Privacy Policy for NexaPc.Pk – Your Trusted Pakistani Computer Hardware E-commerce & Digital Products Platform

Last Updated: [23/10/2025]

Introduction to NexaPc.Pk Privacy Protection

Welcome to NexaPc.Pk (“we,” “our,” “us,” or “NexaPc”), Pakistan’s premier e-commerce destination for computer hardware, components, and technology solutions. This comprehensive Privacy Policy outlines how we collect, use, protect, and manage your personal information when you visit our website https://nexapc.pk (“Website”) or utilize our services.

As a leading Pakistani e-commerce platform specializing in computer hardware sales, we are committed to maintaining the highest standards of data protection and privacy compliance, aligning with both international best practices and Pakistan’s evolving data protection landscape, including the Personal Data Protection Bill 2023 and PECA 2016 requirements.

What Personal Information Does NexaPc.Pk Collect?

Information You Provide Directly

When you engage with our computer hardware e-commerce platform, we collect the following categories of personal information:

Personal Identification Information:

• • Full name (first and last name)

• • Complete postal address (billing and shipping addresses)

• • Mobile phone number and alternative contact numbers

• • Email address

Payment Information:

• • Credit/debit card details (processed through PCI-DSS compliant payment gateways)

• • Bank account information for local transfers

• • Mobile wallet details (Easypaisa, JazzCash, etc.)

• • Payment history and transaction records

Purchase History and Preferences:

• • Product browsing behavior on our hardware catalog

• • Items added to cart or wishlist

• • Previous orders and purchase patterns

• • Product reviews and ratings submitted

• • Customer service interactions

Account Information:

• • Username and password for NexaPc account

• • Account preferences and settings

• • Communication preferences

• • Newsletter subscription status

Information Collected Automatically

Technical Data:

• • IP address and geolocation data

• • Browser type and version

• • Device type (desktop, mobile, tablet)

• • Operating system details

• • Referring website information

Usage Analytics:

• • Pages visited on NexaPc.Pk

• • Time spent on specific product pages

• • Click-through patterns and navigation behavior

• • Search queries within our platform

• • Shopping cart abandonment data

Cookie Information:

• • Session cookies for cart functionality

• • Persistent cookies for login persistence

• • Analytics cookies for website optimization

• • Marketing cookies for personalized offers

How Does NexaPc.Pk Use Your Personal Information?

Primary Business Purposes

Order Processing and Fulfillment:

• • Processing your computer hardware orders

• • Arranging shipping and delivery across Pakistan

• • Providing order status updates and tracking information

• • Handling returns, exchanges, and warranty claims

Customer Service:

• • Responding to product inquiries and technical questions

• • Providing pre-sales and post-sales support

• • Resolving complaints and processing refunds

• • Offering product recommendations based on your needs

Account Management:

• • Creating and maintaining your NexaPc account

• • Sending account-related notifications

• • Enabling wishlist and saved cart functionality

• • Managing your communication preferences

Marketing and Communication (With Consent)

Promotional Communications:

• • Sending newsletters about new computer hardware arrivals

• • Notifying about exclusive deals and discounts

• • Sharing technical guides and PC building tutorials

• • Informing about upcoming sales events (Black Friday, Tech Week, etc.)

Personalization:

• • Customizing product recommendations based on browsing history

• • Tailoring homepage content to your interests

• • Showing relevant advertisements on third-party platforms

• • Creating personalized shopping experiences

Legal and Security Purposes

Compliance and Protection:

• • Meeting Pakistani tax and regulatory requirements

• • Preventing fraud and unauthorized transactions

• • Detecting and preventing security incidents

• • Complying with court orders and legal requests

• • Enforcing our terms of service and policies

Legal Basis for Processing Personal Information (GDPR Compliance)

Under the General Data Protection Regulation and similar international frameworks, we process your personal information based on the following lawful bases:

Contractual Necessity: Processing is necessary to fulfill our contract with you for purchasing computer hardware products and providing related services.

Legitimate Interests: We process data for our legitimate business interests, including improving our services, preventing fraud, and marketing our products, ensuring these interests do not override your privacy rights.

Consent: We obtain explicit consent for marketing communications, non-essential cookies, and other optional processing activities.

Legal Obligation: Processing necessary to comply with Pakistani laws, tax regulations, and e-commerce requirements.

Cookies and Tracking Technologies

Types of Cookies We Use

Essential Cookies:

• • Session management for shopping cart functionality

• • Secure login authentication

• • Payment processing security

• • Website security protection

Performance Cookies:

• • Google Analytics for website optimization

• • Page load speed monitoring

• • Error tracking and reporting

• • User experience improvements

Functional Cookies:

• • Language preference storage

• • Currency selection (PKR)

• • Location-based shipping calculations

• • Wishlist functionality

Marketing Cookies:

• • Facebook Pixel for social media advertising

• • Google Ads conversion tracking

• • Email marketing campaign tracking

• • Affiliate marketing attribution

Cookie Consent Management

We implement a GDPR-compliant cookie consent banner that allows you to:

