Privacy Policy

ROSOMART.COM — Privacy Policy

Effective Date: [15 October 2025]
Last Updated: [15 October 2025]

Welcome to ROSOMART.COM. Your privacy and the protection of your personal data are of the utmost importance to us. This Privacy Policy explains how we collect, use, disclose, protect, and retain your information when you visit or make purchases on our website (https://www.rosomart.com). By accessing or using our services, you agree to the terms of this Privacy Policy.

1. Introduction

1.1 Purpose.
This Privacy Policy describes the categories of information we collect, how we use and share it, your rights regarding your personal data, and our efforts to keep your information secure. We aim to maintain the highest standards of trust, transparency, and compliance.

1.2 Legal Framework & Compliance.
In Bangladesh, our handling of digital information is governed by:

  • The Information and Communication Technology (ICT) Act, 2006 (as amended) (which contains provisions prohibiting unauthorized access and disclosure of data) fmassociatesbd.com+4SAMSN+4Wikipedia+4
  • The Digital Security Act, 2018, defines “identity information (personal data)” and requires explicit consent for collection, storage, use, or disclosure of such data. OHCHR+3The Daily Star+3juralacuity.com+3
  • Constitutional rights (notably the right to privacy) and emerging international practice
  • International data protection principles (e.g., transparency, purpose limitation, data minimization, security, user rights)

Because Bangladesh currently lacks a comprehensive, enforceable general data protection law, our policy also draws on best practices (such as the EU’s GDPR, ISO/IEC 27001, and industry norms) so that your data is handled responsibly and securely. fmassociatesbd.com+5DataGuidance+5blog.dohatec.com+5

1.3 Scope.
This Policy covers personal data collected via www.rosomart.com, mobile interfaces, APIs, and other digital touchpoints we operate. It applies to all customers, site visitors, and users of the service.

2. Information We Collect

We collect various types of information to operate our services, to deliver and improve them, to process transactions, and for customer support. Broadly, we classify data into:

2.1 Personal / Identity Information

When you register, shop, or interact with us, we may collect:

  • Full name
  • Date of birth (if applicable)
  • Gender (optional)
  • National identity number / Smart NID or other government ID (if required for verification)
  • Postal address, billing address, shipping address
  • Email address
  • Mobile phone number
  • Profile photo (optional)
  • Username, password, and other login credentials
  • Other identity documents (when required for legal or fraud prevention purposes)

We may also receive such information from third‐party identity verification services.

2.2 Payment and Transaction Data

To complete purchases, we may collect:

  • Credit/debit card number, expiry date, CVV (usually througha payment gateway)
  • Bank account or mobile banking details
  • Transaction records (date, amount, product, status)
  • Payment authentication, authorization tokens
  • Billing address and tax / VAT identifiers (if applicable)

Note: In many cases, sensitive financial details are handled by third-party payment gateways and are not stored in full by ROSOMART (see Section 6).

2.3 Browsing, Technical, and Usage Data

We automatically or via third parties collect:

  • IP address
  • Device identifiers (e.g., mobile device ID, browser fingerprint)
  • Browser type and version, operating system
  • Pages visited, time spent, clickstream data
  • Referring URLs, search terms, referral data
  • Log data and server event information
  • Cookie, pixel, and tracking data (see Section 5)
  • Location data (coarse or fine) if permitted
  • Error reports, crash logs, performance data

We may derive aggregated or pseudonymized analytics from this data so that individuals cannot be re-identified but that we can improve our services, marketing, and site performance.

2.4 Communications & Support Data

If you contact us (via email, chat, phone, social media), we may collect:

  • Correspondence logs and content
  • Metadata (timestamps, IP address, device)
  • Customer service notes
  • Survey responses or feedback data

2.5 Optional & Third-Party Data

With your consent, or where publicly available:

  • Social media profile information (e.g. from Facebook, Google login)
  • Reviews, ratings, user‐generated content, images
  • Marketing preferences
  • Data from third‐party providers (e.g. identity verification, credit scoring, fraud detection)

3. How We Use Your Information

We use the collected data for the following lawful, proportionate purposes:

