BrandBazzarr Privacy Policy

Last Updated: [9/7/2025]

1. Introduction

BrandBazzarr is committed to protecting the privacy and security of your personal information. This Privacy Policy ("Policy") describes how we collect, use, process, disclose, and safeguard your personal data when you visit our website [www.brandbazzarr.com] (the "Site"), use our mobile application (the "App"), or engage with our services for e-commerce and product trading between consumers (C2C), businesses (B2B), and businesses to consumers (B2C) (collectively, the "Services").

This Policy is formulated in accordance with international best practices and frameworks, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), while also adhering to the principles of data protection found in Iraqi law, including the Iraqi Constitution, which guarantees the right to privacy (Article 17), the Iraqi Civil Code, and the Iraqi Consumer Protection Law No. (1) of 2010, which emphasizes fair dealing and transparency with consumers.

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Policy and our Terms of Service.

2. Definitions

• Personal Data: Any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes names, identification numbers, location data, online identifiers, and factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
• Data Controller: The entity that determines the purposes and means of the processing of personal data. For most services, BrandBazzarr is the Data Controller.
• Data Processor: A natural or legal person which processes personal data on behalf of the Data Controller. This includes third-party service providers (e.g., payment processors, cloud hosting providers).
• Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

3. The Data We Collect

We collect information you provide directly to us, automatically through your use of our Services, and from third parties.

A. Information You Provide Directly:

• Account Information: Name, email address, phone number, business name (if applicable), business registration details (for B2B sellers), shipping address, and password.
• Profile Information: Profile picture, biography, and other details you add to your public profile.
• Transaction Information: Details of products you buy or sell, bidding information, payment method (though card details are processed by certified payment gateways and not stored on our servers), transaction amount, and date.
• Communications: Records of correspondence when you contact our customer support teams, participate in surveys, or provide product reviews and ratings.
• Identity Verification: For certain transactions or seller verification, we may request copies of government-issued ID, tax identification numbers, or proof of address, which are processed securely and deleted after verification is complete.

B. Information Collected Automatically:

• Log and Device Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, device information, and other technology on the devices you use to access our Services.
• Usage Data: Information about how you use our Services, including pages you viewed, links clicked, search queries, and the date, time, and duration of your visits.
• Location Data: We may derive your approximate location from your IP address to customize your experience (e.g., showing local currency and delivery options).
• Cookies and Similar Technologies: We use cookies, web beacons, and pixels to collect information about your browsing activities. For more details, please see our Cookie Policy [Link to separate Cookie Policy].

C. Information from Third Parties:

• Business Partners: Marketing and analytics providers.
• Financial Institutions & Payment Processors: Confirmation of payment status.
• Credit Agencies: For business seller verification and fraud prevention (where permissible by law).
• Social Media Platforms: If you choose to link your account or log in via a social media service.

4. Legal Basis for Processing (International Compliance)

We process your Personal Data based on one or more of the following legal grounds:

• Performance of a Contract: To fulfill our obligations to you under our Terms of Service, such as processing your orders, facilitating payments, and arranging shipping.
• Legitimate Interests: To operate our business and provide our Services, provided these interests are not overridden by your rights. This includes fraud prevention, network security, direct marketing, and improving our Services.
• Consent: Where required by law (especially for marketing communications and certain cookies), we will rely on your explicit consent. You may withdraw consent at any time.
• Legal Obligation: To comply with applicable laws, regulations, court orders, or other legal processes (e.g., tax reporting, responding to a valid request from an Iraqi regulatory authority).

5. How We Use Your Information

We use the information we collect for the following purposes:

• To create, maintain, and secure your account.
• To facilitate transactions and communications between buyers and sellers.
• To process payments and send transaction notifications.
• To provide customer support and respond to your inquiries.
• To personalize your experience and show you relevant content and offers.
• To monitor and analyze trends, usage, and activities to improve our Services.
• To detect, prevent, and investigate fraud, security breaches, and other prohibited or illegal activities.
• To comply with legal and regulatory requirements under Iraqi law and other applicable jurisdictions.
• To send you promotional communications, subject to your marketing preferences.

6. How We Share Your Information

We may share your Personal Data with the following parties:

• Other Users: As an integral part of our marketplace:
  • Sellers see the buyer's name, shipping address, and contact details necessary to complete the order.
  • Buyers see the seller's business name, profile information, and contact details.
• Service Providers (Data Processors): Trusted third parties who perform services on our behalf, such as payment processing, order fulfillment, data analysis, email delivery, hosting services, customer service, and marketing efforts. These entities are contractually bound to use your data only for the services we request and to protect it securely.
• Legal and Regulatory Authorities: Where required to do so by law, or in response to a valid legal request (e.g., a court order, subpoena, or request from an Iraqi government agency like the Consumer Protection Directorate).
• Business Transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets.
• With Your Consent: For any other purpose disclosed to you with your prior permission.

7. International Data Transfers

Your personal information may be processed in countries other than Iraq, including countries that may not have the same data protection laws as your home country. For instance, our cloud servers or third-party service providers may be located in the Middle East, Europe, or the United States. When we transfer data across borders, we implement stringent safeguards as required by international law, such as:

• Processing data only in countries deemed by the European Commission to have an adequate level of protection.
• Using Standard Contractual Clauses (SCCs) approved by the European Commission.
• Relying on certification mechanisms like the EU-U.S. Data Privacy Framework for US-based providers.

8. Data Retention

We will retain your Personal Data only for as long as is necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (e.g., for tax, accounting, consumer protection, or legal claim purposes). Our retention periods are based on criteria such as the nature of the data, why it is collected, and relevant legal or operational retention needs.

9. Your Rights and Choices

Depending on your jurisdiction and applicable law (including principles we extend to all users), you may have the following rights regarding your Personal Data:

• Right to Access & Portability: Request a copy of the Personal Data we hold about you in a structured, machine-readable format.
• Right to Rectification: Update or correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to certain legal exceptions.
• Right to Restriction: Request we temporarily or permanently stop processing all or some of your personal data.
• Right to Object: Object to processing based on our legitimate interests, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at [insert email address, e.g., brandbazzarr@gmail.com]. We will respond to your request within the timeframe required by applicable law and may need to verify your identity before processing your request.

10. Data Security

We implement a comprehensive set of technical and organizational security measures designed to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption (in transit and at rest), secure socket layer (SSL) technology, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18 ("Minors"). We do not knowingly collect Personal Data from Minors. If you become aware that a Minor has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a Minor without verification of parental consent, we will take steps to remove that information from our servers.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. We will notify you of any material changes by posting the new Policy on the Site and updating the "Last Updated" date. We encourage you to review this Policy periodically.

13. Governing Law and Dispute Resolution

This Policy and any disputes related thereto shall be governed by and construed in accordance with the laws of the Republic of Iraq, without regard to its conflict of law principles. Any dispute arising out of this Policy shall be subject to the exclusive jurisdiction of the competent courts of Sulaymaniyah, Iraq.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact our Data Protection Officer at:

BrandBazzarr
Attn: Data Protection Officer
Email: [brandbazzarr@gmail.com]

We are committed to working with you to resolve any complaints. You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction, though we invite you to contact us first to give us an opportunity to resolve your concern.