Privacy Policy
Introduction
Welcome to the Privacy Policy of Tamam Holdings Ltd ("Tamam"). Tamam respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we manage your personal data when you use our mobile application (the "App"), visit our website, or interact with our services embedded into client websites or apps within the Tamam platform ("Tamam platform"). It also explains your privacy rights and how the law protects you.
1. Important Information and Who We Are
1.1 Purpose of this Privacy Policy
This Privacy Policy provides details on how Tamam collects and processes your personal data through your use of our services, including creating and hosting User-Generated Content (UGC) on websites and apps within the Tamam platform, as well as your usage of the Tamam App and Tamam vendor platform. This Privacy Policy also covers data collected via embedded services on client websites and apps, where Tamam services are integrated to facilitate content creation and interaction. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.
1.2 Controller
Tamam Holdings Ltd is the controller responsible for your personal data ("Tamam", "we", "us", or "our"). If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact [email protected].
1.3 Your Duty to Inform Us of Changes
We regularly review our Privacy Policy. This version was last updated in [February 2025]. It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes to your personal data during your relationship with us.
1.4 Third-Party Links
Our platform may include links to third-party websites, plug-ins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our App, Portal, or website, we encourage you to read the privacy policies of every website or application you visit.
2. The Data We Collect About You
2.1 Personal Data
Personal data refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data, including:
| Type of Data | Description |
|---|---|
| UGC Data | Information you provide when you create content such as reviews, pictures, videos, comments, or ratings on websites and apps within the Tamam platform, including via services embedded in client websites and apps. This also includes metadata associated with this content, such as timestamps and location data, if applicable. |
| Identity Data | Includes first name, last name, username, and other identifiers you use when creating content or an account with Tamam, including when using embedded services on client websites or apps. |
| Contact Data | Includes email address and telephone numbers. |
| Profile Data | Includes your username and password, content preferences, and feedback. |
| Technical Data | Includes IP address, login data, browser type, operating system, time zone settings, and other technical information collected when you interact with the Tamam platform, including when browsing or creating content on client websites and apps where Tamam services are embedded. |
| Usage Data | Includes information about how you use our App and services, including content creation and interaction patterns on the Tamam platform and embedded services on client websites and apps. |
2.2 Special Categories of Personal Data
We may also collect Special Categories of Personal Data about you, such as details about your race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data, subject to your explicit consent. You have the right to withdraw this consent at any time by contacting us at [email protected].
2.3 Failure to Provide Personal Data
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract. For example, we may not be able to provide you with access to certain support services. In such cases, we may have to cancel the service you have with us, but we will notify you if this is the case at the time.
3. How Your Personal Data Is Collected
3.1 Data Collection Process
The collection of personal data through Tamam’s embedded services on client websites and apps is conducted through various methods, ensuring that the data collected is necessary, lawful, and compliant with GDPR requirements.
| Collection Method | Details |
|---|---|
| Direct Interactions | You may provide us with your Identity, Contact, UGC, and Profile Data by filling in forms, creating content, or interacting with our App or embedded services on client websites and apps. This includes personal data you provide when you create and submit UGC, create an account or log in, or provide feedback or contact us. |
| Automated Technologies | We use cookies, server logs, and other technologies to collect Technical and Usage Data. This data helps us understand how you use the Tamam platform and App, including services embedded in client websites and apps, and improve our services. |
| Third-Party Sources | We may receive personal data about you from third parties, including social media platforms, if you have agreed to share your data with us. We may also collect data from clients who embed our services on their websites and apps, which could include your interactions with UGC on those platforms. |
3.2 Use of Cookies and Similar Technologies
Tamam uses cookies, web beacons, and similar technologies to collect data automatically when users interact with the Tamam platform or embedded services on client websites and apps. These technologies help us analyse trends, track user movements, and gather demographic information to improve our services.
