Wednesday, July 2, 2025         8:40 PM

Introduction

Anmol Cencepts (referred to in this policy as “we,” “us,” or “our”) is a company based in Pakistan that specializes in selling customized and standard promotional items and gifts. We provide our services to customers worldwide, including the United States, United Kingdom, European Union, Middle East, and Asia. We are committed to protecting your privacy and handling your personal information in a safe and responsible manner. For purposes of applicable data protection laws, we act as the “data controller” of the personal information collected via our website and related services.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website or services. It applies to all personal information collected through our online platform (and any related offline services) in connection with our promotional products and gift services. By using our website or providing your information to us, you acknowledge that you have read and understood this Privacy Policy. We encourage you to read it carefully to understand our practices regarding your information.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us using the information provided in the Contact Us section at the end of this document. We will be happy to address your inquiries.

Information We Collect and How We Collect It

We collect various types of personal information from you in the course of operating our business. This information may be collected directly from you (for example, when you place an order on our website) or automatically through your use of our site, and in some cases from third parties. Below is an overview of the categories of information we collect and how we collect them:

• Information You Provide Directly: When you interact with our website or services, you may provide personal information to us. This includes details such as your name, email address, phone number, mailing/shipping address, and payment information. For example, you provide personal details when you create an account, place an order, fill out a form or request a quote, subscribe to our newsletter, or contact our customer support. We will also collect any other information you choose to provide, such as the content of messages or inquiries you send to us, feedback you provide, or preferences you express (for instance, product customization details or survey responses). If you are purchasing on behalf of a business or registering as a business customer, you may also provide business information like your company name, business address, and tax/VAT ID. Some specific types of information you provide include:
  • Payment Information: If you make a purchase, you will need to provide payment details (such as credit card number or bank account information). For security purposes, we use trusted third-party payment processors to handle payment

transactions. This means your payment information is collected and processed by the payment provider on our behalf, and we do not store your full financial details (like full credit card numbers) on our systems. We only maintain records of the transaction (e.g. the amount, date, and confirmation of payment).

• Account Credentials: If our website allows account registration, we collect the login credentials (such as username and password) that you create. It is your responsibility to keep these credentials confidential and secure.
• Communications: If you correspond with us by email, through our website (e.g. live chat or contact forms), or by phone, we collect the information in those communications. For example, if you send us an inquiry or communicate with our sales or customer service team, we will collect your contact details and the content of your message and any information you choose to provide during the

• Information Collected Automatically: When you visit or use our website, we (and our third-party partners) may automatically collect certain technical and usage information about your device and browsing This data helps us understand how you use our services and enables us to improve the user experience. Information collected automatically may include:
  • Device and Log Information: Details about your device and internet connection, such as your IP address, browser type and language, operating system, device identifiers, and general geographic location (e.g. city or region, inferred from your IP). We also log usage information like the dates and times you access our site, the pages or products you view, the links you click, and the page you visited before navigating to our site (referral URL).
  • Cookies and Tracking Data: We use cookies and similar tracking technologies (explained more in the Cookies and Tracking Technologies section below) to collect information about your interactions with our This can include data on your browsing behavior such as pages visited, products viewed or added to cart, and preferences you set on our site. Cookies allow us to remember your settings and personalize your experience. We may also use web beacons, pixels, and analytics scripts that work in conjunction with cookies to track user activities.
• Information from Third Parties: In some cases, we may receive personal information about you from third-party sources. For example:
  • If you choose to log in or sign up via a social media or single sign-on service (if available), that third-party platform may share certain information with us (such as your name and email address) to facilitate the registration or login.
  • We might receive updated delivery addresses or contact details from our shipping carriers or postal services if they have more current information, to ensure our records are correct and your orders reach you.
  • Our payment processors may send us confirmation of payments or details needed to verify transactions (without sharing sensitive payment data).
  • Marketing and analytics providers might provide us with aggregated demographic insights or preferences (which do not identify you personally) to help us understand our customer base better or tailor our marketing efforts.

We will treat any information obtained from third parties in accordance with this Privacy Policy, and only use it for the purposes described herein or as disclosed to you at the time of collection.

• Sensitive Personal Data: We do not intentionally collect any sensitive personal data through our website or services, unless you choose to provide “Sensitive” data includes information such as your health details, genetic or biometric data, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, or information about criminal background. Our services are not designed to collect this type of information, and we ask that you do not submit it. If you do provide any sensitive personal data to us for any reason, you consent that we may process it for the purposes for which you provided it (for example, if you voluntarily provide information about dietary restrictions for an event, which could imply health or religious data, we will use it only for that specific purpose).

We will apply extra care to protect any sensitive data that you do inadvertently provide.

• Children’s Privacy: Our website and services are not intended for children under 13 years of age (or under the age of 16 in certain jurisdictions such as the European Union, where a higher minimum age may apply). We do not knowingly collect personal information from anyone under the age of consent. If we become aware that we have inadvertently collected personal data from a child, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that a child under your care has provided personal information to us without your consent, please contact us so that we can investigate and address the issue promptly. By using our services, you represent that you are at least the age of majority in your jurisdiction (or are using the service under the supervision of a parent or guardian who consents to this policy).

Cookies and Tracking Technologies

Like most websites, we use cookies and similar tracking technologies to provide and improve our services, as well as to offer a better user experience. Cookies are small text files that are placed on your computer or device when you visit a website, which allow the website to recognize your device and store certain information about your preferences or past actions. In addition to cookies, we may use other technologies such as web beacons (also known as pixel tags or clear GIFs), which are tiny graphics embedded on webpages or emails, and scripts/analytics tools that collect usage data about our site.

How We Use Cookies: Cookies and tracking technologies serve several important functions on our site, including but not limited to the following:

• Essential Cookies: These cookies are necessary for our website to function They enable core features such as shopping cart functionality, user login and account management, and secure checkout. Without these cookies, certain services or features on our site may not be available or may not work correctly. For example, essential cookies allow you to add items to your cart and retain them as you browse, and they help process your orders.
• Preference & Functional Cookies: These cookies remember your preferences and settings to enhance your experience. For instance, they may recall your chosen language, the region you are in, or other interface customizations. By recognizing you when you return, preference cookies enable us to provide a more personalized experience—for example, remembering your login so you don’t have to re-enter it on every visit, or keeping track of your past customizations and settings.
• Analytics & Performance Cookies: We use analytics cookies and similar tools (such as those provided by Google Analytics or other analytics providers) to collect information about how visitors use our This includes which pages are visited most often, how users navigate through the site, and whether they encounter error messages on certain pages. The data collected is typically aggregated and anonymous, meaning it does not directly identify individual visitors. We use this information to analyze website traffic, understand user interactions, and improve the performance and content of our site. These cookies help us identify trends, optimize pages, and make informed decisions about new features or content.
• Advertising & Marketing Cookies: If we engage in advertising or retargeting campaigns, advertising cookies may be used to track your browsing habits on our site and other sites. These cookies remember that you visited our site and help us and our advertising partners show you relevant advertisements on other platforms. For example, if you viewed a particular product on our site, you might later see an ad for that product on a different website. We will only use advertising cookies or allow third-party advertising networks to set cookies on our site in accordance with applicable laws. In regions where consent is required for such cookies (e.g. the EU/UK), we will obtain your permission via the cookie consent banner before deploying them.