• • Accept or reject different cookie categories

• • Withdraw consent at any time

• • Access detailed cookie information

• • Manage preferences through your account settings

Data Sharing and Third-Party Disclosure

Trusted Service Partners

Payment Processors:

• • JazzCash and Easypaisa for mobile payments

• • Bank Alfalah, HBL, and other major Pakistani banks

• • PayPal and international payment gateways

• • All processors maintain PCI-DSS compliance

Logistics and Shipping:

• • TCS, Leopard, and other courier services

• • Warehouse and fulfillment partners

• • Package tracking service providers

• • International shipping partners for imported hardware

Technology Providers:

• • Cloud hosting services (AWS, local providers)

• • Email service providers (Mailchimp, SendGrid)

• • Customer support platforms

• • Analytics and marketing tools

Legal Disclosures

We may share your information when:

• • Required by Pakistani law enforcement agencies

• • Complying with court orders or legal processes

• • Protecting our rights, property, or safety

• • Preventing fraud or security incidents

• • Responding to government requests under PECA 2016

Data Security Measures

Technical Safeguards

Encryption:

• • SSL/TLS encryption for all website traffic

• • End-to-end encryption for sensitive data transmission

• • Encrypted storage for payment information

• • Database encryption at rest

Access Controls:

• • Multi-factor authentication for administrative access

• • Role-based access control systems

• • Regular access reviews and audits

• • Secure password policies and rotation

Network Security:

• • Web Application Firewall (WAF) protection

• • DDoS protection and mitigation

• • Regular security scanning and penetration testing

• • Intrusion detection and prevention systems

Organizational Measures

Staff Training:

• • Regular privacy and security training for employees

• • Data handling procedures and protocols

• • Incident response training

• • Background checks for sensitive positions

Vendor Management:

• • Due diligence for third-party vendors

• • Data Processing Agreements (DPAs) with all processors

• • Regular security assessments of partners

• • Contractual obligations for data protection

International Data Transfers

Cross-Border Data Flow Management

As a Pakistani e-commerce platform dealing with international hardware suppliers, we may transfer your data to:

Trusted Countries:

• • Countries with adequate data protection laws (EU, UK, Canada)

• • Countries with recognized certification frameworks

• • Suppliers and manufacturers in China, USA, and Europe

Protection Measures:

• • Standard Contractual Clauses (SCCs) for international transfers

• • Binding Corporate Rules (BCRs) where applicable

• • Encryption during international transmission

• • Vendor security certifications verification

Your Data Protection Rights

Rights Under GDPR and International Standards

Right to Access: You can request copies of your personal information we hold.

Right to Rectification: You can correct inaccurate or incomplete personal data.

Right to Erasure: You can request deletion of your personal data (“right to be forgotten”).

Right to Restrict Processing: You can limit how we use your personal information.

Right to Data Portability: You can request your data in a machine-readable format.

Right to Object: You can object to certain processing activities, including marketing.

Right to Withdraw Consent: You can withdraw consent at any time for processing based on consent.

Rights Under Pakistani Law

Constitutional Right to Privacy: Article 14 of the Pakistani Constitution guarantees privacy as a fundamental right.

PECA 2016 Protections: Protection against unauthorized access to personal data and electronic crimes.

Draft Personal Data Protection Bill 2023 Rights:

• • Right to access personal data

• • Right to correction of inaccurate data

• • Right to erasure and data portability

• • Right to object to automated decision-making

• • Right to grievance redressal

Exercising Your Rights

To exercise any of these rights:

• • Visit your account dashboard for self-service options

• • Contact our Data Protection Officer at contact@nexapc.pk

• • Submit requests through our privacy request form

• • Call our customer service at [phone number]

• • Write to: Data Protection Officer, NexaPc.Pk, [physical address]

We respond to all requests within 30 days as required by international standards.

Data Retention Policy

Retention Periods

Account Information: Retained for the lifetime of your account plus 7 years for tax and legal compliance.

Order History: Retained for 7 years for warranty, tax, and customer service purposes.

Payment Information: Retained according to PCI-DSS standards and banking regulations (typically 5-7 years).

Marketing Preferences: Retained until you unsubscribe or request deletion.

Cookies and Tracking Data: Retained for varying periods, from session duration to 24 months.

Customer Service Records: Retained for 3 years for quality assurance and dispute resolution.

Data Deletion Process

When data is no longer needed, we:

• • Securely delete electronic records

• • Destroy physical documents containing personal data

• • Remove data from backup systems within 90 days

• • Maintain deletion logs for audit purposes

• • Notify third parties to delete shared data where applicable

Children’s Privacy Protection

NexaPc.Pk does not knowingly collect personal information from children under 13 years of age. Our products and services are intended for adults and older teenagers interested in computer hardware. If we discover that we have inadvertently collected children’s data, we will:

• • Immediately delete the information

• • Terminate any associated accounts

• • Notify parents or guardians where possible

• • Implement additional age verification measures

Automated Decision-Making and Profiling

Types of Automated Processing

Product Recommendations: We use algorithms to suggest computer hardware based on your browsing and purchase history.