4. How We Use Your Personal Data
4.1 Purposes for Using Your Personal Data
We will only use your personal data when the law allows us to. The most common situations in which we use your personal data include:
| Purpose/Activity | Type of Data | Lawful Basis for Processing | Legitimate Interests |
|---|---|---|---|
| To register you as a new user | Identity Data, Contact Data | Performance of a contract with you | N/A |
| To manage your account, including enabling UGC creation | Identity Data, Profile Data, UGC Data | Performance of a contract with you | N/A |
| To process and deliver your service requests | Identity Data, Contact Data, Financial Data, Transaction Data | Performance of a contract with you | N/A |
| To manage our relationship with you, including notifications and updates | Identity Data, Contact Data, Profile Data, Marketing and Communications Data | Performance of a contract with you; Compliance with legal obligations; Legitimate interests | Keeping records updated; understanding how users engage with our services |
| To administer and protect our network, App, and services | Identity Data, Technical Data | Legitimate interests | Running our business, provision of administration and IT services, network security, fraud prevention |
| To deliver relevant content and advertisements | Identity Data, Profile Data, Usage Data, Marketing and Communications Data | Legitimate interests | Understanding how users interact with our services to develop them, grow our business, and inform our marketing strategy |
| To use data analytics to improve our services | Technical Data, Usage Data | Legitimate interests | Improving our services, App, user experience, and marketing strategies |
| To comply with legal requirements | Identity Data, Contact Data, Financial Data, Transaction Data | Compliance with a legal obligation | N/A |
| To personalise your experience | Identity Data, Profile Data, UGC Data | Legitimate interests | Providing a better user experience tailored to your preferences |
4.2 Change of Purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If you wish to get an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. Client Data Handling Responsibilities
5.1 Responsibilities of Clients Embedding Tamam Services
When Tamam services are embedded into client websites and apps, the client is also responsible for handling user data. While Tamam collects and processes personal data to enable user-generated content (UGC) and other interactions, clients must ensure that their use of this data complies with their own privacy policies and applicable laws.
5.2 User Awareness
Users are encouraged to review the privacy policies of the websites and apps where Tamam services are embedded to understand how their data may be used by those third parties.
5.3 Liability Disclaimer
Tamam disclaims any liability for the misuse or mishandling of user data by clients who embed Tamam services.
6. Disclosures of Your Personal Data
6.1 Data Sharing Practices
We may share your personal data with the following parties for the purposes set out in Section 4 above:
| Recipient | Purpose for Sharing | Types of Data Shared | Additional Details |
|---|---|---|---|
| Service Providers | To support our operations by providing services such as hosting, data analysis, IT infrastructure, and customer support. | Identity Data, Contact Data, Technical Data, UGC Data, Financial Data | Service providers are required to process data in accordance with our instructions and subject to confidentiality agreements. |
| Clients and Partners | To enable the hosting, display, and management of UGC on their websites and apps. | UGC Data, Identity Data | Clients may use UGC in accordance with their own privacy policies; please review those policies for more details. |
| Analytics and Advertising Partners | To analyse usage data, improve services, and deliver targeted advertisements based on user behaviour and preferences. | Usage Data, Technical Data, Profile Data | Data shared with these partners is often aggregated or anonymised; identifiable data is subject to strict privacy controls. |
| Legal and Regulatory Authorities | To comply with legal obligations, enforce our rights, and respond to legal processes such as subpoenas or court orders. | Identity Data, Contact Data, Financial Data, Transaction Data | We will only disclose what is necessary to comply with legal requirements or protect our rights and users' safety. |
| Business Transfer Recipients | In the event of a merger, acquisition, sale of assets, or other business transaction, your data may be transferred. | All data types relevant to the transaction, such as Identity Data, Contact Data, Financial Data, UGC Data | You will be notified of any significant changes to how your data is handled. |
| Affiliates and Subsidiaries | To provide integrated services and shared resources within the Tamam corporate group. | Identity Data, Contact Data, Technical Data, UGC Data, Financial Data | Data shared within the group is subject to the same level of protection and privacy practices outlined in this policy. |
| Other Third Parties | With your prior consent, we may share your data for specific purposes not covered above. | Any relevant data based on the specific purpose | We will always seek your explicit consent before sharing your data with third parties not listed here. |
6.2 Service Providers
We work with various service providers to support the operation of our App and services. These include, but are not limited to:
- Amazon Web Services: For cloud hosting and storage.