Third-Party Cookies: Some cookies on our site are placed by third parties with whom we partner. For example, we use third-party analytics services like Google Analytics, and the Google Analytics cookies are set by Google’s domain. Similarly, if we use a Facebook Pixel or Google Ads for advertising, those services may set cookies to track ad performance. These third-party cookies are governed by the privacy policies of the third parties (e.g., Google’s Privacy Policy for Google Analytics). We do not control the data collected by third-party cookies. However, we contractually require our partners to use any information collected via our site in compliance with relevant privacy laws and solely for the purposes we’ve agreed upon (such as analytics or advertising on our behalf).

Your Choices Regarding Cookies: You have the ability to manage and control cookies in various ways:

• Browser Settings: Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline some or all cookies, or to alert you when a cookie is being placed on your device. You can also delete cookies that have already been set by your browser. Please refer to your browser’s help documentation for instructions on how to manage Keep in mind that if you disable or delete certain cookies, it may affect the functionality and features of our website. For example, disabling cookies might prevent you from logging in or making purchases, or some pages may not remember your preferences.
• Cookie Consent Banner: If you are in a region that requires affirmative consent for non- essential cookies (such as the EU), you will see a cookie consent banner or pop-up when you first visit our site. This banner allows you to accept or reject different categories of cookies (except essential cookies, which are always active). You can make your selections in the banner. Even after you’ve made your initial choices, you can change your cookie preferences at any time by using our website’s cookie management tool (if provided) or by adjusting your browser settings as described
• Opt-Out Tools: For third-party advertising and analytics cookies, you can often opt out of data collection via industry For instance, Google Analytics provides a Browser Add- on to opt out of its tracking. Advertising networks may participate in opt-out platforms such as the Digital Advertising Alliance (DAA) in the US or the European Interactive Digital Advertising Alliance (EDAA) in the EU, which allow you to opt out of interest-based advertising from participating companies. Please note that opting out of targeted advertising cookies does not mean you will no longer see ads, but rather that the ads you see will be more general and not tailored to your interests based on cookies.

By continuing to use our website with your browser set to accept cookies, you consent to our use of cookies and similar technologies as described in this Privacy Policy. If you have consented via our cookie banner, you can always revoke that consent by changing your preferences. For more information about cookies and how to manage or disable them, you may visit independent resources such as AllAboutCookies.org. If you have any questions about our use of cookies and tracking technologies, feel free to contact us.

How We Use Your Personal Information

We use the personal information we collect for a variety of legitimate business purposes. The primary purposes for which we process your information include:

• To Provide Products and Services: We process your information to fulfill your orders and provide the services you request. This includes using your personal details to process transactions, manufacture or customize products you’ve ordered, arrange for shipping and delivery, and communicate with you about the status of your For example, we use your shipping address to deliver your items, and your email or phone number to send order confirmations, invoices, and updates (such as a notification that your order has shipped or is ready for pickup). We also use your information to provide any other services you request, like quoting custom orders or sourcing specific products.
• To Communicate with You: We use your contact information (such as email address and phone number) to communicate with you regarding our This includes responding to your inquiries, answering questions about products, processing requests or complaints, and providing customer support or technical assistance. We may also send you administrative or transactional communications that are necessary, such as confirmations of your purchases, receipts and billing information, alerts about changes to our terms or policies, or notifications regarding product recalls or safety issues (if any arise). These communications are considered part of our service to you and are not promotional in nature.
• For Marketing and Promotional Purposes: With your consent where required by law, we may use your email address, phone number, or other contact details to send you newsletters, special offers, promotions, or other marketing communications about our products and services that we believe may interest you. We strive to make these communications relevant — for example, we might inform you of new products similar to ones you have purchased, or send discounts and deals available in your Note: You have control over whether you receive marketing communications from us and can opt out at any time. (See the Your Marketing Choices section below for how to manage or withdraw your consent to marketing.) We will not send you marketing emails or texts if you have opted out or if sending them is not permitted by applicable law.
• Personalization and User Experience: We may use the information we collect (for instance, data from cookies, your browsing history, and your purchase history) to personalize your experience on our site. This can include remembering your preferences (such as language or currency), showing you products or content that are likely to interest you based on your past interactions, pre-filling forms with your information to save you time, and customizing the way information is presented to you. The goal is to make our website more relevant to your needs and easier to Personalization helps us provide a tailored shopping experience — for example, recommending products in a category

you’ve browsed, or keeping items in your cart if you left the site before completing a purchase.

• Analytics and Service Improvement: We use personal information (particularly in aggregated or de-identified form) to understand and analyze user behavior and preferences, in order to improve our services. We monitor metrics such as the total number of visitors, traffic patterns, which pages or products are most popular, and how users interact with various parts of our site. This analysis helps us identify trends and areas for For example, analyzing browsing data might help us discover that our checkout process is causing confusion, prompting us to simplify it. Similarly, understanding what products are frequently viewed together could influence our inventory or website navigation. Overall, these insights inform our decisions on how to enhance our products, website functionality, marketing strategies, and the general user experience.
• Surveys, Contests, or Promotions: From time to time, we may offer opportunities to participate in special programs such as customer surveys, contests, sweepstakes, or promotional If you choose to participate, we will use the personal information you provide (for example, your name, contact information, and any contest entry or survey responses) to administer the program. This can include determining eligibility, communicating with you about the program (e.g., confirming entry, updating you on contest status, or notifying winners), and fulfilling the incentives or prizes (for example, sending you a prize if you win). Participation in these programs is completely voluntary, and you will have the opportunity to review rules and details at the time of entry, including how your information may be used beyond the purposes stated here if that is relevant.
• Fraud Prevention and Security: We may process personal information as part of our efforts to keep our website, business, and customers secure. This includes using data to detect and prevent fraudulent transactions, spam, abuse, or other malicious For example, we might use certain information (like device information or purchase history) to flag orders that appear suspicious or that might be at high risk of fraud. We also use personal data to enforce our terms and conditions and to protect the rights and safety of our company, our customers, our partners, and others. If necessary, information may be used to investigate potential violations of law or breaches of our own policies, and to take measures to prevent injury or damage in case of threats.
• Legal Compliance and Enforcement: In some cases, we need to use and retain your information to comply with applicable laws, regulations, and legal For instance, we may use personal information to maintain proper business records, fulfill our tax or accounting obligations, or respond to lawful requests by public authorities (such as providing information in response to a court order or subpoena). Additionally, if we are involved in a legal dispute or governmental inquiry, we will use relevant personal data as necessary to assert our rights or defend against claims. We may also process your data if needed to investigate and address violations of law or our own internal policies. In essence, when the law requires us to collect or keep certain information, or when we must use information to protect our legal interests, we will do so.
• Other Purposes (with Notice or Consent): If we intend to use your personal information for purposes other than those described in this Privacy Policy, we will notify you at the time of collection or before using the data in a new way. In circumstances where your consent is required by law for a particular use of your personal information, we will obtain your consent. For example, if we ever plan to use your information in a way that is not compatible with the purposes we originally collected it for, we will explain the new use case to you and, if required, ask for your permission. You are not obligated to consent, and you may withdraw your consent at any time if you have given it (as described in the Your Rights and Choices section). We will not use your personal information for any materially different, unrelated purposes without informing you and obtaining consent when required.

