Heaven Flower Platform Terms of
Service, Privacy Policy, and Non-
Disclosure Agreement
This document constitutes a legally binding electronic contract between "Kholoud Abdullah
Hadi Hakami Flowers Establishment" (hereinafter referred to as the "Platform" or "We") and
all users of the Heaven Flower platform (hereinafter referred to as the "User" or "You"). Your
acceptance of these Terms of Service, the Privacy Policy, and the Non-Disclosure and
Confidentiality Agreement is an essential condition and a legal cornerstone for utilizing the
Platform's services.
Chapter One: General Provisions and Contract
Introduction
Article 1: Scope and Applicability of Terms
1.1. Scope of Terms: These Terms of Service apply to all aspects of using the Heaven Flower
platform, including but not limited to: Browse content, registration, account creation, product
viewing, purchasing, selling, using payment gateways, and interacting with any of the services
or features provided through the Platform.
1.2. Mandatory Acceptance: Your use of or access to the Platform in any manner constitutes
your express and unconditional agreement to be fully bound by these Terms of Service, in
addition to the Privacy Policy and any other relevant policies published by the Platform. It is
important to note that any confidential information or intellectual property disclosed to
the User is subject to the Platform's Non-Disclosure and Confidentiality Agreement,
which is an integral part of the User's obligations. If you do not agree to these terms, please
immediately cease using the Platform.
Article 2: Definitions
• Platform: Refers to the Heaven Flower electronic platform, including the website
https://heavenflower.app/ and all associated smart applications belonging to "Kholoud
Abdullah Hadi Hakami Flowers Establishment." The Platform serves as an electronic
marketplace and an intermediary to connect suppliers and retailers of natural flowers and
gifts, in addition to providing direct sales services to individual customers within specified
controls.
• Supplier: Any natural or legal person (company or establishment) registered on the
Platform for the purpose of displaying and selling natural flower and gift products in
wholesale or large quantities through the Platform, subject to the agreed commission.
• Retailer: Any natural or legal person (company or establishment) registered on the
Platform for the purpose of purchasing natural flower and gift products in suitable
quantities for their store to resell to consumers.
• Individual Customer: Any natural person who purchases natural flower and gift products
for personal use through the Platform, and to whom the minimum order limit (150 Saudi
Riyals) applies.
• User: Includes all parties mentioned above (Suppliers, Retailers, Individual Customers)
and all visitors to the Platform who access or use any of its services.
• Services: All services and products provided or facilitated through the Platform, including
but not limited to: product display, order management, refrigerated shipping services,
secure payment gateways, and technical support services.
• Products: Refers to natural flowers, gifts, antiques, and accessories offered for sale
through the Platform.
Article 3: Amendments to Terms
3.1. Platform's Right to Amend: The Platform reserves the absolute right to amend, update, or
change any part of these Terms of Service at any time and without prior notice. It is the User's
responsibility to periodically review these terms to stay informed of the latest amendments.
3.2. Continued Acceptance: Your continued use of the Platform after the publication of any
amendments constitutes your acceptance and agreement to these amendments.
Chapter Two: Registration, Accounts, User
Obligations, and Limitation of Liability
Article 4: Registration, Account Creation, and User Responsibility
4.1. Account Creation Requirements: * 4.1.1. Accuracy and Completeness of Information:
Access to specific services on the Platform (such as selling for Suppliers, purchasing for
Retailers, or completing orders for Individual Customers) requires user account creation. The
User undertakes to provide accurate, current, and complete registration information (including
but not limited to: full name, email address, mobile phone number, detailed postal address,
national identity information or residency number, in addition to commercial registration
information or freelance work permit for Suppliers and Retailers). * 4.1.2. Eligibility for Use (in
accordance with Article 5 of the E-Commerce Law): The User must be at least eighteen (18)
years of age to be legally eligible to enter into contracts, create an account, and use the
Platform's services. In cases where the User is a minor, use of the Platform must be under the
direct supervision and express consent of a guardian or legal custodian.
4.2. User Responsibility for Their Account: * 4.2.1. Confidentiality of Login Credentials:
The User is solely responsible for maintaining the confidentiality of their account information and
password. Any activities conducted under the User's account are their direct responsibility. *
4.2.2. Reporting Unauthorized Use: The User undertakes to immediately inform the Platform
of any unauthorized use of their account or any information security breach they discover.
4.3. Account Cancellation: * 4.3.1. Account Cancellation Option: The Platform undertakes
to provide a clear and easy option for the User (especially Individual Customers) to cancel their
account at any time through account settings or by submitting a formal request to customer
support, while taking into account any outstanding financial or contractual obligations.
Article 5: User Obligations and Platform's Limitation of Liability
5.1. Compliance with Laws and Regulations: * 5.1.1. Legal Compliance: All Users
undertake to fully comply with all applicable laws, regulations, and systems in the Kingdom of
Saudi Arabia when using the Platform, including, but not limited to, the E-commerce Law, the
Anti-Cybercrime Law, the Personal Data Protection Law, and consumer protection regulations.
