loading
    0
    Add 0.00 ر.س to cart and get free shipping!
    Subtotal: 0.00 ر.س
    cart icon

    No Product in the Cart.

    Shop Now
    Cart
    Add 0.00 ر.س to cart and get free shipping!
    Subtotal: 0.00 ر.س
    cart icon

    No Product in the Cart.

    Shop Now
    Menu
    New Arrival
    Limited Offers
    Shop
    Blogs
    Categories
    وصلنا حديثا
    عروض لفترة محدودة
    Login
    Login Register
    All Categories

    New Arrival
    Limited Offers
    Shop
    Blogs

    Introduction

    [Tawreed Store] (referred to as “we” or “us”) is committed to protecting the privacy of our customers. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website or purchase our cotton sheets, mattresses, and other hotel bedding products in the Kingdom of Saudi Arabia. It also describes your rights regarding your personal data. In accordance with Saudi Arabia’s Personal Data Protection Law (PDPL), we provide this Policy so that you understand the purpose of collecting your data, the types of data we collect, how we handle and store it, how and when we destroy it, and the rights you have in relation to your data. This Policy applies to all personal information collected through our website and related services in Saudi Arabia. By using our website or providing us your information, you agree to the practices described in this Privacy Policy.

    Information We Collect and How We Collect It

    We only collect personal data that you voluntarily provide to us as needed to serve you, and we do not collect any personal data from mere website browsing (we do not use any tracking cookies or analytics tools). Specifically, we may collect the following information:

    • Contact Information: When you fill out a contact form, request a quote, or register an account, we collect information such as your name, company/organization (if applicable), email address, phone number, and any information you choose to include in your message. This allows us to identify and communicate with you.
    • Order Details: If you place an order or make a purchase, we collect information necessary to process the order. This includes your name, billing and shipping address, phone number, email, and details of the products you are ordering. If payment is made through our site, we (or our payment processor) may collect payment details (e.g. credit card information or bank details) securely for the purpose of completing the transaction.
    • Other Voluntary Information: You may provide personal data in other contexts, such as when contacting us via email/phone or responding to an optional customer survey. In such cases, we will collect whatever information you choose to give (for example, feedback or preferences).

    Method of Collection: We collect personal information directly from you through our website forms or direct communications. For example, you provide your details when completing the contact or order form on our site, or when emailing us. We do not obtain personal data from third parties or public sources – all information is gathered from you directly with your knowledge. We will always inform you of why we are collecting certain information and whether any field is mandatory or optional. If certain required information is not provided, we may be unable to fulfill your request or order (for instance, we cannot ship products without a delivery address). We will not collect more data than is necessary for the stated purpose, in accordance with the PDPL’s data minimization principle.

    We also want to reassure you that we do not use cookies, web beacons, analytics platforms (like Google Analytics), or other tracking technologies on our website. We do not automatically collect information about your device or browsing behavior. The only information our servers may automatically record is basic technical data (such as your IP address and browser type) in standard web server logs, and this is only used for security, debugging, or auditing purposes – not for tracking or profiling. We do not use any of this technical data to identify individual visitors, and we do not share it with third parties.

    Purposes of Collecting and Using Personal Data

    We collect and use personal information only for legitimate business purposes and as necessary to provide our products and services to you. The main purposes for which we use your personal data are:

    • To Respond to Inquiries and Provide Information: We use contact information (like your name, email, phone) to respond to your requests or questions submitted through contact forms or email. For example, if you ask about our hotel bedding products, we will use your contact details to communicate with you and provide the requested information or quotes.
    • To Process and Fulfill Orders: We use the personal and order information you provide to process transactions and deliver products you purchase. This includes using your information to confirm and fulfill your order, arrange shipping or delivery to the address provided, communicate order updates, and provide invoices or order confirmations. We also use your payment information to charge for purchases (via secure payment processors).
    • Customer Service and Support: We retain your information to provide customer support – for instance, to contact you regarding any issues with your order, to handle returns or replacements, or to answer questions about products. Having your order history and contact info helps us assist you more efficiently and improve our service quality in response to your needs.
    • Business Records and Legal Compliance: We may use your data to maintain proper business records and to comply with our legal obligations. For example, we keep transaction records (which include personal data) for accounting, tax, and audit purposes as required by law. We may also use and retain information as needed to assert our rights or comply with laws, such as using information to prevent fraud, comply with lawful government requests, or enforce agreements.
    • Updates and Communications: If you are an existing customer, we may use your email or phone number to send you important notices about your transactions (e.g. order confirmations or shipping notifications). With your consent (where required), we may also send occasional updates about new products, special offers or promotions that may interest you, or invite you to provide feedback. You are free to opt out of marketing communications at any time (see the Your Rights section below for opt-out methods). We will not send you marketing emails or texts without your prior consent, and you can unsubscribe at any time.