We will only use your personal information in a manner that is consistent with the purposes for  which it was collected, unless we have a valid legal basis (such as a legal obligation or your explicit consent) to use it for a new purpose. If we need to use your personal information for a purpose unrelated to the original reason for collection, we will notify you and explain the legal basis that allows us to do so. Where required by law, we will seek your consent for the new use.

Legal Basis for Processing Personal Information (GDPR/UK GDPR)

For individuals located in certain jurisdictions, such as the European Union, United Kingdom, or other regions with data protection laws that require a “legal basis” for processing personal information, we want to clarify the grounds on which we process your data. Depending on the context in which the personal information is collected and used, we may rely on one or more of the following legal bases:

• Performance of a Contract: We process personal information when it is necessary to enter into or perform a contract with you. In other words, we need to process your data to fulfill our obligations under our agreement with you, or to take steps at your request before entering into a contract. For example, when you place an order for products, we must process your payment and shipping details to deliver the goods and provide the service you requested. This processing is justified by the necessity to perform the contract of sale for our products or services that you have requested. If you refuse to provide information that is necessary to perform the contract (such as a shipping address), we may not be able to complete your transaction.
• Consent: In certain cases, we will ask for your consent to collect and use specific information. We rely on consent as a legal basis when you have a real choice in whether or not we should process your data. For instance, we seek your consent to send you promotional emails or newsletters, or to use certain cookies that are not strictly necessary for our site’s core functionality. If you grant consent, you can withdraw it at any time. Withdrawing consent will stop the processing of the personal information that was based on that consent from that point forward (unless there is another legal basis that we rely on). Please note, withdrawing consent does not affect the legality of any processing that took place before your Also, in some cases, we may be required or allowed to continue processing your data on a different legal basis even after you withdraw consent (for example, we might still need to retain certain transaction records for legal compliance).
• Legitimate Interests: We may process your personal information as necessary for our legitimate business interests, provided that such processing does not override your own rights and freedoms. “Legitimate interests” is a flexible legal basis that can cover many routine business purposes – for example, improving and securing our products and services, preventing fraud, marketing to existing customers, or analyzing user behavior to enhance our offerings. When we rely on legitimate interests, we carefully consider and balance any potential impact on you (both positive and negative) and your rights under data protection We will not process personal data on this basis if we determine that our interests are outweighed by the impact on your privacy or by your data protection rights. You have the right to object to certain processing based on legitimate interests (see Your Rights and Choices below for more information on your right to object). If you lodge an objection, we will evaluate it and comply in accordance with applicable law.
• Legal Obligation: We will process personal information when it is necessary for compliance with a legal obligation to which we are This means if we are required by a law or regulation to process certain data, we will do so. Examples include retaining transaction records to satisfy financial and tax regulations, providing information to law enforcement upon a valid request, or complying with consumer protection laws. In such cases, the law is the basis for our processing and we will limit the data and processing to what is legally required.
• Vital Interests: In very rare situations, we may need to process personal information to protect your vital interests or those of another “Vital interests” generally refers to matters of life and death or serious harm. For example, if we become aware that someone’s life is in danger and we have personal information that could help prevent harm, we might use or disclose that information if legally allowed. This is an unlikely scenario in the context of a promotional products business, but we include this legal basis to cover any extraordinary situations where such processing could be justified (for instance, providing information to medical personnel in an emergency if a situation were to arise during an event we host).

Where appropriate, we will identify the specific legal basis for processing your personal information at the point we collect it or in the context of specific activities. For example, we may indicate in a signup form that we are asking for your consent to send marketing emails, or note in our checkout process that certain information is required to perform our contract (fulfill your order). If you have any questions about the legal bases upon which we collect and use your personal information, you can always contact us for more information.

How We Share Your Personal Information

We understand the importance of your privacy, and we handle your personal information with care and confidentiality. We do not sell or rent your personal information to third parties for their own marketing purposes. However, in the normal course of running our business, we do share personal information with certain third parties under strictly controlled circumstances. Below, we describe the situations in which your information may be shared and the types of parties with whom we may share it:

• Service Providers and Business Partners: We share personal information with trusted third-party companies and individuals who perform services and functions on our behalf to support our operations and the services we provide to This includes, for example:
  • Payment Processors: to securely process credit card transactions and other payment methods (e.g. banks, PayPal, Stripe). These processors handle your payment information in compliance with security standards and send us payment
  • Shipping and Logistics Companies: to fulfill and deliver your orders (e.g. courier and postal services like DHL, FedEx, local postal services). They receive your name and address and any necessary contact information for delivery.
  • Cloud Hosting and IT Providers: to host our website, databases, and information or to provide backup and data storage They may process data as needed to keep our services running securely.
  • Analytics and Marketing Services: to help us understand usage of our services or execute marketing campaigns. For instance, we might use Google Analytics to analyze website traffic or an email service provider to send out These partners process data like site usage info or email addresses on our instructions.
  • Customer Support and Communication Tools: to assist in managing customer inquiries, live chat, or email communications (for example, a CRM system or helpdesk platform that stores customer queries, or an SMS service to send text notifications).

These third-party service providers are given access to personal information only to the extent necessary to perform their specific tasks for us. They are contractually obligated to protect your information and use it solely for the purposes we specify. We require all our service providers to implement appropriate data protection and security measures in line with applicable laws.

