Tameh Privacy Policy
Introduction
Tameh is committed to protecting your privacy and safeguarding your personal information. This
Privacy Policy (“Policy”) explains how we collect, use, store, disclose, and protect personal data
when you use the Tameh.co Website or any related services. It also describes your rights and
choices regarding your personal data. Protecting your personal information is not just a legal
obligation for us, but a core aspect of maintaining your trust.
By using our website or services, you accept and consent to the practices described in this Privacy
Policy. We strongly encourage you to read this Policy in full before providing us with any personal
data or using our services. If you have any questions about our data practices, please contact us
at:………………………
Scope
This Privacy Policy applies to information we collect through our website
(https://…………………..com) as well as through any mobile applications, online portals, or other
digital platforms operated by Tameh in connection with our fractional real estate investment
services. It also applies to information collected through communications with you (such as emails,
phone calls, or other interactions) related to our services. This Policy does not cover any third-
party websites or services that may be linked to on our platform – those are governed by their own
privacy policies.
Compliance with Law
We process personal data in accordance with applicable privacy and data
protection laws, including the Egyptian Personal Data Protection Law (Law No. 151 of 2020) and
any regulations or guidelines issued under it, as well as other relevant laws (e.g., anti-money
laundering regulations requiring customer identification). Tameh takes its legal obligations
seriously and has implemented measures to ensure that we handle your personal information
lawfully, fairly, and transparently.
Definition of Personal Data
In this Policy, “personal data” (or “personal information”) refers to
any information that relates to an identified or identifiable natural person. This includes obvious
identifiers like your name or email address, but also information that can be linked to you
indirectly, such as an identification number, location data, or factors specific to your physical,
economic, cultural, or social identity. It may also include sensitive personal data such as financial
details or national identification numbers. We aim to collect and use only the minimum necessary
personal data required to achieve the purposes set out in this Policy, providing you with our
services while respecting your privacy.
Contact Us
If you have any questions about this Privacy Policy or how Tameh protects your
personal data, please contact us at:……………………….We have designated privacy personnel
responsible for overseeing data protection compliance. We welcome your inquiries and will try to
address your concerns or queries promptly and thoroughly.
By using Tameh’s services or providing personal data to us, you acknowledge that you have read
and understood this Privacy Policy. Your use of Tameh’s platform is also subject to our Terms of
Use, which should be read in conjunction with this Policy. In case of any discrepancy between this
Privacy Policy and the Terms of Use regarding data protection matters, this Privacy Policy will
prevail.
1. Purpose and Scope of this Privacy Policy
Why do we have a Privacy Policy? In short, to inform you – transparently and in plain language –
about how your personal data is handled. Privacy laws and regulations exist to ensure organizations
like ours handle personal data lawfully, fairly, and securely. This Privacy Policy serves several key
purposes:
Transparency
To clearly explain what information we collect about you and why. We
want you to have a good understanding of what data we need to provide our services and
how that data is used.
Accountability
To outline the measures, we take to protect your personal data and to
comply with our legal obligations. This includes how we secure data and what steps we
take if there’s an issue like a security incident.
Control and Choice
To inform you of your rights regarding your personal data (see
Section 10 on Your Rights) and how you can exercise those rights. We believe you should
have control over your personal information, and we provide ways for you to access,
update, or delete your data, and to opt out of certain uses.
Trust
By detailing our privacy practices, we aim to build and maintain your trust. We want
you to feel confident that using Tameh’s platform is safe from a privacy standpoint, and
that we handle your data with care and respect.
What information is covered? This Privacy Policy covers all personal data that we collect and
process in the context of providing our services. Below, we outline the categories of personal data
we typically collect:
Personal Identification Information
This includes information such as your name,
contact details (email address, phone number), date of birth, and national identification
information (for example, your national ID or passport number). We collect this
information primarily during account registration or as part of mandatory identity
verification (e.g., to comply with AML/KYC requirements).
Financial Information
If you invest through our platform, we will collect financial details
necessary to facilitate transactions. This may include your bank account information,
payment card details, digital wallet details, or other payment information, as well as records
of the transactions you conduct on the platform. We may also collect information about
your income or wealth level (where required for compliance or suitability assessments) and
tax identification numbers if needed for tax reporting.
Investment Profile Data
Information related to your investment activity on Tameh, such
as details of the properties you’ve invested in, the number of shares you own, investment
preferences, risk tolerance (if you provide it through questionnaires), and transaction
history on our platform.
AML/KYC Data
To comply with Anti-Money Laundering and Know Your Customer
laws, we may collect additional personal data like copies of your government-issued
identification documents (ID card, passport, driver’s license), proof of address (utility bills
or bank statements), and information about your occupation or source of funds. We may
also collect information from third-party databases or service providers to verify your
identity or to screen you against government watchlists or sanctions lists (as required by
law).
Contact and Communications Data
If you contact us (via email, phone, or live chat),
we will collect the content of your communications and any additional information you
choose to share. We may also record phone calls or live chat sessions for quality assurance,
training, or compliance purposes (with notice to you were required by law).
Usage Data
We collect information about how you interact with our website and services.
This includes technical information such as your IP address, browser type and version,
device type, operating system, and unique device identifiers. It also includes usage details
such as dates and times of site visits, pages viewed, links clicked, the route by which you
navigate through the site (clickstream data), and how you interact with page elements
(scrolling, clicks, mouse-overs). If you use our mobile app (if any), it might include app
usage and device sensor data (like accelerometer or push notification tokens, if applicable).
Cookies and Similar Technologies
We use cookies, web beacons, and similar tracking
technologies to collect information about your usage of our website. Cookies are small text
files stored on your browser or device that help us recognize you and remember your
preferences. They might collect information such as your login status, language
preferences, and other settings to personalize your experience. We also use cookies for
analytics (to understand how users use our site) and for advertising (to present relevant ads
to you on our or others’ platforms, where applicable). For detailed info, see our Cookie
Notice (if provided) or the relevant section below. You can control cookies through your
browser settings and other tools – see Section 2 and Section 3 for more on data collection
methods.
Location Data
We may infer your general location from your IP address (e.g., identifying
the city or country). This helps us detect possible fraud (like if someone tries to log in from
an unusual location) and also allows us to customize content (such as language or regional
offerings). We do not typically collect precise GPS location unless you are using a mobile
app that you permit to share that.
Third-Party Data
We might receive information about you from third parties. For
example, if you log in through a social network or a third-party authentication service, we
receive basic profile info from them (with your consent). Or, if a friend referred you, we
might get your email to send an invitation. Additionally, during AML/KYC checks, we
could receive information from identity verification services or public databases (like
confirmation of your identity or notice of inclusion on a sanctions list).
This list covers the typical scope, but we will collect only what is necessary for the purposes
outlined in this Policy. We do not seek to collect sensitive personal data (such as race, religion,
health, or biometric data) unless required by law (and if so, we’d do so in accordance with that
law). We do not knowingly collect personal data of children under 18, as our platform is not
intended for them (see Section 11).
Now that you know what and why we collect personal data, the following sections will explain
how we collect it, how we use it, and with whom we may share it, among other details.
2. What Data We Collect and How We Collect It
We collect personal data about you from a variety of sources. In many cases, you provide data
directly to us (for example, by filling out a form). In other cases, data is collected automatically
(such as when you browse our site) or from third parties. Here’s a breakdown of how we collect
personal data:
Data You Provide Directly
You will be asked to provide certain personal information
when using our services. For example:
- Account Registration: When you create an account on Tameh, we will ask for
information such as your name, email address, phone number, and a password. We
may also request identification details (like your national ID number) and copies of
identity documents as part of the sign-up or verification process.
- Profile and KYC Forms: After registration, you might fill out additional profile
information or KYC forms. These can include your address, date of birth,
nationality, occupation, and other personal details needed for compliance. You may
also answer questions about your investment experience or preferences (which
helps us comply with suitability requirements or provide tailored content).
- Transactions: When you make an investment or other financial transaction, you
provide payment details (such as bank account or card info) and confirm amounts
to invest. You may also upload documents like proof of bank account or sign
agreements electronically.
- Communications: If you contact support or communicate with us (via email, chat,
or phone), you are providing us with whatever information is in those
communications (e.g., your inquiry details or feedback). If we run promotions or
surveys, any responses or entries you submit are also collected.
- Optional Information: Sometimes we might ask for information that is optional. For
example, a profile bio, a photo, or social media handles to enhance your profile.
Providing or updating this info is at your discretion. We will indicate when any field
is optional. Essentially, if you type it in or upload it on our platform, we collect it.
We use this information in accordance with this Policy.
Data We Collect Automatically
When you use our website or app, we automatically
collect certain information about your device and usage through technical means:
- Log Files: Our servers keep logs of activities. These logs may include your IP
address (which can give a general location), the date and time of access, pages
viewed, the website you came from (referrer URL), your browser type, device type,
and other technical details about your visit. We use this to troubleshoot problems
and to ensure security (like detecting unusual access patterns).
- Device Information: We detect information about the device or browser you use,
such as the operating system, device model, browser version, screen resolution, and
unique device identifiers or cookie IDs. This helps us provide a responsive design
and compatibility.
- Cookies & Similar Tech: As mentioned, we use cookies (small data files stored on
your browser) and similar technologies (like web beacons or pixels) to collect data
automatically. Cookies allow us to remember your preferences (for example, your
language or that you are logged in) so you don’t have to re-enter information. They
also help us gather analytics. We might use:
Session cookies (which expire when you close your browser) to track your
session on the site,
Persistent cookies (which stay on your device for a set period or until you
delete them) to remember you on future visits, and
Analytics cookies (like Google Analytics) to understand how users navigate
and use our site. These analytics cookies collect information such as pages
your visit, time spent, interactions, and can help identify areas to improve.
(For more details, you can refer to our Cookie Notice or Google’s own
privacy policy regarding Analytics data. You can opt out of Google
Analytics by using a browser add-on if you wish.) We may also use web
beacons in our emails to know if you opened them or took action on them,
which helps us improve our communications.
- Usage Analytics: In addition to Google Analytics, we may use other analytic tools
or internal analytics to gauge user behavior. This can include recording anonymized
information about how you complete forms (to find where users have difficulties),
or A/B testing different site versions to see which works better. These tools might
use cookies or local storage. The data collected is usually aggregated and doesn’t
directly identify individuals – it shows us trends and usage patterns.
