention, etc.)

Right to Opt-Out of Sale

• Note: We do not sell personal information to third parties

Right to Non-Discrimination

• We will not discriminate against you for exercising your CCPA rights
• Same prices, quality of goods, and level of service for all customers

Authorized Agent

• You may designate an authorized agent to make requests on your behalf
• We may require proof of authorization

6.4 Other Jurisdiction-Specific Rights

Canada (PIPEDA)

• Right to access personal information
• Right to challenge accuracy
• Right to withdraw consent

Australia (Privacy Act)

• Right to access and correct information
• Right to complain to the Office of the Australian Information Commissioner

Brazil (LGPD)

• Rights similar to GDPR
• Contact the National Data Protection Authority (ANPD)

6.5 How to Exercise Your Rights

To exercise any of your privacy rights:

Email: support@sehra-e-khaas.com
Subject Line: “Privacy Rights Request”

Include in your request:

• Your full name and email address associated with your account
• Specific right you wish to exercise
• Detailed description of your request
• Proof of identity (for security purposes)

Response Timeline:

• We will acknowledge your request within 48-72 hours
• We will respond substantively within 30 days (or as required by applicable law)
• If we need more time, we will inform you and explain why

Verification Process:

• We may ask for additional information to verify your identity
• This is to protect your data from unauthorized access
• We may request government-issued ID or account verification

7. Cookies & Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us remember your preferences, understand how you use our site, and improve your experience.

7.2 Types of Cookies We Use

Strictly Necessary Cookies

Purpose: Essential for website functionality
Examples:

• Session management (keeping you logged in)
• Shopping cart persistence
• Security and fraud prevention
• Load balancing

Note: These cookies cannot be disabled as they are essential for the website to work.

Performance & Analytics Cookies

Purpose: Help us understand how visitors use our website
Examples:

• Google Analytics (traffic analysis, user behavior)
• Page load time monitoring
• Error tracking and debugging
• Conversion tracking

Information collected: Pages visited, time on site, bounce rate, traffic sources

Functionality Cookies

Purpose: Remember your preferences and choices
Examples:

• Language preferences
• Currency selection
• Previously viewed products
• Wishlist items
• Size and color preferences

Targeting & Advertising Cookies

Purpose: Deliver relevant ads and measure campaign effectiveness
Examples:

• Facebook Pixel (social media advertising)
• Google Ads (retargeting campaigns)
• Email campaign tracking
• Affiliate marketing attribution

Information collected: Products viewed, ads clicked, purchase behavior

7.3 Other Tracking Technologies

Web Beacons (Pixels)

Small invisible images in emails and web pages that track:

• Email open rates
• Which links you click in emails
• Whether you view certain pages

Local Storage

Browser storage that remembers:

• User preferences
• Form data
• Shopping cart contents

Device Fingerprinting

Technical information that helps us:

• Prevent fraud
• Recognize returning visitors
• Optimize website performance

7.4 Managing Cookies

Browser Settings

You can control cookies through your browser settings:

• Chrome: Settings > Privacy and Security > Cookies
• Safari: Preferences > Privacy > Cookies and website data
• Firefox: Options > Privacy & Security > Cookies
• Edge: Settings > Privacy, search, and services > Cookies

Options:

• Block all cookies (may affect website functionality)
• Block third-party cookies only
• Delete cookies after each session
• Receive notifications before cookies are set

Opt-Out Tools

• Google Analytics: tools.google.com/dlpage/gaoptout
• Facebook Ads: Facebook Ad Preferences settings
• Network Advertising Initiative: optout.networkadvertising.org

Do Not Track (DNT)

• Some browsers offer “Do Not Track” settings
• Note: There is no universal standard, and we may not respond to DNT signals

Important: Disabling cookies may affect your ability to use certain features of our website, such as staying logged in or maintaining shopping cart items.

8. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Account Data

Active accounts: Retained as long as your account remains active
Inactive accounts: After 3 years of inactivity, we may:

• Send reminders to reactivate your account
• Anonymize or delete your account data (except as required by law)

Account closure: When you request account deletion:

• Most data deleted within 30 days
• Some data retained for legal/regulatory purposes (see below)

8.2 Transaction & Order Data

Order history: Retained for up to 7 years to comply with:

• Tax laws and financial reporting requirements
• Consumer protection laws
• Warranty and liability obligations
• Fraud prevention and dispute resolution

Payment information:

• Tokenized payment methods retained while account is active
• Full card numbers never stored (handled by payment processors)
• Transaction records retained for 7 years

8.3 Marketing & Communications Data

Email marketing lists: Until you unsubscribe or request deletion
Marketing preferences: Retained to honor your opt-out requests indefinitely
Email engagement data: Typically retained for 2 years for analytics

8.4 Website Analytics Data

Google Analytics: 26 months (default setting)
Log files: 12 months for security and troubleshooting
Cookie data: Varies by cookie type (30 days to 2 years)

8.5 Customer Support Data

Support tickets: Retained for 3 years for quality assurance
Chat transcripts: Retained for 2 years
Phone call recordings: (if applicable) Retained for 1 year

8.6 Legal & Compliance Data

Data may be retained longer when required for:

• Legal holds: Pending litigation or investigations
• Regulatory requirements: Compliance with specific industry regulations
• Fraud prevention: Suspected fraudulent activity records
• Dispute resolution: Outstanding claims or disputes

8.7 Deletion & Anonymization

When retention periods expire:

• Data is securely deleted or permanently anonymized
• Backups are overwritten according to our backup rotation schedule
• Anonymized data may be retained indefinitely for statistical purposes

9. Data Security

Protecting your personal information is a top priority. We implement comprehensive security measures to safeguard your data against unauthorized access, disclosure, alteration, or destruction.

9.1 Technical Security Measures

Encryption

• SSL/TLS encryption: All data transmitted between your browser and our servers is encrypted using industry-standard 256-bit SSL/TLS encryption
• Data at rest encryption: Personal data stored on our servers is encrypted
• Database encryption: Sensitive database fields are encrypted with advanced encryption standards (AES-256)

Secure Infrastructure

• Firewalls: Multi-layered firewall protection
• Intrusion detection systems: Real-time monitoring for suspicious activity
• DDoS protection: Protection against distributed denial-of-service attacks
• Regular security updates: Servers and software kept up-to-date with latest security patches
• Secure hosting: Servers hosted in certified data centers with physical security

Access Controls

• Role-based access: Employees only access data necessary for their job functions
• Multi-factor authentication (MFA): Required for administrative access
• Password policies: Strong password requirements for all systems
• Regular access reviews: Periodic audits of who has access to what data

9.2 Organizational Security Measures

Employee Training

• Regular security awareness training for all staff
• Confidentiality agreements and non-disclosure obligations
• Background checks for employees with data access
• Clear data handling policies and procedures

Third-Party Security

• Vendor security assessments before engagement
• Contractual data protection obligations
• Regular audits of service provider security practices
• Compliance certifications required (e.g., PCI DSS for payment processors)

Incident Response

• 24/7 security monitoring
• Incident response plan and procedures
• Data breach notification protocols
• Regular security testing and vulnerability assessments

9.3 Payment Security

• PCI DSS Compliance: Our payment processors are certified to Payment Card Industry Data Security Standards
• Tokenization: Card details are converted to secure tokens
• No storage of card numbers: We never store complete credit card numbers on our servers
• Fraud detection: Real-time transaction monitoring for suspicious activity

9.4 Your Responsibility

While we implement robust security measures, you also play a crucial role in protecting your account:

• Strong passwords: Use unique, complex passwords for your account
• Don’t share credentials: Never share your password with anyone
• Secure devices: Keep your devices and antivirus software updated
• Log out: Always log out after using shared or public computers
• Phishing awareness: Be cautious of suspicious emails claiming to be from us
• Report issues: Immediately notify us of any unauthorized account activity

9.5 Security Limitations

Important Notice: While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Potential risks include:

• Hacking or cyberattacks
• Hardware or software failures
• Human error
• Natural disasters

We cannot be held liable for security breaches beyond our reasonable control. However, we are committed to:

• Continuously improving our security practices
• Promptly investigating any suspected breaches
• Notifying affected users as required by law
• Taking corrective action to prevent future incidents

9.6 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

• We will notify you without undue delay (within 72 hours for GDPR compliance where applicable)
• Notification will include: nature of the breach, data affected, potential consequences, and steps we’re taking
• We will notify relevant data protection authorities as required by law
• We will provide guidance on steps you can take to protect yourself

If you suspect unauthorized access to your account:
Email: support@sehra-e-khaas.com
Subject: “Security Incident Report”

10. Third-Party Links & Services

10.1 External Websites

Our website may contain links to third-party websites, including:

• Social media platforms (Facebook, Instagram, Pinterest, etc.)
• Payment processor websites
• Shipping carrier tracking pages
• Partner brands or affiliate sites
• Blog references and resources

Important: When you click on these links, you leave our website and are subject to the privacy policies and terms of those third-party sites.

