Privacy Policy

At KMK Agri, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data in compliance with the General Data Protection Regulation (GDPR), the ePrivacy Directive, and other applicable data protection laws including Yemeni data protection regulations.

This policy applies to all personal information collected through our website (kmkagri.com), mobile applications, and any other digital services operated by KMK Agri. By using our services, you acknowledge that you have read and understood this Privacy Policy.

1. Introduction & Scope

This Privacy Policy describes how KMK Agri ('we', 'us', or 'our') collects, uses, shares, and protects your personal information. It applies to all visitors, users, and customers ('you' or 'your') who access our website or use our services. We are committed to ensuring that your privacy is protected in accordance with applicable data protection laws.

2. Data Controller Information

The data controller responsible for your personal information is:

Our company is registered in and operates in the agricultural import/export sector, providing trading services for agricultural products globally.

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing questions relating to this Privacy Policy. If you have any questions about this Privacy Policy or our data protection practices, including requests to exercise your data protection rights, please contact our DPO:

Email: [email protected]

We will respond to your inquiry within 30 days of receiving your request.

4. Categories of Personal Data We Collect

We collect the following categories of personal information:

• Identity Data: Full name, username, company name, job title
• Contact Data: Email address, phone numbers, postal address, billing address
• Financial Data: Payment card details, bank account information (processed securely through payment processors)
• Transaction Data: Details about payments to and from you, products and services you have purchased, order history
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website, products, and services
• Marketing and Communications Data: Your preferences in receiving marketing communications from us and your communication preferences
• Profile Data: Your username and password, purchases or orders made by you, your interests, preferences, and feedback

5. Sources of Personal Data

We collect personal data from the following sources:

• Direct Interactions: When you fill in forms on our website, create an account, place an order, or correspond with us by phone, email, or otherwise
• Automated Technologies: Through cookies, server logs, and similar technologies when you interact with our website
• Third Parties: From business partners, analytics providers, advertising networks, and publicly available sources
• Social Media: If you interact with us through social media platforms

6. Purpose and Legal Basis for Processing

We process your personal data for the following purposes under these legal bases:

Purpose	Legal Basis
To process and deliver your orders, including payment processing and shipping	Contract Performance (Art. 6(1)(b) GDPR)
To manage your account and provide customer support	Contract Performance (Art. 6(1)(b) GDPR)
To send you marketing communications about products and services	Consent (Art. 6(1)(a) GDPR)
To improve our website, services, and user experience	Legitimate Interest (Art. 6(1)(f) GDPR)
To detect and prevent fraud, money laundering, and other financial crimes	Legal Obligation (Art. 6(1)(c) GDPR)
To comply with tax and accounting obligations	Legal Obligation (Art. 6(1)(c) GDPR)
To respond to legal requests or protect our rights	Legitimate Interest (Art. 6(1)(f) GDPR)
To administer our business operations and IT infrastructure	Legitimate Interest (Art. 6(1)(f) GDPR)

7. Data Recipients

We may share your personal data with the following categories of recipients:

• Service Providers: IT and system administration service providers, payment processors, shipping and logistics partners, email marketing platforms
• Professional Advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services
• Government Authorities: Tax authorities, regulatory bodies, law enforcement agencies (when required by law)
• Business Transfer Parties: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business
• Analytics Providers: Google Analytics and similar services to analyze website usage

All third-party service providers are contractually obligated to protect your personal data and process it only on our instructions.

8. International Data Transfers

As KMK Agri is based in Yemen, your data may be transferred to and processed in countries outside the European Economic Area (EEA) and Yemen. These countries may have different data protection laws than your country of residence.

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses for international data transfers
• Adequacy Decisions: Transfers to countries with adequate data protection levels as determined by the European Commission
• Your Explicit Consent: We will obtain your explicit consent before transferring data, informing you of the potential risks
• Binding Corporate Rules: For intra-group transfers

Specifically, data may be transferred to the United States, European Union, and other countries where our partners or service providers operate. You may request a copy of the safeguards we have in place by contacting us.

9. Data Retention Periods

We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it. The retention periods are determined based on:

• Account Data: Duration of your account plus 3 years after closure (for legal claims)
• Transaction Data: 7 years from the transaction date (for tax and legal compliance - required by Yemeni commercial law)
• Marketing Data: Until you withdraw your consent or object to processing
• Technical Data: 12 months from collection (through cookies)
• Communication Records: 3 years from last communication
• Legal Documentation: As long as required by applicable laws (typically 10 years for contract-related documents)

When personal data is no longer required, we will securely delete or anonymize it. If you request deletion of your data, we will honor such requests unless we are legally required to retain certain data.

10. Your Data Protection Rights

Under the GDPR and applicable data protection laws, you have the following rights:

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. This period may be extended by two further months for complex requests or high volumes of requests.

11. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

• EU/EEA Residents: Contact the Data Protection Authority in your country of residence
• UK Residents: Information Commissioner's Office (ICO) - ico.org.uk
• Yemen Residents: Please contact our DPO directly for assistance

You may also seek judicial remedy before national courts if you believe your rights have been violated.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. However, we may use automated tools for fraud detection and prevention, which is necessary for security purposes and required by anti-money laundering laws.

13. Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from.

Types of Cookies We Use:

• Essential Cookies: Required for basic website functionality (cannot be disabled)
• Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics)
• Marketing Cookies: Used to track visitors across websites to display relevant advertisements
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Please note that disabling certain cookies may affect website functionality.

Google Analytics: We use Google Analytics to understand how visitors use our website. Google Analytics uses cookies to collect information about your visit. For more information, please visit Google's Privacy Policy. You can opt-out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

14. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: SSL/TLS encryption for all data transmitted between your browser and our servers
• Access Controls: Strict access controls limiting employee access to personal data
• Secure Storage: Data stored on secure servers with regular security updates
• Regular Audits: Periodic security assessments and vulnerability testing
• Staff Training: Regular data protection and security training for employees
• Incident Response: Documented procedures for handling data breaches

In the unlikely event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals if the breach is likely to result in a high risk to their rights and freedoms.

15. Third-Party Links

Our website may contain links to third-party websites, plugins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

16. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child without parental consent, we will take steps to remove such information from our records.

17. Governing Law & Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Yemen. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of Sana'a, Yemen. However, this shall not prevent you from bringing proceedings in any other jurisdiction to enforce judgments obtained in Yemeni courts.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post any material changes on this page and update the 'Last Updated' date at the top.

For significant changes, we will provide more prominent notice, such as email notification or a banner on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

19. Contact Information

If you have any questions about this Privacy Policy, please contact us:

Last Updated: February 20, 2026 | Version 2.0