Privacy Policy
Welcome to Nashaty. Your privacy is important to us. This Privacy Policy explains how Nashaty collects, uses, and protects your personal information when you use our website, mobile applications, and services.
This Privacy Policy applies to www.nashaty.net, www.nashaty.com, and any mobile application (collectively referred to in this Privacy Policy as the "Platform") operated by Nashaty ("we", "us", or "our").
This Privacy Policy forms an integral part of the Terms and Conditions and applies to both: (i) providers who offer and provide activities through the Platform ("Activity Providers"); and (ii) customers who access or use the Platform whether as subscribers, parents or guardian ("Customers") (collectively, "You" or "Your").
"Personal Data" means any information that identifies, relates to, describes or associates with You, and also includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules or regulations.
This Privacy Policy explains how we collect, use, disclose, process, and protect Your Personal Data when You access, register, or use the Platform. For the purpose of applicable data protection laws, we act as the data controller in respect of any Personal Data collected and handled through the Platform.
Activity Providers Data Collection
This chart details the categories of Personal Data that we may collect from Activity Providers:
| Category of Personal Data | Collected data | To whom, we may share which collected data and/or why |
|---|---|---|
| Profile and contact data |
| Customers (profile picture, Business Name, Phone Number, Description of Business, Location of centers, Working hours, may be displayed on the Platform) |
| Identifier | CR Number, Email, Phone Number | Customers – While phone number will be shared, CR & email will not be shared |
| Payment | Card type, Card number, CCV and Card holder name, Expiry date | SkipCash - Nashaty do not store full card numbers, CVV, or expiration dates. Only secure tokenized payment references may be retained for future authorized billing. |
| Commercial Data | Subscription purchase history (billing cycles) | To keep invoices, and transaction records. |
| Authentication & Security Data | JWT auth token, IP Address | Session management with expiry. For restricting the abusive use of otp request multiple times |
| IP Data & Notification | FCM token, IP Address | Firebase - We integrate it with firebase service, which will be used to send the push notification. (FCM token & user ID). IP Address for restricting the abusive use of otp request multiple times & rate limiting |
| Social Network Data | Social media profile links (such as Instagram, Facebook, TikTok, and WhatsApp) (optional) | May be displayed to Customers as part of business profiles |
| Professional or Employment - Related Data | CR Number & Document, Trade License Number & Doc, IBAN certificate and Branch Name | CR & Trade License to verify business. IBAN certificate to send payments related to Activities booked and paid by Customers |
| Location Data | Business location data is collected through Google Maps API integration to allow Customer navigation and business discovery. | Customer can navigate to center of location & check where the center is located |
Platform / Customer Data Collection
This chart details the categories of Personal Data that we may collect from the Platform:
| Category of Personal Data | Collected data | To whom, we are sharing the collected data OR purpose |
|---|---|---|
| Profile and contact data | Parent Data:
Child Data:
| with the relevant Activity Provider once the booking is done. |
| Identifier | Username, Email, Phone Number | Email and Phone number while be shared, no username will be shared with Activity Provider |
| Payment | Card type, Card number, CCV and Card holder name, Expire date. | Skipcash - Payment card details are securely processed by Skipcash, our third-party payment processor. We do not store full card details on our servers. |
| Commercial Data | Purchase history (List of the sessions/classes customers booked for their child) | with relevant Activity Provider once the booking is done |
| Authentication & Security Data | JWT auth token, Device ID, IP Address | Mobile secure storage for apps(Session management). For Firebase to send notifications. For restricting the abusive use of otp request multiple times |
| Device / IP Data | Device ID, IP Address | Firebase - We integrate it with firebase service, which will be used to send the push notification. (Device ID). IP Address for restricting the abusive use of otp request multiple times & rate limiting |
| Analytics | Track and understand user behavior in our app to improve performance and user experience. | May be shared with Analytics providers may include trusted third-party analytics partners. Shared with Activity Providers to be able to assess the services and activities they provide. |
| Social Network Data | N/A | N/A |
| Consumer Demographic Data | Bio data (Optional) | with relevant Activity Providers once the booking is done |
| Professional or Employment - Related Data | N/A | N/A |
| Geolocation Data | Current location of customer - GPS | Precise location is used solely to display nearby activities and is not shared with Activity Providers or third parties except as necessary for app functionality |
| Inferences Drawn From Other Personal Data Collected | N/A | N/A |
| Medical Information | Parents may provide medical or health-related information (including any allergies or medical condition) to ensure child safety during sessions/classes. | Only with relevant Activity Provider once the booking is done |
Table of Contents
- Information we may collect from You
- Data Protection
- Legal Basis for Processing
- How we use Your information
- Information Sharing and Disclosure
- International Data Transfers
- Data Deletion Requests
- Public Forums
- External Links
- Payment Processing
- Marketing Communications
- Your Location data
- Security Measures
- Your rights
- Storage of Your Information
- Data Retention
- Cookies Policy
- Corporate Events
- Data Breach Notification
- Changes to this Policy
- Data Protection Contact
- Acceptance of the Policy
- How to Contact Us
Please read this Privacy Policy carefully to understand our practices regarding the handling of Your Personal Data.