    We will only use your personal data for the specific purposes we have communicated to you. We do not use your information in ways that are incompatible with those purposes. In other words, we will not process your personal data for any new or unrelated purpose without obtaining your consent or unless required/permitted by law. We do not engage in any form of automated decision-making or profiling using your personal data.

    Sharing and Disclosure of Personal Data

    We treat your personal information with care and confidentiality. We do not sell, trade, or rent your personal data to any third parties for their own marketing or commercial uses. However, in order to run our business and serve you, we may need to share your data with a few trusted parties in certain situations, strictly for the purposes described in this Policy:

    • Service Providers and Partners: We may share necessary personal data with third-party service providers who perform services on our behalf. This includes, for example, courier or shipping companies (to deliver your orders), payment gateway providers or banks (to process payment transactions), IT or web hosting providers (who host our website and databases), and customer support tools. We only provide these partners with the information required for them to carry out their specific service (for instance, giving the courier your name, address and phone to deliver the package). They are not permitted to use your data for any other purpose. We ensure that any service providers handling personal data agree to protect it with appropriate security measures and to comply with privacy obligations consistent with this Policy. These third parties act on our instructions and do not have independent rights to your data.
    • Within Our Corporate Group: If [Company Name] is part of a group of affiliated companies (for example, a parent or subsidiary company in Saudi Arabia), we may share personal data with our affiliates as needed for business administration, centralized services, or similar purposes. Any such affiliate will also abide by this Privacy Policy and applicable law. (Note: If your company is a standalone entity, you can omit this bullet.)
    • Legal Requirements and Protection: We may disclose personal information if we are required to do so by applicable laws or regulations, or in response to valid legal process (such as a subpoena, court order, or government demand). We will only share what is legally necessary. Additionally, we may disclose data if we believe in good faith that it is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. For example, if law enforcement or a regulatory authority demands certain customer records with proper authorization, we may be obligated to comply. Outside of such requirements, any request for customer data by a government or public authority would only be honored if made in accordance with Saudi law (for instance, an official letter or order from judicial authorities).
    • Business Transfers: In the unlikely event that our company undergoes a business transition such as a merger, acquisition, or sale of assets, personal data might be transferred to the new owner as part of the business assets. If that happens, we will ensure your data remains subject to the same protections outlined in this Policy, and we will notify you (for example, via a notice on our website) of any such change in ownership or control of your personal information.

    Aside from the situations above, we will not disclose your personal data to any third party unless you have expressly consented to such sharing. Importantly, we never share your information with third parties for their own marketing purposes. Your data is used solely to serve you and operate our business as described.

    Cookies and Tracking Technologies

    We do not use cookies on our website. Cookies are small text files that websites often store on a user’s device to identify the user or gather information. Unlike many websites, our site does not deploy any cookies (neither first-party nor third-party) for analytics, advertising, or functional purposes. We also do not use web beacons, pixel tags, or any behavioral tracking techniques. This means when you visit our site, we are not tracking your activities or collecting data about your browsing behavior over time. You can use our website with cookies disabled, and it will not affect your experience. We have chosen not to utilize cookies or analytics tools in order to further respect your privacy.

    The only data we might gather automatically are basic server log details (as mentioned earlier, e.g. IP address and browser user agent), which are stored temporarily and used solely for network security and maintenance. These logs do not personally identify you and are not linked with any personal information you submit. By not using cookies or external analytics, we ensure that your visit to our site remains private and free from third-party tracking.