5.2. Prohibited Use and Unlawful Conduct: * 5.2.1. Prohibited Activities: The use of the
Platform for any illegal, fraudulent, or harmful purpose is strictly prohibited, including but not
limited to: publishing offensive content, defamation, promoting illegal products, infringing
intellectual property rights, or any conduct that violates the rights of others or public regulations.
* 5.2.2. Interference with Platform Operations: It is strictly prohibited to use any automated
programs, robots, data scraping tools (Web Scraping), or any other means to interfere with the
Platform's operation, collect data from it by unauthorized means, or attempt to access
unauthorized parts of the Platform.
5.3. Suppliers' Responsibility for Products: * 5.3.1. Supplier's Responsibility for Product
Quality: The Supplier acknowledges and agrees that they are solely and fully responsible for
the quality of the products they display through the Platform, the accuracy of their descriptions,
their suitability for use, their conformity with the displayed specifications, and their freedom from
hidden and apparent defects. The Supplier bears full responsibility towards the consumer in
accordance with consumer protection regulations. * 5.3.2. Platform's Disclaimer for Product
Defects: The Platform disclaims all responsibility for any defects, deficiencies, or non-
conformity in the products provided by Suppliers, as the Platform serves merely as an
intermediary connecting the seller and the buyer. The Platform does not bear direct
responsibility for the quality of products sold by Suppliers but undertakes to facilitate
communication between the consumer and the Supplier to resolve any disputes related to
product quality, in accordance with its obligations as an intermediary in applying consumer
protection law

Heaven Flower Platform Privacy Policy
This policy clarifies "Kholoud Abdullah Hadi Hakami Flowers Establishment"'s commitment
to protecting the personal data of its users and precisely details how this data is collected, used,
disclosed, and protected, in compliance with the Personal Data Protection Law issued by
Royal Decree No. (M/101) dated 14/09/1443H and its Executive Regulations, and any
directives issued by the Saudi Data & AI Authority (SDAIA) in the Kingdom of Saudi Arabia.
This policy complements the Platform's "Non-Disclosure and Confidentiality Agreement,"
which governs the handling of confidential information and intellectual property more
broadly.
Chapter One: Collection and Use of Personal
Information
Article 1: Types of Personal Information Collected
1.1. Information Provided Directly by the User: * 1.1.1. Account and Registration
Information: When registering an account on the Platform (whether as a Supplier, Retailer, or
Individual Customer), essential personal information is collected, which may include: full name,
email address, mobile phone number, detailed postal address (street, district, city, postal code),
national identity information or residency number, in addition to commercial registration
information or freelance work permit (for Suppliers and Retailers). * 1.1.2. Financial
Transaction Information: When making purchases, payment information is collected, such as
credit/debit card details or bank account information. It must be emphasized that the processing
of this information is exclusively conducted through secure payment gateways approved by the
Saudi Central Bank (SAMA). * 1.1.3. Communication and Support Information: When
communicating with the Platform through any support channels (email, live chat, phone), the
content of these communications is collected for the purpose of providing support and resolving
issues. * 1.1.4. Other Information: Any additional information the User chooses to voluntarily
provide in the context of using the Platform.
1.2. Automatically Collected Information (Usage Data): * 1.2.1. Browse and Usage Data:
Automatic information is collected about how the User interacts with the Platform, which may
include: IP Address, browser type, operating system, pages visited, products viewed, time and
date of access to the Platform, and websites visited before accessing the Platform. * 1.2.2.
Cookies and Similar Tracking Technologies: The Platform uses Cookies and similar tracking
technologies (such as Web Beacons) for the purposes of improving user experience, analyzing
usage patterns, personalizing content and offers, and providing essential Platform
functionalities.
Article 2: Purposes of Using Personal Information (Legal Basis for
Processing)
The Platform uses the collected personal information for the following specific and legitimate
purposes, which comply with the Personal Data Protection Law and its Executive Regulations:
2.1. Contract Performance and Service Provision: * 2.1.1. Purpose of Processing: To
operate and maintain the Platform, process purchase orders, deliver products, and manage
user accounts. * 2.1.2. Legal Basis: This use is necessary for the performance of the contract
concluded between the Platform and the User.
2.2. Platform Improvement, Development, and Experience Personalization: * 2.2.1.
Purpose of Processing: To analyze usage patterns and trends, improve the products and
services we offer, develop new features and functionalities on the Platform, and personalize
content and offers to match user interests. * 2.2.2. Legal Basis: This use is based on the
Platform's legitimate interest in improving its services.
