1. Introduction

Welcome to MGL POS & Inventory Management System ("System", "we", "us", or "our"), operated by Medihyim Group Limited. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Point of Sale and Inventory Management System.

We are committed to protecting your privacy and ensuring the security of your personal and business information. By accessing or using our System, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when using our System, including but not limited to:

• User Account Information: Username, email address, password (encrypted), phone number, profile photo
• Employee Information: Full name, contact details, job title, department, salary information (for payroll purposes)
• Customer/Client Information: Business name, contact person, email, phone number, physical address, TIN (Tax Identification Number), GPS location (if provided)
• Supplier/Provider Information: Business name, contact details, address, payment terms

2.2 Business and Transaction Data

In the course of providing our services, we collect and process:

• Sales Transactions: Sale details, payment methods, amounts, dates, customer information
• Purchase Records: Purchase orders, supplier details, product quantities, costs
• Inventory Data: Product information, stock levels, warehouse locations, pricing
• Financial Records: Expenses, deposits, fund requests, accounts, tax invoices
• Quotations and Proforma Invoices: Quote details, pricing, terms
• Delivery Information: Delivery notes, routes, recipient details

2.3 Automatically Collected Information

When you access our System, we may automatically collect:

• IP address and device information
• Browser type and version
• Operating system
• Access times and dates
• Pages viewed and actions taken within the System
• Session duration and navigation patterns

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication status
• Remember your preferences and settings
• Analyze System usage and improve performance
• Ensure security and prevent fraudulent activity

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 System Operations

• Process sales, purchases, and inventory transactions
• Generate invoices, receipts, quotations, and financial reports
• Manage user accounts and access permissions
• Process payroll and employee compensation
• Track inventory levels and generate alerts
• Manage customer and supplier relationships

3.2 Communication

• Send transactional emails (invoices, receipts, notifications)
• Provide system updates and important announcements
• Respond to inquiries and support requests
• Send SMS notifications (when enabled)

3.3 Improvement and Analytics

• Analyze usage patterns to improve System functionality
• Generate business reports and analytics
• Identify and fix technical issues
• Develop new features and enhancements

3.4 Legal and Security

• Comply with legal obligations and regulatory requirements
• Enforce our terms of service and policies
• Detect, prevent, and address fraud or security issues
• Protect the rights and safety of our users

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 With Your Consent

We may share information with third parties when you have given explicit consent.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Email delivery services
• SMS notification services
• Cloud hosting and data storage
• Payment processing (if applicable)
• Analytics and performance monitoring

These service providers are contractually obligated to maintain confidentiality and use data only for specified purposes.

4.3 Legal Requirements

We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to:

• Comply with legal processes
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Respond to lawful requests from public authorities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to standard confidentiality provisions.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption: All data transmissions are encrypted using SSL/TLS protocols
• Password Protection: User passwords are hashed and salted using industry-standard algorithms
• Access Controls: Role-based access control (RBAC) limits data access to authorized personnel
• Secure Storage: Data is stored on secure servers with regular security updates
• Firewall Protection: Network security measures prevent unauthorized access

5.2 Organizational Measures

• Regular security audits and vulnerability assessments
• Employee training on data protection practices
• Incident response procedures for security breaches
• Regular data backups and disaster recovery planning

5.3 Limitation of Liability

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements
• Maintain business records for auditing purposes

Financial and transaction records are retained for a minimum of 7 years as required by tax and accounting regulations. Upon account termination, we may retain certain data as required by law or for legitimate business purposes.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Correction

You may access, review, and update your personal information through your account settings or by contacting our support team.

7.2 Data Export

You may request an export of your data in a commonly used format.

7.3 Account Deletion

You may request deletion of your account. Note that some information may be retained as required by law or for legitimate business purposes.

7.4 Communication Preferences

You may opt out of non-essential communications while still receiving important transactional and security-related notifications.

7.5 Cookie Preferences

You may adjust your browser settings to refuse cookies, though this may affect System functionality.

8. Third-Party Links and Services

Our System may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

9. Children's Privacy

Our System is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

10. International Data Transfers

If you access our System from outside our primary operating region, please be aware that your information may be transferred to, stored, and processed in a country different from your own. By using our System, you consent to such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our System
• Updating the "Last Updated" date at the top of this policy
• Sending notification through the System (for significant changes)

Your continued use of the System after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United Republic of Tanzania. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Tanzania.