• Affiliates and Related Companies: If Anmol Concepts is part of a corporate group (for example, subsidiaries, parent company, or other companies under common ownership), we may share your personal information within that Such sharing would occur only if necessary for internal administrative purposes, business operations, or to provide you with our services. Any affiliated entities that receive your information will be bound to uphold privacy practices that are at least as protective as those described in this Privacy Policy. We treat the protection of your information as a company-wide priority.
• Business Transfers (Mergers or Acquisitions): In the event that our company undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or a portion of our assets, your personal information may be disclosed to the prospective or actual successor entity as part of the transaction. For example, if another company is evaluating a potential purchase of our business, we might need to provide some data (under confidentiality agreements) as part of the due diligence process. Or if our assets (including customer data) are transferred to another company as part of a takeover, your data would become an asset of that new entity. In such cases, we will ensure that any transfer of personal information is done in accordance with applicable privacy laws. If a change in ownership or management occurs and your personal information will be used in a materially different way than described in this policy, we will notify you by posting a notice on our website or contacting you via email, and we will inform you of any choices you may have regarding your personal information (for instance, you may have the opportunity to delete your account if you do not wish to be part of the new entity’s database).
• Legal Compliance and Protection: We may disclose your personal information when we reasonably believe that such disclosure is necessary to comply with a legal obligation or to protect our rights, property, or safety, or those of our customers, employees, or others. This includes situations where we may share information in order to:
  • Comply with Laws and Regulations: If we are required to disclose data to satisfy any applicable law, regulation, legal process, or enforceable governmental request. For example, we may respond to a court order, subpoena, or law enforcement agency’s request by providing the required information.
  • Enforce Our Policies and Contracts: We may need to share information to enforce or apply our Terms of Service, this Privacy Policy, or other agreements, including investigation of potential violations.
  • Prevent Fraud and Security Issues: We can disclose information if necessary to detect, prevent, or address fraud, security, or technical issues. For instance, exchanging information with other companies and organizations for fraud protection and credit risk reduction.
  • Protect Rights and Safety: If we believe in good faith that disclosure is necessary to protect the rights, property, or personal safety of Anmol Concepts, our customers, our employees, or the public, we may share the data. This could include sharing information with relevant authorities or alerting law enforcement of activities that we reasonably deem illegal or dangerous (such as suspected fraudulent transactions or threats).

Such disclosures will be made only in accordance with applicable laws. We will limit the information shared to what is necessary and will object to requests for data that we believe are improper. Whenever feasible and legally permissible, we may notify you if we have to disclose your information as part of a legal process.

• With Your Consent: Apart from the circumstances outlined above, we will share your personal information with third parties only if you have given us consent to do so. For example, if we ever wish to post customer testimonials or success stories on our website that contain personal information (like your name or photo), we would seek your explicit consent before doing so. Similarly, if we partner with another company to offer a joint promotion or service where sharing your information is necessary, we would only proceed with your knowledge and approval (or as otherwise permitted by law). You have the right to withdraw such consent at any time, and if you do, we will cease the specific sharing that was based on your consent.
• Aggregated or De-Identified Information: We may also share information that has been aggregated or anonymized in such a way that it does not identify you individually. For instance, we might compile statistics about how many customers purchased a certain category of product in a given month, or the percentage of visitors to our site from different regions, and share these insights publicly or with business partners. This information will not contain any personal data and cannot be linked back to you or any specific user. We use and share aggregated data for purposes like industry analysis, research, marketing, and improving our services.

Note: Whenever we share your personal information with third parties as described above, we strive to ensure that they commit to keeping it secure and confidential. All third parties are expected to handle your data in accordance with this Privacy Policy and applicable law. We also endeavor to share the minimum amount of information necessary for the particular purpose. If you would like more details about the third parties with whom we share personal data (for example, the names of analytics or marketing partners we use), you may contact us for more information.

Data Security

We take the security of your personal information very seriously. We have implemented a variety of technical, administrative, and physical safeguards designed to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. While no method of transmission over the internet or electronic storage is 100% secure, we continually work to protect your information and keep our security measures up to date. Some of the measures we employ include:

• Encryption: Our website employs encryption protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to secure data transmitted between your device and our servers. This means that when you enter sensitive information (like payment details or login credentials) on our site, the data is encrypted in transit so that it cannot be easily intercepted by unauthorized parties. You can verify that our webpages are secure by looking for the padlock icon in your web browser’s address bar and the “https://” prefix in the URL, indicating an encrypted connection.
• Access Controls: We restrict access to personal information to only those employees, contractors, and service providers who have a legitimate business need to know or access that information. Within our organization, your personal data is accessible only to authorized personnel who are trained on the importance of privacy and data security. Each such person is required to keep the information confidential and is bound by privacy

and security obligations. Additionally, we use authentication measures (such as passwords and, where appropriate, multi-factor authentication) to ensure that access to systems and databases is limited to authorized individuals.

• Secure Infrastructure: We maintain our IT systems in secure facilities and deploy industry- standard security practices to prevent unauthorized intrusion. Our servers and databases are protected by firewalls, antivirus and anti-malware software, intrusion detection systems, and other security technologies to prevent hacking or cyberattacks. We regularly monitor our systems and networks for possible vulnerabilities and attacks. Software and systems are kept updated with security patches, and we follow best practices for server hardening. We also perform routine security audits and risk assessments to evaluate the effectiveness of our security controls and make improvements as needed.
• Payment Security: As noted earlier, we do not store sensitive payment card details on our own servers. We partner with payment processors that are PCI-DSS compliant, meaning they adhere to the Payment Card Industry Data Security Standards to ensure the secure handling of credit card information. By using external experts in payment processing, we add an extra layer of protection for your financial data. Any payment information transmitted through our site is protected via encryption (such as SSL/TLS), and the processing is handled by these specialized services that focus on payment security.
• Organizational Measures: In addition to technical safeguards, we implement various organizational policies and procedures to protect data. We have a data protection policy in place that guides how personal data must be handled within our company. Our staff receive training and guidance on privacy best practices and how to identify and respond to potential security incidents (such as phishing attempts or suspected data breaches). We have also established an incident response plan so that, in the unlikely event of a data breach or security incident, we can promptly take steps to contain the issue, mitigate any harm, and notify affected parties and authorities as required by law.

Despite our efforts, it is important to understand that no security measure or system is infallible. The transmission of information via the internet, in particular, carries inherent risks. Although we strive to protect your personal information, we cannot guarantee the absolute security of data transmitted to our site; any transmission is at your own risk. Once we receive your data, we will use strict procedures and security features to try to prevent unauthorized access.

Your Responsibility: You also play a role in keeping your information secure. We encourage you to take steps to protect against unauthorized access to your account and personal information. Choose a strong, unique password for your account (if you register on our site) and do not share it with others. Be cautious about phishing scams — we will never ask you to disclose your password via email or unsolicited communications. If an email or message looks suspicious or asks for sensitive information, double-check that it’s actually from us. Always log out of your account and close your browser when you’ve finished using the site, especially if you are on a shared or public computer. If you believe that your interaction with us is no longer secure (for example, if you suspect that the security of your account has been compromised or you receive a suspicious communication claiming to be from us), please notify us immediately using the contact information in this policy. We will work with you to address the issue.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, as described in this Privacy Policy, and for as long as we have another lawful basis to continue storing it. This includes retention for the purposes of satisfying any  legal, accounting, or reporting obligations, as well as retaining information to resolve disputes or enforce our agreements.

When determining how long to keep personal information, we consider various factors such as the nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data and whether we can achieve those purposes through other means, and applicable legal requirements (including statutes of limitations for potential legal claims and regulatory mandates for data retention).

