en
Join us

Privacy policy

PRIVACY POLICY

www.caawiye.com

Effective date: 15th July 2025

1. Introduction

Welcome to Caawiye. Your privacy is critically important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (caawiye.com and seller.caawiye.com) and use our services. By using our Platform, you agree to the collection and use of information in accordance with this policy.

We are committed to ensuring that your personal data is protected and handled responsibly. This Privacy Policy complies with the Law on Protection of Personal Data in Somalia and the General Data Protection Regulation (GDPR) for our international users.

2. Definitions

For the purposes of this Privacy Policy:

  • "Personal Data" means any information that relates to an identified or identifiable individual.
  • "Processing" means any operation or set of operations performed on personal data, whether or not by automated means.
  • "Data Controller" means the entity that determines the purposes and means of processing personal data.
  • "User" means any individual who uses our services or accesses our Platform.
  • "Cookies" are small files stored on your device (computer or mobile device).

3. Data Controller and Data Protection Officer

Data Controller:
Caawiye, located at Shibis, wadada Nasiib Buundo, Masjid Rowda, is the Data Controller responsible for the collection, use, and processing of your personal data.

Data Protection Officer:
Our Data Protection Officer (DPO) can be contacted at:

  • Email: privacy@caawiye.com
  • Phone: +252 614599993

If you have any questions or concerns regarding your personal data, you may contact our DPO.

4. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

  • Consent: When you have given explicit consent for specific purposes.
  • Performance of a Contract: When processing is necessary to perform our contractual obligations to you.
  • Legal Obligation: When processing is necessary to comply with our legal obligations.
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your rights and interests.
  • Protection of Vital Interests: When processing is necessary to protect your vital interests or those of another person.
  • Public Interest: When processing is necessary for the performance of a task carried out in the public interest.

5. Types of Personal Data Collected

We may collect and process the following types of personal data:

  • Identification Data: Name, username.
  • Contact Data: Email address, phone number, postal address.
  • Financial Data: Payment card details, bank account information.
  • Technical Data: IP address, browser type, device information, operating system.
  • Usage Data: Information about how you use our Platform, including browsing history and interaction with our services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

6. Methods of Data Collection

We collect personal data through various methods:

  • Direct Interactions: When you create an account, make a purchase, fill out forms, or communicate with us directly.
  • Automated Technologies or Interactions: When you interact with our Platform, we automatically collect technical data about your equipment, browsing actions, and usage patterns through cookies and other similar technologies.
  • Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties, such as analytics providers, advertising networks, and search information providers.

7. Purposes of Data Processing

We use your personal data for the following purposes:

  • Account Creation and Management: To set up and manage your account on our Platform.
  • Order Processing and Delivery: To process your orders, deliver products and services, and manage payments and fees.
  • Customer Service and Support: To provide customer support, respond to your inquiries, and address any issues you may have.
  • Marketing and Promotional Activities: To send you marketing communications and promotional offers, where you have opted-in to receive them.
  • Website Functionality and Security: To improve the functionality and security of our Platform, and to ensure a safe and secure environment for all users.
  • Legal Compliance: To comply with our legal obligations, such as maintaining records for tax purposes or responding to legal requests.
  • Operational Efficiency: Data is processed to enhance the efficiency of marketplace operations, including zone-based selling strategies and delivery logistics.
  • Compliance and Monitoring: Personal data is also used to monitor compliance with our platform policies, especially regarding the prohibition of certain items under Islamic law.

          In addition to the types of personal data already listed, we also process and use your data in the following specific operational                contexts:

  • Zone-Based Connectivity: We use your location data to connect you to sellers and buyers within your designated zone. This helps in facilitating transactions that are logistically feasible and cost-effective.
  • Handling of Prohibited Items: To comply with Islamic law and local regulations, we monitor the products listed on our platform to ensure they do not include prohibited items such as alcohol. This involves processing data submitted by vendors about their products.
  • Subscription and Commissions: We process financial data related to subscription fees and commissions. This includes managing and storing details about the transactions made on our platform to ensure accurate billing and proper accounting.
  • Delivery Operations:
    • Choice of Delivery Mode: We collect data on whether sellers opt to use Caawiye’s delivery services or their own delivery personnel. This information is used to coordinate delivery logistics and ensure compliance with our delivery standards.
    • Seller-Delivered Items: For sellers using their own delivery methods, we process information about their delivery performance. This is crucial for maintaining service quality and may affect their privileges on our platform.
    • Pickup Locations: When a customer chooses a pickup location, we process information about the delivery arrangements, including who bears the cost, ensuring transparency and accountability in cost-sharing.
  • Transaction and Payment Handling:
    • We collect and store data regarding the financial transactions between buyers and sellers, including the holding period before funds are released from the buyers' wallet to the sellers. This ensures that funds are only transferred once the buyer confirms satisfaction with the delivered products.
  • Return and Refund Processes:
    • We process data related to returns and refunds to facilitate and manage these requests in accordance with our policies. This includes data about the interaction between buyers and sellers during the dispute resolution process.
  • Responsibility of Delivery Personnel:
    • Information about delivery personnel and any guarantors is processed to ensure accountability and integrity in the delivery process. This includes data used to evaluate their performance and conduct on our platform.
  • Order Tracking and Fulfillment:
    • We use data about the order process, including the generation and use of unique OTPs for order confirmation. This helps in securely verifying that orders are delivered and acknowledged by the customer, minimizing disputes related to delivery.