- Location Data: Through your IP address and device settings, we might
automatically get an approximation of your location (e.g., city or country). If you
use a mobile app and allow location services, we might collect GPS location, but
our website does not collect GPS data by itself – it relies on IP-based geolocation.
- Do-Not-Track Signals: Some web browsers have “Do Not Track” (DNT) features.
There is no consensus on how to respond to DNT signals; currently, our website
does not respond differently to a browser with a DNT signal. You can manage
cookies though (see Section 3).
Data from Third Parties
Sometimes, we receive personal data about you from third-
party sources:
- Verification Services: We may use third-party identity verification services or
databases (including government databases where legally allowed) to confirm your
identity, perform AML/KYC checks, or validate documents you provide. These
services might return information like confirmation of your identity, or whether you
appear on sanction/watch lists, or whether a provided ID is authentic.
- Financial Institutions: If you transfer funds to us (for investment) or receive
distributions, the banks or payment processors involved may send us information
confirming the transfer, such as your name, account number, and the amount. If a
payment fails, we might receive error codes or reasons (like insufficient funds or
closed account).
- Referral Programs: If someone refers you to Tameh, we might receive your name
and contact details from the referrer (so we can invite you). We will only use that
info for the referral and not for other purposes unless you engage with us.
- Marketing Partners: We may obtain leads or contact lists from marketing agencies
or publicly available sources for people who might be interested in our services. If
we reach out to you based on such information, we’ll give you the opportunity to
opt out of further communications.
- Public Records and social media: For due diligence or outreach, we might look at
public sources. For example, if we need to verify a business entity you’re associated
with, we might check corporate registries. Or if you mention Tameh on social media
and tag us, we might collect that information (see Section 13 on social media). We
will abide by the privacy settings you have on those platforms.
- Third-Party Integrations: If our platform allows sign-in via third-party accounts
(like Google or Facebook), we will gain access to certain profile information from
those accounts, but only what you authorize. Typically, this might be your name
and email, and possibly a profile picture. We use it solely for authentication and
setting up your profile.
We endeavor to collect data by fair and lawful means. We will not collect more information than
is necessary for the purposes for which it will be used, and we avoid invasive collection techniques.
For instance, we do not use any devices or software to surreptitiously collect information from
your computer (no keyloggers, no secretly turning on your webcam, etc. – those are absolutely not
things we do).
It’s important to note that you have choices in what data you provide and how it’s collected. In the
next section, we explain how we use your data (the purposes), and later on we’ll discuss how you
can manage certain aspects (like marketing preferences, cookie settings, etc.).
3. How We Use Your Personal Data
We use your personal data to operate, provide, and improve our services, to communicate with
you, and to fulfill legal obligations. Specifically, we may use the information we collect for one or
more of the following purposes:
Providing and Managing Our Services
First and foremost, we use personal data to create
and maintain your user account, and to enable you to use the Tameh platform. This includes
processing your registration information, authenticating you when you log in, and
remembering your settings. We use your data to allow you to browse investment
opportunities, purchase fractional real estate shares, view your portfolio, and carry out
transactions. For example, if you decide to invest in a property share, we will use your
personal and financial information to execute that transaction and then record your
ownership in our system. We also use data to manage payments, such as to initiate a direct
debit or send a payout to your bank account (using your financial info). Additionally,
behind the scenes, our team uses your information to administer your account (billing,
account statements, audits, etc.) and to provide any support you request.
Customer Support and Communications
If you contact us with questions, feedback, or
issues, we will use your provided information to respond and assist you. For instance, if
you email support, we’ll use your email address and perhaps look up your account info to
resolve your issue. We might also contact you proactively if we notice an issue with your
account (e.g., a failed payment) or to alert you about important information (like changes
to terms or privacy policy, or issues with the website). All your communications with us
(support tickets, calls, chats) are used strictly for addressing your inquiry and improving
our services (e.g., training staff or compiling common issues to fix).
Eligibility and Account Approval
We use personal data to assess your eligibility for
certain products and services on our platform. For example, we verify that you meet any
minimum age requirement (18+). We might also use information about your financial
situation or investment experience (when provided) to ensure you are eligible or suitable
for particular offerings, especially if there are regulatory requirements to do so. In some
cases, our fractional investments might be considered securities that require us to verify
whether you qualify as a certain type of investor under law – we would use your data for
that assessment.
Compliance with AML/KYC and Legal Obligations
One of the reasons we collect
detailed personal info is to comply with Anti-Money Laundering (AML) laws, Counter-
Terrorist Financing regulations, and Know Your Customer (KYC) requirements. We use
your identification info, documents, and other data to verify your identity, to screen for any
matches with sanctions lists, politically exposed persons list, or other watchlists, and to
establish an investor risk profile (assessing the likelihood of fraudulent or illicit activity).
For example, we may use third-party services to confirm that your ID is legitimate and that
you are not on a banned list. We also use personal data to monitor transactions for
suspicious patterns (and we may have automated systems that flag unusual behavior). If
required, we will use your information to file any necessary reports with regulatory bodies
(such as Egypt’s Money Laundering and Terrorist Financing Combating Unit, if a
suspicious activity report is warranted). All this is done to prevent, detect, investigate, and
(if necessary) report instances of fraud, money laundering, terrorist financing, or other
unlawful activities.
Legal and Regulatory Compliance
Apart from AML/KYC, we have other legal
obligations – for instance, complying with tax laws or providing information to regulators
like the Financial Regulatory Authority (FRA) or law enforcement when required. We use
your personal data to fulfill these obligations. For example, if required by law, we might
have to withhold taxes on dividends and report those to tax authorities, using your tax
identification number. If a court order or government directive compels us to provide
information about your account, we will use your data to comply (within the bounds of the
law). Additionally, we maintain records as required by law (commercial codes, AML laws
requiring record-keeping for X years, etc.). We also may use your data to enforce our Terms
of Use or other agreements, or to defend against legal claims.
Facilitating Transactions and Investments
We process personal data to process your
investments and transactions on the platform. This includes using your financial details to
take payment for an investment, recording your ownership in the system, calculating any
returns due to you, and enabling any resale or transfer of shares if our platform supports it.
We also use data to send you confirmations, receipts, account statements, and updates about
your investments. For instance, if a property distributes rental income, we’ll use your bank
info to send your portion of the distribution and email you a notice about it.
Service Delivery and Relationship Management
We use personal data to service our
relationship with you as a customer. That includes general administration, accounting, and
auditing functions (e.g., internal financial reporting of how many users we have, revenue,
etc., which might indirectly use some personal data in aggregate form). It also includes
keeping your account current and in good standing. If we offer any loyalty programs or
referral programs, we’d use your data to track and issue rewards. We also maintain records
of your communication preferences, so we know how to contact you or if you’ve opted out
of something.
Security and Fraud Prevention
Ensuring the security of our platform and your data is
paramount. We use personal data, particularly usage and device data, to maintain the
security of our systems, prevent fraud, and address technical issues. For example, we might
use IP addresses and login history to detect if someone else is trying to access your account,
or to identify multiple accounts that might be linked to the same person in violation of our
rules. We also might analyze logs to detect patterns that could indicate attempted hacks or
breaches, and then use user data as part of mitigating actions (like blocking an account or
prompting a password reset). Additionally, if we need to recover debts (e.g., if a payment
fails and you owe fees), we might use your contact info to reach you and arrange payment,
or to involve debt collection processes if absolutely necessary.
Improving Our Services (Analytics and Research)
We want to make Tameh better over
time, so we use personal data for research, analysis, and product development purposes.
This often involves aggregated or anonymized data. For instance, we might analyze how
users navigate the site to improve the user interface, or what kinds of investment
opportunities are most popular to bring more of those to the platform. We might conduct
surveys or ask for feedback – in doing so, we use your responses to inform service
improvements. We generate anonymous statistics about our user base and Website traffic
patterns. These statistics help us in understanding our audience (e.g., average number of
investments per user, or usage peaks during the day) and can be used for business planning.
In some cases, we may share aggregated analytics with partners or investors (e.g., “We
have X thousand registered users, Y% of whom invested in commercial properties”), but
not in a way that identifies individuals.
Marketing and Informing You of Opportunities
With your consent (where required),
we may use your personal data to provide information about our services, new investment
opportunities, or events that may interest you. This could be in the form of email
newsletters, push notifications, in-app messages, or even phone calls or direct mail where
appropriate. For example, we might send you updates on newly listed properties, market
insights, promotions, or company news. We may also send recommendations or content
that we think would be relevant based on your portfolio or preferences (such as “you
invested in retail properties, here’s a new retail opportunity you might like”). If you have
opted in to receive communications from selected third parties (e.g., a real estate developer
partnering with us), we will facilitate that as described at the time of opt-in. You have
control over marketing communications – we will either ask you to opt-in, or if we rely on
a lawful basis such as a customer relationship, we will give you a clear opportunity to opt
out. See Section 7 on how to manage marketing preferences. We will not spam you; we
aim to send content of value. Importantly, even if you opt out of promotional messages, we
will still send transactional or service communications (like confirmations, important
account notices, policy updates) as needed.
Notifying You of Changes
We use contact information to notify you about changes to our
services or policies. This includes informing you of updates to this Privacy Policy or the
Terms of Use, changes in our platform features, or other important announcements (for
example, if we undergo a corporate reorganization or there’s a change in our legal structure
that affects you).
Advertising
While our primary marketing is direct (us telling you about our own
services), we may also use data for advertising purposes. For example, we might use some
of your data to create custom audiences on platforms like Facebook or Google to show you
relevant ads (this could involve uploading a hashed email list to see if you have that service
and then showing ads to you or similar users). Or, we might use cookies and pixels to
retarget you with ads on other websites (“remarketing”) if you visited our site but didn’t
sign up or complete an investment. Any such advertising use of data will comply with
applicable laws (in many cases, it might rely on cookie consent – see our Cookies section).
These ads are to keep you informed of our offerings, but you can manage how these work
via your browser settings or ad preferences on those platforms.
Personalization
We might use data to personalize the content you see on our website. For
instance, showing you content in the correct language, or property suggestions tailored to
your indicated interests or past investments. Personalization improves your experience by
making the interface more relevant to you.