In practice, this means that we typically retain personal data for the duration of your relationship with us, plus a reasonable period afterward. For example:

• Account Information: If you create an account on our website, we will retain your account information for as long as your account is active. If you choose to delete your account, we will remove or anonymize the personal information associated with your account within a reasonable time (e.g. account data might be deleted within 30 days of your request, except for information that we need to keep for legal reasons). Some residual data (like records of transactions linked to your account) may be kept as described below.
• Transactional and Order Records: Information related to your purchases (such as order history, invoices, and payment records) is generally retained for a number of years as required for legal, tax, and business record-keeping purposes. For example, financial and transaction records are often kept for 7 years (or more, depending on local regulations) to comply with tax laws and accounting rules, and to be able to address any disputes or inquiries regarding those transactions.
• Customer Service Communications: If you have corresponded with us (for example, emails or chat logs with customer support), we may retain those communications for a certain period after your inquiry was resolved. This allows us to have a history of your issue in case it recurs and to train or audit our customer service Unless needed for ongoing service improvement or legal purposes, routine communications are typically retained for a shorter period (a couple of years at most).
• Marketing Data: If you have signed up to receive marketing emails (e.g. newsletters or promotional offers), we will retain your contact information on our marketing list until you unsubscribe or opt out of marketing. If you do opt out, we will remove your contact from our active marketing list promptly and no longer use it for However, we may retain a record of your opt-out request (your email address and preference) to ensure we honor your no-contact request going forward. We may also keep a record of which communications you received and when, to maintain an audit trail of consent.
• Website Analytics Data: Data collected via cookies and similar tools for analytics purposes is often aggregated and anonymized. We might retain aggregated analytics data (which does not identify individuals) indefinitely for historical analysis. However, identifiable analytics data (like a unique cookie ID) is typically retained according to standard practices (for instance, Google Analytics retains user-level data associated with cookies and advertising IDs for a certain period, such as 14 or 26 months, unless you clear those cookies). We adhere to such standards and delete or anonymize older analytics data as

Once the retention period for a particular set of data expires, or if you request deletion and we have no lawful basis to retain the data, we will securely dispose of your personal information. This may involve permanently deleting electronic records, securely wiping or destroying physical media, or anonymizing data so it no longer can be associated with you.

If there is any personal information that we are unable to completely delete from our systems (for example, because it is stored in system backups or archives that are not easily accessible), we will isolate that data from any further active processing. In other words, if the data cannot be immediately erased due to technical constraints, we will ensure it is not readily available for any routine business use and will remove it from our active systems until deletion is possible. Please note that in certain cases we may be obliged to retain your information for a longer period if required by law, even after our business relationship has ended. For example, some jurisdictions have laws that require retention of certain transaction data for 10 years or more. In all cases, we will ensure that any personal information is handled in accordance with this Privacy Policy for as long as it is retained.

International Data Transfers

Because Anmol Concepts operates in Pakistan and serves customers around the world, your personal information may be transferred to, stored in, and processed in countries other than your own. In particular, information that we collect from you may be transferred to and stored on servers located in Pakistan (where our primary operations are based), and it may also be processed by our partners or service providers in other countries (for example, if we use a cloud service or support team located abroad).

It’s important to note that the data protection and privacy laws of the countries where your information is transferred may be different from, and in some cases less protective than, those in your home country. For instance, if you are located in the European Economic Area (EEA) or the United Kingdom, you should be aware that Pakistan is not currently recognized by the European Commission as providing an “adequate” level of data protection. This means the laws in Pakistan may not guarantee the same level of privacy safeguards for personal data as EU/UK law provides.

However, regardless of where your personal information is processed, we will take steps to safeguard it. We transfer personal information internationally in compliance with applicable privacy laws and utilize appropriate safeguards to protect your data when it’s moved across borders. These safeguards include:

• Standard Contractual Clauses (SCCs): For transfers of personal data from the EEA, UK, or Switzerland to countries that are not deemed to have adequate data protection (such as Pakistan or the United States), we may use the European Commission’s approved Standard Contractual Clauses, or equivalent mechanisms, as part of our contracts with the parties receiving the data. These clauses impose contractual obligations on the recipient to protect the personal data to European privacy Where necessary, we will also implement supplementary measures (technical or organizational) to ensure that the data is protected.
• Consent and Contract Necessity: In certain situations, we rely on specific derogations under data protection law for international transfers. One common basis is your explicit consent to the transfer. For example, if you are in the EU and you request a service that necessarily involves sending your data to Pakistan (such as ordering a product for delivery from our facilities in Pakistan), we will infer that you understand and consent to the transfer of your data to provide the requested service, to the extent permitted by law. Another basis is that the transfer is necessary for the performance of a contract between you and us (or implementation of pre-contractual measures taken at your request). For instance, if you place an order from outside Pakistan, transferring your name and address to Pakistan is necessary to fulfill your order. We will only rely on consent or contractual necessity for international transfers when other safeguards (like SCCs) are not available or
• Other Lawful Bases: We may also transfer data internationally as needed on other bases permitted by relevant data protection For example, if a transfer is necessary for the establishment, exercise, or defense of legal claims, we may perform the transfer under that condition. Another example is if the transfer is necessary in order to protect your vital interests (e.g. in a medical emergency abroad). We will always ensure any such transfers are lawful and respect your rights and freedoms.

If we transfer your personal information to a jurisdiction that does not offer the same level of data protection as your home country, we will take measures such as described above to protect your privacy. You may contact us for more information about the safeguards we have in place for international data transfers.

By using our website or services, or by engaging with us and providing your personal information, you acknowledge that your data may be transferred to countries outside of your home country (including Pakistan and any other country where we or our service providers operate) as described in this Privacy Policy. We understand that cross-border data movement can be complex, and we are committed to handling your personal information with the utmost care no matter where it is processed.

Your Rights and Choices

We respect your rights to control your personal information and we comply with applicable data protection laws that grant certain rights to individuals (“data subjects”). The availability of these rights and the ways to exercise them can depend on your jurisdiction. Below, we outline the general rights you may have. Specific rights for EU/UK residents and California residents are highlighted separately.

Rights Under General Data Protection Laws (EU/UK and Similar Jurisdictions)

If you are located in the European Union, United Kingdom, or a jurisdiction with similar data protection laws, you have the following rights regarding your personal data (subject to certain exceptions and conditions):

