قانوني

سياسة الخصوصية

آخر تحديث: April 6, 2026

إشعار مهم

هذا المستند للمعلومات العامة ولا يُعد استشارة قانونية. يُنصح بمراجعة محامٍ مرخّص في الأردن قبل الاعتماد عليه للإيداعات التنظيمية أو سياسات التوظيف أو النزاعات.

This Privacy Policy describes how Farha (“we”, “us”, or “our”) collects, uses, discloses, stores, and protects personal data when you use our websites, waitlist forms, support channels, and related services (the “Services”). It is designed to align with the Personal Data Protection Law No. 24 of 2023 of the Hashemite Kingdom of Jordan (“PDPL”) and other applicable Jordanian laws, in addition to general good practice for international visitors.

1. Data controller

The controller responsible for personal data processed in connection with the Services is the Farha operating entity identified on your contract, invoice, or contact page. For general inquiries you may contact us through those channels.

2. Scope and roles

Where Farha provides the Services to an employer or organisation, that organisation often determines why and how employee data is used (acting as a controller), while Farha processes such data on its instructions to deliver celebrations (typically as a processor). Where you interact with us as an individual visitor (for example waitlist signup), Farha is generally the controller.

3. Categories of personal data we may process

  • Identity and contact data: name, work email, phone number, job title, company name.
  • Waitlist and marketing data: preferences you submit, message content, and communication history.
  • HR celebration data (corporate deployments): dates such as birthdays or hire dates, delivery addresses or office locations, dietary or allergy information you choose to provide, and integration identifiers.
  • Technical data: IP address, device and browser type, approximate location derived from IP, pages viewed, and timestamps.
  • Cookies and similar technologies: as described in our Cookie Policy.

We aim to collect only what is adequate, relevant, and limited to what is necessary for the purposes below (data minimisation).

4. Purposes and legal bases (Jordan)

Under the PDPL, processing must rely on a permitted ground. Depending on the context, we rely on one or more of the following:

  • Your consent, where we ask for it (for example certain marketing cookies or optional fields). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal, subject to PDPL rules.
  • Performance of a contract or steps prior to entering a contract, such as providing the Services you requested or responding to a commercial enquiry.
  • Legitimate interests that are not overridden by your interests or fundamental rights, such as securing our Services, analysing aggregated usage, or preventing fraud—where compatible with the PDPL.
  • Legal obligations, such as responding to lawful requests from competent Jordanian authorities when required.

Employers remain responsible for informing their employees and obtaining any required authorisations under labour and data-protection rules applicable to them.

5. How we use personal data

  • Operating, maintaining, and improving the Services;
  • Scheduling and coordinating deliveries with vetted partners;
  • Customer support, billing, and account administration;
  • Security monitoring, abuse prevention, and legal compliance;
  • Sending service messages and, where permitted, marketing communications (you may opt out of marketing as described in each message).

6. Sharing and processors

We may share personal data with:

  • Service providers (hosting, email delivery, analytics, customer-support tooling) who process data on our instructions and under contractual confidentiality and security obligations;
  • Fulfilment partners (for example bakeries or couriers) to the extent needed to complete a delivery you or your employer authorised;
  • Professional advisers (lawyers, auditors) where required;
  • Authorities when we believe disclosure is required by Jordanian law or is necessary to protect rights, safety, or security.

We do not sell personal data in the conventional sense of exchanging data for money with unrelated advertisers.

7. International transfers

Our infrastructure or subprocessors may be located outside Jordan, including in the European Union or the United States. Where the PDPL requires safeguards for cross-border transfers, we implement appropriate measures such as contractual clauses and security assessments consistent with regulatory guidance issued under the PDPL and decisions of the Personal Data Protection Council and the Ministry of Digital Economy and Entrepreneurship.

8. Retention

We retain personal data only as long as necessary for the purposes collected, unless a longer period is required by law or legitimate business needs (for example resolving disputes or enforcing agreements). Aggregated or de-identified information may be retained longer where it no longer identifies you.

9. Security

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where supported, logging, and vendor reviews. No method of transmission or storage is completely secure; please use strong passwords and protect your devices.

10. Your rights under Jordanian law

Subject to the PDPL and its implementing regulations, you may have the right to:

  • Request access to your personal data and certain information about processing;
  • Request correction of inaccurate or incomplete data;
  • Request deletion or anonymisation where applicable conditions are met;
  • Object to certain processing or withdraw consent where processing was consent-based;
  • Lodge a complaint with the competent supervisory authority in Jordan (including the Personal Data Protection Council and related channels published by the Ministry of Digital Economy and Entrepreneurship).

To exercise rights, contact us via our contact page. We may need to verify your identity. If you are an employee of a corporate customer, we may refer part of your request to your employer where they control the data.

11. Automated decision-making

We do not use fully automated decisions that produce legal or similarly significant effects solely by automated means without human review, except as may be required by future features that we will describe separately if introduced.

12. Children

The Services are intended for businesses and adults. We do not knowingly collect personal data from children under the minimum age relevant under Jordanian law without appropriate parental or guardian authority. If you believe we have collected such data, contact us for prompt deletion.

13. Changes to this Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. We will post the new version with an updated date and, where required by the PDPL, provide additional notice.

14. Contact

For privacy requests or questions: Contact us. You may also reach us at the email address published on our website for privacy matters.