Privacy Policy

This Privacy Policy ("Policy") outlines the principles and practices that Commerce Plex Limited (“Company”) adheres to in collecting, processing, using, disclosing, retaining, and managing personal data of our customers (“Users”). This policy does not cover any external websites or services that are not under our ownership, control, or authority of the Company, including those operated by third-party merchants.

1. DEFINITIONS:

Unless otherwise specified, all capitalized terms in this Policy shall have the meanings assigned to them in our Terms and Conditions.

2. SCOPE OF POLICY:

This Privacy Policy governs the collection, use, retention, storage, protection, management, and deletion of Users’ Personal Data across all departments within the Company. It ensures that every aspect of Personal Data handling, from initial collection to final deletion, adheres to the highest standards of security and compliance. All employees and contractors with access to this Personal Data must strictly follow this Policy. Additionally, the Policy guarantees that Personal Data is managed consistently and securely throughout the Company, maintaining the privacy and trust of our Users.

3. LEGAL BASIS FOR PROCESSING:

The Company processes Personal Data based on several legal grounds as outlined under the General Data Protection Regulation (GDPR). We process Personal Data to fulfill contractual obligations with our Users, such as managing accounts, processing transactions, and providing requested Services. Where required by law, we also process Personal Data to comply with legal obligations, including regulatory and reporting requirements. In instances where we rely on legitimate interests, we ensure that our processing activities are balanced against the rights and freedoms of our Users, such as for fraud prevention or enhancing our Services. Additionally, we may process Personal Data based on explicit consent obtained from Users for specific purposes, such as marketing communications.

4. WHAT PERSONAL DATA WE COLLECT

Personal Data: Information that can be used to directly or indirectly identify an individual. This includes but is not limited to:

• Contact Information: Names, postal addresses (including billing addresses), telephone numbers, and email addresses.
• Financial Information: Payment card numbers, bank account details, transaction histories, and other financial data related to User transactions.
• Identification Data: Government-issued identification numbers (e.g., Social Security Number, CNIC No, NTN or Taxpayer IDs), driver’s license numbers, passport numbers, and other similar identifiers.
• Account Information: Account numbers, usernames, passwords, security questions, and answers used to access and secure Accounts.
• Biometric data: Fingerprints, facial recognition data, and other biometric identifiers, where applicable.
• Device and Usage Data: IP Addresses, browser types, operating system details, device identifiers, and usage patterns on the Company’s Digital Platform.
• Transaction Data: Details about transactions conducted through the Company’s services.
• Communication Data: Records of communications between Users and the Company, including customer service interactions, email correspondence, and feedback.
• Geolocation Data: Information about a User’s location when accessing the Company’s Digital Platform.
• Behavioral Data: Information about User behavior on the Company’s Digital Platform, such as clicks, pages viewed, time spent on the Digital Platform, and any other interactions made.
• Referral Data: Information about how Users were referred to the Company’s Services, such as referral URLs or partner promotions.
• KYC (Know Your Customer) Data: Additional verification information required for regulatory compliance, such as photographs, utility bills, and other documents to verify the identity and address of the Users obtained to perform KYC checks.
• Fraud Detection Data: Patterns and indicators used to identify and prevent fraudulent activities, including unusual transaction patterns and flagged behaviors.
• Third-Party Data: Information obtained from third-party sources, such as credit bureaus, identity verification partners, social media platforms, and public databases. The Company’s identity verification partners utilize a variety of data sources to confirm identities, including government records and publicly accessible information. This Personal Data acquisition is completely aimed at fulfilling legal obligations and preventing fraudulent or illicit activities in relation to the Company’s services and/or products.

Personal Data does not include data that has been anonymized or aggregated in a way that cannot identify a specific individual.

The Company does not knowingly collect Personal Data pertaining to children under the age of 18 or other individuals who are not legally able to use our Services. If we obtain actual knowledge that we have collected Personal Data from someone not allowed to use our Services, we will promptly delete it unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from someone not allowed to use our Services.

5. COLLECTION, USE & DISCLOSURE OF PERSONAL DATA:

The Company collects and processes the Users’ Personal Data to ensure transparency and legality in each step:

• Account Registration: Assessing eligibility for creating and maintaining an Account.
• User Relationship Management: Managing interactions and maintaining long-term relationships with Users.
• Service Fulfillment: Delivering on the Company’s commitments under Service Agreements.
• Legal Compliance and Requirements: Ensuring that all Company activities comply with relevant laws, regulations, and statutory mandates, including adherence to court orders.
• Contractual Obligation: Enforcing Terms and Conditions as agreed upon by Users.
• Service and Product Enhancement: Improving the quality of Services and developing new product offerings to better suit User requirements.
• Communications: Sending updates and promotional materials to Users.
• Explicit Consent: Processing certain types of Personal Data only after obtaining specific written consent from the User.
• Consent and Notification: Users’ Personal Data is collected subject to Users’ knowledge and information of the purpose for which Personal Data is collected and that the Users have given their written consent, except where otherwise permitted or required by law. Users are responsible for providing accurate and complete information and are expected to inform the Company promptly of any changes to their Personal Data.
• Disclosure of Personal Data: The Company may disclose Users’ Personal Data to relevant government authorities, legal advisers, service providers, related corporate entities, prospective merger or acquisition parties, or as mandated by court orders or international compliance-related laws. Disclosure will occur in compliance with applicable laws and with prior consent from the User, unless such disclosure is mandated by law.