- Zendesk Inc.: For customer support services.
- Google Firebase: For app infrastructure and development.
- Google Analytics: For data analysis and user behaviour tracking.
- Zapier Inc.: For automation of workflows and data integration.
- Posthog: For product analytics and user interaction tracking.
These service providers act as data processors on our behalf, and we ensure they process your data according to our instructions, in compliance with applicable data protection laws, and subject to strict confidentiality agreements.
6.3 Clients and Partners
We share UGC and related data with our clients and partners who operate websites and apps within the Tamam platform. This sharing enables the display and management of UGC on their platforms. Please review the privacy policies of these clients and partners to understand how they may use your data.
6.4 Analytics and Advertising Partners
To improve our services and deliver relevant content and advertisements, we work with analytics and advertising partners. These partners help us understand user behaviour and preferences, enabling us to tailor our services and marketing efforts. While much of this data is aggregated or anonymised, any identifiable data is protected by strict privacy controls.
6.5 Legal and Regulatory Authorities
We may disclose your personal data to legal and regulatory authorities when required to do so by law, to enforce our legal rights, or to comply with legal processes such as subpoenas or court orders. We will only disclose the minimum necessary data to comply with these legal obligations.
6.6 Business Transfers
In the event of a merger, acquisition, sale of assets, or any other business transaction involving a change of ownership, your personal data may be transferred to the new owners or involved parties. We will ensure that your data continues to be protected and that you are informed of any significant changes to how your data is handled.
6.7 Affiliates and Subsidiaries
We may share your personal data with our affiliates and subsidiaries to provide integrated services and shared resources. These entities are bound by the same data protection and privacy practices as Tamam.
6.8 Other Third Parties
With your prior consent, we may share your data with other third parties for specific purposes not covered above. We will always seek your explicit consent before sharing your data in such cases.
6.9 Data Security and Confidentiality
All third parties with whom we share your data are required to respect the security and confidentiality of your personal data and to process it in accordance with the law. We do not allow our service providers or other third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. International Transfers and Safeguards
7.1 Cross-Border Data Transfers
Some of our external third parties are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection by implementing at least one of the following safeguards:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.
- Where a country does not have an adequate level of protection, we will ensure that a binding agreement is in place with that third party, complying with data protection laws.
7.2 User Rights in Cross-Border Transfers
Users have the right to request further information on the specific safeguards applied to their data when it is transferred outside their jurisdiction. Such requests can be made to [email protected].
8. Data Security and Breach Notification
8.1 Data Security Measures
Tamam takes data security seriously and has implemented robust measures to protect personal data from unauthorised access, loss, or disclosure.
- Technical and Organisational Measures: These include encryption, secure data storage, regular security audits, access controls, and staff training on data protection principles.
- Security Certifications: Where applicable, Tamam may hold certifications or adhere to recognised standards to demonstrate its commitment to data security.
8.2 Breach Notification Procedures
In the event of a data breach that poses a risk to the rights and freedoms of individuals, Tamam will notify affected users and the relevant supervisory authorities in accordance with GDPR requirements.
- Notification Timeline: Affected users will be notified without undue delay, typically within 72 hours of Tamam becoming aware of the breach.
- Content of Notification: The notification will include details about the nature of the breach, the data involved, the potential consequences, and the measures taken to mitigate the breach.
9. Data Retention and User Control
9.1 Retention of User-Generated Content
Tamam retains UGC and associated personal data for as long as it is necessary to fulfil the purposes for which it was collected, including for the provision of services, compliance with legal obligations, and protection of Tamam’s legitimate interests.
- Retention Periods: Different types of data have specific retention periods based on their purpose. For example, UGC may be retained as long as it remains relevant to the services provided or for as long as necessary to comply with legal requirements.
9.2 User Control Over Data
Users have control over their data and can request its deletion or modification at any time.