Professional Advice and Legal Proceedings
In situations where we need to seek
professional advice (e.g., from lawyers, auditors, or consultants), we may use or disclose
relevant personal data as needed to obtain that advice. Similarly, if we are involved in legal
proceedings (like litigation or arbitration) or need to establish our legal rights, we will use
personal data necessary for those purposes. This could mean preserving data as evidence,
or analyzing data to respond to legal inquiries or claims. We will ensure such use is done
confidentially and only shared with those who need to know (like our attorneys).
Merger or Acquisition
If Tameh is involved in a merger, acquisition, financing due
diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of
service to another provider, your personal data may be transferred as part of that
transaction. In such cases, we would use your data to facilitate the transaction (e.g.,
disclosing to potential investors under confidentiality) and ensure continuity of services. If
a new entity takes over our operations, your data would be transferred so that the service
can continue to be provided to you. In all such scenarios, we will ensure that your data
remains protected and that any successor entity continues to honor the commitments made
in this Privacy Policy (or informs you of any changes and gets consent if required).
Announcements and Surveys
From time to time, we may use your contact information
to send out surveys or questionnaires (to collect feedback) or to announce new features or
initiatives. Participating in surveys is optional, but if you do, we will use the responses for
the stated purposes (often to improve our service or understand user needs better).
In summary, we use personal data for the core purpose of providing you with a secure, efficient,
and personalized investment platform, and for ancillary purposes like legal compliance and service
improvement. We do not sell your personal data to third parties for their own marketing purposes.
Any sharing we do is described in Section 6 (with whom we disclose data). We also do not engage
in automated decision-making or profiling that produces legal or similarly significant effects
without human intervention, except as described in Section 8 (and even there, mostly analytics,
not decisions with legal effect).
We will only use your personal data for the purposes we collected it for (or purposes that are
compatible with those original purposes). If we need to use your data for an unrelated, new
purpose, we will notify you and, if required, obtain your consent.
4. How We Protect Your Personal Data
The security of your personal data is extremely important to us. Tameh employs a range of
technical, physical, and organizational measures to protect your information from unauthorized
access, disclosure, alteration, or destruction. While we strive to use industry-standard practices to
safeguard data, please note that no method of transmission over the Internet or electronic storage
is 100% secure. Nevertheless, here are some key aspects of our data security approach:
Encryption
We use robust encryption protocols to protect personal data in transit and at
rest. When you enter sensitive information (such as login credentials or payment details)
on our website, that data is transmitted using Secure Socket Layer (SSL) or Transport Layer
Security (TLS) encryption. You can usually see the padlock symbol in your browser and
“https://” in the URL indicating an encrypted connection. Our secure servers are configured
to use strong encryption ciphers to prevent eavesdropping. Additionally, we encrypt certain
sensitive data stored in our databases, especially financial information and identification
documents, so that even if our systems were compromised, the data would be unreadable
without the decryption keys.
Access Controls
We implement strict internal controls to limit access to personal data
only to those employees, contractors, and service providers who need to know that
information to perform their job duties. All Tameh staff are bound by confidentiality
obligations and are trained on data security practices. We use authentication measures (such
as strong passwords, multi-factor authentication for administrative access, and role-based
access controls) to ensure that staff only access the data necessary for their function.
Regular reviews are conducted to revoke access for those who no longer require it.
Secure Storage
Personal data is stored on secure servers that are protected by firewalls
and other network security measures. We take steps to ensure our infrastructure (including
cloud services, if used) is hardened against attacks – this includes keeping software up-to-
date with security patches, performing vulnerability scans, and using intrusion
detection/prevention systems. We may store data in encrypted databases or within secured
data centers that have physical security controls (like surveillance, access badges, etc.).
Third-Party Security
If we engage third-party service providers to process personal data
on our behalf (such as cloud hosting, payment processors, or verification services), we
ensure through contracts that they adhere to security standards and practices comparable
to ours. We conduct due diligence on critical suppliers’ security measures. We also limit
the personal data shared to only what is necessary for the service (principle of data
minimization) and ensure that data is handled securely (for example, via encrypted
channels when transferring data to a service provider).
Monitoring and Testing
We continuously monitor our systems for possible
vulnerabilities and attacks. This includes maintaining logs of access and using monitoring
tools to detect unusual patterns or anomalies that could indicate a breach. We also
periodically test our systems through processes like penetration testing or security audits
by external experts. If any weaknesses are identified, we address them promptly.
Backup and Recovery
We maintain secure backup routines for critical data to prevent
loss in case of system failure or other issues. Backups are encrypted and stored in a secure
location. We also have disaster recovery and business continuity plans, which include
procedures for data restoration to minimize downtime and data loss in the event of an
incident.
Anonymization and Pseudonymization
Where possible, we use techniques like
anonymization (irreversibly removing personal identifiers) or pseudonymization
(replacing identifiers with aliases) for data that we use for analytical purposes or in testing
environments. By doing so, we mitigate risk by ensuring that even if such data were
accessed, it could not be easily linked back to individual identities.
Payment Security
Any payment transactions processed through our platform will be
encrypted and handled in accordance with PCI DSS (Payment Card Industry Data Security
Standard) if relevant. We do not store sensitive card data on our systems if not necessary –
often, we rely on accredited payment processors who handle the secure storage of card
details (tokenization) so that only tokens pass through our system for transactions.
Physical Security
To the extent we maintain any physical records (e.g., paper copies of
documents) or have on-site servers, those are kept in secure facilities. Offices have access
control, and sensitive documents are kept in locked cabinets with limited access. Physical
media containing personal data are securely destroyed when no longer needed.
User Responsibilities
While we take significant steps to safeguard your data, it’s
important to note that you also play a role in protecting your information. We strongly
encourage you to choose a strong, unique password for your Tameh account and to keep it
confidential. Do not share your password with anyone, and change it regularly. We also
advise that you log out of your account when using a shared device and to be careful when
entering your login details to ensure no one is watching. Keep your devices and software
up-to-date with the latest security updates and use antivirus software. We recommend that
you do not send sensitive personal information to us via unencrypted email or other
insecure channels.
Secure Sessions
We employ measures like automatic session timeouts. If you are logged
in and inactive for a period, we might log you out to reduce the risk of someone using your
session. We also have protections against brute-force login attempts (e.g., rate limiting).
Communication Security
Emails or communications from Tameh will be authenticated
to reduce the risk of phishing. However, always be cautious of unsolicited communications
asking for your personal data or account credentials. If in doubt, contact us directly through
official channels. We will never ask for your password via email or phone.
Transfers and Storage Outside Your Country
Your personal data may be transferred to
and stored on servers in countries other than your own (for example, if we use a cloud
provider with data centers abroad). Regardless of where data is stored or transferred, we
ensure that appropriate safeguards (such as encryption and contractual clauses) are in place
to protect it. (More details on international transfers are in Section 14 below.)
No Guarantee
While we follow best practices and strive to protect your personal data, no
system can be guaranteed to be 100% secure. The internet is an open system and there is
always some risk in transmitting information electronically. We thus cannot warrant the
absolute security of your data during transmission to our site (for instance, if there’s a
vulnerability outside our control, such as in the network infrastructure). Once we receive
your data, we will use strict procedures and security features to try to prevent unauthorized
access. In the unfortunate event of a data breach, we have procedures in place to notify
affected users and regulators as required by law, and to take steps to mitigate any harm.
Limitation of Liability
As noted in our Terms of Use, Tameh is not liable for unauthorized
access to personal data that is beyond our control. However, we assure you we take
incidents very seriously. In the event of a security incident (e.g., a breach), we will promptly
inform affected individuals when required and will provide guidance on protective
measures to take.
In addition to these measures, we continuously review and update our security practices to adapt
to new threats and changes in technology. We also may obtain security certifications or comply
with recognized security standards as part of our commitment to data protection. The
confidentiality and integrity of your data is a top priority for us, and we allocate significant
resources to maintain a robust security posture.
5. How Long We Retain Your Personal Data
We will retain your personal data only for as long as necessary to fulfill the purposes for which we
collected it, including for the purposes of satisfying any legal, accounting, or reporting
requirements. The exact duration for which we keep your information will vary depending on the
type of data and the purposes of processing. Here is an overview of our retention practices:
Active Account Data
For as long as you have an active account with Tameh, we will keep
the personal data associated with your account (such as your profile information,
investment records, transaction history, and communications). Keeping this data is
necessary to provide you with the service (for example, so you can see your portfolio,
transaction history, etc.) and to comply with our legal obligations regarding record-
keeping.
After Account Closure
If you decide to close your Tameh account (or if we terminate it),
we do not immediately delete all your personal data. We will retain your profile and
transaction data for a period of time after you cease to be an active customer, generally up
to 7 years unless a longer retention is required or justified. The reason for this retention is
multi-fold:
- To comply with financial regulations, tax laws, and anti-money laundering laws
that often mandate retention of records for a certain number of years. For example,
Egyptian AML regulations may require us to keep identification and transaction
records for at least five years from the end of the customer relationship or the date
of a transaction. We choose a 7-year retention for many records to be on the safe
side of various overlapping requirements.
- To have sufficient information in case of any legal disputes or inquiries that might
arise after your account closure. If you had investments, issues might surface later
(for instance, a legal claim about property returns) and we need to refer to historical
data.
- To enforce our Terms of Use and protect our legal rights. For instance, if you were
banned for misuse, we retain a record to prevent future unauthorized accounts.
During this post-closure retention period, your data will be archived and restricted
so that it is not readily accessible for routine business use; it’s kept only for the
purposes stated (legal compliance, dispute resolution, etc.).
Financial Transaction Records
Information related to financial transactions
(investments, withdrawals, payments) will be retained in line with legal and audit
requirements. For instance, transaction ledgers and payment records might be kept for a
minimum number of years as required by tax law or financial regulations. We generally
align with a 7-year retention here as well, unless local law requires a different period.
Communications
Email communications, support tickets, and call recordings are
generally retained for a shorter period unless they are needed for ongoing issues or legal
reasons. Routine customer support inquiries that have been resolved might be purged after
a couple of years. However, if an email or communication could be relevant to a future
dispute or regulatory query, we may keep it longer.
Marketing Data
If we have your contact details for marketing purposes, we will use them
until you unsubscribe or opt-out. If you opt out of marketing, we may retain your contact
info on a suppression list indefinitely to ensure we respect your opt-out choice (so that we
don’t accidentally send you marketing again).