3.1 Order Fulfillment and Transactions

  • To process and complete your orders, payments, and refunds
  • To verify your identity, billing and shipping information
  • To provide you with purchase confirmations, invoices, and delivery status
  • To resolve transactional disputes, cancellations, or returns

3.2 Service Delivery, Improvement & Personalization

  • To manage your account, provide customer support, and investigate problems
  • To deliver personalized content, offers, product recommendations
  • To improve our website, marketing, features, and performance
  • To conduct internal analytics (e.g. sales trends, site usage)

3.3 Communication & Marketing

  • To send you transactional and promotional emails (order updates, newsletters, offers)
  • To send you SMS or mobile push notifications (if opted in)
  • To run remarketing, targeted ads across platforms
  • To deliver relevant offers or discounts

You may opt out from marketing communications at any time (see Section 8).

3.4 Fraud Prevention & Compliance

  • To detect and prevent fraud, unauthorized transactions, or security incidents
  • To enforce our Terms & Conditions
  • To comply with legal, regulatory or governmental requirements (tax, audit, law enforcement)
  • To handle dispute resolution, recover debts, protect rights and property

3.5 Legal & Safety Purposes

  • To maintain records as required by law
  • To investigate and enforce legal rights in litigation or regulatory proceedings
  • To comply with orders, subpoenas, or court mandates

4. Data Security & Protection

We adopt robust technical and organizational measures to safeguard your data, including:

  • Encryption (TLS/SSL) in transit and AES (or industry­standard) encryption at rest
  • Secure key management, access control, and role-based permissions
  • Firewalls, intrusion detection/prevention systems (IDS/IPS)
  • Network segmentation, secure data centers
  • Regular security audits, vulnerability assessments, and penetration testing
  • Principle of least privilege (employees access only the needed data)
  • Data pseudonymization or anonymization, where feasible
  • Incident response plan and protocols
  • Internal policies, staff training, confidentiality,y and non-disclosure obligations

However, no system is perfectly secure. In case of a data breach, we will take appropriate remedial steps to mitigate harm, inform affected users, and cooperate with authorities as required under applicable law and best practice.

5. Cookies & Tracking Technologies

5.1 What Are Cookies & Tracking Tools

We and our service providers use cookies, web beacons, pixels, local storage, and similar technologies to track activity on our site, store preferences, and improve your experience.

5.2 Types of Cookies & Their Purpose

  • Strictly necessary cookies – essential for site operations (login sessions, cart, checkout)
  • Performance & analytics cookies – to measure usage, page views, load times
  • Functional cookies – to remember user preferences (language, display settings)
  • Advertising / targeting cookies – to deliver relevant ads, retargeting, and measure ad campaign performance

5.3 Consent & Control

On your first visit, we provide a cookie consent banner or preferences tool, allowing you to accept or decline non-essential cookies. You may later change your preferences via a settings link.

You may also disable or block cookies via your browser settings — but this may affect the usability of ROSOMART.

5.4 Third-Party Tracking

We permit certain third-party service providers (e.g. Google Analytics, Facebook Pixel, advertising networks) to set cookies or similar tools. These trackers adhere to their privacy policies. We require such providers to treat your data in accordance with applicable data protection standards.

6. Third-Party Services & Payment Gateways

6.1 Payment Processors & Gateways

To process payments securely, we partner with recognized third-party gateways (e.g. local banks, mobile financial services, card processors). These providers may collect necessary payment information directly. ROSOMART does not store full card numbers or CVVs unless explicitly required, and only in encrypted form if stored.

We ensure these providers uphold data security, confidentiality, and use your data only for payment processing and fraud prevention, not unrelated purposes.

6.2 Service Providers & Processors

We may share your data with third-party service providers (acting as “processors”) who assist in:

  • Shipping and delivery services
  • Email / SMS / push notification services
  • Customer support & helpdesk systems
  • Analytics and metrics providers
  • Fraud detection, identity verification
  • Marketing/advertising networks
  • IT infrastructure, cloud hosting, backup, and database providers

We impose contractual obligations on them to process data only as instructed by us, maintain confidentiality, and employ adequate security measures.

6.3 Joint Controllers / Co-Controllers

In limited cases, we may jointly determine the purpose and means of data processing with business partners (co-controllers). In such cases, we will clearly specify in the relevant interface or before providing services which party is responsible for which obligations under this Privacy Policy.