6. CONSENT AND WITHDRAWAL OF CONSENT:

By providing Personal Data to the Company, Users are considered to have given their implicit consent to the collection, use, retention, storage, protection, and management of their Personal Data. This consent is valid until it is rescinded in writing or until the termination of the individual’s relationship with the Company.

Individuals wishing to withdraw their consent may do so at any time by following these specific steps:

1. Contact us at:
   • Email: info@commerceplex.net – Send your withdrawal request via email for prompt processing.
   • Postal Address: Office No. 80-A, 5The Shires, Old Bedford Road, Luton, United Kingdom, LU2 7QA – For those who prefer or require a documented request.
2. Include the Following Information in Your Request:
   • Full Name and Contact Information: To verify your identity and facilitate contact if necessary.
   • Account Information: Include your Account login ID / email address.
   • Specific Consents to Withdraw: Kindly specify which data uses or processing activities you are withdrawing consent for.
   • Signature: Include your signature with a postal request. For emails, type your full name.

Processing of the Withdrawal request: The Company aims to process all withdrawals of consent within thirty (30) working days from receipt of such request. The User will receive confirmation once the consent has been successfully withdrawn.

Impact of Withdrawal: Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. However, it may affect our ability to provide Users with certain services or products.

7. MARKETING COMMUNICATIONS:

Users may receive marketing communications from the Company via email, SMS, social media, or other channels. Users may opt out of receiving such communications at any time by following the instructions provided in the communications or by contacting the Company directly. Please note that even if Users opt-out of receiving marketing communications, they may still receive important transactional or service-related communications.

8. DATA SECURITY MEASURES:

The Company is committed to protecting the security and privacy of Users’ Personal Data. We have implemented appropriate technical, organizational, and administrative measures to safeguard Personal Data against unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• Encryption of Personal Data during transmission and storage to protect it from unauthorized access or disclosure.
• Access controls to limit access to Personal Data to only those employees, contractors, and service providers who require it for their job functions and duties.
• Regular security assessments and audits to identify and mitigate potential vulnerabilities or risks to Personal Data.
• Training and awareness programs for employees and contractors to ensure they understand and comply with the Company's data protection policies and procedures.
• Incident response procedures to promptly address and resolve any security incidents or breaches involving Personal Data.

The Company reviews and updates its security measures periodically to ensure their effectiveness and compliance with applicable laws and regulations.

9. DATA RETENTION AND DELETION:

The Company retains Personal Data for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations, resolve disputes, and enforce agreements. The specific retention periods for different types of Personal Data depend on various factors, such as the nature of the data, the purpose for which it was collected, and applicable legal requirements.

Once the retention period has expired, or the Personal Data is no longer needed, the Company will securely delete, anonymize, or otherwise dispose of the data in accordance with its data retention and deletion policies.

10. RIGHTS OF USERS:

Users have the following rights regarding their Personal Data:

• Access: Users have the right to request access to the Personal Data we hold about them and to obtain a copy of the data.
• Correction: Users have the right to request the correction of inaccurate or incomplete Personal Data.
• Deletion: Users have the right to request the deletion of their Personal Data, subject to certain legal exceptions.
• Restriction: Users have the right to request the restriction of the processing of their Personal Data under certain circumstances.
• Portability: Users have the right to request the transfer of their Personal Data to another data controller, where technically feasible.
• Objection: Users have the right to object to the processing of their Personal Data for direct marketing purposes or other legitimate interests.
• Consent: Users have the right to withdraw their consent to the processing of their Personal Data at any time.

To exercise these rights, Users may contact the Company using the contact information provided in this Policy. The Company will respond to such requests promptly and in accordance with applicable laws and regulations.

11. INTERNATIONAL DATA TRANSFERS:

The Company may transfer Personal Data to countries outside the User's country of residence, including countries that may not provide the same level of data protection as the User's country. In such cases, the Company will take appropriate measures to ensure that the transferred Personal Data is adequately protected, in accordance with applicable data protection laws and regulations.

12. CHANGES TO THIS POLICY:

The Company reserves the right to update or modify this Privacy Policy at any time. Any changes will be effective upon posting of the updated Policy on the Company's Digital Platform. Users are encouraged to review this Policy periodically to stay informed about how the Company collects, uses, retains, and protects their Personal Data.

13. CONTACT INFORMATION:

If Users have any questions, concerns, or requests regarding this Privacy Policy or the Company's handling of their Personal Data, they may contact the Company at:

Email: info@commerceplex.net

Postal Address: Office No. 80-A, 5The Shires, Old Bedford Road, Luton, United Kingdom, LU2 7QA

14. GOVERNING LAW AND JURISDICTION:

This Privacy Policy shall be governed by and construed in accordance with the laws of the United Kingdom. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the United Kingdom.