Web Analytics Data
Data collected via cookies and analytics tools is typically aggregated
and anonymized over time. Raw web logs are usually kept for a short duration (a few
months) unless used for security analysis. Analytics services like Google Analytics store
certain data for a defined period (e.g., 14 months) and then automatically delete or
anonymize it. We follow industry best practices for retention of usage data, balancing utility
with privacy concerns.
Legal Hold
If we are in a legal proceeding or under an investigation that requires us to
retain certain data beyond our standard retention period, or if we reasonably believe
retention is necessary to assert or defend against legal claims, we will preserve the data as
needed. During a legal hold, relevant data is isolated and exempted from normal deletion
until the hold is lifted.
Account Inactivity
If you register but do not verify your account, or if your account
remains inactive for an extended period (with no investments and no logins), we may
contact you to see if you want to maintain the account. If we receive no response, we might
remove or anonymize some of your information after a considerable period of inactivity
(for example, 5+ years) provided we have no ongoing obligations to retain it.
Anonymized or Aggregated Data
We may retain data that has been anonymized (and
thus is no longer personal data) indefinitely for analysis purposes. For example, even after
you delete your account, we might keep aggregated statistical information that includes
data derived from your usage (but not identifiable to you).
When the retention period for personal data expires, or if we no longer need the personal data, we
will ensure it is either securely deleted, destroyed, or anonymized (so it can no longer be associated
with you). For instance, physical documents are shredded or incinerated, and electronic records
are deleted in a manner that prevents recovery (or overwritten). We also ensure that third parties
processing data on our behalf also follow proper data deletion procedures.
In summary, our retention policy is
keep data only as long as necessary for legitimate purposes
(providing service, fulfilling legal obligations, resolving disputes, etc.), and no longer. We
carefully consider the appropriate retention period for each type of data, taking into account the
amount, nature, and sensitivity of the data, the potential risk from unauthorized use or disclosure
if retained too long, the purposes of processing, and whether we can achieve those purposes
through other means. If you have specific questions about how long a certain type of data is kept,
you can contact us for more information.
6. How and With Whom We Disclose Your Personal Data
Tameh may share your personal data with third parties in certain circumstances. We do not sell
your personal information to third-party companies for their own marketing purposes. Any sharing
of data is done with care and subject to appropriate safeguards. Below we outline the categories of
recipients with whom we might share data and the reasons for such disclosures:
Service Providers (Processors)
We employ other companies and individuals to perform
functions on our behalf. These service providers act under our instructions and are bound
by contractual agreements to keep information confidential and to use it only for the
purposes we specify. Examples include:
- Payment Processors and Banking Partners: If you make or receive payments
through our platform, we share necessary details (like your name, account number,
transaction amount) with banking institutions, payment gateways, or electronic
payment service providers to facilitate those transactions. These entities process
your payments and may store some information for record-keeping (e.g., a payment
processor might keep a record of your card or account used for compliance and
fraud prevention).
- Identity Verification and KYC Services: To verify your identity and documents, we
might share your identification details or document scans with third-party
verification services. They confirm authenticity of IDs, run checks against sanction
lists, etc. These providers return a result (verified/not verified, risk scores) to us.
- Cloud Hosting and IT Infrastructure: We use secure cloud service providers or data
center hosting companies to store and process data. Your personal data typically
resides on servers controlled by these providers (e.g., Amazon Web Services,
Microsoft Azure, or similar), but they do not access it except for maintaining the
server and storage. We ensure they have strong security measures.
- Email and Communications Tools: We may use third-party platforms to send
emails, SMS, or notifications (for example, an email marketing service or a CRM
for support ticketing). Your contact info and communication content might pass
through or be stored on those systems. They are permitted to use it only to send
communications on our behalf or manage interactions.
- Analytics and Marketing Tools: We may use third-party analytics providers (like
Google Analytics) and marketing platforms (like Google Ads, Facebook Business,
or others) that involve placing cookies or pixels on our site. These tools might
receive certain data about your device and interactions (as described in Section 2).
For instance, Google Analytics will process usage data for analytic reports.
Advertising partners might process data for ad targeting (if you have consented to
advertising cookies). These providers generally act as separate controllers for the
data they collect via their scripts, but we include them here as they are integral to
our service improvement and outreach.
- Professional Advisors: We may share relevant personal data with auditors, law
firms, or consulting firms we engage. For example, if we undergo a financial audit,
the auditors might review some user transaction records. If we seek legal advice,
we may need to share specific user data with our lawyers to get proper guidance.
These professionals are bound by confidentiality obligations (e.g., attorney-client
privilege, audit confidentiality).
Business Partners
In some cases, we might run joint promotions or partner with other
companies to offer integrated services. If you engage with such a program (e.g., co-branded
investment opportunities with a real estate developer, or a referral program in conjunction
with a partner), we may share information with that business partner as needed. For
instance, if a property developer needs to know who its fractional investors are for
compliance or engagement, we might provide your name and investment details to them
(with contractual safeguards). Or if we partner with a financial institution to offer financing
for investments, and you opt for that, we would share needed info with that institution. We
will inform you in the specific program terms how data sharing works and obtain any
necessary consent.
Property Sellers/Issuers
When you invest in a fractional property, there may be an
underlying property company or seller (the issuer of the investment). It might be necessary
to share your information with that entity for purposes like updating shareholder registers
or enabling direct communication regarding the property (for instance, annual meetings).
We limit what is shared (often just identification and contact details, plus your share of
ownership) and ensure they handle it appropriately. Similarly, if multiple co-investors need
to be in contact (like for a co-owned property’s decisions), certain info might be shared
among participants through our platform with your knowledge.
Advertisers and Ad Networks
If we ever display advertisements on our site or
collaborate with ad networks for retargeting, we may provide them with non-identifiable
or aggregated data to serve ads. For example, we could give an ad network a list of hashed
emails to target “lookalike” audiences, or we might share a cookie identifier to show you
an ad on another site. This does not typically involve sharing directly identifiable info like
your name (unless you’ve given consent in some context), but rather technical identifiers.
Analytics and Search Engines
As part of using analytics services or allowing search
engines to index content, some information may be automatically collected by those
providers. We might share site maps or certain usage data with search engine webmaster
tools to improve SEO, which inherently gives them some data (though not personal data
about you specifically, more about site traffic).
Credit Reference Agencies
If you seek certain services through us that require credit
checking (for example, if we offered an installment payment option or a loan to finance an
investment), we might share your personal and financial details with credit bureaus or
agencies to obtain a credit report. The information returned (credit score or credit history)
would help us decide whether to extend such services. These agencies might keep a record
of the inquiry which can be seen by other lenders.
Affiliates and Corporate Group
If Tameh is part of a group of companies, we may share
information within our group for internal administrative purposes, business operations, or
offerings that span multiple entities. For example, if Tameh establishes a subsidiary or
parent company (perhaps for regulatory reasons), your data might be shared with that
affiliated entity which is essentially part of delivering the service to you.
Merger, Acquisition, or Sale
In the event that Tameh undergoes a business transaction
such as a merger, acquisition by another company, or sale of all or part of its assets, your
personal data will likely be among the assets transferred. We would disclose personal data
to the prospective buyer or merging partner as necessary for due diligence (under strict
confidentiality). If the transaction completes, the successor company will have access to
your data to continue operating the service. The new owner will be bound by this Privacy
Policy or one with equivalent protections covering the personal data, and we will notify
you of any change in data handling or ownership as required.
Legal and Regulatory Disclosures
We may disclose your personal information to
competent authorities, regulators, government agencies, courts, or law enforcement if we
believe disclosure is (a) required by applicable law, regulation, legal process, or
governmental request; or (b) necessary to enforce our Terms of Use or other agreements;
or (c) to protect the rights, property, or safety of Tameh, our users, or others. Some
examples include:
- Responding to a subpoena, court order, or official request for information.
- Filing reports with regulators (like FRA or Central Bank if applicable) in
compliance with regulations (e.g., suspicious activity reports to the Money
Laundering Combating Unit, transaction reports under financial regulations, etc.).
- Sharing info with tax authorities if they are auditing or if we must report investor
earnings for tax purposes.
- Providing information to law enforcement if we believe an individual is involved
in illegal activities (like fraud or money laundering), or if a user reports
unauthorized activity and we assist in an investigation.
- Exchanging information with other companies and organizations for fraud
protection and credit risk reduction. For instance, if we suspect a fraudulent activity
that also affects other institutions, or as part of a cyber threat intelligence sharing
network, we might share relevant data to mitigate the threat.
Consented Disclosures
We will share your personal data with other third parties if you
have provided your consent for us to do so. For example, if you opt in to a program that
explicitly states we’ll share your details with a partner, or if you ask us to transfer your data
to another service (data portability request), or you use features that require sharing (like
posting in a community forum), we will do so in line with what you agreed.
Public Profiles/Community
If our platform offers any community features like forums,
comments, or social networking elements, any information you voluntarily post will be
accessible to other users or the public. For example, if you post a testimonial or comment
on an article on our site, your name (or username) and content might be visible. This isn’t
“sharing” by us per se – it’s you sharing via the platform – but we mention it to clarify that
such shared content isn’t private. Always be mindful of what you share publicly on any
platform.
Whenever we share your data with third parties, we endeavor to share only the minimum
information necessary for the task. We also ensure that any third party that processes your data is
contractually obligated to protect it and use it only for the specified purpose (except in the case of
regulators or certain legal contexts where our ability to impose such terms is limited).
In cases of international data transfers (sharing data with entities outside of Egypt or your home
jurisdiction), please refer to Section 14 for how we handle those transfers to ensure they are lawful
and protected.
If you require more specifics about a particular disclosure (for example, if you want to know which
identity verification service we use or details about our cloud provider), feel free to contact us and
we will provide more information as appropriate.
7. How to Withdraw Your Consent or Opt Out of Marketing
Your personal data is yours, and you have choices about how it is used – especially when it comes
to marketing and any processing based on your consent. This section explains how you can
withdraw consent you’ve given us and how to opt out of receiving promotional communications.
Withdrawing Consent for Processing
In cases where we rely on your consent as the legal
basis to process your personal data, you have the right to withdraw that consent at any time.
For example, if you consented to us processing certain optional data or if we asked for
consent to collect precise location via a mobile app, you can change your mind later.
