Privacy Policy

1.1Identity of the Controller: "Best Brands EG" ("we", "us", "our", or the "Company") is the data controller responsible for the personal data described in this policy. Our registered place of business is Cairo, Arab Republic of Egypt.

1.2Data Protection Officer (DPO): In compliance with the Executive Regulations to Personal Data Protection Law 151/2020 (Ministerial Decision 816/2025), we have appointed a Data Protection Officer. You may contact the DPO directly at dpo@bestbrands-eg.com for all matters relating to your personal data — including access requests, correction requests, deletion requests, withdrawal of consent, restriction of processing, and portability requests. We acknowledge every request within seven (7) calendar days and respond substantively within thirty (30) calendar days.

1.3Complaints: If you believe we have not handled your data correctly, please write to complaints@bestbrands-eg.com. You also have the right to lodge a complaint directly with the Personal Data Protection Centre (PDPC) of the Arab Republic of Egypt.

1.4Scope of this Policy: This policy covers personal data we collect through our website at bestbrands-eg.com, through your customer account, when you place an order, when you contact support, and when you interact with our marketing communications. It does not cover the privacy practices of third-party websites you may reach through links from our site. Arabic is the legally controlling version of this policy.

2.1Performance of a Contract: We process the identity, contact, address, and payment data you provide so we can fulfil your order — including purchasing the item abroad on your behalf, arranging international and local shipping, customs clearance, and after-sales support. This is the lawful basis for the majority of order-related processing.

2.2Consent: We rely on your explicit, freely given consent for two categories of optional processing: (a) marketing communications (newsletters, promotional offers, restock notifications); and (b) analytics, advertising, and personalization cookies. You may withdraw either consent at any time through the cookie banner, the "unsubscribe" link in every marketing email, or by writing to dpo@bestbrands-eg.com. Withdrawing consent does not affect any processing carried out before the withdrawal.

2.3Legitimate Interest: We process limited technical data — server logs, IP address, device fingerprint, and abuse-detection signals — to protect the website and our customers against fraud, account takeover, bot abuse, and other security threats. We balance this interest against your privacy rights and use only the minimum data necessary.

2.4Legal Obligation: We retain order, invoice, and payment records to comply with Egyptian commercial, tax, customs, and consumer-protection laws. We may also disclose personal data to competent authorities when we are legally compelled to do so.

3.1Identity Data: full name, email address, mobile phone number, and (optionally) date of birth if you choose to share it for birthday offers.

3.2Address Data: shipping address, billing address, and — when customs declarations require it for specific shipments — your Egyptian National ID number. When provided, the National ID is used only for the customs declaration and is not displayed back in your account.

3.3Payment Data: we do NOT store your full card number, CVV, or PIN. Our payment processors (Paymob, Fawry) return to us only a tokenized reference and the last four digits of the card so we can display it back to you for reorder convenience.

3.4Order Data: items purchased, prices, currencies, fulfilment status, shipping tracking events, returns, refunds, and any communications attached to a specific order.

3.5Device & Usage Data: IP address, browser type and version, operating system, screen size, language preference, referring URL, pages visited, time on page, and clickstream. This data is collected through analytics cookies only if you grant consent.

3.6Communications: messages you send to support, your survey responses, your participation in loyalty programs, and the metadata of marketing emails we send you (delivered, opened, clicked).

3.7Data We Do Not Collect: we do not collect biometric data, special-category data (such as health or religious beliefs), or full payment-card numbers. We do not knowingly collect data from anyone under the age of 18.

4.1Order Fulfilment: purchasing the product abroad on your behalf, arranging international and local shipping, completing customs clearance, processing payments and refunds, and notifying you of order status changes.

4.2Customer Service: answering your questions, handling complaints, processing returns and exchanges, and resolving disputes — by email, phone, or chat.

4.3Fraud Prevention & Security: detecting and blocking fraudulent payments, preventing account takeover, throttling abusive automated traffic, and investigating suspected security incidents.

4.4Marketing (Consent-Based): sending you newsletters, promotional offers, restock notifications, and birthday offers — only after you opt in. Every marketing email contains an unsubscribe link that takes effect within 48 hours.

4.5Analytics & Service Improvement (Consent-Based): understanding which pages are visited most, where users drop off, and which products attract interest — so we can improve the website, the catalogue, and the checkout flow. Analytics processing is gated by your cookie-consent choice.

4.6Legal & Tax Compliance: producing invoices, retaining accounting records, responding to lawful requests from competent Egyptian authorities, and defending or pursuing legal claims.

4.7Automated Decision-Making: we do not use solely-automated decision-making (such as automated profiling that produces a legal effect) on customer data. Fraud-detection signals may flag a transaction for human review, but the final decision is taken by a person on our team.

