1. Who We Are & Contacts

Controller: Tanemera, 123 Clock Tower, Business Bay, Dubai, UAE.

Primary privacy contact:privacy@tanemera.com

2. Scope

This Policy explains how we collect, use, disclose, and safeguard personal data when you use our websites, apps, products, services, and communications (together, the “Services”). It applies to individuals worldwide, subject to regional disclosures in this Policy. If we process protected health information (PHI) in the United States, the HIPAA section also applies.

3. Data We Collect

We may collect the following categories of data (as permitted by law and your settings):

• Identifiers and contact details: name, email, phone, postal address, account IDs.
• Commercial information: orders, subscriptions, transaction history.
• Device/technical data: IP address, device IDs, browser type, OS, app/version, diagnostics, crash logs.
• Usage data: pages viewed, features used, clicks, timestamps, referral/UTM.
• Location data: approximate (from IP) or precise (with your consent).
• Preferences: language, marketing preferences, cookie choices.
• Support content: messages, attachments, feedback.
• Professional data (if B2B): company, role, department.
• Sensitive data (only if necessary and lawful): [describe or state “not collected”].
• PHI (US, HIPAA contexts): see HIPAA section.

Sources: directly from you; your organization (if using enterprise Services); our Service providers; cookies/SDKs; public or commercially available sources; and, where permitted, partners/affiliates.

4. How We Use Data & Legal Bases

We use data for:

• Service delivery and account management: set up accounts, provide features, customer support. Legal bases: contract necessity; legitimate interests; and/or consent as required.
• Transactions and billing: process payments, prevent fraud. Legal bases: contract necessity; legal obligation; legitimate interests.
• Personalization and analytics: tailor content, measure performance. Legal bases: consent where required (e.g., cookies/SDKs); otherwise legitimate interests.
• Marketing and communications: send updates, offers, event notices. Legal bases: consent where required; legitimate interests. You can opt out at any time.
• Security and abuse prevention: protect accounts, investigate suspicious activity. Legal bases: legitimate interests; legal obligation.
• Compliance: meet tax, auditing, regulatory, and recordkeeping duties. Legal basis: legal obligation.

Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, we balance our interests against your rights.

Applicable frameworks include GDPR/UK GDPR, LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa), PDPA (e.g., Singapore/Malaysia), and other local laws as relevant.

5. HIPAA (US Health Information)

When we act as a Covered Entity or Business Associate under HIPAA, we may process Protected Health Information (PHI). In such cases:

• We use and disclose PHI only as permitted by HIPAA and our Business Associate Agreements (BAAs) or as required by law.
• We maintain administrative, physical, and technical safeguards to protect PHI and provide breach notifications as required.
• Your HIPAA rights (e.g., access, amendment, accounting of disclosures) are honored in accordance with applicable rules.

If applicable, your organization’s Notice of Privacy Practices or our HIPAA Notice will describe PHI uses in more detail. If HIPAA does not apply to a particular Service, this section may not apply.

6. Cookies & Similar Technologies

We use cookies, SDKs, and similar technologies to operate the Services, remember preferences, analyze usage, and (where applicable) personalize content or ads. Where required, we seek your consent before setting non-essential cookies.

• Types: essential, performance/analytics, functional, advertising.
• Choices: use our cookie banner or preferences to manage consent; set your browser/device controls; you may opt out of certain analytics/ads where offered.
• Signals: we honor applicable browser or platform opt-out signals where legally required (e.g., Global Privacy Control).

7. Sharing & Recipients

We may share data with:

• Service providers/processors: hosting, analytics, support, communications, payment processing, security.
• Business partners (where you engage such features): integrations or services you connect.
• Corporate transactions: in a merger, acquisition, or asset sale, subject to appropriate safeguards.
• Legal and compliance: to comply with laws, enforce terms, protect rights, safety, and security.
• Affiliates: within our corporate group for the purposes described in this Policy.

We do not sell or share personal data for cross-context behavioral advertising where prohibited. Where required by law (e.g., certain US states), we provide an opt-out mechanism for “sale” or “sharing.”

8. International Transfers

Your data may be transferred to and processed in countries outside your own. Where required, we implement appropriate safeguards such as European Commission Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA), adequacy decisions, or equivalent instruments under local laws.

9. Retention

We retain personal data only as long as needed for the purposes described above, including to comply with legal, accounting, or reporting requirements, and then securely delete or anonymize it.

Default periods: [insert business-justified retention periods per category, e.g., “Account data: X years after last activity; Transaction data: Y years for tax/compliance; Support tickets: Z months”].

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption in transit and at rest (where applicable), secure development practices, and vendor due diligence. No system is 100% secure; we assess incidents and notify regulators and individuals as required by law.

11. Your Rights (Global)

Your rights depend on your location and the applicable law. Subject to conditions and exceptions, you may have the right to:

• Access your data and obtain a copy.
• Correct inaccurate or incomplete data.
• Delete your data.
• Restrict or object to processing (including for direct marketing).
• Portability of certain data in a usable format.
• Withdraw consent where processing is based on consent.
• Limit use/disclosure of sensitive data (where applicable).
• Opt out of sale/sharing for cross-context behavioral advertising (where applicable).
• Appeal a decision on your request (in some jurisdictions).

How to exercise: Contact us using the details in the Contact section and indicate your region. We will verify your identity and respond within applicable timelines. Authorized agents may submit requests where permitted.

12. Children’s Privacy

Our Services are not directed to children under the age of [13/16 – choose per jurisdiction]. We do not knowingly collect personal data from children without appropriate consent. If you believe a child provided data to us, contact us to request deletion.

13. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects without human involvement. If we introduce such processing, we will provide required notices and choices.

14. Changes to This Policy

We may update this Policy from time to time. The “Last updated” date indicates the latest revision. Material changes will be communicated through the Services or by direct notice where required.

15. Contact

To ask questions or exercise your rights, contact: info@tanemera.com. If applicable in your region, you may also contact our EU/UK representative or lodge a complaint with your local authority.

16. Key Definitions

• Personal data: information that identifies or can reasonably be linked to an individual.
• Processing: any operation performed on personal data (collection, use, disclosure, storage, etc.).
• Controller / Processor: the party that determines purposes/means of processing vs. processes on behalf of a controller.
• Sale/Share (US state laws): as defined by applicable law for cross-context behavioral advertising or disclosures for value.
• PHI: protected health information regulated by HIPAA.