Information We May Collect From You
We may collect and process the following categories of information:
Information You Provide Directly
We may collect Personal Data that You voluntarily provide when You use the Platform, including:
- Your name, email address, postal address and telephone number when You complete forms on the Platform;
- Information You provide when You register or create an account as a user of the Platform, subscribe to any service, upload or submit any content via the Platform, request any information or participate in competition or promotion sponsored by us;
- Account sign-in facility, Your username, password and log-in details;
- Your preferences and interests, enabling us to tailor offers and services to You;
- Details of any transactions carried out through the Platform;
- Communications You send to us, including reports of problem, inquiries, feedback, concerns or comments regarding the Platform or its content;
- Response to surveys conducted for research or services improvement purposes, where You choose to participate;
- Information obtained from Your social networking profile where You log-in or use the Platform;
- Photos provided by the Activity Provider for display on the Platform, which may be shared by the Company with its designers for editing purposes.
Automatically Collected Non-Personal Information
We may also collect certain information automatically when You access or use the Platform. This includes information that does not directly identify You.
Non-personal data includes aggregated or de-personalized information relating to the use of our services, from which any personally identifiable elements have been removed. We may use analytics tools or third-party software to collect such information.
The types of non-personal data we may collect and use include, but are not limited to:
- device properties, including, but not limited to IP address, Media Access Control ("MAC") address and unique device identifier or other device identifier ("UDID");
- device software platform and firmware;
- mobile phone carrier;
- geographical data such as post code and coarse location;
- other non-personal data as reasonably required by Nashaty to enhance our products and services.
Children's Data
We do not knowingly collect or process Personal Data relating to children without obtaining appropriate parental or guardian consent in accordance with the applicable child data protection laws. If we become aware that a child's Personal Data has been collected without valid consent, we will take reasonable steps to delete such information promptly.
Customers may contact us at any time to review, update or request the deletion of their child's Personal Data.
Optional Nature of Data Provision
You are under no obligation to provide any Personal Data to us. However, if You choose not to provide certain information requested, we may be unable to provide You some services. Any information You do provide will be handled in accordance with our applicable data protection and privacy practices.
Data Protection
We value Your privacy and appreciate Your trust in us. Our first priority is to safeguard the Personal Data You share with us. We are equally committed to protecting Your privacy in accordance with the provisions of the Data Protection Law of the State of Qatar (Law No. 13 of 2016) and other applicable laws in force. We assure You that we follow appropriate standards when it comes to protecting Your privacy on the Platform owned and controlled by us.
Information that is provided to us is stored on our secure servers. Details relating to any transactions entered into on our Platform may be encrypted to ensure its safety. However, as the transmission of information via internet is not completely secure, we cannot guarantee the security of data sent to us electronically, and therefore the transmission of such data is entirely at Your own risk.
Legal Basis For Processing
We process Personal Data on one or more of the following legal bases:
- Performance of a contract (e.g., processing Activity bookings)
- Your consent (e.g., marketing communications)
- Compliance with legal obligations
- Legitimate interests (e.g., fraud prevention, service improvement, Platform security), provided such interests do not override Your rights.