    Data Storage and International Transfers

    All personal data that we collect from you is stored and processed within the Kingdom of Saudi Arabia on secure servers. We abide by Saudi Arabia’s data sovereignty requirements under the PDPL, which generally mandate that personal data of individuals in KSA be processed locally within KSA. We currently do not transfer or store personal information outside Saudi Arabia. In the event that we need to transfer your data to a service provider or affiliate in another country (for example, to use a specialized cloud service), we will do so only in compliance with Saudi data protection law. This means we will ensure the transfer is permitted by the authorities (by obtaining any required authorizations or consents) and that the data will be afforded an equivalent level of protection in the recipient location. We will not transfer your personal data abroad unless it is necessary and lawfully allowed – for instance, if we have your consent or if the destination country is approved as having adequate data protection, or under another exception provided by PDPL.

    Rest assured, your personal information is primarily hosted on servers in Saudi Arabia and handled by our local team. We take measures to prevent unauthorized access across borders. If you are accessing our site from outside KSA, please be aware that any data you submit will be stored in Saudi Arabia under its privacy protections.

    Data Retention and Deletion

    We will retain your personal data only for as long as it is necessary to fulfill the purposes we collected it for, including for any legal, accounting, or reporting requirements. In practice, this means:

    • For inquiries and contact information: If you contact us but do not become a customer, we may keep your correspondence and contact details for a reasonable period in order to respond and follow-up, then delete it if no further interaction occurs.
    • For order and transaction data: If you make a purchase, we will retain your personal and order information for as long as your account is active or as needed to provide you with our services. Even after you’ve received your products, we may retain your order records for a certain period to handle any post-sale inquiries, returns, or warranties, and to satisfy legal and financial recordkeeping requirements. For example, Saudi laws may require that we keep sales transaction records (which include personal data) for a minimum period (such as for tax or audit purposes). We will not retain personal data longer than necessary, but note that some data may be kept for several years in backup archives or as required by law.

    Once the personal data has fulfilled its intended purpose and is no longer needed, or if you request deletion (and we have no legal obligation to keep it), we will securely destroy or anonymize the information. The PDPL requires that data be disposed of once it is no longer required for the purpose collected, and we adhere to this. We have procedures to either permanently delete electronic records or erase personal identifiers, or to shred/dispose of physical documents, ensuring that the data cannot be reconstructed or read. For example, we may use secure deletion methods to wipe electronic files and ensure any printed documents are shredded.

    In some cases, we may retain limited information even after deletion for legitimate reasons, such as to resolve disputes, enforce our agreements, or comply with laws (e.g. keeping suppression lists of email addresses of individuals who opted-out of communications, to ensure we do not contact them again). However, any retained data will remain subject to this Privacy Policy and applicable law.

    Data Security Measures

    We take the security of your personal data very seriously. We have implemented a variety of technical and organizational security measures to safeguard the information in our custody from unauthorized access, disclosure, alteration, and destruction. These measures include, for example:

    • Secure Servers & Encryption: Our website and backend systems employ industry-standard security protocols. Any sensitive information (such as payment details) is transmitted over encrypted connections (SSL/TLS). We encrypt personal data at rest in our databases when feasible, especially for financial information, to add an extra layer of protection.
    • Access Controls: Personal data is stored in controlled systems. Only authorized personnel of [Company Name] (or authorized service providers who are bound by confidentiality) have access to personal information on a need-to-know basis. We limit access credentials and use strong authentication practices to prevent unauthorized access.
    • Monitoring and Testing: We monitor our systems for vulnerabilities and unusual activities. Regular security assessments and software updates are conducted to keep our infrastructure protected. We maintain up-to-date firewall, anti-malware, and intrusion detection systems to guard against external threats.
    • Organizational Policies: Our staff are trained on data protection best practices and are required to adhere to confidentiality obligations. We have internal policies and incident response plans to handle data security issues. For example, we restrict the use of portable drives for storing personal data and ensure secure disposal of data as described in the retention section.

    While we strive to use commercially acceptable means to protect your information, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. However, we continually update our security practices to meet or exceed industry standards in order to protect your personal data.

    Data Breach Procedures: In the unlikely event of a data breach that compromises personal data, we will act promptly in accordance with Saudi law. This includes containing the breach, assessing its impact, and notifying the Saudi data protection regulatory authority (Saudi Data & AI Authority – SDAIA) within the required timeframe (currently 72 hours of becoming aware of a qualifying breach). If the breach is serious and puts your data at risk, we will also inform you without undue delay, along with information on what data was affected and what measures we are taking in response. We maintain incident logs and will take any required steps to prevent future incidents.

    Your Rights Regarding Personal Data

    As a customer interacting with our website, you have certain rights concerning your personal data. [Company Name] is committed to honoring your rights and ensuring you can exercise them easily. Under Saudi Arabia’s PDPL (and in line with global best practices), your key data subject rights include:

    • Right to Be Informed: You have the right to know what personal data of yours we collect, how we use it, who we share it with, and how long we keep it. We fulfill this right through this Privacy Policy and by providing you information upon request. You can contact us at any time to ask about our data practices or the data we hold about you.
    • Right of Access: You can request a copy of the personal data we hold about you. We will provide you with a summary of your data in a concise and transparent form, explaining the categories of data, the purposes of processing, and the entities with whom it’s shared (if any). This allows you to verify the lawfulness of our processing.
    • Right to Correction (Rectification): If any of your personal information that we have is incorrect, outdated, or incomplete, you have the right to request that we correct or update it. For example, if you change your phone number or notice a spelling error in your name, you can ask us to fix it and we will do so promptly. We strive to keep your data accurate and up-to-date, and appreciate your help in informing us of any changes.
    • Right to Deletion: You have the right to request deletion (erasure) of your personal data in certain circumstances. For instance, if you withdraw your consent (in cases where consent is the basis for processing), if your data is no longer necessary for the purposes we collected it, or if you believe we have processed your data unlawfully, you can ask us to delete it. We will securely delete the data upon your request provided there is no legal requirement or overriding legitimate interest for us to retain it.
    • Right to Restrict or Object to Processing: You may have the right to object to or request limitation of our processing of your data in special cases. For example, if you contest the accuracy of your data or have pending legal rights, you can ask us to pause processing your data (other than simply storing it) until the issue is resolved. If we ever were to engage in direct marketing (currently, we do so only with consent), you could object to further marketing uses of your data and we would honor that. While the PDPL does not explicitly list a broad right to object, it is recognized in practice for specific circumstances (e.g., limiting processing for a period of time) as per regulatory guidance. We will consider any such requests on a case-by-case basis in line with the law.
    • Right to Data Portability: You have the right to obtain your personal data that you have provided to us, in a structured, commonly used, machine-readable format, and you have the right to have that data transmitted to another data controller where technically feasible. In other words, you can ask for an electronic copy of the data you gave us (for example, your contact and order details) so you can reuse it elsewhere, or ask if we can directly transfer that data to a third-party service you specify. This right applies when the processing is based on your consent or on a contract with you, and is carried out by automated means.
    • Right to Withdraw Consent: Where we rely on your consent to process your personal data (such as for optional marketing emails), you have the right to withdraw that consent at any time. If you withdraw consent, we will stop the processing that was based on consent. Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it will not affect processing of your data under other legal bases (for example, keeping records of a purchase you made). If you wish to unsubscribe from marketing, you can use the “unsubscribe” link in our emails or contact us directly, and we will remove you from our marketing list.

    These rights are subject to certain legal limitations. For example, we might not be able to delete all your data if we are required by law to keep it for a certain time (such as financial records), or we might decline a request to access data if doing so could infringe on another person’s privacy. However, we will inform you of any such limitations or reasons if we cannot fulfill a request in part or in full.

    Exercising Your Rights: We have established a straightforward process for you to exercise any of the rights above. To make a request, simply contact us using the contact information in the section below (for example, send us an email specifying your request). Please provide enough information for us to verify your identity (for your security, we need to ensure the person requesting data or changes is actually you) and to understand and process the request. You do not have to fill out any special form – a clear written request is sufficient. We will respond as soon as possible and at most within 30 days of receiving your request, as required by Saudi law. There is no fee for making a request, unless it is excessive or repetitive in which case we will inform you of any cost before proceeding.

    If you have any concerns about how we handle your data or your requests, please let us know and we will do our best to address them. We value your privacy rights. Additionally, if you are ever dissatisfied with our response, under the PDPL you have the right to lodge a complaint with the Saudi data protection authorities (the Saudi Data & Artificial Intelligence Authority, SDAIA) or other competent authority. However, we encourage you to contact us first so we can try to resolve any issue directly. Your trust is very important to us, and we are committed to doing right by our customers.

    Contact Us

    If you have questions about this Privacy Policy, or wish to exercise your data rights or make a privacy-related request, please contact us at:

    Tawreed store
    Email: info@tawreedstore.com
    Phone: +966-562544857

    Home Blog Shop 0Cart Account