• Right of Access: You have the right to request confirmation of whether we are processing personal information about you, and if so, to request a copy of the personal data we hold about you. This allows you to know and verify the lawfulness of our processing. Upon request, we will provide you with a copy of your personal data along with information about how it’s used, who it’s shared with, how long it will be retained, and the safeguards in place if it’s transferred outside your jurisdiction. (Note: In certain cases, we may not be able to provide every piece of information, for example if it involves disclosing data about another person, or other exemptions We will inform you if anything is withheld and why.)
• Right to Rectification: You have the right to request that we correct any inaccurate personal information we hold about you, and to have incomplete data completed or updated. We encourage you to help us keep your data current and If you have an account, you can usually update certain information in your account settings. For other changes, you can contact us with the specifics of the correction needed, and we will make the necessary updates if we agree the data is inaccurate or incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request deletion or removal of your personal information in certain circumstances. This right is not absolute, but it applies, for example, if the personal data is no longer necessary for the purposes for which it was collected or processed; if you withdraw consent (for data that was collected on the basis of your consent) and no other legal basis for processing exists; or if you object to processing based on our legitimate interests and we have no overriding legitimate ground to continue. You may also request deletion if we processed your data unlawfully or if we must erase your data to comply with a legal obligation. Please note that we may have legal or legitimate reasons to retain your data despite a deletion request — for instance, we may need to keep certain information to comply with a legal obligation or to establish, exercise, or defend legal claims. If that is the case, we will inform you of those reasons at the time of your request.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal information under certain conditions. This means we can store the data but not actively use it (other than maintaining it safely) until the restriction is lifted. You can exercise this right in a few common situations: (a) if you contest the accuracy of your data, you can request restriction while we verify the accuracy; (b) if our processing is unlawful but you oppose erasure and prefer restriction; (c) if we no longer need the data but you need it for the establishment, exercise, or defense of legal claims; or (d) if you have objected to processing based on our legitimate interests and are awaiting verification of whether our grounds override yours. When processing is restricted, we will mark the data as limited and ensure it’s only processed for permitted purposes (such as storing it, or processing with your consent or for legal reasons).
• Right to Object: You have the right to object to our processing of your personal information when such processing is based on our legitimate interests (or those of a third party) or when we are performing a task in the public interest. If you raise an objection, we must stop processing the personal information unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or unless the processing is for the establishment, exercise, or defense of legal claims. Right to Object to Marketing: Separately, you have an absolute right to object at any time to the processing of your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for marketing communications immediately. (See also Your Marketing Choices below for additional ways to control marketing communications.)
• Right to Data Portability: In certain scenarios, you have the right to receive the personal information that you have provided to us in a structured, commonly used, and machine- readable format, and have the right to transmit that data to another This right applies when our processing is based on your consent or on a contract with you, and the processing is carried out by automated means. Where technically feasible, you can also request that we send this data directly to another organization if you prefer. The goal of data portability is to make it easier for you to move your data between services. Please note that this right only applies to information you have provided directly (not data we generated internally) and only when the processing meets the criteria above.
• Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw that consent at any This includes cases where you opted in for marketing communications, or agreed to certain data collection (like certain cookies). You can withdraw consent by contacting us or, where applicable, by using the specific opt-out mechanisms provided (such as an unsubscribe link in an email or adjusting cookie settings). Once consent is withdrawn, we will cease processing the data for that purpose, unless we have an alternative legal basis to continue (for example, retaining transaction records for legal compliance, which is separate from the consent you gave for, say, marketing). Withdrawing consent will not affect the lawfulness of processing that took place before your withdrawal.
• Right to Lodge a Complaint: If you believe that we have infringed your privacy rights or violated any applicable data protection law, you have the right to file a complaint with a supervisory authority or data protection If you are in the EU, you can reach out to the data protection authority in the member state of your habitual residence, place of work, or where the alleged infringement occurred. If you are in the UK, you can contact the Information Commissioner’s Office (ICO). In other jurisdictions, you can contact your local privacy or data protection authority. We would appreciate the opportunity to address your concerns directly before you approach a regulator, so we encourage you to contact us first if possible. We take privacy complaints seriously and will respond to any concerns you raise.

California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

• Right to Know: You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal information, the categories of sources from which the information was collected, the business or commercial purpose for collecting (or sharing) the information, the categories of third parties to whom we disclosed the information, and the specific pieces of personal information we hold about you. Essentially, this allows you to understand what data of yours we have and how we have used or shared it.
• Right to Delete: You have the right to request that we delete personal information we have collected from you (subject to certain exceptions). Once we receive and confirm a verifiable deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception For example, we may retain information needed to complete a transaction you initiated, to detect security incidents, to comply with a legal obligation, or other reasons permitted by CCPA/CPRA. We will inform you if any such exception applies in your case.
• Right to Correct: (Effective January 2023 under CPRA) You have the right to request that we correct inaccurate personal information that we maintain about you. Upon verifying the validity of a correction request, we will correct the information as you direct (taking into account the nature of the personal information and the purposes of maintaining it).
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information to third The CCPA/CPRA defines “sale” and “sharing” broadly to include certain disclosures of data for advertising or marketing purposes. Disclosure of Personal Information for Targeted Advertising (cross-context behavioral advertising) can be considered “sharing” under CPRA, even if no money is exchanged. We do not sell personal information for monetary compensation. However, we may share some information with third-party advertising partners to enable personalized ads, which California law might classify as a “sale” or “sharing” of data. If we engage in such activity, you can direct us to stop by using our “Do Not Sell or Share My

Personal Information” link or mechanism on our website. Once you opt out, we will honor your request as required by law.

• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means, for instance, that we will not deny you goods or services, charge you different prices or rates, or provide a different level or quality of service just because you exercised your rights under However, the law does allow businesses to offer certain financial incentives (such as loyalty programs or discounts) that may be tied to the collection or retention of personal information, provided they are not unjust, unreasonable, or coercive. If we ever offer a program that provides benefits in exchange for personal data, we will present the terms to you clearly and you can choose whether to opt in. You also have the right to withdraw from such incentive programs at any time.

Do Not Sell or Share: As stated, we do not sell customers’ personal information in exchange for money. If we share data with advertising partners in a way that is considered a “sale” or “sharing” under California law, we will provide a “Do Not Sell or Share My Personal

Information” option on our site. California residents can exercise their opt-out right by clicking that link (typically found in the footer of our website) or by contacting us with a request. We treat opt-out preference signals (like the Global Privacy Control (GPC) if detected from your browser) as valid opt-out requests under CCPA as well.

Exercising Your Rights

How to Make a Request: To exercise any of the rights described above, please contact us using the details provided in the Contact Us section of this Privacy Policy. For certain requests (such as access, deletion, or California-specific requests), we may also provide dedicated methods: for example, you might be able to fill out an online Privacy Request Form on our website, or send us an email specifically with your request. Please indicate clearly which right you intend to exercise and provide us with enough information to verify your identity.

Verification of Identity: For your protection, we need to ensure the request is coming from the correct individual (or an authorized representative) before we can fulfill certain data requests. If you have an account with us, we may verify your identity by requiring you to sign in to that account or respond to a communication from your registered email. For non-account requests, we might ask for additional information to match against our records (such as confirming specific details of a past order or other information we have on file). We will only use the information you provide for verification to confirm your identity or authority.

Authorized Agents: If you are a California resident, you may designate an authorized agent to make a CCPA request on your behalf. We will require the agent to provide proof that you gave them signed permission to submit the request. We may also require you to verify your identity directly with us or confirm that you provided the agent permission to submit the request.

Response Timeframe: We will respond to your request within the time frame required by law for your jurisdiction. For example, under GDPR/UK GDPR we generally have one month to respond (extendable by two further months in the case of complex or numerous requests, in which case we will inform you of the delay). Under CCPA, we aim to respond to verifiable consumer requests within 45 days of receipt (and we can extend once by an additional 45 days when reasonably necessary, with notice to you). If we need more time to respond or if we require additional information from you to process your request, we will let you know.