6.4 Government, Regulators & Legal Disclosure

We may disclose your personal data to law enforcement, government, courts, or regulatory bodies if required under a valid court order, subpoena, or under applicable ICT / Digital Security / cyber laws in Bangladesh.

Specifically, under the ICT Act and Digital Security Act, unauthorized access, disclosure or tampering with identity information is an offense. Dhaka Tribune+3SAMSN+3cgs-bd.com+3

When disclosing, we will only provide the minimal necessary data, and where possible, notify you unless legally prohibited.

7. Data Retention Policy

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, or as required by law or legitimate business needs:

  • Transactional & Order data: retained for a period (e.g. 5 to 7 years) to comply with tax, audit, and accounting obligations
  • Account and profile data: kept until you delete your account or request erasure, subject to legal obligations
  • Marketing & communication records: retained for a limited period (e.g. until opt-out + reasonable buffer)
  • Logs, analytics, performance data: stored for a limited period (e.g. 1–3 years) in aggregated or pseudonymized form
  • Fraud prevention / legal disclosures: retained as long as necessary for legal, audit, or security purposes

At the end of the retention period, data is securely deleted, anonymized or destroyed following secure disposal protocols.

8. User Rights & Consent

8.1 Consent & Lawful Basis

We collect and process personal data only when we have a lawful basis, such as:

  • Your explicit consent (opt-in)
  • Performance of contract (order processing, delivery)
  • Compliance with legal obligation
  • Legitimate interests (fraud prevention, site improvement)

For sensitive processing (e.g. identity verification), we will obtain specific consent.

You may withdraw consent at any time (without affecting the lawfulness of prior processing) by contacting us (see Section 11) or via opt-out tools.

8.2 Your Rights

To the extent permitted by law, you have the following rights:

  • Right to access/request a copy of your personal data
  • Right to correction/rectification of inaccurate or incomplete data
  • Right to erasure/deletion (“right to be forgotten”), subject to legal and contractual constraints
  • Right to restrict or object to processing (especially profiling, direct marketing)
  • Right to data portability (to receive data in a structured, commonly used, machine-readable format)
  • Right to withdraw consent at any time
  • Right to lodge a complaint with supervisory institutions or courts (once enacted in Bangladesh)

To exercise your rights, please contact us via email or phone. We may ask for verification before fulfilling your request. We will comply within a reasonable timeframe, subject to any constraints of law (e.g., retention obligations).

8.3 Marketing Opt-Out

You can unsubscribe from marketing messages (email, SMS) via the “unsubscribe” link or by contacting us. Opting out does not affect transactional or service messages.

8.4 No Fee Generally

We will not charge you for requesting this section unless your request is unfounded, excessive, or repetitive; in which case we may charge a reasonable administrative fee or refuse to comply within legal limits.

9. Children’s Privacy

Our services are not intended for children under 13 years. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected data from a child under 13, we will promptly delete the data.

If you are a parent or guardian and believe your child under 13 has provided us with information, please contact us to request deletion.

10. Changes to This Policy

We may update this Privacy Policy periodically (for example, to reflect changes in law, technology, or business practices). When we make changes, we will:

  • Post the updated version on https://www.rosomart.com
  • Update the “Last Updated” date
  • Where required, provide notice via email or site notification

Your continued use of our services after such modifications means you accept the updated Policy.

11. Contact Information & Grievance

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, you may contact us:

  • Email: rosomart@gmail.com
  • Phone: +88 01780 44 00 87
  • Address: Lake City Shopping Complex, 3rd Floor, Khilkhet, Dhaka 1229, Bangladesh

We will respond within a reasonable timeframe (typically within 30 days) unless the law requires more time.

If you believe we have failed to address your concern, you may escalate to the relevant regulatory or legal forums in Bangladesh.

Note: This Privacy Policy is intended to reflect the current Bangladeshi legal context (ICT Act, Digital Security Act) and international best practices. As Bangladesh’s data protection regime evolves (e.g., potential new Data Protection Act / Ordinance), you should periodically review and update this Policy and your internal practices accordingly.

Shopping Cart
Scroll to Top