2.3. Communication with Users: * 2.3.1. Purpose of Processing: To send updates regarding
order status, important service notifications, and marketing and promotional messages (if the
User has explicitly consented to receive such communications, with an option to unsubscribe at
any time). * 2.3.2. Legal Basis: This use is based on User consent or legitimate interest in
communicating about services.
2.4. Security, Fraud Prevention, and Legal Compliance: * 2.4.1. Purpose of Processing:
To protect the Platform and its users from fraud, illegal activities, and security breaches. * 2.4.2.
Purpose of Processing: To fulfill legal and regulatory obligations imposed on the Platform
under the laws of the Kingdom of Saudi Arabia, including the E-commerce Law, the Anti-
Cybercrime Law, and the Personal Data Protection Law. * 2.4.3. Legal Basis: This use is
necessary for compliance with a legal obligation or for the protection of vital interests.
Chapter Two: Sharing Personal Information, Security,
and User Rights
Article 3: Sharing and Disclosure of Personal Information
The Platform undertakes not to sell, rent, or trade User personal information to any third party.
Personal information may only be shared in the following cases and in compliance with
applicable regulations:
3.1. With Transaction-Related Parties (Suppliers and Retailers): * 3.1.1. Scope of Sharing:
Only necessary information (such as shipping and delivery information, or contact details related
to the order) is shared with relevant Suppliers and Retailers to complete transactions and
provide requested services.
3.2. With External Service Providers: * 3.2.1. Scope of Sharing: The Platform may share
user information with trusted third parties who provide services on its behalf (including but not
limited to: refrigerated shipping companies, payment processors, analytics service providers,
cloud infrastructure providers, and marketing services). * 3.2.2. Confidentiality Obligations:
These parties are bound by strict confidentiality and data protection requirements under
rigorous contractual agreements ensuring their compliance with the Personal Data Protection
Law.
3.3. Legal Obligations and Government Requests: * 3.3.1. Scope of Sharing: Personal
information may be disclosed if required by law, in response to a court order, subpoena, or valid
governmental request issued by a competent authority in the Kingdom of Saudi Arabia.
3.4. Protection of Rights and Property: * 3.4.1. Scope of Sharing: The Platform may
disclose personal information to protect its rights or property, or to ensure the safety of its users
or the public, or to investigate illegal activities or violations of this policy or the Terms of Service.
Article 4: Data Security and Retention
4.1. Data Security Measures: * 4.1.1. Implemented Measures: The Platform implements
robust and reasonable technical and organizational security measures to protect personal
information from any unauthorized access, alteration, disclosure, or destruction. These
measures include, but are not limited to, the use of data encryption in data transmission and
storage, the application of Firewalls and intrusion detection systems, the implementation of strict
Access Controls to data, and regular auditing and continuous updating of security systems to
ensure keeping pace with the latest cyber threats.
4.2. Data Retention: * 4.2.1. Retention Period: The Platform retains User personal information
for as long as necessary to fulfill the purposes for which it was collected (such as providing
services), or to comply with legal and regulatory obligations (such as the requirements of the
Zakat, Tax and Customs Authority to retain transaction records, or the requirements of the E-
commerce Law, or the Personal Data Protection Law), or to resolve disputes, or to enforce legal
agreements.
Article 5: User Rights Regarding Their Personal Data
The Platform is committed to the guarantees and rights granted to individuals under the
Personal Data Protection Law, which include the following rights:
5.1. Right to Access, Rectification, and Erasure: * 5.1.1. Access and Rectification: Users
have the right to access their personal information held by the Platform and to request its
rectification or updating if it is inaccurate or incomplete. * 5.1.2. Erasure: Users have the right to
request the erasure of their personal data in cases that do not conflict with the Platform's legal
or legitimate obligations (such as retaining necessary financial records). * 5.1.3. Exercise of
Rights: Users can exercise these rights through their account settings or by submitting a written
and documented request to the Platform's customer support department.
5.2. Right to Withdraw Consent and Object: * 5.2.1. Withdrawal of Consent: Users have the
right to withdraw their consent to the collection or use of some of their personal data at any time
(especially concerning marketing communications), provided that this does not affect the legality
of processing carried out before the withdrawal of consent. * 5.2.2. Objection: Users have the
right to object to the processing of their personal data for specific purposes in cases provided for
by the Personal Data Protection Law.
Article 6: Amendments to Privacy Policy and Communication
6.1. Policy Amendments: * 6.1.1. Platform's Right to Amend: The Platform reserves the right
to amend, update, or change this Privacy Policy at any time. * 6.1.2. Notification of Material
Changes: Any changes to this policy will be published on this page, and users will be notified of
material changes to this policy via in-platform notifications or official email.
6.2. Communication and Inquiries: * 6.2.1. Communication Channels: For any inquiries or
concerns regarding this Privacy Policy or our data practices, please contact the Platform
through the official communication channels available on the Platform (dedicated email, phone
number, or contact form)