Backترجمالعربية
Privacy PolicyTerms of Use

Privacy Policy

Version
1.0
Effective Date
2026-05-17

The Arabic version is the legally binding text. This English version is for reference only.

We appreciate the trust you place in us when you entrust us with your personal and official documents for translation. This Policy explains clearly: what data we collect, why, who we share it with, how long we keep it, and what your rights are. It is built on the Omani Personal Data Protection Law issued by Royal Decree 6/2022 and its Executive Regulations Ministerial Decision 34/2024.

1. Who We Are

Data ControllerTAMKEEN DIGITAL LLC — a Limited Liability Company
Platform Brandtrjm.om
Commercial Registration1645675
Tax Identification No.2261616
AddressNorth Al Moolah, Al Seeb, Muscat Governorate, P.C. 112, P.O. Box 108, Sultanate of Oman
General Emailinfo@trjm.om
Contact Phone+968 7720 0778

Data Protection Officer (DPO)

In accordance with Article 34 of the Executive Regulations:

NameSalah Salim Ali Al Badi (Acting Data Protection Officer)
Emaildpo@trjm.om
Postal AddressNorth Al Moolah, Al Seeb, Muscat Governorate, P.C. 112, P.O. Box 108, Sultanate of Oman

2. Data We Collect

2.1 Identification Data

ItemWhen CollectedRequired?
Full nameAt registrationYes
EmailAt registrationYes
Phone numberAt registrationYes
CountryAt registration (Sultanate of Oman only)Yes
Preferred languageAt registrationNo

2.2 Authentication and Security Data

  • Your password is stored as a hash using Argon2id and cannot be retrieved by anyone.
  • Number of failed login attempts and lockout time.
  • Last login timestamp.

2.3 Session Data

  • IP address.
  • Browser type and operating system (User-Agent).
  • Last activity time and session expiry.

2.4 Payment Data

  • Payment amount and currency.
  • Card type (e.g., VISA, Mastercard).
  • Last 4 digits of the card only (for invoicing).
  • Thawani session identifier and time of completion.

Important: We never see or store the full card number, expiry date, or CVV.

2.5 Your Documents and Their Content

  • The Original Document you upload for translation.
  • The stamped Delivery Document from the office.
  • Automatically extracted metadata: word count, page count.
  • Document type and notes for the office.

2.6 Sensitive Data

If you select the document type "Medical Report", its content is classified as sensitive health data. We will request your separate consent before processing, and apply stricter access controls.

3. Purposes of Processing

#PurposeData Used
1Deliver the translation serviceAll Request-related data
2Create and manage your accountIdentification and authentication
3Process paymentPayment data
4Transactional communicationEmail and name
5Tax and accounting complianceInvoices and payments
6Protect the platform from fraudSession and IP

We do not use your data for marketing in the first release. We will not send any promotional email.

4. Legal Basis for Processing

BasisWhen It Applies
Your explicit consentWhen you accept this Policy and when processing health data
Performance of contractProcessing and delivering the Request
Legal obligationRetaining payment and tax records
Legitimate interestProtecting the platform from fraud

5. Who We Share Your Data With

5.1 Translation Offices

The office that accepts your Request receives: your Original Document, your name, and your notes. It does not see your other data.

5.2 Sub-Processors

ProviderPurposeCountryData Transferred
Cloudflare R2Document storageEurope/AsiaDocuments (encrypted)
Google Cloud VisionDocument text extractionUnited StatesDocument content (transient)
ThawaniPayment processingSultanate of OmanName, email, amount
Resend / SMTPTransactional emailEU / USEmail, name, content
Soketi / PusherReal-time notificationsDepends on hostingUser identifier
ClamAVAntivirus scanningWithin our infrastructureFiles during scanning

5.3 Official Authorities

We disclose data only when legally required, when reporting a suspected criminal violation, or when defending our rights.

6. Cross-Border Data Transfer

Some infrastructure services operate from data centers outside Oman. Per Articles 37-39:

  • We obtain your explicit consent before transfer.
  • We select providers offering a protection level no less than Oman's standard.
  • We sign Data Processing Agreements (DPAs) with each provider.

You may withdraw consent by contacting dpo@trjm.om; this may end service.

7. Data Retention Periods

Data TypeRetention PeriodReason
Completed Requests and documentsIndefiniteAudit requirement
Cancelled RequestsMinimum 2 yearsDispute resolution
Payment records and invoices7 yearsTax obligation
Refund records7 yearsTax obligation
OTP codesDeleted after 24 hoursNo longer needed
Expired sessionsPurged dailyNot needed
Security and access logs12 monthsBreach detection

8. Your Rights Under the Data Protection Law

You have explicit rights, and we respond within a maximum of 45 days:

8.1 Right of Access

Request a copy of your data in a clear, readable format.

8.2 Right to Rectification

Correct your data directly from your account or by request.

8.3 Right to Erasure

Request deletion when the purpose ends, consent is withdrawn, or processing is unlawful. Exception: Data we must retain by law (e.g., payment records).

8.4 Right to Data Portability

Transfer your data to another controller in a machine-readable format.

8.5 Right to Withdraw Consent

Withdraw consent anytime without affecting prior processing.

8.6 Right to Object

Object to processing based on legitimate interest.

8.7 How to Exercise Your Rights

Send a request to dpo@trjm.om including: your name, account email, type of right, and a description of the data concerned.

8.8 Right to File a Complaint

You may file a complaint with the Ministry of Transport, Communications and IT or the National Centre for Information Safety.

9. How We Protect Your Data

9.1 Encryption

  • In transit: HTTPS with TLS 1.2+ and HSTS.
  • At rest: email and phone with AES-256-CBC; documents encrypted in cloud storage; passwords with Argon2id.

9.2 Access Control

  • Download links time-limited (15 minutes).
  • An office can only see its own Requests.
  • Staff access on need-to-know basis with full audit logging.

9.3 Threat Protection

  • Automatic ClamAV scanning.
  • Rate limiting against brute-force.
  • Account lockout after failed attempts.
  • Strict HTTP security headers.

10. Data Breach

We apply a rapid-response plan per Articles 30 and 32:

ActionDeadline
Notify Ministry of Transport (Data Protection Unit)Within 72 hours
Notify affected individuals if material harmWithin 72 hours
Immediate corrective measuresOn discovery

11. Cookies

We use a very limited number of cookies, all essential:

CookiePurposeLifetime
sessionYour session identifier24h idle / 30d absolute
csrfProtection against CSRFEnd of session
langRemember your preferred languageOne year

We do not use cookies for advertising tracking or behavioral analytics.

12. Children's Privacy

The platform is not intended for anyone under 18. If we discover a minor's data, we delete it immediately and close the account.

13. Updates to This Policy

  • We notify you of material updates by email at least 30 days before they take effect.
  • Minor updates are published without notice.
  • You may review all prior versions on request from the DPO.

14. Contact and Complaints

14.1 For Inquiries and Requests

SubjectContact
Data rights requestsdpo@trjm.om
General supportinfo@trjm.om
Reporting breach or misuseabuse@trjm.om
Phone+968 7720 0778
AddressNorth Al Moolah, Al Seeb, Muscat Governorate, P.C. 112, P.O. Box 108, Sultanate of Oman

14.2 Regulatory Authorities in Oman

  • Ministry of Transport, Communications and IT — Personal Data Protection Unit.
  • National Centre for Information Safety.
  • Consumer Protection Authority: 80079009.

Thank you for your trust. Your privacy is our responsibility.