5.1Courier Partners: we share your name, address, phone number, and order contents with the local courier responsible for delivering your shipment (Bosta, for Egypt deliveries) and with international carriers that move the goods from origin to our warehouses (DHL and FedEx for international legs).

5.2Payment Processors: we share the data required to authorize and settle your payment (cardholder name, billing address, transaction amount, and processor token) with our payment partners Paymob and Fawry. These processors are bound by the Central Bank of Egypt PCI-DSS-aligned regulations.

5.3Customs Brokers & Authorities: when a shipment requires customs clearance, we share the recipient name, address, phone, and (if requested) National ID number with the appointed customs broker and with the Egyptian Customs Authority, strictly to clear your personal shipment.

5.4Analytics & Advertising Processors (Consent-Based): if you grant the relevant cookie consent, we share usage data with Google (Google Analytics 4) and Meta (Meta Pixel) for traffic analysis and advertising measurement. If you decline, these tags do not fire.

5.5Service Providers: we share data with infrastructure providers that host our systems (cloud hosting, database, email-delivery via SendGrid, customer-service tooling). These vendors act as processors under written agreements that restrict their use of your data to instructions we give them.

5.6Legal Authorities: we may disclose personal data to law-enforcement, regulators, courts, or other competent authorities when we are required to do so by Egyptian law or a binding legal order, or when disclosure is necessary to protect our rights, our customers, or the public.

5.7Business Transfers: if Best Brands EG is involved in a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. You will be notified in advance and given a chance to exercise your rights before the transfer takes effect.

5.8No Sale of Personal Data: we do NOT sell, rent, or trade your personal data to data brokers or any third party for their independent marketing purposes. Full stop.

6.1Why Transfers Happen: When you place an order, we transfer your personal data outside Egypt to: (i) overseas suppliers in Turkey, Spain, Italy, France, the United Kingdom, and the United States from whom we procure your specific piece; (ii) international shipping carriers (including DHL and FedEx); (iii) United States-based analytics and marketing services (Google Analytics 4 and Meta Pixel, only with your cookie consent); (iv) Egypt-hosted but globally-connected payment processors (Paymob and Fawry); (v) our email service provider (SendGrid) for order-confirmation and transactional emails.

6.2Legal Basis for Transfers: All such transfers are made under licences and authorisations issued by the Personal Data Protection Centre of the Arab Republic of Egypt, in accordance with Article 16 of the Executive Regulations to Personal Data Protection Law 151 of 2020 (Ministerial Decision 816 of 2025). During the grace period (to 1 November 2026) we also rely on Article 14 (contractual necessity) for order-fulfilment-essential transfers while we complete our Article 16 licensing applications. This section constitutes the cross-border transfer disclosure required by Article 14 of Law 151/2020.

6.3Your Right to Obtain a Transfer Impact Assessment: You have the right to obtain a copy of our Transfer Impact Assessment for any transfer category by emailing dpo@bestbrands-eg.com. We will respond within 30 days.

6.4Sensitive Data: We do not transfer your Egyptian National ID number outside Egypt. National ID numbers collected for customs clearance are used only for that specific customs declaration, are stored on Egypt-hosted infrastructure, and are retained for 90 days post-delivery, after which they are securely deleted. National ID data is sensitive-tier processing under ER Article 12 and requires separate explicit consent, which is sought at the point of collection.

6.5Consent Withdrawal and Transfer Consequences: Where you withdraw consent to a marketing or analytics transfer, we cease that transfer within 7 days but the transfer of order-fulfilment-essential data (supplier, shipping, payment, customs) continues for the lifecycle of your order, as it is necessary for contractual performance.

7.1Order, Invoice & Tax Records: retained for five (5) years from the date of the transaction, in compliance with the Egyptian Commercial Law and tax-record retention requirements. Where local law mandates a longer period, the longer period applies.

7.2Account Data: retained for as long as your account is active. If you do not log in for three (3) consecutive years, the account is flagged as dormant and we will contact you. If you remain unreachable, the account is anonymized or deleted, save for any data we are required by law to retain (e.g. tax records).

7.3Marketing Data: retained until you withdraw consent. Once you unsubscribe, your email address is added to a suppression list (so we know not to email you again) and your other marketing data is deleted within thirty (30) days.

7.4Cookie & Analytics Data: behavioural data captured through analytics cookies is retained for a maximum of fourteen (14) months from the date of collection, then aggregated or deleted. This aligns with Google Analytics 4 default retention settings.

7.5Security & Server Logs: technical logs used for fraud detection and security investigations are retained for one hundred and eighty (180) days, then deleted, unless they are part of an active investigation requiring longer retention.

7.6aNational ID / Customs Data: Egyptian National ID numbers collected for customs clearance are retained for ninety (90) days from the date of delivery of the relevant shipment, then securely deleted. This is sensitive-tier data under ER Article 12; access is restricted to operations staff handling the specific customs declaration.