8. Consent and Preferences

Obtaining and Managing Consent:
We obtain your explicit consent before collecting and processing your personal data for specific purposes. You have the right to withdraw your consent at any time by emailing us at privacy@caawiye.com.

Managing Communication Preferences:
You can manage your communication preferences and opt out of receiving marketing communications by following the unsubscribe instructions provided in our emails or by contacting us directly.

Withdrawing Consent:
If you withdraw your consent, we will stop processing your personal data for the purposes for which you initially consented. However, this will not affect the lawfulness of any processing carried out before your withdrawal.

9. Data Retention

Data Retention Periods:
We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Criteria for Determining Retention Periods:
The retention period for personal data is determined based on the nature of the data, the purpose for which it was collected, and applicable legal requirements.

Data Deletion and Anonymization:
When we no longer need your personal data, we will either delete or anonymize it. If this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

10. Sharing of Personal Data

Internal Sharing:
We may share your personal data within our organization to provide you with our services and improve our Platform.

Third-Party Service Providers:
We may share your personal data with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.

Authorities and Regulators:
We may disclose your personal data to authorities and regulators to comply with legal obligations or to protect our rights and interests.

Business Partners:
We may share your personal data with our business partners to offer you certain products, services, or promotions.

International Data Transfers:
Your personal data may be transferred to and processed in countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. We will ensure that appropriate safeguards are in place to protect your personal data when it is transferred internationally.

11. International Data Transfers

Transfers within the EU/EEA:
We comply with GDPR requirements for data transfers within the European Union (EU) and European Economic Area (EEA).

Transfers outside the EU/EEA:
For data transfers outside the EU/EEA, we ensure adequate protection of your personal data through various measures, such as standard contractual clauses, binding corporate rules, or other legally accepted mechanisms.

Safeguards for International Transfers:
We implement appropriate safeguards to protect your personal data when it is transferred internationally. These safeguards include contractual obligations imposed on the recipients of your personal data to ensure they protect it to the same standard as required in your country.

12. Data Security

Measures to Protect Personal Data:
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal data. These measures are designed to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Security Breach Response:
In the event of a data security breach, we have procedures in place to promptly respond and mitigate any potential harm. We will notify you and the relevant authorities of a breach where we are legally required to do so.

Data Encryption and Pseudonymization:
We use encryption and pseudonymization techniques to protect your personal data during transmission and storage.

13. Rights of Data Subjects

Right to Access:
You have the right to request access to your personal data and to obtain information about how we process it.

Right to Rectification:
You have the right to request the correction of inaccurate or incomplete personal data.

Right to Erasure:
You have the right to request the deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing:
You have the right to request the restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to its processing.

Right to Data Portability:
You have the right to request the transfer of your personal data to another organization or directly to you, in a structured, commonly used, and machine-readable format.

Right to Object:
You have the right to object to the processing of your personal data based on legitimate interests, direct marketing, and profiling related to direct marketing.

Rights Related to Automated Decision-Making, Including Profiling:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except under certain circumstances.

Right to Data Accuracy in Transactions:
Users have the right to request corrections to any transactional data if they believe there are errors in how their transactions have been processed or recorded on our platform.

14. Exercising Data Subject Rights

Process for Submitting Requests:
To exercise your rights, please email us at privacy@caawiye.com. We may need to verify your identity before processing your request.

Response Times:
We will respond to your request within one month of receiving it. If your request is complex or you have made multiple requests, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

Verification of Identity:
To protect your privacy and security, we may take reasonable steps to verify your identity before granting access or making corrections to your personal data.

15. Cookies and Similar Technologies

Types of Cookies Used:
We use different types of cookies on our Platform, including:

  • Strictly Necessary Cookies: These cookies are essential for the operation of the Platform.
  • Performance Cookies: These cookies collect information about how visitors use the Platform.
  • Functional Cookies: These cookies allow the Platform to remember choices you make.
  • Targeting/Advertising Cookies: These cookies are used to deliver advertisements relevant to you.