Withdrawing consent will not affect the lawfulness of any processing we conducted based
on consent before its withdrawal. It just means that after you withdraw, we will stop the
processing for which consent was required. If you withdraw consent for something
essential (like certain KYC data), it might impact our ability to provide services to you –
we will inform you if such is the case.
To withdraw consent, you can contact us at …………………………………. with your request,
specifying which consent you are withdrawing. If the consent was for something like push
notifications or location data on a mobile app, you can also adjust your device settings (e.g., disable
location services for the app, or turn off notifications). For cookie consent, you can adjust cookie
preferences via our website cookie banner or your browser settings.
Opting Out of Marketing Emails
If you no longer want to receive marketing or
promotional emails from us, you can opt out at any time. Our marketing emails (such as
newsletters or promotional offers) include an “unsubscribe” link at the bottom. Click that
link and follow the instructions to remove yourself from the mailing list. Alternatively, you
can contact us directly at ………………………………… and request to be unsubscribed
from marketing communications. We will process your opt-out request as soon as possible.
Please note that you may still receive a few emails after opting out if they were already in
the process of being sent at the time (but we try to make the opt-out effective immediately
to the extent feasible).
Opting Out of SMS/Texts or Calls
If we ever send promotional SMS messages or make
marketing calls (for example, notifying you of a new investment opportunity via text), you
can opt out by following instructions in those messages (like replying “STOP” to a text) or
by letting the caller know of your preference not to receive marketing calls. You can also
email us to suppress your number from these communications.
Opting Out of Push Notifications
If you are using a mobile application and have allowed
push notifications for marketing or updates, you can turn these off at any time in your
device’s settings or in the app’s settings. For instance, you can disable notifications for the
Tameh app on your smartphone’s notification settings.
Opting Out of Third-Party Marketing
We do not share your info with third parties for
them to market to you without your consent. If you have consented to receiving marketing
from a partner through us, you’ll need to follow the opt-out instructions provided by that
partner for their communications. However, if it was through our platform, you can also
contact us to revoke that consent and we will communicate it to the partner.
Opting Out of Analytics/Advertising Cookies
For analytics cookies like Google
Analytics, you have the option to install browser add-ons that block it (e.g., Google offers
a GA opt-out browser add-on). For targeted advertising cookies (if we use any), you can
adjust your cookie preferences via our site’s cookie management tool or via your browser.
Many browsers allow you to block third-party cookies or clear your cookies. There are also
industry opt-out platforms for interest-based advertising, such as the Network Advertising
Initiative (NAI) or Digital Advertising Alliance (DAA) websites, where you can opt-out
from many participating companies. Keep in mind, opting out of cookies may affect your
experience on our site.
Opting Out of Marketing by Third-Party Platforms
If we use platforms like Facebook
to show ads, those platforms usually allow you to adjust your ad preferences. For example,
on Facebook you can hide ads from certain advertisers or manage interest categories. On
Google, you can adjust ad personalization. Using those tools will not remove ads entirely
but will make them less personalized.
Confirmation of Opt-Out
When you opt out of marketing, we may send a one-time
confirmatory message (like an email confirming you’ve been unsubscribed) as a courtesy
or requirement, but that’s it. After that, you should not receive marketing communications.
If you do, please let us know as it might be an oversight or technical issue, and we will
resolve it.
Service Communications
Please note that opting out of marketing does not opt you out
of essential service or transactional communications. We will still send you non-
promotional messages as needed for using our services: for example, confirmations of
transactions, updates about your account, notices of changes to terms or privacy, or other
important information (like security alerts). These are not marketing communications but
rather important notices or records of your activities.
Re-Subscribing
If you have opted out and later decide you want to receive marketing
communications again, you can always re-subscribe. This might involve re-visiting your
account settings if available, or contacting us to request to be added back to the list. In
some cases, if you sign up for a new product or service, we might ask for your marketing
preference again.
We respect your choices and will not penalize you for opting out of marketing. It will not affect
the core service we provide to you as an investor. Our aim is to ensure any marketing we do is
helpful, and we certainly don’t want to send you anything you find spammy or irrelevant. So, feel
free to manage your preferences as you see fit.
If you withdraw consent for a certain processing activity that is necessary for providing the service
(other than marketing), we will inform you of the potential consequences (for example, “If you
withdraw consent for us to use your location, some geo-specific features might not work.”). If
withdrawal of consent makes it impossible for us to continue providing the platform under legal
requirements (for instance, if you withdrew consent for all personal data processing), we might
have to close your account, but we would advise you accordingly.
In summary, you are in control
you can opt out of marketing at any time and withdraw consents
you’ve given, and we will respect and act on your requests promptly.
8. Profiling and Automated Decision-Making
Profiling refers to any form of automated processing of personal data to evaluate certain personal
aspects about an individual, particularly to analyze or predict aspects like economic situation,
personal preferences, interests, behavior, etc. Automated decision-making means making a
decision solely by automated means without any human involvement.
For transparency, we want to explain what kind of automated processing we do. At Tameh, we
utilize some level of automation and analytics to understand how users use our site and to improve
our services, but we do not engage in fully automated decision-making that produces legal or
similarly significant effects on you without human review. In other words, any important decisions
about your account or eligibility are either not made by algorithms at all, or if algorithms are
involved, there is a human in the loop.
Here’s what we do
Website and Usage Analytics
We use automated tools (like Google Analytics and
potentially other software) to collect and analyze information about visitors’ interactions
with our website. This involves profiling in the sense that we track how a user navigates
through pages, what features are used, etc., to identify usage patterns. The data collected
may include clickstream data, time spent on pages, forms partially filled out (even if not
submitted, some analytics capture when forms are abandoned), and so on. The purpose is
to better understand how users engage with Tameh: for instance, which pages are most
popular, where people drop off in a process, and which marketing channels are effective.
We may also use analytics to segment users into categories for internal analysis (e.g., new
users vs. returning, or engaged investors vs. less active ones). Importantly, this analysis is
done on an aggregated or anonymized level for trends; it is not to make decisions about
specific individuals.
Personalized User Experience
We might use automated logic to adjust the user
experience. For example, if our system sees that you consistently look at commercial
property investments over residential ones, we might automatically highlight more
commercial opportunities to you. Or if you haven’t completed your profile, the system
might remind you or bring that section to your attention. These are forms of profiling aimed
at providing a more relevant experience. However, these do not have negative effects on
you; they are meant to be helpful by tailoring content to your interests as inferred from past
behavior.
Marketing and Advertising Profiling
If you have agreed to it, we may use profiling for
marketing purposes. For example, based on your usage of our platform (and possibly other
data you provided), we might automatically determine which email newsletter content you
get (“investor A is interested in high-end properties, send them those offers”). Similarly, on
advertising platforms, we might use profile data to create audience segments (like showing
ads to users similar to our investors). These processes may be automated in that an
algorithm picks who goes into which group based on preset criteria (investment amount,
property interest, etc.). You always have the right to opt out of direct marketing profiling
by opting out of marketing entirely (see Section 7).
Risk and Fraud Monitoring
We have systems in place to monitor for fraudulent or
suspicious activities. These might involve some automated rules or algorithms – for
instance, an automated system might flag an account that logs in from two very distant
countries in a short time as potentially compromised, or flag if a large transaction occurs
from a new bank account, etc. While the detection can be automated, any action on such
flags (like blocking a withdrawal or freezing an account) typically involves human review
to verify there’s an actual issue. We do not solely rely on an algorithm to permanently block
or close accounts without a person checking the context. Automated flags are there to alert
our security/compliance team, who then make the decision.
No Automated Decisions with Legal Effect
We do not currently make decisions like
credit approvals, identity verifications, or eligibility determinations solely by algorithm.
For example, if we ever assess creditworthiness for a service, there would be a human
adjudication. When verifying identity, even if an AI-based document check is used to speed
things up, failures or uncertainties are typically reviewed by compliance officers. Likewise,
decisions about whether you can invest in a particular offering (if subject to investor
qualification criteria) are generally straightforward and rules-based (age, documents
provided) but involve manual verification.
Investment Recommendations
To clarify, any suggestions or “recommended properties”
you might see are for informational purposes based on general criteria (like “Most popular
this week” or “Properties similar to ones you viewed”). They are not individualized
financial advice generated by an algorithm for you. We do not use algorithms to advise you
on what to invest in tailored to your personal financial situation.
Automated Emails/Alerts
We might have triggers that send you automated alerts, such
as notifications when a new investment is available, or reminders (“You haven’t logged in
for a while, check out new opportunities”). These are based on simple criteria (like time
since last login) and are part of user engagement, not a judgment on you. You can manage
these through preferences.
Continuous Improvements with Safe Measures
We do use profiling in the sense of
continually improving our product. For example, we might test two versions of a sign-up
flow to see which performs better (A/B testing). Users are randomly and automatically
shown one version or the other, and we check conversion stats. This is automated
experimentation but doesn’t profile you personally – it’s more about aggregate behavior
and improving overall usability.
Given current technology and our approach, any automated decision that could significantly affect
you will have human oversight. For instance, terminating an account for fraud is a significant
action – while an algorithm might flag suspicious behavior, our team will investigate before any
final decision is made, ensuring fairness.
We also want to highlight that under certain data protection laws (like the EU’s GDPR, if it were
applicable), individuals have the right not to be subject to a decision based solely on automated
processing (including profiling) that has legal or similarly significant effects on them. While
Egyptian law is evolving in this area, we adhere to the spirit of this principle. If you believe you
have been subject to an unfair automated decision by Tameh, you can contact us, and we will
review it manually.
In summary, our use of automated processing is mainly for analytics, personalization, and security
monitoring. It’s there to help us run the platform efficiently and give you a better user experience.
We do not let algorithms make final decisions on matters that would substantially affect your rights
or investment outcomes without human intervention. If this approach changes in the future (for
example, if we introduce a robo-advisor or fully automated investment allocations), we will update
this Policy and ensure appropriate safeguards and transparency are in place.