7.6Support Communications: emails, chat transcripts, and support tickets are retained for three (3) years after the case is closed, so we can refer to context if you reach out again about the same matter.

8.1Right of Access: you may request confirmation that we hold personal data about you and obtain a copy of that data, together with information about how it is used and with whom it has been shared.

8.2Right of Rectification: you may ask us to correct inaccurate data or complete data that is incomplete. Most of this can be done directly inside your account; for everything else, write to us.

8.3Right of Erasure: you may ask us to delete your personal data when there is no continuing legal or contractual reason for us to keep it. Note that we may need to retain certain records (such as invoices) to comply with tax and commercial law — in which case we will explain what was deleted and what was kept and why.

8.4Right to Restrict Processing: you may ask us to stop using your data for specific purposes while a dispute is being resolved or while we verify the accuracy of the data.

8.5Right of Portability: you may request an export of the personal data you provided to us, in a structured, commonly used, machine-readable format (typically JSON or CSV), so you can transmit it to another service.

8.6Right to Object: you may object to processing based on our legitimate interest, including any profiling. Where the objection is upheld, we will stop the relevant processing.

8.7Right to Withdraw Consent: where processing is based on your consent (marketing, analytics, advertising cookies), you may withdraw consent at any time. Withdrawal takes effect prospectively and does not invalidate processing that took place beforehand.

8.8Right to Complain: you have the right to lodge a complaint with the Egyptian Personal Data Protection Centre (مركز حماية البيانات الشخصية) if you believe our processing breaches the law. We would, however, prefer the chance to address your concern first — please reach us at dpo@bestbrands-eg.com.

8.9How to Exercise Your Rights: visit your account's Privacy & Data page at /account/data where you can self-serve seven data actions, or send an email to dpo@bestbrands-eg.com clearly identifying the right you wish to exercise. We will acknowledge within seven (7) days and respond substantively within thirty (30) days. We may ask you to verify your identity before fulfilling a request, to protect your data from unauthorized disclosure. Maximum response time under the PDPL ER is thirty (30) days, extendable to sixty (60) days with written justification.

9.1Encryption: all traffic between your browser and our servers is protected by TLS 1.2 or higher. Sensitive fields (such as payment tokens) are encrypted at rest using industry-standard algorithms.

9.2Access Controls: access to systems holding personal data is restricted on a need-to-know basis. Administrative access requires multi-factor authentication, and privileged actions are logged for audit.

9.3Staff Training: every employee with access to personal data receives induction training on this policy and on Egyptian data-protection obligations, and refresher training at least annually.

9.4Vendor Security: we assess the security posture of our processors before onboarding them and require contractual commitments to maintain confidentiality, integrity, and availability of your data.

9.5Breach Notification — Authority: in the event of a personal-data breach that is likely to cause harm, we will notify the Egyptian Personal Data Protection Centre within seventy-two (72) hours of becoming aware of the incident, as required by Article 7 of Law 151/2020.

9.6Breach Notification — Affected Users: where the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, describing the nature of the breach, the data involved, the steps we have taken, and what you can do to protect yourself.

9.7Your Role in Security: please choose a strong password, do not share it, and notify us immediately at dpo@bestbrands-eg.com if you suspect your account has been compromised.

10.1Cookies: detailed information about the cookies and similar technologies we use — and how to control them — is available in our Cookie Policy. The cookie banner appears on your first visit and lets you accept all, reject non-essential, or pick categories. You can revisit your choices at any time from the footer link.

10.2Children: our services are not directed at, or intended for, anyone under the age of eighteen (18). This matches the eligibility rule set out in our Terms & Conditions. If we discover that we have inadvertently collected personal data from a person under 18, we will delete it promptly. If you believe a minor has provided data to us, please contact dpo@bestbrands-eg.com.

10.3Changes to this Policy: we may update this policy from time to time to reflect changes in our practices, in our service, or in applicable law. We will update the "last updated" date at the top of this page. For material changes, we will additionally notify registered users by email and by an in-app notice the next time they sign in, with at least fourteen (14) days' notice before the change takes effect.

10.4Governing Law: this Privacy Policy is governed by the laws of the Arab Republic of Egypt, in particular the Personal Data Protection Law (Law No. 151 of 2020), the Consumer Protection Law (Law No. 181 of 2018), and the E-Signature Law (Law No. 15 of 2004).

10.5Contact: for any question about how your personal data is handled, please write to dpo@bestbrands-eg.com — this inbox is monitored by the Data Protection team at Masters Hub LLC, the entity operating the Best Brands service from Cairo, Egypt. You may also lodge a complaint at any time with the Egyptian Personal Data Protection Centre (PDPC).