Format of Response: If your request is an access request (asking for information about what data we have or for a copy of your data), we will provide our response in a structured, commonly used, machine-readable format. For California access requests, we will provide either via your account (secure download) or mail (or electronically) the required information covering the 12 months prior to your request, as required by law.

No Fee Usually Required: You will generally not have to pay a fee to exercise these rights. However, applicable law allows us to charge a reasonable fee or refuse to act on a request if it is manifestly unfounded, repetitive, or excessive. In such cases, we will explain why we believe the request merits a fee or why we cannot comply, as appropriate.

Exceptions: Some rights may not apply in certain circumstances. For instance, if fulfilling a data access request would adversely affect the rights and freedoms of others (for example, revealing someone else’s personal data or proprietary business information), we might not be able to fully comply. Likewise, the right to erasure has many exceptions (we might have to keep data to comply with a law, for example). If we deny a request, either fully or partially, we will inform you of the reason, provided we are allowed to do so by law.

We are committed to honoring your rights to the fullest extent possible. If you have questions about your rights or how to exercise them, please contact us. And if you feel we have not addressed a request or concern satisfactorily, remember you have the right to reach out to the relevant data protection authority or regulator, as noted above.

Your Marketing Choices

We want you to have control over how you receive marketing and promotional communications from us. If you choose to receive such communications, we strive to ensure they are useful and relevant. However, you have the choice to limit or stop these messages at any time. Below are ways you can manage your marketing preferences:

• Opt-In Consent (Where Required): In certain regions, laws require that we obtain your explicit consent before sending you marketing communications (for example, in the EU/UK under GDPR, or under anti-spam laws like CAN-SPAM in the US or CASL in Canada). If you are in one of these regions, we will only send you promotional emails or newsletters if you have affirmatively opted in. For instance, when you provide your email to us, we might ask you to check a box indicating you want to subscribe to our mailing Similarly, if we ever offer SMS marketing, we will only send texts if you have explicitly agreed to receive them.
• Email – How to Unsubscribe: If you no longer wish to receive marketing emails from us, you can opt out at any The easiest way is to click the “unsubscribe” link included at the bottom of any promotional email you receive from us. You may also manage your email preferences in your account settings (if that feature is available) or contact us directly via email or phone with a request to remove you from our marketing list. Once you opt out, we will stop sending you promotional emails. Please note that you may still receive a few emails immediately after your unsubscribe request if they were already in the process of being sent, but we will implement your request as quickly as possible.
• SMS/Text Messages: If you have opted in to receive promotional SMS (text) messages on your mobile device, you can opt out at any time by following the instructions provided in the text messages. Typically, you can text “STOP” or another indicated keyword to the number or short code from which you received After you opt out, we may send one final message confirming that you have been unsubscribed. Standard message and data rates may apply to any SMS correspondence, according to your mobile plan. You can also contact us to request removal from SMS campaigns.
• Postal Mail: If we send printed marketing materials or catalogs via postal mail and you prefer not to receive them, you can contact us and ask to be removed from our physical mailing list. Please provide your name and mailing address exactly as it appears on the mailing label you received from us, so we can accurately identify and remove your Keep in mind that mailings are often prepared in advance, so you might receive another mail piece or two if one was already in progress, but we will work to stop further mailings promptly.
• Targeted Advertising (Online Ads): As described in the Cookies section, we may participate in targeted advertising networks that use cookies or other tracking technologies. You can control the personalization of ads in several Adjusting your browser settings to block third-party cookies or using browser-based opt-out tools can help. Additionally, you can use industry opt-out websites: for example, the Digital

Advertising Alliance (optout.aboutads.info) and the Network Advertising Initiative (optout.networkadvertising.org) in the US, or the European Interactive Digital Advertising Alliance (youronlinechoices.eu) in the EU. These allow you to opt out of many browser- based personalized advertising activities. If our site detects a global privacy control signal (like the GPC mentioned above) indicating you’ve opted out of sale/sharing, we will honor it as well. Please note that opting out of targeted advertising doesn’t mean you’ll see no ads at all — you will still see generic ads that are not tailored to you.

• Third-Party Marketing: We will not share or transfer your personal information to unaffiliated third parties for their own direct marketing purposes without your explicit consent. In other words, we don’t sell or give your contact details to other companies to market their products to you, unless you say we can. If in the future we plan to engage in such sharing, we will update our Privacy Policy and provide you with a chance to opt in or out as appropriate under applicable law.
• Important Service Communications: Please be aware that even if you opt out of marketing communications, we will still send you certain transactional or service-related messages as needed. These are not promotional, but are part of how we serve you as a customer. For example, we will send order confirmations, shipping notifications, receipts, and any communications regarding changes to our terms or policies that affect you, or safety notices like product recall information. You cannot opt out of these essential service communications because they are necessary to carry out our contractual obligations and ensure you are informed about important aspects of our service. We appreciate your understanding on this.

We strive to honor your communication preferences. If you ever have any issues with unsubscribing or if you continue to receive communications that you’ve opted out of, please let us know by contacting us (see Contact Us below). We will investigate the situation and take steps to correct any issues. Your feedback about our communications is welcome, as it helps us improve the way we connect with our customers.

Business Customer Provisions (B2B)

While this Privacy Policy applies to all our customers, we recognize that some of our users may be business or corporate clients (for example, companies purchasing bulk promotional items or individuals acting in a professional capacity on behalf of their employer). If you are a business customer or contact, the following additional provisions apply to how we handle your information:

• Business Contact Information: If you provide us with business-related personal information (such as your work email address, phone number, job title, or company details) in the context of a commercial relationship, we will use this information for our legitimate interests in conducting business with your This includes processing orders, negotiating contracts, providing customer service, and maintaining our business correspondence. We treat business contact details with the same care as personal consumer data, and this Privacy Policy covers such information.
• Legitimate Interest for B2B Communications: We may rely on legitimate interests to send you communications that are relevant to your business relationship with us. For example, if your company has purchased from us, we might send you information about product updates, bulk pricing offers, or other services that could benefit your business. We consider this processing necessary for our mutual business interests. However, you will still have the ability to opt out of marketing or promotional communications at any time (as outlined in Your Marketing Choices above), even if the communications are sent to your business contact
• Data Processing Agreements: If your organization requires specific data protection terms (for instance, a Data Processing Addendum or Agreement (DPA) for compliance with laws like GDPR when we act as a processor to your company), we will cooperate in good faith to fulfill those requirements. We will abide by any contractual privacy or confidentiality obligations we have agreed upon with your organization. We also respect any corporate policies your organization has communicated to us regarding the handling of personal
• Custom Terms and Services: We understand that business customers may have unique needs, such as volume purchases or customized services. While not directly a privacy matter, we may from time to time negotiate custom terms with business clients (including pricing and service terms). Rest assured that any personal information exchanged or processed in the course of providing customized services or terms is still protected under this Privacy Policy, and will only be used for the purposes of fulfilling our business

In summary, whether you are an individual consumer or a business client, your data will be treated with the same level of security and respect. If you have any questions about how we handle data in a B2B context, feel free to reach out to us.

