Privacy Policy

Last Updated: February 26, 2026

Sobkichu values your privacy and is committed to protecting your personal data in compliance with the Personal Data Protection Ordinance 2025 (PDPO 2025) of Bangladesh and other applicable laws. This Privacy Policy explains in detail how we collect, use, disclose, store, secure, and protect your personal data when you visit our website (sobkichu.site), browse products, place orders, make payments, participate in our affiliate program, contact support, or use any of our services.

As an online-only e-commerce platform operating in Bangladesh (with no physical stores), we curate and offer a wide range of high-quality products sourced from multiple trusted suppliers and partners (including dropshipping arrangements). We process personal data responsibly, with data minimization (collecting only what is necessary), purpose limitation, transparency, and accountability as core principles.

By accessing or using our website or services, you consent to the collection, processing, and use of your personal data as described in this Policy. If you do not agree with any part of this Policy, please do not use our website or services. You may withdraw consent at any time (subject to legal and contractual limitations) by contacting us.

1. Definitions

For clarity, the following terms have these meanings (aligned with PDPO 2025):

  • Personal Data: Any information relating to an identified or identifiable natural person (data subject), including name, phone number, email, address, payment references, IP address, device info, browsing behavior, etc.
  • Sensitive Personal Data: Data revealing health, genetic/biometric information, religious/political beliefs, sexual orientation, financial details, or other special categories – we do not collect or process sensitive data unless strictly necessary and with explicit consent.
  • Data Subject: You, the individual whose personal data we process.
  • Data Fiduciary/Controller: Sobkichu (we decide the purpose and means of processing).
  • Data Processor: Third parties (e.g., delivery couriers, payment providers) who process data on our instructions.

2. Information We Collect

We collect the following categories of personal data, limited to what is necessary for our services:

2.1 Data You Provide Voluntarily

  • Account registration: Name, email, phone number, password.
  • Orders & checkout: Shipping/billing address, phone number (for delivery updates), order details, special instructions.
  • Payments: Transaction references (e.g., bKash/Nagad/Rocket TrxID, Binance TxID/hash) – we do not store full card numbers, PINs, or sensitive payment credentials.
  • Support/contact: Messages, queries, feedback via chat, email, WhatsApp, or forms.
  • Affiliate program: Name, email, phone, social media links, website/channel URL, promotion plans (for approval and dashboard access).
  • Newsletter/marketing: Email or phone for promotions (with explicit opt-in consent).

2.2 Data Collected Automatically

  • Device & technical info: IP address, browser type/version, operating system, device ID, screen resolution, language settings.
  • Usage data: Pages visited, time spent, products viewed, cart actions, search queries, referral sources (including affiliate links).
  • Cookies & trackers: Session IDs, preferences, analytics (e.g., Google Analytics if enabled), affiliate attribution cookies (90-day duration for referral credit).

2.3 Data from Third Parties

  • Delivery partners (e.g., Pathao, RedX, Sundarban Courier): Delivery status updates, address confirmation.
  • Payment providers: Confirmation of successful transaction (no sensitive details shared with us).
  • Affiliates: Referral click data (anonymized where possible) to attribute sales for commissions.

3. Lawful Bases for Processing (PDPO 2025 Compliant)

We process personal data only on valid lawful bases, including:

  • Consent: Explicit, informed, and freely given (e.g., marketing emails, non-essential cookies). You can withdraw anytime without detriment (except where processing is necessary for contract fulfillment).
  • Contractual Necessity: To process orders, deliver products, handle payments, provide support.
  • Legitimate Interests: Fraud prevention, site improvement, security, affiliate tracking (balanced against your rights).
  • Legal Obligation: Tax records, dispute resolution, compliance with authorities.
  • Public Interest: In limited cases (e.g., safety or legal enforcement).

For sensitive data (if any), we require explicit consent or another strict legal basis.

