Privacy Policy
Giyah brings together purpose and purity. We respect the privacy of our visitors and exert extra effort in safeguarding personal information. This Privacy Policy explains how we collect, use, share, and protect your information during your visit to our website, purchasing any of our organic goods, or otherwise engaging with the brand online.
Information We Collect
Your privacy means everything to us at Giyah. We secure the personal information you provide us when you come to our website or buy any of our organic hair oils, skin oils, or body oils, or interact with our brand in any other way. This Privacy Policy describes how we collect, use, disclose, and protect such information in compliance with the laws of Pakistan, such as the Personal Data Protection Bill (PDPB), and guidelines issued by the Ministry of Information Technology & Telecommunication (MoITT).
When you place an order, subscribe to updates, contact customer service or our company, or participate in a promotion, we collect personally identifiable information about you, such as: full name, name of business, address for shipping and billing, email address, phone number, payment information, and possibly CNIC or mobile number where required by law.
Also, on our website, we may collect non-personal, automatically gathered information such as your IP address, type of device, browser information, location settings, what pages you visited, how long your sessions were, etc. This information is obtained from cookies, log files, and analytics, which are used by us to improve your experience and help our website perform well.
How We Use Your Information
The personal information and non-personal information we collect is mainly used to complete your orders, send order confirmations, updates, and shipping information; respond to your questions, concerns, or complaints; and provide product recommendations. We also use your information to improve the functionality of our website, identify and prevent fraud, meet legal requirements, and, only with your permission, send promotions and marketing communications.
Legal basis for processing
Under Pakistan’s draft Personal Data Protection Bill, processing of your personal data would be based on your consent when you opt-in for marketing; contractual necessity to fulfill your purchase orders; compliance with legal obligations such as invoicing and tax requirements; and our legitimate business interests, such as analytics and fraud prevention. You have the right to withdraw your consent by sending us an email to (TBU) at any time.
Data Storage and Security
We store your data securely, using best-in-class encryption and secure servers, based on local hosting practices and international best practices. Certain data may be stored on a third-party cloud platform that we expect complies with Pakistan's upcoming data localization rules. In accordance with the PDPB, we attempt to limit our data retention as appropriate only for the length of time needed to deliver the purposes above or as required by law in a manner that protects your personal information from unauthorized access. If we experience a data breach, we will make every effort to notify affected persons in compliance with applicable laws.
Disclosure of Your Information
The only time we share your personal information is with trusted third parties that we need to share information with to provide our services. For example, your personal information is shared with third parties we engage, such as local service providers (like courier companies and payment gateways), technology vendors who maintain our website and CRM, and regulators, if we are compelled by law. We do not rent or sell your personal data to any third party for their own use.
Your Rights Under Pakistani Law
You have rights over your personal information under the data protection principles in Pakistan, which include the rights to review and request correction or deletion of inaccurate information, to object to some forms of processing, and to withdraw your consent to marketing communications. When the National Commission for Personal Data Protection (NCPDP) is established, you will have the ability to file complaints regarding the misuse of your data or a data breach. If you would like to invoke any of these rights, please send us an email with the subject line “Data Rights Request.”
Cookies and Tracking Technologies
We use cookies and similar tracking technologies, like many websites, to manage users' session state, measure website performance, and optimize advertising. While you can discontinue using cookies through the controls of your browser, disabling cookies may result in certain features not working or a degraded browsing experience when using our website.
Children's Privacy Protection
Our services are not intended for anyone under the age of 18 years old, nor do we intend to collect personal information from any minors. If we are made aware that we have collected personal information from a minor without the consent of a parent or guardian, we will remove such data from our records as soon as possible.
Cross-border Data Transfer
While we will predominantly use local processing servers, we cannot guarantee that your data will always be transferred or processed within Pakistan. We ensure that any cross-border data transfers comply with Pakistan’s data protection laws and that appropriate safeguards are in place to protect your information.