How We Use Your Information
We use the Personal Data that You voluntarily provide when You use the Platform, as well as information collected automatically, for the following purposes:
- To build a profile of Your preferences in order to offer You events and services You are interested in;
- To facilitate and process Activity bookings, and to provide You with the services and information offered through the Platform and which You request;
- To administer and manage Your account;
- To verify, process and complete financial transactions in relation to payments made through the Platform;
- To share necessary information with third parties to process Your transactions, such as payment gateways, banks, credit card companies, and payment processors;
- To exchange information with other companies for fraud protection and credit risk reduction;
- To contact You by post, phone or email when necessary to discuss the transactions entered into by You on the Platform;
- To audit usage and downloading of data from the Platform;
- To improve the layout and/or content of the pages of the Platform and customise them for users;
- To identify visitors to the Platform;
- To conduct research on our users' demographics and tracking of sales data;
- To share information with social networking sites at Your request; and
- To disclose information to lawful authorities when required to do so by law.
With Your consent, we may use Your information provided to us for the purposes of contacting You with information or offers regarding upcoming events, products, services or surveys in accordance with our direct marketing policy.
Information Sharing and Disclosure
We may share or disclose aggregate statistics about visitors to the Platform, Customers and sales to prospective partners, advertisers, potential merchants and other reputable third parties for business development and lawful purposes. Such statistics will not contain any personally identifiable data.
We may disclose Your Personal Data to any of our affiliates, agents or contractors, Activity Providers, advertising partners and business partners who assist us in providing the services we offer through the Platform, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in other tasks, from time to time. We provide Your information to our agents and contractors only for use to the extent necessary to perform their functions.
We may disclose Your Personal Data if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber crime or to protect the Platform or enforce the terms under which You transact with us or enforce the rights, property or personal safety of any person.
International Data Transfers
Where Personal Data is transferred outside the State of Qatar or outside Your country of residence, we ensure that appropriate safeguards are implemented in accordance with applicable data protection laws, including contractual protections or equivalent security measures to ensure Your Personal Data remains protected.
Data Deletion Requests
You have the right to request that we delete the Personal Data that we have collected about You. To request data deletion or for any other queries related to information collected and usage, please send an email to Dataprotection@nashaty.net or Support@Nashaty.net OR CEO@nashaty.net. Please make sure to mention in the email subject that it is a "Data Deletion Request".
Please note that this right is subject to certain operational or legal exceptions. For example, we may need to retain Your Personal Data to provide You with the services or complete a transaction or other action You have requested, or as per legal requirements. If Your deletion request is subject to one of these exceptions, we may deny Your deletion request.
Public Forums
The Platform may, from time to time, make public forums available to its users. Any information that is disclosed in these areas becomes public information and You should exercise caution when using these and never disclose Your Personal Data.
External Links
The Platform may, from time to time, contain links to external websites or third party services. We are not responsible for the privacy policies or the content of such third parties. Users are advised to review the applicable privacy policies of any external websites or services before engaging in transactions or providing Personal Data.
Payment Processing
All payment details You provide will be encrypted using industry standard 128 bit secure sockets layer (SSL) technology before they are submitted to us or our payment partners over the internet. When making payment, You provide Your credit or debit card information directly to the Payment Solutions Provider (PSP) which operates a secure server to process payment details, encrypt Your credit/debit card information and authorise payments. We do not store Your credit card number or security code on our servers, though it may transit through our servers as it passes to PSP. Information which You supply to our PSP is not within our control and is subject to PSP's own privacy policy and terms and conditions.
Marketing Communications
We may send You information we think You may find useful or which You have requested from us by push notification and/or (if You provide us with Your e-mail address) by e-mail, including information about the latest or upcoming events featured on the Platform, provided You have indicated that You do not object to being contacted for these purposes and we will always give You the option to opt-out of receiving further e-mails or push notifications by following the unsubscribe instructions on any communications sent to You.
You can tell us not to contact You with information regarding the Activities offered by other Activity Providers, or to share Your details with other Activity Providers so that they can directly send You information regarding their Activities, either at the point such information is collected on the Platform (by checking the relevant box), or where You do not wish us to continue to use Your information in this way by following the unsubscribe instructions on any communications sent to You.
You can also exercise this right at any time by contacting us using the contact details at the end of this Privacy Policy.
Your Location Data
In order to get the most out of our service and to allow us to exchange tailored offers between Activity Providers and Customers, we need to process Your approximate location from time to time. The types of location data that will be processed are Your latitude, longitude, cell tower ID, etc.
The Customers' location data will only be processed for as long as necessary in order for us to respond to their request for tailored offers. After this, the data will be deleted. The Customers' location data may be transferred to our Activity Providers for the purpose of providing the Customers with the best offers at that time to match their preferences.
You can choose not to allow us to process Your approximate location at the time You connect to the Platform, or any time after that either by changing the settings on Your mobile device or by contacting us using the contact details at the end of this Privacy Policy.
