در حال بررسی کمپین‌های فعال...
Data Protection

Privacy Policy

Last Updated21 May 2026
Data ControllerBamajan Services, Tilburg, NL
Compliance FrameworkGDPR (EU) 2016/679
Supervisory AuthorityAutoriteit Persoonsgegevens

01Introduction

Bamajan (“we”, “our”, “the Company”) is committed to protecting the personal data of customers, users, and final consumers. This Privacy Policy explains what information we collect, how we use it, how we store it, and how we ensure compliance with the EU General Data Protection Regulation (GDPR).

Our services may involve situations where the Customer is different from the Final Consumer, and we process personal data accordingly. This Policy forms an integral part of our Terms of Service.

02Data Controller

Bamajan Services
Email: privacy@bamajan.nl
Address: Waardenburgstraat 92, Tilburg, The Netherlands

We determine the purposes and means of processing personal data.

03Categories of Personal Data We Collect

Identification & Contact Information

  • Full name
  • Email address
  • Phone number

Billing & Contract Information

  • Billing address
  • Tax/VAT information
  • Contract and invoice details

Payment Information

  • Payment processing details handled exclusively by Stripe
  • We do not store or access any credit-card information

Service Delivery Information

  • Delivery address, only when required for the service
  • Contact details of Final Consumers
  • Specific instructions relevant to the requested service

Final Consumer Information

Collected when a Customer purchases a service for another person, such as a family member. Bamajan does not perform KYC verification on the Final Consumer; only the operational information required for service execution is collected.

Technical & Analytical Data

  • IP address
  • Device information
  • Browser metadata
  • Cookies (detailed in our Cookie Policy)

Communication Records

  • Support tickets
  • Inquiries
  • Internal communication notes relevant for service delivery

Sensitive Data

We do not intentionally collect sensitive data. If provided voluntarily (for example, health information required to coordinate a medical service), we apply enhanced safeguards and process such data only for the specific purpose for which it was provided.

04Legal Basis for Processing (GDPR Art. 6)

  • Contract performance — executing purchases and delivering services
  • Legitimate interest — fraud prevention, sanctions compliance, customer support, service improvement
  • Legal obligations — accounting, tax compliance, financial retention rules (Wwft), and sanctions law
  • Explicit consent — for marketing communications or optional data fields

05Purposes of Processing

  • Delivering purchased services
  • Processing payments via Stripe
  • Creating and issuing invoices
  • Creating customer or consumer accounts
  • Managing communication and support
  • Verifying eligibility and preventing fraud
  • Conducting sanctions screening as required by applicable law
  • Improving user experience and service operations
  • Meeting financial and regulatory obligations

06Sanctions Screening

As part of our compliance obligations, we screen the name and delivery address of Customers, Final Consumers, and Operators against international sanctions lists, including those maintained by:

  • The European Union (Consolidated Financial Sanctions List)
  • The United Nations
  • The United States (OFAC SDN List)
  • Canada (Consolidated Autonomous Sanctions List)

The legal basis for this processing is legitimate interest (compliance with applicable sanctions law) and, where applicable, legal obligation. Screening records are retained for a minimum of seven years for compliance and audit purposes.

If a match or partial match is detected, the order may be paused for internal review and, if appropriate, refused.

07Payment Processing via Stripe

  • All payments are handled through Stripe, a PCI-DSS compliant processor.
  • Bamajan does not handle or store credit-card numbers.
  • Stripe acts as a GDPR-compliant data processor.
  • Stripe may process data in multiple regions, with legal safeguards in place (Standard Contractual Clauses and supplementary measures where applicable).

08When the Customer and Final Consumer Differ

When you purchase a service for delivery to a Final Consumer (typically a family member in a destination country), the following applies:

  • Bamajan collects, for the Final Consumer, only the minimum information necessary to deliver the service — typically name, delivery address, phone number, and information directly related to the service requested.
  • Bamajan does not perform KYC verification on the Final Consumer. Bamajan does not maintain an account or commercial relationship with the Final Consumer.
  • Bamajan does screen the Final Consumer's name and address against international sanctions lists, as described in Section 6.
  • The Customer is responsible for informing the Final Consumer that their information has been shared with Bamajan for the purpose of service execution. The Customer represents that they have the right to share this information.
  • The Final Consumer's information is shared with the independent local Operator only to the extent necessary for service execution.
  • The Final Consumer has the same data-subject rights under GDPR as the Customer, and may exercise those rights by contacting privacy@bamajan.nl directly.

09Data Sharing & Third-Party Processing

We may share personal data only with:

  • Stripe, for payment processing
  • Hosting and infrastructure providers, for technical operation of the platform
  • Legal, accounting, or compliance partners, as required for business operation
  • Independent local Operators in the destination country, who require the minimum data necessary to deliver the service. These Operators are independent legal entities operating under commercial service-purchase agreements with Bamajan. They are contractually bound to data-protection standards consistent with this Privacy Policy.
  • Government authorities, only when legally obligated to disclose

We do not sell personal data.

10International Data Transfers

When personal data is transferred outside the European Economic Area, we apply the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • GDPR-compliant supplementary measures where required
  • Technical protections such as encryption in transit and at rest
  • Access limitation and audit trails

11Data Retention Periods

  • Billing and contractual data: 7 years, as required by Dutch tax and anti-money-laundering law (Wwft)
  • Sanctions screening records: 7 years minimum
  • Consumer or service delivery data: retained only as long as necessary to complete the service and meet any related legal obligations
  • Support records: retained based on operational needs and legal limitation periods
  • Technical logs: short-term retention for security and diagnostics

Non-essential data is deleted when no longer needed.

12Data Minimization Policy

We collect only the minimum amount of data required for the stated purpose. All internal processes are designed to prevent unnecessary or excessive data processing. Where a purpose can be achieved with less data, we use less data.

13Data Subject Rights (GDPR)

You may request, at any time:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of your data (right to be forgotten), subject to legal retention obligations
  • Restriction of processing
  • Objection to processing
  • Data portability
  • Withdrawal of consent, where previously given

Requests may be submitted via email to privacy@bamajan.nl. We respond within 30 days as required by GDPR.

Important note on retention obligations

Certain data — particularly transaction records, sanctions screening records, and billing information — is retained for the periods required by Dutch tax and anti-money-laundering law. Deletion requests for such data may be limited until the retention period expires.

14Right to File Complaints

You may file a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) or the data protection authority in your home country if you believe your data has been processed unlawfully.

15Cookies & Tracking Technologies

  • Essential cookies — required for website functionality (always active)
  • Analytics cookies — used only with user consent
  • No advertising or behavioral tracking cookies unless explicitly accepted

Cookie details are provided in our Cookie Policy, accessible from the site footer.

16Automated Decision-Making

We do not perform automated decision-making that produces legal or significant effects on users. Sanctions screening is supported by automated tools but final decisions on order acceptance or refusal are made by Bamajan staff.

17Data Security Measures

  • Encryption in transit and at rest
  • Access-control systems with role-based permissions
  • Logging and monitoring of access to personal data
  • Regular security reviews
  • Staff confidentiality and compliance training

18Children's Data

Our services are not intended for individuals under 16. If we become aware of accidental collection of data from a person under 16, we delete the data.

19Policy Updates & Revision Rules

This Privacy Policy may be updated to ensure compliance with legal requirements and operational changes. Material amendments will be reflected in the “Last Updated” date at the top of this page. Updated versions are always published on our website. Users are encouraged to review this document periodically.

20Contact

For privacy inquiries, GDPR requests, or complaints:

Email: privacy@bamajan.nl
Address: Waardenburgstraat 92, Tilburg, The Netherlands