Privacy Policy

When you register an account or initiate a transaction on Boumrak, we systematically collect categorized personal data to ensure precise service delivery. Data collection adheres strictly to the principle of minimization — we collect only what is operationally necessary.

We acquire data through three primary channels: voluntary provision by the user, automated technical collection during platform interaction, and integration with authorized third-party services you have explicitly connected to your account.

• Full legal name (given and family) as registered on your account profile.
• Primary email address used for authentication, transactional communication, and notifications.
• Mobile phone number (primary; secondary optional) for delivery coordination and two-factor authentication.
• Date of birth (optional) — used exclusively for age verification and targeted promotional eligibility.
• Profile photograph (optional) — user-uploaded; stored with access controls.
• Declared gender (optional) — used solely for product catalog personalization.

• Complete delivery address: street, district, municipality, wilaya, postal code.
• Multiple saved address profiles for varied delivery destinations.
• Landmark descriptors or courier delivery instructions associated with each address.
• Precise GPS coordinates (collected only when explicit location permission is granted) for last-mile navigation accuracy.

• Order history: items purchased, SKU references, quantities, unit prices, and aggregate totals.
• Payment instrument type (COD, card tokenized reference, mobile wallet). Full PAN is never stored on Boumrak infrastructure.
• Billing address where it differs from the registered delivery address.
• Return, refund, and dispute records linked to individual account identifiers.
• Applied promotional codes, discount coupons, and account credit balances.

• IP address (IPv4/IPv6) and derived approximate geographic region.
• User-agent string: browser engine, version, and host operating system.
• Device classification (mobile, tablet, desktop) and display resolution.
• Session tokens, cookie identifiers, and persistent device fingerprint components.
• HTTP referrer headers and internal navigation path traces.
• Session timestamps, duration metrics, and time-zone offset.

• Product impressions: views, add-to-cart events, wishlist additions, and dwell time.
• Internal search queries, applied filters, and sort parameters.
• Submitted product reviews, star ratings, and written testimonials.
• Customer support ticket contents, chat transcripts, and escalation history.
• Email engagement signals: open events, click-through events, and unsubscribe actions.

All data processing at Boumrak is conducted under one of four recognized legal bases: contractual necessity, legitimate organizational interests, compliance with statutory obligations, or explicit user consent. The following matrix documents the complete processing inventory.

Automated decision-making processes that produce legally significant or materially impactful outcomes are not deployed without an integrated human-in-the-loop review mechanism. Any future introduction of such systems will trigger a policy amendment and advance user notification.

Data is not repurposed beyond the declared processing objectives without renewed legal basis. Any secondary use is subject to a compatibility assessment against the original collection purpose.

Boumrak implements a defense-in-depth security posture comprising cryptographic controls, identity management, infrastructure hardening, and continuous threat monitoring. Our security program aligns with internationally recognized frameworks including ISO/IEC 27001 and NIST CSF.

• All data-in-transit is encrypted via TLS 1.3 with forward secrecy (ECDHE key exchange). Legacy TLS versions are disabled.
• Passwords undergo adaptive hashing with bcrypt (cost factor ≥ 12). Plaintext credential storage is architecturally prohibited.
• Sensitive data fields at rest are encrypted using AES-256-GCM with hardware-backed key management (HSM).
• Encrypted backups are stored in geographically distributed regions with separate key custodianship.

• Production data access governed by Role-Based Access Control (RBAC) on a strict need-to-know basis.
• All personnel with data access complete mandatory privacy training and execute binding confidentiality agreements.
• Administrative systems enforce MFA (TOTP / hardware token). SMS-based MFA is deprecated for privileged accounts.
• Comprehensive access audit logs with tamper-evident storage; reviewed bi-weekly by the security team.

• Data center facilities hold ISO 27001 certification with physical access controls including biometric authentication and CCTV.
• Layer-7 Web Application Firewall (WAF) deployed with OWASP ruleset and volumetric DDoS scrubbing upstream.
• Network-level and host-level Intrusion Detection Systems (NIDS/HIDS) with 24×7 SOC alerting.
• External penetration testing conducted bi-annually by CREST-accredited security firms; results acted on within defined SLA windows.
• Automated vulnerability scanning in CI/CD pipeline; patch deployment follows a Critical: 24h / High: 72h SLA.

Upon confirmed detection of a personal data breach constituting a risk to data subject rights and freedoms, Boumrak initiates a formal incident response workflow. Affected users are notified within 72 hours of confirmed breach identification. Notifications specify: breach nature, affected data categories, estimated subject count, likely consequences, and remediation measures applied.

Boumrak maintains a zero-sale policy regarding personal data. No personal information is sold, rented, brokered, or exchanged for commercial consideration. Data is disclosed to third parties only under the enumerated conditions below, subject to binding contractual data protection obligations.

The following categories of sub-processors operate under formal Data Processing Agreements (DPA) aligned with applicable data protection law:

• Last-mile Logistics Operators: Recipient name, phone, and delivery address are disclosed exclusively for order fulfillment. Processors are contractually prohibited from secondary use.
• PCI-DSS Certified Payment Gateways: Payment instrument data is processed exclusively by gateways holding a current PCI-DSS Level 1 certification. Full PANs are never transmitted to or stored on Boumrak systems.
• Cloud Infrastructure Providers: Hosting providers operate certified data centers under DPA with standard contractual clauses governing cross-border transfers.
• Customer Relationship Management (CRM) Platforms: Support ticket and communication data processed strictly for service resolution purposes.
• Analytics Service Providers: Receive anonymized or pseudonymized behavioral data. Direct identifiers are stripped prior to transmission. Server-side tagging minimizes client-side data exposure.
• Email Service Providers (ESP): Receive email address and consent metadata solely for transactional and opted-in marketing communications.

Data may be disclosed to competent judicial, regulatory, or law enforcement authorities when required by a valid court order, statutory obligation, or governmental directive. We will notify affected users of such requests where legally permitted to do so.

In the event of a merger, acquisition, asset divestiture, or insolvency proceeding, personal data constitutes a business asset that may be transferred to successor entities. Users will receive prior written notice with a minimum of 30 days before any such transfer takes effect, and will retain the right to exercise data deletion requests.

Fully de-identified and aggregated datasets that pose no re-identification risk may be shared with commercial partners, academic researchers, or published in market intelligence reports. De-identification methodologies comply with recognized standards (k-anonymity, l-diversity).

Our platform deploys a structured taxonomy of client-side storage technologies including HTTP cookies, web storage (localStorage / sessionStorage), IndexedDB, and pixel beacons. Each technology class serves a defined purpose and is subject to distinct consent and retention rules.

Cookie consent state is captured via a cryptographically signed preference token. Consent withdrawal requests are processed server-side within 24 hours. Browser-level controls (Do Not Track header, privacy mode) are also respected where technically enforceable. The full cookie inventory is published in our Cookie Register, accessible from the platform footer.

Boumrak recognizes and operationalizes the full spectrum of data subject rights. All rights requests are processed within a maximum of 30 calendar days; complex requests may be extended by an additional 60 days with prior written notification. Identity verification is required before any disclosure or deletion action is taken.

• Right of Access (Art. 15): Obtain confirmation of whether your data is processed; receive a structured copy of all data held, including processing purposes, data categories, recipients, and retention schedules.
• Right to Rectification (Art. 16): Correct factually inaccurate, outdated, or incomplete personal data. Most fields are self-serviceable through the Account Settings portal.
• Right to Erasure / "Right to be Forgotten" (Art. 17): Request irreversible deletion when data is no longer necessary, consent is withdrawn, or processing lacks lawful basis — subject to overriding legal retention mandates.
• Right to Restriction of Processing (Art. 18): Suspend active processing while accuracy is contested, processing lawfulness is challenged, or a legal claim is pending.
• Right to Data Portability (Art. 20): Receive personal data in a structured, machine-readable format (JSON / CSV) and transmit it to an alternative controller without impediment.
• Right to Object (Art. 21): Object to processing grounded in legitimate interests or for direct marketing purposes. Processing ceases unless compelling legitimate grounds are demonstrated to override your interests.
• Right to Withdraw Consent (Art. 7): Revoke consent at any time without adverse consequence to prior lawful processing. Withdrawal is effective prospectively.
• Right Against Automated Decision-Making (Art. 22): Not to be subject to decisions producing significant legal effects derived exclusively from automated processing without qualified human review.
• Right to Lodge a Supervisory Complaint: File a complaint with the competent national data protection supervisory authority if you believe your rights have been violated.

The Boumrak platform and associated services are not designed for, marketed to, or intended to be used by individuals under the age of 13. We do not knowingly solicit, collect, or process personal data from children under this age threshold without verified parental or guardian consent.

In the event that personal data belonging to an under-13 individual is identified in our systems without requisite parental authorization, we will execute a mandatory deletion workflow within 48 hours of identification and terminate any associated account.

For users aged 13–17, certain platform features may require parental consent subject to the jurisdiction-specific age of digital consent legislation applicable to the user's location. Parents or guardians wishing to exercise rights on behalf of a minor may contact [email protected] with appropriate documentation establishing custodial authority.

Boumrak's primary operations and data residency are located within the United Kingdom. Where sub-processors reside in third countries, data transfers are conducted only when one of the following transfer mechanisms is in place: an adequacy decision by a competent authority, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or explicit data subject consent where appropriate.

Prior to any cross-border transfer, a Transfer Impact Assessment (TIA) is conducted to evaluate legal access risks in the destination country. Supplementary technical measures (additional encryption, pseudonymization) are applied where the TIA identifies elevated risk.

A register of all cross-border data flows and associated transfer mechanisms is maintained and available upon request. Contact [email protected] to obtain a copy of the applicable safeguards for any specific transfer involving your personal data.

Data retention periods are determined by the intersection of operational necessity and statutory obligation. The following schedule constitutes the formal retention policy for each data classification. Retention is reviewed annually against current legal requirements and operational needs.

At end-of-retention, data undergoes cryptographic erasure (key destruction) or secure overwriting conforming to NIST SP 800-88 guidelines. Backup copies are purged within 90 days of the primary deletion execution date. Anonymized residual data may be retained indefinitely for statistical purposes, provided re-identification risk is negligible.

Direct marketing communications are dispatched exclusively on the basis of prior, freely given, specific, and informed consent. Marketing consent is captured separately from service terms acceptance and is documented with a timestamped audit record. The following opt-out mechanisms are available and are technically guaranteed to execute within 48 hours of request submission:

• One-click UNSUBSCRIBE link embedded in the footer of every marketing email, compliant with RFC 8058 list-unsubscribe headers.
• Granular notification preference management within Account Settings → Communication Preferences.
• SMS opt-out via reply keyword STOP to any marketing text message.
• Written request to [email protected] — processed within 2 business days.

Transactional communications (order confirmations, shipping updates, security alerts, payment receipts) are dispatched on a contractual necessity basis and are not subject to marketing opt-out controls. These messages do not carry commercial content beyond what is incidental to the transaction.

Email engagement metrics (open events, link clicks) are collected using pixel-based tracking. These signals are processed solely for campaign performance measurement and sender reputation management. Pixel tracking can be circumvented by disabling remote image loading in your email client; this will not affect your service access.

The Boumrak platform may contain navigational links to external domains including social media platforms, partner websites, and embedded third-party content widgets. The inclusion of such links does not constitute endorsement, affiliation, or assumption of data controller responsibility for external entities.

Boumrak exercises no control over and accepts no liability for the data collection practices, privacy policies, security posture, or content of third-party websites accessed via links on our platform. We strongly advise reviewing the privacy notice of any third-party destination before submitting personal information.

Where third-party scripts or SDKs are embedded within the Boumrak interface (e.g., payment widgets, map services), their data access is scoped through Content Security Policy (CSP) headers and iframe sandbox attributes to the minimum required for functional operation.

This document is subject to periodic review and amendment in response to changes in applicable data protection legislation, operational practices, or binding regulatory guidance. All amendments are version-controlled and archived. The version string in the document header reflects the semantic versioning scheme MAJOR.MINOR.PATCH.

Material amendments — defined as changes affecting processing purposes, data categories, third-party disclosures, or data subject rights — trigger a mandatory notification cycle through the following channels:

• Platform-wide banner notification displayed for a minimum of 30 days post-publication.
• Registered email notification dispatched to all active account holders at least 14 days prior to the amended policy's effective date.
• In-app consent refresh prompt presented at the user's next authenticated session if the legal basis for any processing changes.

Continued platform use following a material amendment constitutes acknowledgement of the updated terms. Where processing changes require fresh consent, continued use is conditional on consent re-capture. Historical policy versions are archived and available upon written request; response time: 5 business days.

Boumrak acts as the Data Controller for all personal data processed under this policy. For privacy-related inquiries, data subject rights requests, or to report a suspected security incident, please direct communications to the Data Protection function via any of the channels listed below. All communications are handled with confidentiality.