Fraud Detection: Automated systems analyze transactions to prevent fraudulent activities.

Personalized Pricing: Loyalty customers may receive automated discounts based on purchase history.

Credit Decisions: Installment plans and credit options may involve automated eligibility assessment.

Your Rights Regarding Automated Processing

You have the right to:

• • Request human intervention in automated decisions

• • Express your point of view about automated decisions

• • Contest decisions made solely through automated processing

• • Request explanations for automated decisions affecting you

Changes to This Privacy Policy

We regularly update this Privacy Policy to reflect:

• • Changes in our business practices

• • New legal and regulatory requirements

• • Customer feedback and suggestions

• • Technological advancements in data protection

Notification Process

For Material Changes:

• • Email notifications to registered users

• • Prominent website banners and announcements

• • Account dashboard notifications

• • Social media announcements

Policy Review:

• • We review this policy quarterly

• • Major updates occur annually or as legally required

• • Minor clarifications may be made without formal notice

• • Historical versions are maintained for reference

Continued Use Constitutes Acceptance

Your continued use of NexaPc.Pk services after policy updates indicates your acceptance of the revised terms. If you disagree with changes, you should discontinue using our services and contact us to delete your account.

Contact Information and Data Protection Officer

Data Protection Officer (DPO) Details

Name: NexaPc
Email: Contact@NexaPc.pk
Phone: +(92) 3397022055
Address: Online Shop Bahawalpur Pakistan

Response Time Commitments

• • Privacy-related inquiries: Within 24 hours

• • Data subject requests: Within 30 days

• • Complaints: Within 7 business days

• • Security incidents: Immediate notification as required by law

Complaints and Dispute Resolution

Internal Complaint Process

Stage 1: Contact customer service with your concern
Stage 2: Escalate to Data Protection Officer if unresolved
Stage 3: Request review by our legal compliance team
Stage 4: Final internal review by senior management

External Resolution Options

Pakistani Authorities:

• • Pakistan Telecommunication Authority (PTA)

• • Federal Investigation Agency (FIA) Cyber Crime Wing

• • Banking Mohtasib for financial complaints

• • Consumer courts for consumer protection issues

International Options:

• • EU supervisory authorities (for EU residents)

• • Privacy Shield framework (where applicable)

• • Alternative dispute resolution services

• • Binding arbitration for cross-border disputes

Class Action Waiver

You agree to resolve disputes with NexaPc.Pk through individual arbitration rather than class action lawsuits, except where prohibited by applicable law.

Specific Provisions for International Users

European Economic Area (EEA) Residents

Representative: We have appointed a representative in the EU for GDPR compliance
Supervisory Authority: You can complain to your local data protection authority
Cross-border transfers: Protected by Standard Contractual Clauses
Automated decision-making: You have specific rights regarding profiling

California Residents (CCPA/CPRA)

Right to Know: You can request details about personal information collected
Right to Delete: You can request deletion of personal information
Right to Opt-out: You can opt-out of sale or sharing of personal information
Non-discrimination: We won’t discriminate against you for exercising rights
Shine the Light: You can request information about third-party disclosures

Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate, including but not limited to:

• • United Kingdom (UK GDPR)

• • Canada (PIPEDA)

• • Australia (Privacy Act)

• • Singapore (PDPA)

• • Brazil (LGPD)

Governing Law and Jurisdiction

Primary Governing Law

This Privacy Policy and all related matters are governed by:

• • Laws of the Islamic Republic of Pakistan

• • Sindh High Court jurisdiction for domestic disputes

• • International arbitration for cross-border disputes

Conflict of Laws

In case of conflict between Pakistani law and international regulations:

• • Consumer protection provisions apply

• • Most favorable privacy protections prevail

• • International treaty obligations are honored

• • Extraterritorial application is recognized where applicable

Language and Accessibility

Official Language

This Privacy Policy is primarily published in English. We may provide translations in:

• • Urdu (national language of Pakistan)

• • Regional languages based on customer demographics

• • Simplified English versions for accessibility

Accessibility Features

• • Screen reader compatible formatting

• • High contrast viewing options

• • Large text versions available

• • Audio versions upon request

• • Video explanations for complex sections

Severability and Survival

Severability Clause

If any provision of this Privacy Policy is found invalid or unenforceable:

• • Remaining provisions remain in full effect

• • Invalid provision is modified to achieve intended purpose

• • Court may limit provision rather than delete it entirely

• • Parties negotiate replacement provision in good faith

Survival of Provisions

These provisions survive termination of your relationship with NexaPc.Pk:

• • Data protection obligations

• • Limitation of liability clauses

• • Dispute resolution provisions

• • Intellectual property rights

• • Confidentiality obligations

Acceptance and Acknowledgment

By using NexaPc.Pk, you acknowledge that you have:

• • Read and understood this Privacy Policy

• • Agreed to the collection and use of your personal information

• • Understood your rights regarding personal data

• • Accepted the terms of automated processing

• • Agreed to international data transfers where applicable

Thank you for trusting NexaPc.Pk with your personal information. We are committed to protecting your privacy while providing the best computer hardware shopping experience in Pakistan.