Please note that if You choose not to allow us to process Your location data, we will not have enough data in order to provide You with the full benefit of our service (e.g. a list of tailored offers matched to Your approximate location)
Security Measures
We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of Personal Data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to Personal Data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information You submit via the Platform whilst it is in transit over the internet and any such submission is at Your own risk
Your Rights
You have certain rights in relation to Your Personal Data. You can:
- Request access to Your Personal Data that we hold;
- Request correction of any inaccurate or incomplete Personal Data;
- Request deletion of Your Personal Data in certain circumstances;
- Request restriction of processing of Your Personal Data in certain circumstances;
- Object to the processing of Your Personal Data;
- Request the transfer of Your Personal Data to You or a third party;
- Withdraw Your consent at any time if processing is based on Your consent.
If You would like to exercise any of these rights, please contact us using the contact details at the end of this Privacy Policy.
Storage of Information
Information that You submit through the Platform is sent to and stored on secure servers. We may use third-party software, including Zoho services and forms, for the collection, storage, processing, and management of Your data. By using the Platform and submitting Your information, You agree and consent to the storage, processing and/or transfer of Your information to or by these third-party service providers. Information submitted by You may also be transferred by us to our other offices, affiliated entities, service providers, and/or to the third parties mentioned in the circumstances described above.
Data Retention
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Where Personal Data is no longer required, it will be securely deleted or anonymised. Retention periods are determined based on the nature of the data, legal obligations, and legitimate business requirements.
Cookies Policy
When You interact with the Platform, we try to make Your experience simple, efficient and meaningful. When You visit the Platform, our Web server may place a cookie on Your computer or mobile device (depending on how You access the Platform).
Cookies are small text files of information which are issued to Your device when You visit the Platform and which store and sometimes track information about Your use of the Platform. A number of cookies we use last only for the duration of Your browsing session and expire when You close Your Platform. These are known as session cookies. Other cookies remain on Your device after You close the browser and are used to remember You when You return to the Platform. These are known as persistent cookies.
We use cookies to:
- Remember that You have previously visited the Platform, enabling us to identify the number of unique visitors and ensure that we have sufficient capacity to support our users;
- Customise promotional content and tailor the layout and features of the Platform; and
- Collect statistical information about how the Platform is used, allowing us to improve functionality and understand which features and pages are most popular to visitors.
Some of the cookies used by our Platform are set by us, and some are set by third parties who are delivering services on our behalf; for example, social networking sites.
Most web browsers automatically accept cookies. However, You may modify Your browser setting to refuse cookies or to notify You when a cookie is being placed. Additional information about cookies and how to manage or block them is available at www.allaboutcookies.org. Please note that if You block or delete cookies, certain features or functionality of the Platform may be limited or unavailable.
In addition to cookies, tracking Gifs may be set by us or third parties in respect of Your use of the Platform. Tracking Gifs are small image files within the content of our Platform or the body of our newsletters so we or third parties can understand what parts of the website are visited or whether particular content is of interest.
We also use SDKs,Google Anlaytics, device identifiers, local storage, and similar technologies To Track the Navigation through the app to understand user behaviour and provider better user experience and app performance.
Corporate Restructuring
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy, sale, or by any other means, You agree that any Personal Data we hold about You may be transferred to that company. In this event, You will be notified via email and/or posted on our Platform of any change in ownership, uses of Your Personal Data, and choices You may have regarding Your Personal Data.
Data Breach Notification
In the event of a Personal data breach that poses a risk to Your rights, we will notify relevant authorities and affected individuals as required by applicable law.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on the Platform with an updated effective date. If You use the services after any changes to the Privacy Policy have been posted, that means You agree to all of the changes.
Data Protection Contact
For privacy or data protection compliance - related inquiries, requests, or complaints, You may contact us at Dataprotection@nashaty.net
Acceptance of the Policy
By using our Platform, You signify Your acceptance of our Privacy Policy. Your continued use of the Platform even after changes or amendments to this Policy will be deemed as Your acceptance of those changes or amendments.
Contacting Us
If You have any questions, concerns or comments about this Privacy Policy, the ways in which we collect and use Your Personal Data or Your choices and rights regarding such collection and use, please do not hesitate to contact us by email to Dataprotection@nashaty.net or support@nashaty.net or CEO@nashaty.net.