Last
updated date:
Contact Information:
Data
Controller Information
Khimji’s Watches
PO Box 3295, 112, Muscat,
Sultanate of Oman
Contact
Information of Data Protection Officer
Name: Mr. Ali Said Ali Al Kalbani
Contact:
+968 98515813
The DPO is responsible for
ensuring Khimji’s Watches compliance with the PDPL and for addressing all inquiries
related to the processing of personal data.
Our Role
Under the Oman PDPL (Royal
Decree No. 6/2022), Khimji’s Watches operate in two
capacities:
● Data
Controller: We act as the Controller when we determine the purpose and means of
processing your data to provide our services to you.
● Data Processor: We act as a Processor when we handle personal data solely on behalf of, and according to the documented instructions of, a Data Controller (such as a corporate employer or partner). When we play a role of a processor we request you to check your controller’s Privacy practices before sharing with us.
Personal Data we collect
Khimji’s Watches collects only the minimum necessary data required to provide our services and comply with PDPL. We collect information that identifies you or makes you identifiable. The type of data we collect depends on your interaction with us (e.g., whether you are a retail customer, a corporate partner, or a website visitor).
1. Information You Provide
Directly
This is data you give us when you register for an account, purchase a product, or contact our support team.
● Identity
Data: Full name Civil ID number
(Oman ID) or Passport number, and date of birth.
● Contact
Data: Personal or work email address, mobile number, and physical
billing/delivery address.
● Financial
Data: Bank account details or payment card info (collected securely for
transactions).
2. Information Collected
Automatically
When you visit our digital platforms, we use cookies and similar technologies to collect technical data.
● Technical
Data: Your IP address, login data, browser type and version, time zone
setting, and operating system.
● Usage Data: Information about how you use our website, products, and services (e.g., pages viewed or links clicked).
Legal Basis & Purpose of Processing
We process your personal data only when a valid legal basis exists under the Oman PDPL:
● Explicit Consent: We process your personal data if you have given your clear, written, or electronic approval/consent for the same. Where we rely on your consent to use your personal data, you have the right to withdraw the consent at any time. Please contact us using the details in the Contact us section.
● Contractual
Necessity: We process your data to fulfil the contractual necessity and provide
you the travel services you have requested.
● Legal
Obligations: We process your personal data necessary for compliance with the
any legal obligation, court judgments, or regulatory requirements.
● Security
of the Organization: To protect our systems, prevent fraud, and ensure the
safety of our operations.
Our Purpose of processing
● As a
Data Controller:
We process your personal data strictly for the
services purposes for which you engage us. Your data is treated as highly
confidential and managed in full accordance with the Oman PDPL.
● As a
Data Processor:
When we act on behalf of another Controller (such as
your employer), we process personal data strictly according to their documented
written instructions and the safety standards mandated by the Law.
Our Commitment on Data Protection
to Global Clients:
We treat all personal data
with the highest level of care and security. Khimji’s Watches operates in
full alignment with applicable privacy regulations, including the Oman Personal
Data Protection Law (Royal Decree 6/2022). We ensure that our processing
activities respect the privacy standards of our global clients and the rights
of their data subjects.
Data Subject Rights Under PDPL
As a data subject, you
have the following rights:
● Access: You have right to request a copy of your personal
data held by Khimji’s Watches
● Correction: You have a right to request correction of inaccurate
or outdated data.
● Erasure: You have a right to request deletion of your data
under specific circumstances.
● Deletion:
You have right to request erasure
of your personal data, for example if consent is withdrawn or the data is no
longer necessary.
● Withdrawal
of Consent: You have a right to
revoke previously given consent at any time.
● Restriction:
You have right to request
temporary halt of processing under specific conditions.
● Data
Portability: You have right to
request transfer of your data in a machine-readable format
● Objection: You have right to object to processing for direct
marketing or other reasons.
● Complaint: If you have any questions or concerns regarding our
privacy practices, we encourage you to contact our Data Protection Officer
(DPO) directly. If our DPO is unable to resolve your concern to your
satisfaction, you maintain the right to escalate your complaint to the Ministry
of Transport, Communications and Information Technology (MTCIT).
To exercise any of these rights,
please contact: privacy@kr.om
Cookies and Google Analytics:
We use strictly necessary
cookies to ensure the proper functioning and security of our website and to
analyze website traffic using Google Analytics. Analytics cookies will only be
set with your consent. You can accept or reject these cookies. services
to monitor the site performance. We do not process any personal data using the
Google analytics services.
