Privacy Policy
Effective Date: March 10, 2026
Naba Al-Muruna for General Wholesale Trading LLC ("the Company", "we", "our") takes the protection of personal data seriously and is committed to handling all personal information with care, integrity, and full respect for the rights of individuals. This document sets out how we approach personal data in all aspects of our work.
This Privacy Policy has been prepared in accordance with the Personal Data Protection Law No. 24 of 2023 of the Hashemite Kingdom of Jordan (the "PDPL"), which entered into force on 17 March 2024, and any implementing regulations issued thereunder. Where our activities involve cross-border transactions, we additionally take into account applicable trade compliance frameworks and data protection standards of the relevant jurisdictions.
This Policy applies to all individuals whose personal data we may hold or process in the course of our business: customers, counterparties and their representatives, suppliers and contractors, website visitors, job applicants, and current or former employees. It applies regardless of where those individuals are based.
1. How We Obtain Personal Data
We may receive personal information through a variety of channels, including: direct communication (email, telephone, written correspondence, in-person meetings), execution and performance of contracts, submission of enquiries or applications, and technical interaction with our website (where applicable).
In all cases, we collect only the information that is necessary for a clearly defined and legitimate purpose. We do not gather data speculatively or retain information beyond what is needed.
2. Categories of Data We Process
Depending on the context, we may process the following types of personal data:
- identification details: full name, date of birth, nationality, passport or national ID number;
- contact information: email address, telephone number, postal address;
- professional details: job title, employer name, professional background;
- financial and transactional data: banking details, invoice and payment records;
- technical data collected automatically via the website: IP address, browser type, pages visited, session duration;
- compliance-related data: information required for KYC, AML, sanctions screening, and international trade compliance checks;
- sensitive personal data as defined under the PDPL: only where strictly required by law or with your explicit consent.
Where the provision of specific data is a requirement for entering into or performing a contract, we will make this clear at the time of collection and explain what happens if the data is not provided.
3. Grounds and Purposes for Processing
All processing of personal data carried out by the Company rests on one or more of the legal bases established under the PDPL:
- performance of a contract or pre-contractual steps taken at your request;
- compliance with a legal obligation applicable to the Company;
- consent, where freely and specifically given by you;
- protection of vital interests where necessary;
- pursuit of our legitimate business interests, subject to those interests not being overridden by your rights and freedoms;
- performance of tasks in the public interest.
The primary purposes for which we process personal data include: fulfilling our contractual and invoicing obligations, managing ongoing business relationships and correspondence, maintaining financial and accounting records required by law, conducting AML and trade compliance procedures, ensuring the security of our systems and operations, and — where you have given consent — communicating with you about our services and developments.
Where we intend to use previously collected data for a purpose that is materially different from the original one, we will inform you and obtain consent if required.
4. Sharing of Personal Data
We share personal data with third parties only when there is a clear and lawful reason to do so. Such recipients may include:
- service providers and professional advisers (IT, legal, audit, payment processing) who process data on our behalf under written agreements maintaining the same standard of protection required under the PDPL;
- business partners involved in the joint delivery of services, where your consent has been obtained if required;
- companies within our group, where operationally necessary;
- government authorities and regulators, when required by applicable law;
- any party that acquires our business or assets in the event of a restructuring, merger, or sale, subject to ongoing confidentiality obligations.
We do not sell, rent, or otherwise trade personal data as a commercial asset.
Any transfer of personal data outside the Hashemite Kingdom of Jordan will be carried out only where an adequate level of protection exists or can be ensured through appropriate mechanisms as recognised under the PDPL, including contractual safeguards, explicit consent, or other instruments provided by Jordanian law.
5. Data Security and Retention
We apply appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, unlawful destruction, alteration, or disclosure. Our security practices include access controls, encryption, regular system reviews, employee training, and incident response procedures.
In the event of a breach of personal data security that poses a significant risk to individuals, we will notify the competent supervisory authority and, where legally required, the affected individuals, in accordance with Article 17 of the PDPL.
Personal data will be retained only for as long as is necessary to fulfil the purpose for which it was collected, or for as long as we are required to keep it under Jordanian law or the mandatory retention requirements of any other applicable jurisdiction (for example, in relation to tax, customs, or trade compliance records). Once the applicable retention period expires, data will be securely destroyed or rendered permanently anonymous.
6. Your Rights
Under the PDPL (Law No. 24 of 2023), you have the following rights with respect to your personal data held by us:
- the right to know whether and how your data is being processed, and to obtain a copy;
- the right to have inaccurate or incomplete data corrected;
- the right to request deletion of your data where grounds for doing so exist;
- the right to restrict processing during the resolution of any objection or complaint;
- the right to receive your data in a portable format and transfer it to another controller;
- the right to object to processing carried out on the basis of legitimate interests or for direct marketing;
- the right to withdraw consent at any time, without affecting the validity of processing already carried out;
- the right to be notified of any data breach affecting your personal data, pursuant to Article 17 of the PDPL.
To exercise any of these rights, please send us a written request using the contact details below. We will respond within the timeframe required by law, free of charge. For individuals located outside Jordan, we will make reasonable efforts to accommodate rights available to them under their local data protection law, to the extent this is compatible with our obligations under the PDPL.
If you consider that your rights under the PDPL have been violated, you have the right to bring a complaint before the competent supervisory authority designated under that law.
7. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities or in the legal framework. Any revised version will be made available through our usual communication channels, together with its effective date.
This Policy is governed by and construed in accordance with the laws of the Hashemite Kingdom of Jordan, with particular reference to the Personal Data Protection Law No. 24 of 2023.
Contact Details
To contact us regarding any matter related to personal data, or to submit a rights request:
Email: info@naba-al-muruna.com
We are available to assist you with any questions relating to this Policy or to your personal data.