Regional-Specific Provisions

We strive to comply with privacy laws and regulations in all jurisdictions where we operate or to which we provide services. Below are some region-specific disclosures and practices we follow:

European Union / United Kingdom

If you are in the EU or UK, the following additional information applies:

• Data Protection Officer: If we are required by law to have a Data Protection Officer (DPO) or if we voluntarily appoint one, our DPO’s contact information will be provided in this policy or on our website. [Currently, you may direct any inquiries or complaints to our Privacy Officer as listed in the Contact Us section, who fulfills the role equivalent to a DPO for our company.]
• Lead Supervisory Authority: As a company based outside the EU, we have not formally appointed an EU representative or lead authority at this time. We operate under the guidance of the data protection authorities in the countries where we do substantial business. If required in the future, we will update this policy with details of an EU or UK
• Legal Bases and Compliance: We have outlined the legal bases for processing your data in the Legal Basis section of this policy. We are committed to identifying and documenting the legal basis for each processing activity involving personal data of EU/UK individuals, as required by the GDPR/UK GDPR. We also adhere to principles of data processing such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and integrity/confidentiality.
• Rights and Complaints: Your rights under GDPR/UK GDPR are detailed in Your Rights and Choices. In the event you have a concern about our data practices, we ask that you contact us first so we can attempt to resolve it. However, please remember you have the right to contact your local Data Protection Authority (DPA) or the UK Information

Commissioner’s Office (ICO) to lodge a complaint. We will cooperate with any regulatory authorities in the resolution of disputes.

United States

For individuals in the United States, we comply with federal and state privacy laws as applicable:

• California Residents: If you reside in California, please refer to California Privacy Rights above for a summary of your rights under the CCPA/CPRA. In addition to those rights, California’s “Shine the Light” law (Civil Code § 1798.83) allows customers to request certain information about our disclosure of personal information to third parties for their direct marketing purposes, if any. As noted, we do not share personal information with unaffiliated third parties for their own marketing absent California residents may contact us with any questions or requests regarding their personal information and we will respond in accordance with applicable law.
• Other State Laws: Several states (such as Virginia, Colorado, Connecticut, Utah, ) have enacted their own privacy laws which provide residents with certain rights similar to the CCPA/GDPR (for example, the right to access, delete, or opt out of certain data uses). If you are a resident of a US state that grants additional privacy rights, we will honor those rights as applicable. You can reach out to us to exercise those rights, and we will facilitate your request consistent with the state law requirements.
• Children’s Online Privacy Protection: We do not knowingly collect personal information from children under 13, in compliance with the Children’s Online Privacy Protection Act (COPPA). Our Children’s Privacy section above outlines this. If you are a parent and believe your child under 13 has provided data to us, contact us and we will remove it.
• Do Not Track: Our website currently does not respond to “Do Not Track” (DNT) signals from web browsers. DNT is a setting you can enable in some browsers to signal that you prefer not to be tracked across Given there is not yet an industry consensus on how to interpret DNT signals, we treat user privacy via the mechanisms described in this policy (cookie consent tools, global privacy control signals for CCPA, etc.).

Middle East and Asia

For customers in the Middle East, Asia, or other regions not specifically covered above:

• Local Law Compliance: We comply with data protection and privacy laws in the countries where we operate or to which we deliver This includes laws such as Pakistan’s

Personal Data Protection legislation (if and when it comes into effect), the UAE’s or Saudi Arabia’s data protection regulations, and others as applicable. We monitor legal developments and adjust our practices to ensure compliance with any new requirements.

• Data Localization: If the laws of a particular country require that certain personal data be stored or processed within that country’s borders, we will, to the extent required and feasible, ensure that data is handled in compliance with those localization requirements. For example, if a country mandates that its citizens’ data remain in-country, we may use local servers or restrict transfers, or obtain necessary consents for transfers as allowed.
• Cross-Border Transfer Safeguards: For international transfers from countries in Asia or the Middle East that have data export restrictions, we will follow the mechanisms provided by those This may involve obtaining your consent for the transfer, ensuring the recipient country is deemed acceptable by the local regulator, or using contracts similar to the SCCs mentioned earlier. We endeavor to provide a high standard of privacy protection regardless of where your data travels.
• Authority Requests: In some jurisdictions, local authorities may request access to personal data. We will only comply with such requests if they are legally valid and necessary. We scrutinize each request and push back when appropriate to protect our customers’ privacy.

If you have questions about how we handle data in your country or region, please contact us. We may update these regional provisions as privacy laws evolve worldwide.

Third-Party Links

Our website may contain links to websites or services operated by third parties (for example, links to social media pages, partner websites, or reference resources). Please be aware that this Privacy Policy does not apply to the privacy practices of those third-party sites or services. We have no control over the content, policies, or actions of these external websites and are not responsible for how they collect, use, or share your information.

We strongly encourage you to review the privacy policies of any third-party websites you choose to visit by following links from our site. Those policies will govern how the third party handles your personal information. If you have questions about a third-party site, please contact them directly.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time, in order to reflect changes in our practices, to keep up with new legal requirements, or for other operational, business, or regulatory reasons. If we make changes to this policy, we will post the updated Privacy Policy on our website with a new “Last Updated” date so you can see when the policy was last revised.

If the changes are significant, we will provide more prominent notice of the update. For example, we may notify you by email (if we have your email on file) or by placing a noticeable announcement on our website (such as a banner or pop-up notification) informing you of the changes. In certain cases, if required by law, we may seek your consent to material changes that affect how we use personal data (especially if we plan to use your data for a new purpose not originally disclosed to you).

Any changes to this Privacy Policy will become effective when the updated policy is posted to our website, unless stated otherwise. The new policy will apply to all current and past users of our website and will replace any prior versions. By continuing to use our website or services after the updated Privacy Policy comes into effect, you will be deemed to have accepted the revised terms.

However, if any change were to materially affect how we handle personal information collected under a previous version of the policy, we will either obtain your consent or give you a clear opportunity to opt out of the new use of your information, before the change is applied to that information. We value your trust and will not take your privacy lightly.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you do not agree with any aspect of an updated Privacy Policy, you should discontinue use of our services or contact us to address your concerns.

Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy or how we handle your personal information, please do not hesitate to contact us. We are here to help and address any concerns you may have. You can reach us through the following contact details:

• Email: info@anmolconcepts.com
• Phone: +92-XXX-XXXXXXX
• Postal Address: Anmol Concepts, Attn: Privacy Officer (Data Protection Officer), [Street Address], [City], [Postal Code], Pakistan

We will do our best to respond to your inquiries promptly and courteously. If you are contacting us to exercise any of your data protection rights (as described in the Your Rights and Choices section), please provide enough information for us to understand and process your request, including verifying your identity if necessary.

Thank you for taking the time to read our Privacy Policy. We value your trust and are dedicated to protecting your personal information while providing you with quality products and services. Your privacy is important to us, and we will continue to work hard to earn and maintain your confidence.

Effective Date: This Privacy Policy is effective as of 02-07-2025. All previous versions of our privacy policy are superseded by this version.