10.2 Our Limited Responsibility

• We do not control third-party websites or their privacy practices
• We are not responsible for the content, security, or data practices of external sites
• We do not endorse third-party products or services simply by linking to them
• We encourage you to read the privacy policies of every website you visit

10.3 Social Media Integration

Our website may include social media features such as:

• Share buttons (Facebook, Twitter, Pinterest, WhatsApp)
• Instagram feed integration
• Social login options (Sign in with Facebook/Google)

Data sharing: When you interact with these features:

• The social media platform may collect information about your visit
• Your activity may be shared with your social network
• Cookies may be set by the social platform
• Your interaction is governed by the social platform’s privacy policy

10.4 Third-Party Analytics

We use third-party analytics services (e.g., Google Analytics) that may collect information about your use of our website and other websites. These services have their own privacy policies governing their data collection and use.

10.5 Protecting Yourself

To protect your privacy when using third-party services:

• Read privacy policies before providing personal information
• Understand what data you’re sharing
• Use privacy settings on social media platforms
• Consider browser extensions that block trackers
• Be cautious about what you share publicly

11. Children’s Privacy

11.1 Age Restriction

Our website, products, and services are not intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 years of age.

11.2 Parental Consent

If you are under 16 years old:

• You must have permission from a parent or legal guardian before using our services
• Do not create an account or provide any personal information without parental consent
• Parents are responsible for supervising their children’s online activities

11.3 What We Do If We Learn We Have Children’s Data

If we discover that we have inadvertently collected personal information from a child under 16:

• We will delete that information as quickly as possible
• We will not use the information for any purpose
• We will not share it with third parties
• We will block the account from future use

11.4 Parental Rights

Parents or legal guardians can:

• Request access to their child’s information
• Request deletion of their child’s information
• Refuse to allow further collection of their child’s information
• Contact us with concerns about their child’s privacy

11.5 Reporting Children’s Data

If you believe we have collected information from a child under 16:
Email: support@sehra-e-khaas.com
Subject: “Children’s Privacy Concern”
Include: Child’s name (if known), account details, and your relationship to the child

We take children’s privacy seriously and will respond promptly to all reports.

12. Changes to This Privacy Policy

12.1 Updates & Revisions

We may update this Privacy Policy from time to time to reflect:

• Changes in our business practices
• New legal or regulatory requirements
• Technological advancements
• Feedback from customers or regulators
• Improvements to our privacy practices

12.2 How We Notify You of Changes

Material Changes:
If we make significant changes that affect how we use your personal information, we will:

• Send an email notification to the address on file
• Display a prominent notice on our website
• Update the “Last Updated” date at the top of this policy
• Provide at least 30 days’ notice before changes take effect (where required by law)

Non-Material Changes:
For minor updates (e.g., clarifications, formatting):

• We will update the “Last Updated” date
• No additional notification will be sent
• The revised policy will be effective immediately upon posting

12.3 Your Continued Use

By continuing to use our website or services after changes take effect, you acknowledge that you:

• Have been notified of the changes (or had the opportunity to review them)
• Accept the updated Privacy Policy
• Consent to the new practices

If you do not agree with the updated policy, you should:

• Discontinue use of our website and services
• Contact us to close your account and delete your data
• Exercise your privacy rights as described in Section 6

12.4 Version History

We maintain a version history of this Privacy Policy. If you would like to review previous versions, please contact us at support@sehra-e-khaas.com.

12.5 Review Recommendation

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your information and your privacy rights. Staying aware of our practices helps you make informed decisions about your data.

13. Contact Us

We are committed to addressing your privacy concerns and questions promptly and transparently.

13.1 Privacy Inquiries

For any questions, concerns, or requests regarding this Privacy Policy or our data practices:

Primary Contact:
📧 Email: support@sehra-e-khaas.com
🌐 Website: www.sehra-e-khaas.com

Response Time:
We aim to respond to all privacy inquiries within 48-72 hours during business days.