- Data Deletion: Users can request the deletion of their UGC and personal data by contacting customer support. Tamam will comply with such requests unless the data is required to be retained for legal or contractual reasons.
- Retention of Metadata: In some cases, metadata (such as anonymised data related to the interaction with the content) may be retained even after the deletion of UGC for analytics and service improvement purposes, but this data will not be identifiable to any specific user.
10. User Consent and Content Display
10.1 Explicit Consent for Data Collection and Display
Users must provide explicit consent before any data is collected, used, or displayed publicly on platforms where Tamam is embedded. This includes consent for the collection of personal data, such as names, email addresses, and any content that users create or submit (e.g., reviews, comments, and ratings).
- Public Display of Content: Users are informed that their UGC, including any associated personal data, may be displayed publicly on the website or app where Tamam services are embedded. This includes the possibility that usernames, profile pictures, or other identifiers may be visible to other users and visitors.
- Opt-In Mechanism: Consent is obtained through clear opt-in mechanisms, such as checkboxes during account creation or content submission. Users must actively choose to agree to the terms before their data is processed or displayed.
10.2 Withdrawal of Consent
Users have the right to withdraw their consent at any time. If consent is withdrawn, Tamam and the client will cease processing the user's data for the purposes outlined. The user’s content may be removed from public display, and their account may be deactivated if necessary. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
11. Data Anonymisation and Pseudonymisation
11.1 Anonymisation of User Data
Where feasible, Tamam anonymises user data to enhance privacy. Anonymisation involves removing or altering information so that it can no longer be used to identify an individual. For example, Tamam may display only a user’s first name or a pseudonym in public content, rather than their full name or personal identifiers.
- Anonymised Display: Anonymised data may be used for displaying reviews, comments, and other UGC to ensure that the user's identity is protected while still allowing their content to be publicly accessible.
11.2 Pseudonymisation for Internal Processing
For internal analytics and data processing purposes, Tamam may apply pseudonymisation techniques. This means that personal data is processed in such a way that it can no longer be attributed to a specific individual without the use of additional information, which is kept separately and protected.
- Purpose of Pseudonymisation: Pseudonymisation helps reduce the risks associated with data processing and ensures compliance with GDPR's data protection principles, particularly in scenarios where data is shared with third parties for analysis or improvement of services.
12. Automated Decision-Making and Profiling
12.1 Automated Moderation Tools
Tamam may use automated tools to moderate UGC. These tools can detect and remove content that violates community guidelines, is inappropriate, or breaches legal standards.
Tamam may auto moderate content, site owners are responsible for approving all content before it will appear on their website. Tamam is not liable for any inappropriate or undesired content made visible by the website owner on their website.
- User Notification: Users are informed that their content is subject to automated moderation. In cases where content is removed or flagged by automated systems, users have the right to request a review by a human moderator.
12.2 Profiling for Personalisation
If profiling is used to personalise content or services, Tamam will inform users how this profiling works, what data is used, and how users can opt out of such practices.
- Impact of Profiling: Users are informed about the potential impacts of profiling, including how it may affect the content they see or the services they receive. Users have the right to object to profiling practices.
13. Your Legal Rights
13.1 Rights to Access, Correct, and Port Data
Users have the right to access the personal data Tamam holds about them. This includes the right to:
- Access Data: Request a copy of the personal data held about them.
- Correct Data: Request correction of any inaccurate or incomplete data.
- Port Data: Request transfer of their data to another service provider in a structured, commonly used, machine-readable format.
13.2 Exercising User Rights
Users can exercise these rights by contacting Tamam’s data protection officer at [email protected]. Tamam will respond to such requests within one month, although this period may be extended by two further months if the request is complex or numerous.
13.3 Handling of Sensitive Content
If users upload sensitive content (such as health information or personal experiences), they are informed about how this content will be protected and their rights to control its dissemination.
14. Minors, Parental Consent, and Marketing Communications
14.1 Age Restrictions
Tamam enforces strict age restrictions, requiring users to be at least 18 years and 1 month old to use its services, and we do not knowingly collect data from children. If Tamam discovers that it has inadvertently collected data from a child under this age, the data will be deleted promptly.