Purpose of Cookies:
We use cookies to enhance your experience on our Platform, for analytics purposes, and to deliver personalized content and advertisements.

Managing Cookie Preferences:
You can manage your cookie preferences through your browser settings or by using cookie management tools available on our Platform.

Third-Party Cookies:
We may allow third parties to set cookies that collect information about your online activities across different websites and over time. These third parties may use this information to provide you with targeted advertising.

16. Children's Privacy

Age Restrictions for Data Collection:
Our Platform is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13 without parental consent.

Parental Consent Requirements:
If we become aware that we have inadvertently received personal data from a child under 13, we will delete such information from our records.

Rights of Children Regarding Their Data:
Parents or guardians who believe that their child has provided us with personal data without their consent can contact us at privacy@gmail.com to request deletion of the information.

17. Marketing Communications

Types of Marketing Communications:
We may send you marketing communications about our products, services, and promotions if you have opted in to receive such communications.

Consent for Marketing:
We will obtain your explicit consent before sending you marketing communications. You can opt out of receiving marketing communications at any time by following the unsubscribe instructions provided in our emails or by contacting us directly.

Opting Out of Marketing Communications:
If you opt out of receiving marketing communications, we will stop sending them to you. However, we may still send you non-marketing communications, such as service-related emails.

18. Profiling and Automated Decision-Making

Explanation of Profiling and Automated Decision-Making:
Profiling involves the automated processing of personal data to evaluate certain aspects of an individual, such as their preferences or behavior. Automated decision-making involves making decisions based solely on automated processing without human intervention.

Purpose and Legal Basis for Profiling:
We may use profiling and automated decision-making to improve our services, personalize your experience, and deliver targeted promotions. The legal basis for this processing is our legitimate interests or your explicit consent.

Rights Related to Profiling:
You have the right to object to profiling and automated decision-making, and to request human intervention, express your point of view, and contest the decision.

19. Third-Party Links

Links to Third-Party Websites:
Our Platform may contain links to third-party websites. We are not responsible for the privacy practices or content of these third-party websites.

Disclaimer of Third-Party Privacy Practices:
We encourage you to review the privacy policies of any third-party websites you visit to understand their data collection and processing practices.

20. Changes to the Privacy Policy

Notification of Changes:
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our Platform and updating the "Last Updated" date.

Effective Date of Changes:
The updated Privacy Policy will be effective immediately upon posting, unless otherwise specified. Your continued use of our Platform after the effective date constitutes your acceptance of the updated Privacy Policy.

Continued Use After Changes:
If you do not agree with the changes to the Privacy Policy, you should discontinue using our Platform.

21. Complaints and Dispute Resolution

Process for Filing Complaints:
If you have any complaints about our use of your personal data, please contact us at complaints@caawiye.com. We will investigate and respond to your complaint promptly.

Contact Information for Data Protection Authorities:
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in Somalia or your country of residence.

Alternative Dispute Resolution Mechanisms:
We are committed to resolving disputes in a fair and efficient manner. If you have any concerns or disputes, please contact us to discuss alternative dispute resolution mechanisms.

22. Training and Awareness

Training for Employees on Data Protection:
We provide regular training to our employees on data protection principles and practices to ensure they understand their responsibilities and how to protect personal data.

Awareness Programs for Data Protection:
We conduct awareness programs to educate our employees and stakeholders about the importance of data protection and the measures they can take to safeguard personal data.

23. Record of Processing Activities

Maintaining Records of Processing Activities:
We maintain records of our processing activities in accordance with GDPR requirements and Somalia's data protection laws.

Content of the Records:
Our records include information such as the purposes of processing, categories of data subjects and personal data, data recipients, and data retention periods.

Access to Records by Authorities:
We provide access to our records of processing activities to data protection authorities upon request, as required by law.

24. Data Protection Impact Assessments (DPIA)

When to Conduct DPIAs:
We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of data subjects.

Process for Conducting DPIAs:
Our DPIA process involves assessing the nature, scope, context, and purposes of processing, identifying potential risks, and implementing measures to mitigate those risks.

Documentation and Review of DPIAs:
We document our DPIA findings and review them regularly to ensure they remain up-to-date and effective in addressing data protection risks.

25. Contact Information

Contact Details for Privacy-Related Inquiries:
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

Caawiye
Shibis, Wadada Nasiib Buundo, Masjid Rowda
Email: privacy@caawiye.com
Phone: +252 61 4 599993