9. Monitoring
For compliance, security, and quality assurance purposes, Tameh may record and monitor certain
communications and activities on our platform, in accordance with applicable laws. This section
explains what monitoring may occur, why we do it, and how that might affect you:
Communications Monitoring
We may monitor or record communications between you
and our team. This can include:
- Telephone Calls: If you call our customer service or if we call you, the call may be
recorded. We typically do this for training purposes (to ensure our staff provide
high-quality service), to have a record of what was discussed (in case of disputes
or follow-up needed), and to ensure compliance with our legal obligations or
internal policies (for example, if a transaction is initiated or instructions are given
over the phone, we have evidence of it). If calls are recorded, we will either inform
you at the start of the call via an automated message or have our representative tell
you (depending on legal requirements). You will generally have the option to
continue or end the call if you’re not comfortable with recording, although if you
choose not to be recorded, certain transactions might then need to be done in writing
or through the app for compliance reasons.
- Live Chats: If we offer live chat support on our website, transcripts of those chats
are saved. This helps us maintain a history of support conversations and again, aids
in quality control and resolving any later issues.
- Email Correspondence: Any emails you send to us (and our responses) are retained
and may be reviewed internally. Our support or compliance teams might review
communications to ensure you received correct information or to follow up on
promises made.
- In-App Messaging: If our platform has an internal messaging system (for example,
messaging between investors and sellers, or messages to support), those are stored
and accessible to us for monitoring if needed.
These monitoring activities are subject to applicable laws. In jurisdictions that require consent for
communications monitoring/recording, we will obtain such consent as needed (for instance, you
staying on the line after a recording notice is often treated as implied consent to call recording).
Platform Usage Monitoring
We monitor user activity on the platform to ensure
adherence to legal and regulatory obligations and to our Terms of Use. This may include:
- Login and Access Logs: We keep logs of who logged in, when, and actions
performed (such as updating profile, making an investment, etc.). Our
compliance/security team might review these logs for anomalies or investigate a
reported issue.
- Transaction Monitoring: As part of our AML program, we have systems and
possibly personnel who monitor transactions (deposits, investments, withdrawals)
for unusual patterns (see Section 8 on risk profiling). Some monitoring may be real-
time and automated, but any flagged issue is reviewed by our compliance officers.
- Content Monitoring: If the platform allows user-generated content (like comments
or forums), we may monitor those postings to enforce content standards (making
sure nothing illegal, offensive, or infringing is posted). We might use automated
filters for certain red-flag keywords as well as human moderators.
- System Monitoring: Our IT team monitors the system performance and may capture
details if something seems awry. For example, if an account is making rapid unusual
requests that could indicate a bot, that may be flagged and looked at.
Regulatory Compliance Monitoring
As a financial-related service, we might be subject
to periodic audits or inspections by regulators. In such cases, part of our compliance is to
maintain and be able to present records of communications and activities. For example, a
regulator might ask to see records of all transactions above a certain size, or evidence that
we provided required disclosures to users. Our monitoring and record-keeping ensure we
have that information available.
Internal Policy Adherence
We also monitor to ensure our team follows internal
protocols. For example, a call recording might be reviewed to ensure an employee did not
give out unauthorized advice or misrepresent something. This indirectly benefits users, as
it helps maintain high service standards and correct misinformation.
Detection of Unauthorized Behavior
Monitoring helps us detect and prevent misuse of
the platform. If someone is attempting to scrape data, use the platform in a prohibited way
(like circumventing security), or if we get reports of a possible account hack, we will use
monitoring data to investigate and respond.
Privacy Consideration
We understand that monitoring must be balanced with privacy
rights. We do not monitor communications that you have privately outside of our channels.
For instance, we cannot and do not listen to your personal phone calls or read messages not
on our platform. We only record communications that go through our official channels
(calls to our numbers, chats on our site, etc.). Additionally, recordings and logs are
accessible only to authorized personnel who have a legitimate need to access them (like
compliance officers, customer service managers, etc.). They are stored securely and are
subject to the same data retention policies described earlier (meaning we don’t keep
recordings forever – just as long as needed for the purposes stated, often a certain number
of years for regulatory reasons).
Transparency
We aim to be transparent about monitoring. This is why we include this
section. If we ever expanded monitoring in a way that could be considered intrusive, we
would inform you and ensure its legally compliant (e.g., maybe adding new forms of
communication).
In short, subject to applicable laws, we may record and monitor communications with you in order
to fulfill legal duties and ensure the integrity and quality of our services. This is a common practice
in financial services and many online services for the reasons described. Rest assured, this
monitoring is primarily for your protection and ours – to document what happens, to catch issues
early, and to continuously improve our service while obeying the rules we’re governed by.
If you have concerns about monitoring (for instance, if you want to ensure a particular call was or
wasn’t recorded, or you want to access a transcript of a chat you had), you can contact us and we’ll
address your queries within the bounds of our policies and legal obligations.
10. Your Rights
Under applicable data protection laws (including Egyptian law and, where applicable, laws like
the GDPR if you are in a relevant jurisdiction), you have certain rights regarding your personal
data. Tameh is committed to upholding these rights and providing you with control over your
information. Below is a summary of your rights and how you can exercise them:
Right of Access
You have the right to request access to the personal data we hold about
you. This is sometimes called a “data subject access request.” It means you can ask us to
confirm whether we’re processing your personal information and, if so, provide you with
a copy or description of that data, along with certain details about how we use and share it.
We will provide this information in a reasonable time, and it will generally be free of charge
(though laws allow us to charge a reasonable fee or refuse if requests are manifestly
unfounded or excessive).To exercise this, you can contact us at ……………………………
and specify that you are making a “subject access request.” We may need to verify your
identity (to ensure we don’t give your data to someone else) by asking for additional
information or using existing authentication.
Right to Rectification
It is important to us that your data is accurate. You have the right
to request correction of any inaccurate personal data we hold about you. You also have the
right to have incomplete data completed, which might involve providing a supplementary
statement. For example, if you notice your name is misspelled or your contact number is
wrong in our records, you can ask us to correct it. Many basic details you can update
yourself by logging into your account (like your contact info or profile data). For other
info, simply contact us and describe the correction needed. We will make the correction as
soon as possible, or if we cannot (perhaps if we dispute the accuracy of the info you
provided), we will let you know why.
Right to Erasure (Right to be Forgotten)
You have the right to request the deletion of
your personal data in certain circumstances. This right is not absolute, but we will honor it
when applicable. You can ask us to erase your data, for example, if it’s no longer necessary
for the purposes collected, or if you withdraw consent and we have no other legal basis to
keep it, or if you believe we processed it unlawfully, or to comply with a legal obligation.
We will also take steps to instruct any third parties that have the data (through our sharing)
to also erase it. Do note, due to legal obligations (like anti-fraud and AML laws, or
contractual reasons), we may need to retain certain data despite your erasure request. If
that’s the case, we will inform you. Also, erasing certain data might mean we can’t provide
services to you. If you just want to close your account, the typical process would involve
erasing or anonymizing data not needed post-closure (see retention policy). To request
erasure, contact us specifying what data you want removed. We’ll respond and either
confirm deletion or explain the reason we cannot fully comply (like a legal requirement to
keep some data).
Right to Restrict Processing
You have the right to ask us to limit or “freeze” the
processing of your personal data in certain scenarios. For example, if you contest the
accuracy of the data, you can request we restrict processing until the accuracy is verified;
or if processing is unlawful but you don’t want deletion; or if we no longer need the data
but you need it kept for a legal claim; or if you have objected to processing (see below)
and are awaiting verification of overriding grounds. During restriction, we will store your
data but not use it (except maybe to inform you or for legal reasons). If we lift the restriction
later (e.g., issue resolved), we’ll let you know. You can request restriction by contacting us
with the details of your request.
Right to Object
You have the right to object to our processing of your personal data when
that processing is based on our legitimate interests (or those of a third party) and you feel
it impacts your fundamental rights and freedoms. You also have an absolute right to object
to your data being used for direct marketing purposes (see Section 7 for opting out of
marketing). If you raise an objection to processing (other than marketing), we will review
it. We will either stop processing the data or, if we believe we have compelling legitimate
grounds to continue that override your interests, we will inform you of those grounds. For
instance, you might object to profiling we do; if it’s for marketing, we’ll stop, if it’s for
fraud prevention, we might explain why we need to continue. To object, contact us and
explain your situation and the processing you are objecting to.
Right to Avoid Automated Decisions
As mentioned, you generally have the right not to
be subject to a decision based solely on automated processing, including profiling, that
produces legal or similarly significant effects on you. As we explained in Section 8, we do
not do this type of processing without human oversight at this time. But if you believe you
have been subject to such a decision, you can demand human intervention, express your
point of view, and contest the decision. We will review and provide an explanation or take
appropriate action.
Right to Data Portability
You have the right, in certain cases, to receive your personal
data from us in a structured, commonly used, and machine-readable format, and to have
that data transmitted to another controller (for example, another service provider) where
technically feasible. This applies to data you provided to us and that we process by
automated means based on your consent or a contract with you. For instance, if you want
to move your investment history or personal info to a different platform, we could provide
it in CSV or JSON format if you request it. This is designed to help you reuse your data
across different services. To make a portability request, contact us specifying which data
you’d like in portable form. We’ll verify the applicability and then furnish the data
accordingly or directly transfer it if requested and feasible.
Right to Withdraw Consent
(As covered in Section 7) If we are processing personal data
based on your consent, you have the right to withdraw that consent at any time, without
affecting the lawfulness of processing based on consent before withdrawal. This includes
consents for marketing, etc.
Right to Complain
In addition to the above rights with us, you also typically have the
right to lodge a complaint with a data protection authority if you believe your privacy rights
have been violated. In Egypt, the Personal Data Protection Law is enforced by the Egyptian
Data Protection Center (once fully operational). If you’re in another jurisdiction (like the
EU), you could complain to your local supervisory authority. We encourage you to contact
us first, so we have the opportunity to address your concerns directly, but you are entitled
to go to regulators as well.
Right to Anonymity/Pseudonymity (where applicable)
Some jurisdictions allow users
to deal with services anonymously or under a pseudonym. Given the nature of our services
(financial/investment), we cannot provide the core services anonymously due to legal KYC
requirements. However, if you’re just making a general inquiry on our blog or support
before signing up, you don’t have to provide personal details until you proceed to register.
Exercising Your Rights
You can exercise most of these rights by contacting us at
……………………………… To ensure we don’t give your info to the wrong person, we
will need to verify your identity. If you have an account, we may verify by confirming
details we have on file or requiring you to make the request from the email associated with
your account. For certain sensitive requests, we might ask for a piece of ID. We will
respond to requests as soon as possible, generally within 30 days. If we need more time
(due to complexity or volume of requests), we’ll inform you of the extension and reasoning.