14.2 Parental Controls and Consent
For websites owned by clients likely to attract minors, Tamam may implement parental consent mechanisms. Parents or guardians may be required to verify their identity and provide consent for their child’s use of the service.
14.3 Marketing Communications
Users may receive marketing communications from Tamam if they have opted in to such communications. Users can opt out at any time by following the unsubscribe instructions in the emails or by contacting Tamam directly. Parental Consent for Minors: If minors are involved, additional parental consent may be required for marketing communications to be sent.
15. IP Ownership and User-Generated Content
15.1 Intellectual Property Rights
Users retain the ownership of the intellectual property rights to their UGC. However, by submitting content through Tamam services, users grant Tamam and its clients a non-exclusive, worldwide, royalty-free licence to use, display, distribute, and modify the content for the purposes of providing and improving services.
- Licence Scope: This licence includes the right to display the content on the websites and apps where Tamam services are embedded, as well as in any marketing or promotional materials related to Tamam’s services.
15.2 Responsibility for Copyright Adherence
Users are responsible for ensuring that any content they submit does not infringe on the intellectual property rights of third parties. Tamam is not liable for any copyright violations committed by users.
- User Warranties: By submitting content, users warrant that they have the necessary rights and permissions to grant the licence described above.
16. Changes to this Privacy Policy
16.1 Policy Updates
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and/or App and updating the date at the top of the policy.
16.2 User Notification
If we make significant changes that affect how your personal data is handled, we will notify you directly through the contact information provided or through a prominent notice on our platform.
17. Contact Us
17.1 Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].
17.2 Supervisory Authority
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that your data protection rights have been violated. However, we would appreciate the chance to address your concerns directly before you approach the ICO, so please contact us first.
18. Additional Information for European Economic Area Residents
18.1 GDPR Compliance
Tamam complies with the General Data Protection Regulation (GDPR) for users residing in the European Economic Area (EEA). This includes adhering to data protection principles such as lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, and confidentiality.
18.2 Legal Basis for Processing
The legal bases for processing personal data under GDPR include consent, performance of a contract, compliance with legal obligations, protection of vital interests, and legitimate interests pursued by Tamam or third parties.
18.3 Data Transfers
When transferring personal data outside the EEA, Tamam ensures that appropriate safeguards, such as standard contractual clauses, are in place to protect the data.
18.4 Your Rights Under GDPR
EEA residents have additional rights under GDPR, including the right to data portability, the right to be forgotten, and the right to restrict or object to processing.
19. Data Portability and Accessibility
19.1 Data Portability
Users have the right to receive the personal data they have provided to Tamam in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller.
19.2 Data Access
Users have the right to access their personal data and to request a copy of the information that Tamam holds about them. This request can be made by contacting [email protected].
20. Complaints and Dispute Resolution
20.1 Filing a Complaint
If you believe that Tamam has not adhered to this Privacy Policy or violated your rights under applicable data protection laws, you have the right to file a complaint.
20.2 Dispute Resolution Process
Tamam is committed to resolving any complaints about its data practices. Complaints can be filed by contacting [email protected]. We aim to respond to and resolve complaints promptly.
21. Special Categories of Personal Data
21.1 Collection of Sensitive Data
Tamam may collect special categories of personal data (sensitive data) only when absolutely necessary and with your explicit consent. This includes data related to race, religion, sexual orientation, and health.
21.2 Protection of Sensitive Data
Special categories of personal data are handled with the highest level of security and confidentiality. Tamam ensures that appropriate safeguards are in place to protect this data from unauthorised access and misuse.
22. Automated Decision-Making and Profiling
22.1 Overview
Tamam uses automated decision-making processes and profiling in certain instances, such as content moderation and personalisation of services.
22.2 User Rights
Users have the right to opt out of automated decision-making and profiling if it significantly affects them. Users can request a manual review of decisions made by automated processes.
22.3 Transparency
Tamam provides transparency regarding the logic involved in automated decision-making and profiling, as well as the significance and potential consequences of such processing for the user.