4. How We Use Your Information

Your data is used only for specified, explicit, and legitimate purposes:

  • Order fulfillment: Process purchases, arrange delivery, send updates (SMS/email).
  • Payment verification: Confirm transactions via your provided references.
  • Customer service: Respond to inquiries, resolve issues, refunds/returns.
  • Affiliate program: Generate/track referral links (default store or product-specific), attribute sales within 90-day cookie window, calculate/pay commissions.
  • Marketing: Send promotions/offers only with consent (easy opt-out via unsubscribe link).
  • Analytics & improvement: Understand user behavior, fix bugs, enhance site/products.
  • Security & fraud: Detect/prevent unauthorized access, abuse, or illegal activity.
  • Legal/compliance: Retain records for tax, audits, disputes, or government requests.

5. Sharing & Disclosure of Your Information

We share data only on a need-to-know basis and with safeguards:

  • Service Providers: Delivery couriers (address/phone for delivery), payment processors (limited confirmation data), cloud/hosting providers (secure servers).
  • Affiliates: Anonymized referral/click data for commission tracking (no full personal details shared).
  • Legal Requirements: If required by law, court order, government authority, or to protect rights/safety.
  • Business Transfers: In case of merger, acquisition, or asset sale (with notice where possible).

We do not sell your personal data. All sharing includes contracts ensuring confidentiality, security, and PDPO compliance.

6. Cookies, Tracking Technologies & Affiliate Links

We use cookies and similar technologies for:

  • Essential: Site functionality (cart, login, checkout).
  • Analytics: Site usage (aggregated/anonymized where possible).
  • Affiliate: 90-day cookies to credit referrals if purchase occurs within that period.
  • Marketing: With consent (e.g., retargeting pixels if enabled).

You can manage cookies via browser settings. Disabling may affect site features. For affiliate links, clicking generates a unique referral ID stored in cookies for attribution.

7. Your Rights as Data Subject (PDPO 2025)

You have the following enforceable rights:

  • Access: Request what data we hold about you.
  • Correction: Update inaccurate/incomplete data.
  • Deletion/Erasure: Request removal (subject to legal retention or contractual needs).
  • Withdrawal of Consent: Revoke consent anytime (e.g., stop marketing).
  • Objection: Object to processing based on legitimate interests or marketing.
  • Portability: Receive your data in structured format (where technically feasible).
  • Breach Notification: Be informed of data breaches affecting you.

To exercise rights, email info@sobkichu.site with proof of identity. We respond within 30 days (or as required by PDPO). No fee for most requests (unless excessive).

8. Data Security Measures

We implement appropriate technical and organizational measures, including:

  • Encryption for sensitive transmissions (e.g., checkout).
  • Secure servers and access controls.
  • Regular security assessments.
  • Staff training on data protection.

Despite best efforts, no transmission is 100% secure. In a data breach, we notify affected individuals and authorities promptly (as per PDPO requirements).

9. Data Retention

We retain data only as long as necessary:

  • Active accounts/orders: Duration of relationship + reasonable period.
  • Order history: Up to 7 years for tax/legal purposes.
  • Inactive accounts: Deleted after 2-3 years of inactivity (unless legal hold).
  • Affiliate logs: Up to 5 years for disputes/audits.
  • Marketing data: Until consent withdrawn.

After retention period, we delete or anonymize data securely.

10. Children’s Privacy

Our services are not directed at children under 18. We do not knowingly collect data from minors without verifiable parental/guardian consent. If discovered, we delete such data immediately. For users under 18, explicit guardian consent is required for any processing.

11. International Data Transfers

Some processing may occur outside Bangladesh (e.g., cloud servers, analytics tools). We ensure adequate protections through contracts, standard clauses, or other mechanisms compliant with PDPO cross-border rules.

12. Changes to This Privacy Policy

We may update this Policy to reflect changes in practices, technology, or law. Updates will be posted here with a revised “Last Updated” date. Significant changes will be notified via email or prominent site notice. Continued use after changes constitutes acceptance.

13. Contact Us

For questions, rights requests, complaints, or concerns:

Email: info@sobkichu.site
Alternative: support@sobkichu.site
We aim to resolve issues promptly and transparently.

Thank you for trusting Sobkichu. Your privacy matters to us.


Home

Shop

Search

Categories

Account
Scroll to Top
Enable Notifications OK No thanks