top of page

​Ya’Mar Personal Data Protection & GDPR Compliance Policy

Effective Date: May 20, 2026

This Personal Data Protection & GDPR Compliance Policy (“Policy”) supplements the Ya’Mar Privacy Policy and explains how Ya’Mar LLC (“Ya’Mar,” “we,” “us,” or “our”) processes, protects, transfers, stores, retains, secures, and governs personal data in compliance with the General Data Protection Regulation (“GDPR”), the UK GDPR, applicable European Union and United Kingdom privacy laws, and related international privacy requirements.

This Policy also supplements applicable privacy rights provided under certain U.S. state privacy laws where applicable.

This Policy does not replace the Ya’Mar Privacy Policy, Terms of Service, or other incorporated Platform Policies. In the event of conflict, the Privacy Policy and Terms of Service govern to the fullest extent permitted by law.

1. Scope and Purpose

This Policy applies to the processing of personal data relating to individuals located in:

  • The European Union

  • The United Kingdom

  • Canada

  • Other jurisdictions with similar data protection laws

This Policy explains:

  • How Ya’Mar processes personal data

  • Lawful bases for processing

  • Rights of data subjects

  • Security and breach response procedures

  • International data transfer safeguards

  • Governance measures used to support privacy compliance

  • Automated processing and fraud prevention practices

Where minors are permitted to use limited Platform features under adult supervision as described in the Terms of Service, parents or legal guardians remain responsible for supervising Platform use, monitoring account activity, providing legally required consent where applicable, and ensuring compliance with applicable laws and Platform Policies.

2. Definitions

For purposes of this Policy:

“Personal Data” means any information relating to an identified or identifiable natural person.

“Data Subject” means the individual whose personal data is processed.

“Processing” means any operation performed on personal data including collection, storage, use, disclosure, transfer, analysis, monitoring, retention, deletion, or destruction.

“Controller” means the entity determining the purposes and means of processing personal data.

“Processor” means an entity processing personal data on behalf of a controller.

“Applicable Privacy Laws” means GDPR, UK GDPR, applicable EU privacy laws, UK privacy laws, and similar data protection laws where applicable.

3. Data Controller Role

For personal data processed in connection with the Ya’Mar Platform, Ya’Mar generally acts as a data controller under applicable data protection laws.

In limited circumstances, Ya’Mar may act as a data processor when processing personal data on behalf of users, payment providers, shipping providers, fraud prevention providers, verification providers, or third parties subject to contractual and legal obligations.

Certain payment processing, payout processing, shipping integration, fraud prevention, tax reporting, identity verification, operational monitoring, analytics, customer support, and compliance functions may be performed by third-party providers including Stripe, ShipEngine, cloud providers, fraud prevention vendors, analytics providers, infrastructure providers, telecommunications providers, and affiliated service providers.

Ya’Mar may engage affiliates, subprocessors, infrastructure providers, cloud providers, payment processors, analytics providers, shipping providers, verification vendors, fraud prevention providers, customer support providers, and operational service providers to support Platform functionality, security, legal compliance, fraud prevention, dispute handling, and marketplace operations.

4. Data Protection Principles

Ya’Mar processes personal data in accordance with applicable data protection principles including:

  • Lawfulness

  • Fairness

  • Transparency

  • Purpose limitation

  • Data minimization

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

Personal data is processed only to the extent reasonably necessary for legitimate operational, contractual, legal, security, fraud prevention, customer support, marketplace integrity, dispute handling, tax compliance, customs compliance, payment processing, and Platform protection purposes.

Ya’Mar does not sell personal data as traditionally understood under applicable privacy laws.

Ya’Mar also does not knowingly share personal data for cross-context behavioral advertising purposes except as permitted by applicable law and disclosed within the Ya’Mar Privacy Policy.

Users remain responsible for maintaining accurate account information, contact information, payout information, shipping information, verification information, tax information, and account credentials associated with their accounts.

5. Lawful Bases for Processing

Ya’Mar processes personal data under one or more lawful bases including:

  • Performance of a contract

  • Compliance with legal obligations

  • Legitimate business interests

  • User consent where required by law

  • Fraud prevention

  • Security monitoring

  • Marketplace integrity protection

Legitimate interests may include fraud detection, account security, payment processing, shipment processing, customs compliance, dispute resolution, policy enforcement, customer support, analytics, operational improvements, abuse prevention, Platform security, and marketplace integrity protection.

Ya’Mar may use third-party authentication providers, SMS providers, OTP providers, telecommunications providers, payment processors, shipping providers, fraud prevention systems, analytics systems, cloud systems, and verification providers to facilitate:

  • Account authentication

  • OTP verification

  • Fraud prevention

  • Payment processing

  • Shipment processing

  • Platform integrity

  • Security monitoring

  • Account recovery

  • Marketplace operations

Consent is obtained only where legally required and may be withdrawn at any time subject to legal, contractual, fraud prevention, dispute handling, customs compliance, payment processor, or operational limitations.

5.1 Automated Decision-Making and Fraud Prevention

Ya’Mar may use automated systems, AI-assisted moderation systems, fraud detection technologies, machine learning systems, behavioral analysis tools, automated review systems, image analysis systems, monitoring systems, and risk-scoring technologies to:

  • Detect fraud

  • Verify identities

  • Prevent abuse

  • Review listings

  • Moderate content

  • Detect suspicious activity

  • Evaluate transaction risk

  • Investigate disputes

  • Prevent chargeback abuse

  • Protect marketplace integrity

  • Enforce Platform Policies

  • Maintain Platform security

Certain moderation, enforcement, fraud prevention, payment review, dispute handling, or operational decisions may involve automated systems.

Users may request additional information regarding certain automated processing activities where required under applicable law.

Ya’Mar may additionally monitor automated traffic, scraping attempts, unauthorized bots, suspicious technical activity, abusive activity patterns, unauthorized access attempts, malicious software activity, or operational threats to maintain Platform integrity and security.

6. Data Subject Rights

Data subjects may have rights under applicable privacy laws including:

  • Right of access

  • Right of rectification

  • Right of erasure

  • Right to restrict processing

  • Right to object to certain processing

  • Right to data portability

  • Right to withdraw consent

  • Rights relating to automated decision-making where applicable

Requests may be submitted using the contact information provided within this Policy.

Requests may require identity verification, fraud prevention review, security validation, operational review, or additional authentication measures before processing.

Certain rights requests may be limited, delayed, or denied where permitted by law for fraud prevention, account security, legal compliance, customs compliance, tax obligations, payment processor requirements, dispute handling, chargeback handling, collections activity, arbitration, operational protection, law enforcement cooperation, protection of Platform integrity, or protection of the rights and safety of others.

7. Data Retention

Personal data is retained only for as long as reasonably necessary for:

  • Operational purposes

  • Fraud prevention

  • Security monitoring

  • Payment processing

  • Shipment processing

  • Customs compliance

  • Tax obligations

  • Chargeback handling

  • