Privacy Policy

Effective Date: 17 April 2026

This Privacy Policy explains how Al Qahtani Store collects, uses, stores, shares, and protects personal data when you visit alqahtanistore.com, create an account, place an order, subscribe to communications, or otherwise interact with our digital services. We are committed to lawful, fair, and transparent processing practices and to safeguarding personal information through reasonable technical and organizational measures. By using our website and related services, you acknowledge the practices described in this Privacy Policy. If you do not agree with this policy, please discontinue use of the platform and contact us with any concerns.

1. Scope and Applicability

This Privacy Policy applies to personal information processed through our website, mobile-responsive interfaces, customer support channels, checkout services, newsletter subscription forms, and any related digital tools operated by Al Qahtani Store. It applies to visitors, registered users, purchasers, and communication subscribers. This policy does not automatically apply to third-party websites, payment processors, delivery partners, social media platforms, or external services linked from our website. Those parties have separate privacy practices, and we recommend reviewing their privacy notices before sharing personal information with them.

2. Categories of Data We Collect

We collect personal data that you provide directly, data generated through your interactions, and data obtained from trusted partners where legally permitted. Directly provided information may include your name, email address, telephone number, billing and shipping addresses, account credentials, order notes, and communication preferences. Transactional data may include order contents, pricing, payment confirmation metadata, refunds, and delivery status. Technical and usage data may include device type, browser details, operating system, IP address, session identifiers, page interactions, and cookie-derived analytics that help us measure performance and improve usability.

3. How We Use Personal Data

We process personal data to operate and improve our services, fulfill orders, manage accounts, deliver products, respond to customer inquiries, process returns and refunds, prevent fraud, and comply with legal obligations. We may use information to personalize product recommendations, optimize search and merchandising experiences, and provide relevant promotional content where permitted by law. We also use data for internal reporting, service diagnostics, quality assurance, and platform security monitoring. We process data based on one or more lawful grounds, including contract necessity, legitimate interests, legal compliance, and consent where required.

4. Cookies and Similar Tracking Technologies

Our website uses cookies, local storage, and related technologies to support core functionality, remember user preferences, maintain cart state, detect security anomalies, understand traffic patterns, and measure campaign effectiveness. Essential cookies enable navigation, account access, and checkout operations. Performance and analytics cookies help us evaluate user journeys, page responsiveness, and conversion trends. Marketing-related tools may help us deliver relevant offers and limit repetitive advertisements. You can manage cookie settings through browser controls, but disabling certain categories may reduce site functionality, including saved sessions and personalized shopping features.

5. Newsletter and Marketing Communications

If you subscribe to our newsletter or opt in to promotional communication, we use your email address to deliver product updates, campaign offers, and curated grocery suggestions. You may unsubscribe at any time through the unsubscribe page, account settings where available, or communication footer links. Even after you opt out of marketing messages, we may still send non-promotional communications related to account administration, order updates, fulfillment notifications, legal notices, or critical service announcements. We maintain suppression records to honor unsubscribe requests and reduce the risk of unintended marketing contact.

6. Payment Data and Transaction Security

Payment transactions may be processed by authorized third-party providers that apply their own security controls and compliance programs. We generally do not store full card details on our servers unless explicitly required and legally compliant. We may retain limited transaction metadata, such as payment status, processor references, and anti-fraud signals, for accounting, dispute handling, and compliance purposes. We implement risk detection and fraud monitoring controls to identify suspicious transactions and protect users and the platform. Where required, we may request verification information before approving or fulfilling high-risk orders.

7. Sharing and Disclosure of Data

We may share personal information with service providers and operational partners that support website hosting, analytics, payment processing, logistics, customer service, fraud prevention, legal compliance, and marketing delivery. These parties are expected to process personal data under contractual safeguards and only for authorized purposes. We may disclose information when required by law, court order, regulatory request, or lawful governmental process, or where disclosure is necessary to protect our rights, users, or public safety. We do not sell personal data in a manner prohibited by applicable law.

8. Data Retention Principles

We retain personal data only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including account management, order processing, dispute handling, legal compliance, and legitimate business operations. Retention periods vary by data type and legal requirements, including tax, accounting, and consumer protection obligations. When data is no longer required, we implement deletion, anonymization, or secure archival procedures as appropriate. Some records may be retained longer where required to investigate fraud, enforce contractual rights, or respond to legal proceedings.

9. Data Security and Protective Measures

We maintain a security program designed to protect personal data from unauthorized access, alteration, disclosure, loss, or destruction. Measures may include access controls, encrypted transmission protocols, network monitoring, secure development practices, and role-based permissions. We periodically review and improve safeguards in light of evolving threats and business operations. However, no digital environment can provide absolute security, and residual risk exists in internet-based systems. Users also play a critical role by maintaining secure passwords, avoiding credential sharing, and using trusted devices and networks when accessing accounts.

10. International Transfers and Hosting

Depending on infrastructure and service provider arrangements, personal data may be processed or stored in jurisdictions outside your country of residence. When such transfers occur, we take reasonable measures to ensure an adequate level of protection consistent with applicable privacy laws. These measures may include contractual clauses, vendor due diligence, security assessments, and access limitations. By using our services, you acknowledge that cross-border processing may occur as part of normal operational workflows. You may contact us for more information about relevant transfer safeguards where legally required.

11. Your Privacy Rights

Subject to applicable law, you may have rights to request access to your personal data, receive a copy in a portable format, request correction of inaccurate information, request deletion of certain data, object to specific processing activities, request restriction of processing, and withdraw consent where consent is the legal basis. You may also have the right to lodge complaints with competent supervisory authorities. We may require identity verification before fulfilling requests and may decline requests where legal exceptions apply. We aim to respond within legally required timelines and in a transparent manner.

12. Children’s Privacy

Our services are intended for users who have legal capacity to enter into contracts under applicable law. We do not knowingly collect personal data directly from children in violation of applicable legal standards. If we become aware that personal data has been collected from a child without required consent or legal basis, we will take reasonable steps to delete or de-identify such information. Parents or guardians who believe a child has submitted personal information through our platform may contact us so we can investigate and take appropriate corrective action.

13. Third-Party Links and Embedded Services

Our website may contain links to third-party websites, social media pages, embedded tools, or external services. We are not responsible for privacy practices, content, or security controls of third parties that operate independently from Al Qahtani Store. Your interactions with those services are governed by their own policies and terms. We encourage users to review third-party privacy notices before providing personal data. Inclusion of external links does not imply endorsement of third-party processing practices, and users should exercise discretion when navigating away from our domain.

14. Legal Basis and Compliance Commitments

We process personal data in line with applicable legal frameworks, including obligations related to consumer protection, eCommerce operations, payment compliance, fraud prevention, and data governance. Our lawful bases may include performance of contracts, compliance with legal obligations, legitimate interests balanced against user rights, and user consent where necessary. We evaluate processing activities and retention practices to align with transparency, data minimization, and accountability principles. Where required, we maintain records of processing activities and cooperate with regulatory authorities in relation to lawful inquiries and compliance requirements.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect regulatory developments, operational changes, new service features, security enhancements, or revised data practices. Updated versions will be published on this page with a revised effective date. Where legally required, we may provide additional notice through website banners, account messages, or email notifications. Continued use of our website after updated terms become effective constitutes acknowledgment of the revised policy. If you do not agree with updates, you should stop using our services and contact us regarding account closure or data-rights requests.

16. Liability and Limitation Context

While we adopt reasonable safeguards to protect personal data, users acknowledge that no method of transmission over the internet and no electronic storage method is completely secure. To the extent permitted by law, we are not responsible for unauthorized access events caused by factors outside our reasonable control, such as force majeure incidents, third-party platform breaches, telecom outages, or user-side security failures. Nothing in this policy limits rights that cannot be waived under mandatory law. Please review our Terms and Conditions for broader provisions regarding liability and service use.

17. Contact and Data Requests

For questions about this Privacy Policy, data collection practices, cookie controls, marketing preferences, or exercise of your privacy rights, please contact us through our Contact page. To process requests efficiently, include your name, account email, and a clear description of your request. We may request additional information to verify identity and prevent unauthorized disclosures. We strive to respond promptly and professionally. If you remain dissatisfied after our response, you may have the right to escalate concerns to a relevant data protection or consumer authority.