Marketing & Promotional
Activities
We only use your personal
information for direct marketing if you provide explicit consent. All our
marketing communications include clear instructions on how to opt out at any
time. You can withdraw your consent or change your preferences by replying
directly to our emails, messaging us on social media, or contacting us through
this website.
You
information shared with other:
Recipient
of your data:
Third
party service providers: We
may share personal data we collect about you with our third-party service
providers. The categories of service providers to whom we entrust personal data
including IT and related services such as cloud-based centers, analytics
service provides, Travel partners.
Marketing
Partners: We may share your
information with partners helps us with marketing activities after better
understanding your preferences and with your consent.
Disclosures
to protect us or others: We
may access, preserve and disclose any information we store associated with you
to external parties if we in good faith believe doing so is required or
appropriate to comply with law enforcement or national security request and
legal process.
Disclosures
in the event of merger, sale or other asset transfer: If we are involved in a merge, acquisition, or sale
of assets or transition of service to another provider then your information
may be sold or transferred as part of such a transaction, as permitted by law
and /or contract.
Third
Party Service Provider:
To deliver targeted travel
services and updates, we use multiple third-party service providers.
We have established formal
Data Protection Agreements with third party service providers to ensure your
personal data is handled with a level of protection that meets the standards of
the Oman PDPL.
Limitation of Liability for
Publicly Shared Data:
While Khimji’s Watches handles all
private correspondence (Direct Messages) in accordance with the Oman
PDPL (Royal Decree No. 6/2022), we do not encourage the disclosure of
non-public personal information in public forums or comment sections. Users are
advised that information shared publicly is outside of our exclusive control.
Consequently, Khimji’s Watches shall not be
held liable for any damages, losses, or privacy breaches arising from the
misuse of such information by other users or third parties.
Retention of Personal Data:
We retain your personal
data only as long as necessary to fulfil the purpose for which it was collected
or as required by law. For regulatory, auditing, we store data for a minimum 10
years following the end of our relationship unless otherwise required by law or
applicable contracts. There can be scenarios wherein to fulfil the legal
obligations we might have to retain the data for longer. Within this
period, you may exercise any of your rights as per Oman PDPL. For more
information, please refer to the "Rights of the Data Subject"
section.
Data Security:
We implement appropriate technical
and organizational measures to protect the personal information we collect from
or about you (including personal identifiable information) against unauthorized
access, use, alteration, or disclosure. These measures include, among others:
● Encryption
of personal data at rest and in transit, where applicable
● Role-based
access controls and audit logging
● Staff
training and internal privacy and information security governance measures
Cross-Border Data Transfers:
Your data will be stored
outside Oman using third party Cloud Service Providers hosted outside Sultanate
of Oman. We also transfer data to government authorities, hotels, and
international partners (such as for visa processing and bookings) in third
countries to deliver your requested services.
To ensure the safety of
your information, we conduct Transfer Impact Assessments and maintain Data
Protection Agreements with our partners to guarantee a level of protection
equivalent to the Oman PDPL.
Link
to other Sites:
Our Services may contain
links to other websites and services. Any information that you provide on or to
a third-party website or service is provided directly to the owner of the
website or service and is subject to that party’s privacy notice. Our privacy
notice does not apply to such websites or services and we’re not responsible
for the content, privacy, or security practices and policies of those websites
or services. To protect your information, we recommend that you carefully
review the privacy policies of other websites and services that you access.
Breach Notification:
A Personal Data
Breach may include any unauthorized or unlawful access, disclosure,
alterations, loss, destruction misuse or compromise of Personal Data processed
by us
In case of a personal data
breach we shall take appropriate technical and organizational measures to
contain, investigate, assess and remediate the incident in accordance with the
Oman Personal Data Protection Law (Royal Decree 6/2022) and its implementing
regulations (PDPL) we ensure that we take the relevant steps to ensure that the
breach is mitigate and we comply.
We maintain an internal
data breach response procedure to ensure prompt identification, documentation,
escalation and mitigation of any incident.
Changes to Privacy Notice:
Any information that we
collect is subject to the privacy notice in effect at the time that the
information is collected. We may, however, modify and revise this privacy
notice from time to time. We encourage you to review this privacy notice
periodically to stay informed about how we process and protect your personal
data.
The last updated date at
the top of this privacy notice indicates when it was most recently revised.
Complaints and Contact
Information:
If you believe your personal data
has been mishandled or your privacy rights are violated:
Please contact us at privacy@kr.om
+968 24600444
support@khimjiswatches.om