Skip to Content

Privacy Policy


We are Nakhla Tobacco Co S.A.E., a joint stock company organized and existing under the laws of Egypt and having its registered office at Downtown Mall, Building S3, 2nd Floor, 9th Street, Cairo, Egypt.

We are committed to protecting and respecting your privacy. This Privacy Policy (“Privacy Policy”) (together with any other documents referred to in it) sets out the basis on which we process personal information that we collect from you or that you provide to us. This includes information that we collect:

  • on this website ; and
  • through our telephone calls, emails and other communications with you.

We are the data controller of the personal data that is collected about you in accordance with this Privacy Policy. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

We have appointed a data protection office (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your rights, please contact us at info@


We collect different kinds of personal data about you, including:

  • Identity information, such as your name, age and gender
  • Contact information, such as your address, business address, email and telephone number
  • Marketing and communications information, such as your preferences in receiving from us your communication preferences with regards to our products, and information that you give us when you interact with us
  • Technical information, such as your internet (IP) protocol address, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.


We collect the information about you in the following ways:

  • Direct interactions: You may give us information about you: (a) when you fill in forms or correspond with us by mail, phone, email, or otherwise; and/or (b) when you use this Website. This includes information you provide when you:
    • communicate with us by mail, phone, email, or otherwise;
    • report a problem with this Website;
    • request information about our products or services; or
    • give us feedback or make a complaint.
  • Cookies and automated technologies: As you use this Website, we automatically collect information about your device, browsing actions and patterns. We collect this information by using cookies and similar technologies. Please see our Cookies Policy for further details.
  • Third party or publicly available sources: We and our service providers supplement the personal data we collect with information obtained from other sources (for example, publicly available information from online social media services and other information resources, third party commercial information sources, and information from our business partners).   


We will only use your personal data when the law allows us to. The purposes for which we use your personal data may differ based on our relationship with you, including the type of communications between us and the services we provide.

Most commonly, we use your personal data in the following circumstances:

  • where we need to perform the contract we are about to enter into or have entered into with you;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • where we need to comply with a legal obligation; or
  • where we have your consent to do so.

Where we rely on legitimate interest as a basis for processing your personal data, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests. You can find out more information about these balancing tests by contacting us using the email address above.

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel the services but we will notify you if this is the case at the time.

We have set out below in a table format descriptions of the ways we intend to use your personal data and the legal basis we rely on to do so. Please contact us using the email address above if you need details about the specific legal ground we are relying on to process your personal data.

Purpose / ActivityLegal basis for processing
To manage your queries, feedback and complaints, and handle requests for data access or correction, or the exercise of other rights relating to personal dataPerformance of a contract with you Necessary for our legitimate interests (to improve and develop our business operations and service offering, or those of a third party)Necessary to comply with our legal obligations
To improve the quality of our products and services, providing training and maintain information securityNecessary for our legitimate interests (to improve and develop our business operations and service offering, or those of a third party)Necessary to comply with our legal obligations
To carry out research and analysis, including analysis of our customer base and other individuals whose personal data we collect, complete market research, including customer satisfaction surveys and assess the risks faced by our businessNecessary for our legitimate interests (for running our business, the provision of administration and IT services, network security, to prevent fraud)Necessary to comply with our legal obligations
To manage our business operations and IT infrastructure, in accordance with our internal policies and proceduresNecessary for our legitimate interests (for running our business, the provision of administration and IT services, network security, to prevent fraud)Necessary to comply with our legal obligations
To comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to public health and tobacco, Anti-money laundering Policy, Global Economic Sanctions Policy, Anti-Bribery and Corruption Policy and other; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence)Necessary for our legitimate interests (to protect our business, shareholders, employees and customers or those of a third party)Necessary to comply with our legal obligations
To establish and defend legal rights to protect our business operations, and those of our group companies or business partners, and secure our rights, privacy, safety or property, and that of our group companies or business partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies or limit our damages.Necessary for our legitimate interests (to protect our business, shareholders, employees and customers or those of a third party)Necessary to comply with our legal obligations

We need to collect, use and disclose personal data in connection with matters of important public interest, for instance when complying with our obligations under public health and tobacco legislation or anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime.  In these cases, the legal justification for our use of personal data is that the use is necessary for matters of public interest as well as compliance with legal obligations. Additional justifications may also apply depending on the circumstances.

Sensitive Personal Data

We may also collect sensitive personal data. These special categories of personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning an individual’s sex life or sexual orientation. Nakhla may from time to time collect the categories underlined. Where we collect sensitive personal data, we will rely on either:

  • your consent;
  • that you have manifestly made public such personal data;
  • that use of your personal data is necessary for the establishment, exercise or defence of legal claims, or in the context of legal proceedings or prospective legal proceedings or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the processing of personal data); or
  • use of your personal data is required for the purpose of assessing the working capacity of an employee.


All information you provide to us is stored on our secure servers.

Due to the global nature of our business, for the purposes set out above, we, from time to time, share your personal data to parties (including with our Group Companies) located outside Egypt

We also share your personal data to third parties in the following circumstances:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Nakhla or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Nakhla, our customers, or others.

We share personal data we collect about you to our service providers; business partners; suppliers and sub-contractors for the purposes of fulfilling the services; and government and public authorities.

When share such information, we will take steps to ensure that your information is adequately protected and transferred in accordance with the requirements of data protection law. Where we share your information with our Group Companies, these internal transfers are governed by our intra-group data sharing agreement.

For further information about these transfers and to request details of the safeguards in place, please contact us using the email address above.


Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access, and to prevent your information being accidentally lost. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


We will only keep your information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To decide the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

For further information about the period of time for which we retain your personal data, please contact us using the email address above.


Data protection legislation provides you with certain rights when it comes to the processing of your information, which are set out below:

RightsWhat does this mean?
The right to be informed  You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy.
The right of accessYou have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this Privacy Policy). This is so you are aware and can check that we are using your information in accordance with data protection law.
The right to rectificationYou are entitled to have your information corrected if it is inaccurate or incomplete.
The right to erasureThis is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processingYou have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
The right to data portabilityYou have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The right to objectYou have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).

If you wish to exercise any of the rights set out above, please contact us using the email address above. If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you have the right to make a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave this Website, we encourage you to read the privacy policy of every website you visit.


This Privacy Policy was last updated on July 23, 2020. We may review this Privacy Policy and make changes from time to time.

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

Back to top