In case we cannot fulfill your request (such as if it infringes on others’ rights or if a legal
exception applies), we will explain why.
No Fee Usually
Typically, you will not have to pay a fee to exercise these rights. If your
requests are manifestly unfounded or excessive (for instance, repetitive requests), data
protection laws might allow us to charge a reasonable fee or refuse, but we rarely, if ever,
expect to resort to that.
Archived Data
If some data has been archived/backed-up in systems not readily editable,
it might take a bit longer to correct or remove it, but we will do so when those systems are
next accessed or restored (if not sooner possible).
We are committed to respecting your rights. Our goal is to be transparent, fair, and responsive.
Using your rights will not negatively affect the service we provide (except as needed to fulfill your
request, like if you delete data that’s needed to have an account, naturally the service can’t continue
in the same way). We consider privacy a partnership: you trust us with your data, and we empower
you to have a say in how it’s used.
If you have any further questions about your rights or how to use them, please reach out. We’re
here to help.
11. Children’s Privacy
Tameh’s services and Website are not intended for individuals under the age of 18. Fractional real
estate investing is a financial service that requires entering into legal agreements, and under
Egyptian law (and most jurisdictions), minors typically cannot enter such contracts or are restricted
in doing so. Therefore, we do not knowingly solicit, collect, or process personal data from anyone
under 18 years of age.
No Under-18 Usage
When you create an account with Tameh, you are required to confirm
that you meet our eligibility criteria (which includes being at least 18 years old, as stated
in our Terms of Use). If we learn that personal data we have collected is from an individual
under 18, we will take steps to delete that information promptly. This might come up if, for
example, a parent or guardian notifies us that a minor has used their information to sign
up, or if our identity verification process reveals an age that is below the threshold. We
reserve the right to ask for proof of age if we suspect a user is underage.
Parental Guidance
We advise that parents or legal guardians monitor their children’s
internet usage and instruct them never to provide personal data on websites without
permission. If you are a parent or guardian and you believe that your child under 18 may
have provided us personal information, please contact us immediately at ……………….
We will take steps to remove the data and (if applicable) close the child’s account.
No Child-Oriented Content
Our platform’s content, marketing, and services are all
oriented towards adults, particularly those interested in real estate investment. We do not
offer games, apps, or any features aimed at children. Therefore, we do not anticipate
attracting users in that demographic.
Legal Requirements
Under certain jurisdictions’ laws (for instance, some international
regulations), handling data of minors can require parental consent or have stricter rules. We
have chosen to avoid those situations entirely by not allowing children to use our service.
If in the future we were to offer any feature that might involve minors (which we currently
have no plan for), we would implement appropriate safeguards and obtain any necessary
consents as required by law.
Exception – Educational Content
It’s worth noting that while our service isn’t for minors,
sometimes general financial literacy content (like blogs or articles) could be read by
younger audiences on the internet. Our content is not harmful or inappropriate, but still, we
focus on adult readers. We do not knowingly market to minors in any way.
In summary, by using our site, you affirm that you are 18 or older. If this is not the case, you must
not use Tameh, and we ask that any personal data inadvertently provided by minors be brought to
our attention so we can delete it. Protecting children’s privacy is a responsibility we take seriously,
and we appreciate any assistance from our user community in this regard (like notifying us of
underage accounts).
12. Third-Party Websites
Our website may contain links to external websites or services that are not operated by Tameh.
This might include, for example, links to news articles, partner websites, social media platforms,
or resources we think might be useful to you. This section is to clarify that once you leave Tameh’s
site or interact with a third-party service, our Privacy Policy no longer applies in that realm:
No Control
We do not own or control third-party websites that may be linked from our
platform. Each of these external sites has its own privacy practices and policies which may
be very different from ours. For instance, if you click on a link to a property developer’s
site, or a bank’s site for payment processing, that site might collect data about you and use
it differently than we would. We are not responsible for the privacy practices or content of
any site that we do not operate.
Review Third-Party Policies
We strongly encourage you to review the privacy policy of
every website you visit via links on our site. This will inform you what information they
collect, how they use it, and what choices you have on that site. Our link to them is not an
endorsement of their content or their privacy/security practices.
Examples of Third-Party Links
- If we have a “Help Center” that includes links to government websites or legal
documents for informational purposes (like the Egyptian Data Protection Law text),
those are third-party.
- If you use a social media “Share” button or log in via a social network, you’ll be
interacting with that social network (e.g., Facebook, Twitter); any data they gather
during that interaction (like your profile info if you log in via them, or the fact that
you shared something) is governed by their policy.
- If we direct you to an online payment gateway or a bank’s hosted page to complete
a transaction, that page is likely under the bank’s domain and policy.
- Sometimes in our blog or info sections, we reference other companies or services
and link to them for your convenience. Those companies have their own sites and
rules.
Liability
Tameh is not liable for any issues arising from your use of third-party websites.
This includes how they handle your personal data, the content they display, any
products/services they offer, or any losses or damages you might incur by using those
external sites. If you provide personal information to any third-party site, you are doing so
at your own risk.
Cookies/Tracking on Third-Party Sites
If you navigate to a third-party site, they may
deploy their own cookies or tracking technologies on your browser. Our Cookie Notice and
practices do not cover those. For example, if you go to YouTube via a link on our site,
YouTube might track your viewing as per their own policies.
Embedded Content
Sometimes we might embed content from third parties, like a
YouTube video or a Google Map on our site. When you interact with that embedded
content, it’s similar to visiting the third-party site itself. For instance, playing an embedded
YouTube video might allow YouTube to collect usage data (in line with their policies). We
try to mark such content or at least ensure it’s apparent (like seeing the YouTube logo on
the player).
Partner and Integration
If there are services that integrate with ours (say, a third-party
ID verification service that you actually see on our site via an iframe, or a chat support
service plugin), typically we will make it clear and might even have a co-branded privacy
explanation. But in essence, any data you give to those integrated services is shared with
them as needed to perform the function. We ensure such partners are reputable and
contractually bound to appropriate standards, but you should also check their privacy info
if concerned.
In conclusion, once you leave Tameh’s environment, we cannot be responsible for how your data
is handled. Therefore, always exercise caution and due diligence when clicking on links or
engaging with external services. We include this warning to ensure you are aware that your data
protection might differ on other platforms, and that you should protect yourself by reading privacy
notices and understanding your settings on those sites.
If you find a third-party link on our site that you believe is malicious or unsafe, please inform us
so we can evaluate and possibly remove it. Your safety online is important, and while we try to
only link to reliable sources, the internet can change quickly, and user vigilance is always
beneficial.
13. Social Media
Tameh maintains an online presence on various social media platforms (such as Facebook,
LinkedIn, Twitter, Instagram, etc.) to engage with our community, share information, and provide
support. This section explains how interactions on social media are handled with respect to
privacy:
Official Pages and Accounts
We operate official pages or accounts on social media
networks to communicate with the public and our customers. For example, we might have
an official Facebook page or Twitter handle named after our company. The information
you choose to post on or through these social media pages (such as comments, reviews, or
messages) is generally publicly available to other users of that platform, and possibly
widely on the internet, depending on your privacy settings on that platform.
Public Information
Any content you share on our social media pages (like posting a
question or a testimonial) can be seen by others, and we cannot control how other
individuals may use that information. Please avoid sharing personal or sensitive data (like
your account details, financial info, or personal address) on social media. If you need to
discuss something private, it’s better to direct message us or contact us through official
support channels.
Monitoring social media
We monitor public social media content related to our brand to
gather feedback, assist customers, and improve our services. For instance, we might track
when our company is mentioned or when common questions arise. We may keep a record
of notable interactions or issues raised on these platforms to ensure they are addressed. Our
aim is to be responsive and proactive; for example, if someone complains on Twitter about
a problem, we might reach out to help.
No Endorsement of Platform Policies
When you engage with us on social media, you
are also subject to the terms and privacy policies of those social media companies. We do
not have control over how those platforms collect or use your data. For example, if you use
Facebook, Facebook may analyze your interactions with our page for their own purposes
(like targeted advertising). We caution that our presence on a platform does not imply
endorsement of that platform’s privacy or security practices. Use social media features at
your own discretion.
Content by Others
Sometimes, others (including other users or the social platform itself)
may post things on our pages that we do not control. While we may moderate obvious spam
or offensive posts, we are not responsible for content that others share on our social media
pages. Also, other users might reply to you or message you if you interact on our page;
again, we can’t control those interactions (though you can typically block or report users
on those platforms).
Information We May Collect from social media
If you contact us via direct message on
a social network, we may collect information like your social media handle and any info
you provide in that message, so we can assist you. Some social platforms also provide us
with analytics about our page’s reach and engagement (for example, aggregate
demographic info about our followers). This is generally anonymized, but to the extent it’s
personal data, we use it to understand our audience better. If we want to share or reuse
something you publicly posted praising Tameh, we would typically ask your permission
(e.g., quoting a tweet).
Social Media Login
If our service ever allows login or sign-up through a social media
account (like “Sign up with Facebook”), we would receive certain information from that
account (perhaps your name, email, etc. as authorized by you) – and we would use it
according to this Policy. But your interactions with that login provider (like Facebook) are
governed by their policies.
Advertising and social media
We might run ad campaigns on social media. That could
involve uploading a hashed contact list to the platform to match and reach our users (which
the platform does without revealing identities), or using the platform’s targeting tools to
show ads to certain demographics or lookalike audiences. Social media platforms may also
use cookies or pixels on our site (if we integrate them) to track conversions or retarget our
ads. These are more about advertising, but we mention them here to highlight that social
media companies might know you visited our site if you are logged into their service,
through those integrations.
Community Guidelines
We expect users on our social pages to interact politely and
lawfully. We may remove posts or comments that violate the community standards or our
own guidelines (e.g., profanity, promotion of unrelated services, personal attacks, etc.), and
we may block users who persist in such behavior. This is more a conduct issue than privacy,
but keeping spaces respectful indirectly protects privacy by reducing harassment or
unwanted attention.
No Private Support on Public Wall
For account-specific issues, we will usually steer the
conversation off public social media to a direct message or our secure channels. This is to
protect your privacy. For example, if you tweet at us “Can you check why my withdrawal
is delayed?”, we might reply asking you to DM us or contact support via email, rather than
asking you for account details publicly.
In summary, while we use social media to connect and inform, please be aware that any
information you share on those platforms may be widely accessible, and you should manage your
privacy on those platforms accordingly. We will treat any personal data obtained from our
interactions on social media in line with this Privacy Policy, but the platform itself has separate
rights to that data. Always exercise caution and use built-in privacy controls on each social network
to manage who sees your activity.
If you have questions about our social media practices or want something you posted on our page
removed, you can message us directly on that platform or email us, and we will do our best to
assist (within the scope of what that platform allows).
14. International Data Transfers
Tameh operates in Egypt, but the nature of online services means that your personal data might be
transferred to or stored in other countries for the purposes described in this Policy. In some cases,
those countries may have different (and possibly less stringent) data protection laws than your
home country. This section explains how we handle cross-border data transfers to ensure your
information remains protected:
Our operations
The information we collect from you may be processed by Tameh or its
service providers in any country where we or they maintain facilities or operations. For
example:
- If we use a cloud hosting provider with global data centers, your data might be
stored on a server in the European Union, the United States, or elsewhere
(depending on the provider and how they distribute data for performance and
redundancy).
- If our customer support team or certain business units operate outside Egypt (say,
a development team in another country), they might access data remotely to
perform their duties.
- Third-party services (payment processors, analytics providers) might be based
abroad and thus receive data overseas.
Adequacy and Legal Grounds
Whenever we transfer your personal data out of its
country of origin, we will ensure a legal basis for the transfer and that adequate safeguards
are in place. For transfers from Egypt to another country, we abide by any applicable data
transfer restrictions under Egyptian law (note: Egypt’s data protection law may require
certain approvals or conditions for transferring data outside the country; we will comply
with those). If you are in a jurisdiction like the EU or UK, please note we rely on
mechanisms like:
- Standard Contractual Clauses (SCCs): If we send data to a service provider in a
country not deemed adequate by EU standards, we often have SCCs in our contract
with them, obligating them to protect data to EU standards.
- Adequacy Decisions: We prefer services in countries considered to have adequate
data protection (though as of now, Egypt is not on EU’s adequacy list, and vice
versa, but e.g., if an EU user’s data is accessed in Egypt, we treat SCCs as the
mechanism).
- Consent or Necessity: In some cases, we may rely on your explicit consent for
cross-border transfers (especially if other safeguards aren’t viable, though we try to
avoid needing to do that), or transfer because it’s necessary to perform a contract
with you (e.g., to process a transaction internationally you requested).
Security Abroad
Regardless of where data is stored or processed, we apply the
protections described in this Policy. Our security measures (encryption, access control, etc.)
travel with the data. We also require that any foreign third-party processors handle the data
in compliance with our standards and applicable law.
Access from Anywhere
Given the global internet, you might be accessing our site from
outside Egypt. By using our services, you acknowledge that your personal data may be
transferred to, and processed in, countries other than your own. These countries might have
data protection rules that differ from your country. However, as mentioned, we will take
all measures reasonably necessary to ensure your data is treated securely and in accordance
with this Policy.
Public Content
If you make a contribution to our site intended for publication (like a
review or comment), that info might be accessible worldwide because it’s on the internet.
We cannot control how other people in other countries might use such published
information. For instance, if you post a testimonial that includes personal data, someone
on the other side of the world can see it. So be mindful of any info you make public on our
platform.
Consent to Transfer
By providing us with your personal data and/or using Tameh’s
website and services, you expressly consent to the transfer of your personal data across
national borders, including to countries which might not have the same level of data
protection law as in your jurisdiction. We include this because it’s important you
understand this aspect of global services.
Examples
- Data about an Egyptian user might be stored on a server in Europe, and data about
an EU user might be accessed by a support agent in Egypt. We protect both with
strong security and contractual commitments.
- If we ever expand and have users from, say, the Gulf region, their data might also
route through our infrastructure which could be in multiple locations.
Continuous Global Compliance
We stay updated on international data protection
developments. For example, if new regulations or court decisions require changing how
we transfer data (like adapting SCCs or using additional measures such as encryption on
certain data before transfer), we will do so.
Local Storage
Where feasible and legally required, we may store certain data locally. For
instance, if Egyptian law required that certain sensitive data of Egyptians remain in-
country, we would abide by that, using local servers or at least ensuring copies are stored
locally (data residency). Right now, we align with the law’s allowances for transfer by
implementing needed safeguards.
In case of any questions regarding international transfers or to obtain copies of relevant safeguards
(like SCCs) where applicable, you can contact us (keeping in mind some parts might be redacted
for confidentiality but we aim for transparency).
To summarize, we make sure that any cross-border transfer of your data is done lawfully and
securely, and by using our service, you acknowledge that such international transfers are part of
using a global digital platform. Your data may travel, but it remains under Tameh’s protective
umbrella through contractual and technical means.
15. Changes to this Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices,
technologies, legal requirements, or for other operational reasons. We reserve the right to modify
this Privacy Policy at our sole discretion. However, we will always do so in accordance with
applicable data protection laws and will endeavor to notify you of material changes.
Here’s what to expect regarding changes
Notification of Changes
If we make significant changes to how we handle your personal
data or to the Policy’s terms, we will inform you in advance as appropriate. Notifications
may be done through various methods:
- Posting a prominent notice on our website (e.g., a banner or pop-up highlighting
that the Privacy Policy has been updated).
- Sending an email to the address associated with your account, or other direct
communication, summarizing the changes.
- Other communication channels if available (like an in-app message or SMS,
depending on what contact info we have and the nature of the change).
For minor changes that do not materially affect your privacy rights (such as clarifications or
typographical corrections), we may simply update the Policy with a new “Last Updated” date and
not send out specific notices, so you should check this Policy periodically.
Effective Date
We will indicate the date the Privacy Policy was last updated at the top or
bottom of the document. All changes are effective when they are posted on this page, unless
otherwise indicated. If you continue to use our services after the updated Privacy Policy is
in effect, it will be deemed acceptance of the changes. If you do not agree with the changes,
you should stop using our services and can request deletion of your data as per Section 10.
Reviewing Updates
We encourage you to review this Privacy Policy periodically to stay
informed about how we are protecting your information. If we update the Policy, we will
keep earlier versions available upon request (or sometimes accessible on our website) so
you can see what’s changed.
Material Changes Examples
A material change might include: introduction of new data
processing purposes not originally listed; changes in the types of personal data collected; a
change in how long we keep data; sharing data with new types of third parties; or changes
in rights or how to exercise them (due to legal changes). We would highlight such changes
for your attention.
Regulatory Compliance
If any changes are required by law (for example, a new Egyptian
data protection regulation might require us to add certain information or change practices),
we will update the Policy accordingly. Often, legal changes come with grace periods; we’ll
implement any required changes as soon as reasonably possible and within deadlines.
Consent for Changes
In cases where a change requires your consent by law (for example,
if we were to start processing data in a way that originally required consent and we didn’t
have it already), we would obtain that consent separately and appropriately. Generally, use
of our site after a policy update indicates acceptance, but we will be explicit if any new
consent is needed.
In summary, this Privacy Policy may evolve, and we pledge to keep you informed and to ensure
that your privacy rights are not reduced without such notice and, where required, consent. Please
check back periodically – your continued use of Tameh.co constitutes your acceptance of this
Privacy Policy and any updates.
If you have questions or concerns about any changes, you can always reach out to us (see Section
16 for contact details) and we’ll explain what’s new and why.
16. Contact Information
We are here to address any questions, concerns, or requests you might have regarding this Privacy
Policy or your personal data. Please do not hesitate to reach out to us using the contact details
below:
The best way to contact us is via email at privacy ……………………………….
(or …………………………….., if a dedicated privacy email is not available). This inbox
is monitored by our data protection team, and we aim to respond promptly. Please include
as much detail as possible in your request or inquiry (for example, the email associated
with your account, and any specifics about your question or issue).
Address
Tameh – Office, [Address], Cairo, Egypt. If you prefer to send us a letter or if
required for legal notices, you can use this address. Please mark the envelope with “Attn:
Privacy Officer” to ensure it reaches the right team.
Telephone
If you need to speak to us directly, you may call our support line at [Phone
Number]. Our support team can handle general inquiries and will escalate privacy-specific
calls to the privacy officer or appropriate staff. Note: For certain privacy requests (like data
access or deletion), we will likely guide you to put it in writing (email or mail) so we have
a clear record and can verify identity properly.
Data Protection Officer
If we have appointed a Data Protection Officer (DPO) or a
similar privacy compliance person, you may specifically direct communications to them.
(If required by law or our own policy, we would list their contact or a generic contact that
reaches them, possibly the same as above email.)
Working Hours
Our team operates during normal business hours (for example, Sunday-
Thursday, 9am-5pm Eastern European Time, if in Cairo). We will attempt to acknowledge
receipt of your query within a reasonable timeframe (typically within a few business days).
What to Expect
When you contact us, especially for exercising rights (see Section 10),
we may need to verify your identity before proceeding with the request. Please be
cooperative in providing any information needed for verification (we will only ask what is
necessary). We will respond substantively as soon as possible, usually within 30 days. If
your issue is complex or if we are handling numerous requests, we will inform you of any
need for an extension.
Complaints
If you have a concern about how we have handled your personal data, we
hope you’ll give us the chance to address it by contacting us directly. We will investigate
and try to resolve any issue to your satisfaction. As noted, you also have the right to file a
complaint with the relevant supervisory authority (for example, the Egyptian data
protection authority when active, or if you are from another country, your local regulator).
We would appreciate the opportunity to discuss and resolve issues with you first, but you
are fully within your rights to go to the authorities.
Language
We can correspond in English or Arabic (and possibly other languages if our
staff is capable or we arrange for translation). Let us know your preference and we will
do our best to accommodate.
By contacting us, you confirm that you are the person (or an authorized representative of the
person) whose data or inquiry is involved. We may retain correspondence and any provided
information for our records in line with this Privacy Policy (for example, to document how we
resolved an issue or to keep a record of compliance with a request).
Thank you for reading our Privacy Policy. We value your privacy and trust, and we are committed
to safeguarding your personal data while providing you with a valuable service on Tameh.co. If
you have any questions or feedback about this Policy or our practices, please reach out – we’re
here to help