13.2 Data Protection Officer (DPO)

For GDPR-related matters or if you’re located in the EU/UK:
📧 Email: support@sehra-e-khaas.com
Subject Line: “Attn: Data Protection Officer”

13.3 Exercise Your Privacy Rights

To exercise any rights described in Section 6:
📧 Email: support@sehra-e-khaas.com
Subject Line: “Privacy Rights Request – [Your Right]”

Please include:

• Your full name
• Email address associated with your account
• Specific right you wish to exercise
• Detailed description of your request
• Proof of identity (for verification)

13.4 Security Concerns

To report security incidents or unauthorized account access:
📧 Email: support@sehra-e-khaas.com
Subject Line: “Security Incident Report”

13.5 Complaints & Regulatory Authorities

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with:

For EU/EEA Residents:
Your local Data Protection Authority (find your DPA at https://edpb.europa.eu)

For UK Residents:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

For California Residents:
California Attorney General’s Office
Website: https://oag.ca.gov

For Other Jurisdictions:
Contact your local consumer protection or data protection authority

13.6 Business Information

Legal Entity Name: Sehra-e-Khaas
Business Address: [Add your physical business address]
Registration Number: [Add business registration number if applicable]

14. Consent & Acknowledgment

14.1 Your Agreement

By accessing, browsing, or using the Sehra-e-Khaas website (www.sehra-e-khaas.com) or services, you confirm that you:

1. Have read and understood this Privacy Policy in its entirety
2. Acknowledge the practices described herein
3. Agree to the collection, use, sharing, and processing of your personal information as outlined
4. Consent to international data transfers as described in Section 5
5. Understand your rights and how to exercise them as described in Section 6
6. Are at least 16 years old or have parental/guardian consent
7. Accept that this Privacy Policy may be updated from time to time

14.2 Withdrawal of Consent

You may withdraw your consent at any time by:

• Contacting us at support@sehra-e-khaas.com
• Closing your account through account settings
• Unsubscribing from marketing communications
• Ceasing to use our website and services

Note: Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal, and some processing may continue based on other legal grounds (e.g., contract performance, legal obligations).

14.3 Disagreement with Terms

If you do not agree with any part of this Privacy Policy:

• Do not create an account
• Do not make purchases
• Do not provide personal information
• Discontinue use of our website immediately
• Contact us to request deletion of any data already collected

14.4 Effective Date & Governing Version

This Privacy Policy is effective as of the date listed at the top of this document. The version currently posted on our website supersedes all previous versions.

15. Governing Law & Dispute Resolution

15.1 Applicable Law

This Privacy Policy and all matters relating to your privacy shall be governed by and construed in accordance with the laws of Pakistan, without regard to its conflict of law provisions.

However, residents of certain jurisdictions may have additional rights under local laws (GDPR, CCPA, etc.), which are respected and honored as outlined in this policy.

15.2 Jurisdiction

Any disputes arising from this Privacy Policy or our data practices shall be subject to the exclusive jurisdiction of the courts of Pakistan, unless otherwise required by applicable law.

Exceptions:

• EU/UK residents may bring claims in their local courts under GDPR
• California residents retain rights under CCPA
• Other jurisdictions may have specific venue requirements

15.3 Dispute Resolution Process

Before pursuing legal action, we encourage you to:

1. Contact us directly at support@sehra-e-khaas.com
2. Allow us 30 days to investigate and resolve your concern
3. Escalate to relevant regulatory authorities if unresolved
4. Consider alternative dispute resolution mechanisms

15.4 Severability

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable:

• That provision shall be modified to the minimum extent necessary to make it valid
• All other provisions shall remain in full force and effect
• The intent of the invalid provision shall be preserved to the greatest extent possible

16. Additional Information

16.1 Language

This Privacy Policy is provided in English. If translated into other languages, the English version shall prevail in case of any inconsistencies or disputes.

16.2 Accessibility

We are committed to making this Privacy Policy accessible to all users. If you need this policy in an alternative format (large print, audio, etc.), please contact us at support@sehra-e-khaas.com.

16.3 Questions & Feedback

We welcome your feedback on our privacy practices. If you have suggestions for improving this Privacy Policy or our data protection measures, please contact us.

Summary of Key Points

For your convenience, here’s a quick summary of our privacy practices:

✅ We collect personal information you provide, usage data, and information from third parties
✅ We use it to process orders, improve services, and communicate with you
✅ We protect it with encryption, access controls, and security measures
✅ We don’t sell your personal data to third parties
✅ We share only with trusted service providers who help us operate
✅ We respect your rights to access, correct, delete, and control your data
✅ We comply with GDPR, CCPA, and other applicable privacy laws
✅ We’re transparent about our practices and responsive to your concerns

Remember: This summary is for convenience only. The full Privacy Policy above contains the complete terms and conditions.