Privacy Policy

Last updated: 11/10/2025

1. General Declaration

1.1 Policy Adoption and Corporate Standing

This Privacy & Cookie Policy (hereinafter sometimes referred to, inter alia, as the “Policy”) is a document of binding legal effect and interpretive authority, adopted, executed, published and promulgated by SellMMO Group FZ LLE, Fujairah Creative City Free Zone, License No. 14608/2019, P.O. Box 4422, United Arab Emirates, a juridical person duly incorporated, validly existing and in good standing under the laws of the United Arab Emirates, specifically within the Fujairah Creative City Free Zone, situated in the Creative Tower, Emirate of Fujairah, United Arab Emirates.

The Company acts, mutatis mutandis, in its capacity as an Aggregator, escrow facilitator and technical operator of affiliated Storefronts, rather than as a direct seller of digital goods, together with its Affiliates, Subsidiaries and duly authorised successors or assigns (collectively, the “Company” or the “Group”).

1.2 Purpose and Public Character

This Policy constitutes the principal privacy charter of the Company and its Group, articulating the principles by which all Personal Data and related information are collected, processed, stored, shared, safeguarded and ultimately disposed of.

It serves as a public declaration of the Company’s commitment to lawful, transparent, and accountable data governance, forming part of the Group’s broader compliance and governance framework, together with its other public-facing terms and policies governing user relations, payment security, financial crime prevention, and information protection.

2. Legal Basis and Interpretive Framework

2.1 Applicable Instruments

This Policy shall be construed, mutatis mutandis, in light of, and consistently with, the following legislative instruments of data protection law, as amended from time to time:

  • Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data of the United Arab Emirates (the “UAE PDPL”);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “EU GDPR”);
  • United Kingdom Data Protection Act 2018 and United Kingdom General Data Protection Regulation (the “UK GDPR”);
  • United States state privacy statutes, including without limitation the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (the “CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), the Colorado Privacy Act (the “CPA”), the Connecticut Data Privacy Act (the “CTDPA”), the Utah Consumer Privacy Act (the “UCPA”), and any analogous enactments.

2.2 Interpretive Clause

Provided however that nothing herein shall be deemed to waive, diminish or derogate from any mandatory provision of Applicable Law.

In the event of any conflict or inconsistency among the above frameworks, the interpretation most protective of the Data Subject and most compliant with the strictest jurisdictional standard shall prevail.

3. Corporate Philosophy and Principles

3.1 Recognition of Fundamental Rights

The Company recognises, affirms and declares that the rights of natural persons to privacy, dignity and informational self-determination are paramount, subject always to legitimate business interests, compliance obligations, and statutory duties.

3.2 Ethical Governance Commitment

The Company conducts its affairs in accordance with principles of good governance, accountability, transparency and proportionality, seeking to maintain equilibrium between operational necessity and the protection of individual rights.

Accordingly, this Policy is issued as a living instrument of accountability and a manifestation of the Group’s adherence to best practices in privacy management, risk oversight, and lawful data stewardship.

4. Structure and Overview of the Policy

4.1 Structural Outline

For the convenience of the reader and to facilitate systematic interpretation, this Policy is structured into sequentially numbered sections and annexes, each serving a defined legal and operational function:

  • Section 1 – Preamble: establishes the legal authority, interpretive context, and guiding philosophy of the Company’s privacy regime.
  • Section 2 – Scope; Controller Identity; Contact: defines the entities and territorial scope to which the Policy applies and sets out primary contact channels.
  • Section 3 – Categories of Data and Sources: enumerates data types and lawful acquisition sources.
  • Section 4 – Purposes and Legal Bases: specifies lawful grounds for Processing activities.
  • Section 5 – Cookies and Tracking Technologies: sets forth principles of online tracking, with reference to Exhibit 1 – Cookie Notice (Meduza Services / PayTabs Gateway).
  • Section 6 – Special Categories and Children’s Data: describes restrictions concerning sensitive data and minors.
  • Section 7 – Disclosures; Processors; Third-Party Links: lists authorised recipients, contractual safeguards, and interoperability with external environments.
  • Section 8 – International Transfers: details transfer mechanisms and protective clauses.
  • Section 9 – Retention and Deletion: summarises retention criteria and deletion practices.
  • Section 10 – Security Measures: outlines high-level technical and organisational protections.
  • Section 11 – Data Subject Rights: explains individual entitlements and submission channels.
  • Section 12 – Breach Notification: establishes notification procedures and limitations.
  • Section 13 – Liability and Disclaimers: sets boundaries of corporate responsibility.
  • Section 14 – Governing Law and Jurisdiction: identifies controlling law and forum
  • Section 15 – Changes; Entire Agreement: governs amendments and publication; includes Section 15.3 (Voluntary Choice of Buyer) addressing buyer autonomy and assumption of risk.
  • Section 16 – Physical Merchandise & Fulfilment Partners: describes roles, disclosures, legal bases, retention, and liability in connection with physical goods.
  • Annex A – Definitions (Full List); Annex B – Regional Contacts & Representatives; Annex C – International Transfers & Processor Terms; and Exhibit 1 – Cookie Notice.

4.2 Integration with Corporate Framework

This Policy is to be read in pari materia with the Company’s other publicly available instruments forming the SellMMO Group compliance corpus, including (without limitation) the Terms of Service, Refund & Buyer Protection Policy, Delivery & Fulfilment Policy, Return & Warranty Policy, Escrow & Payment Policy, and Sanctions & Fraud Compliance Statement, as each may be amended or updated from time to time.

Each instrument addresses a distinct operational domain, yet all operate cumulatively to ensure a single, coherent, and enforceable compliance architecture.

Read more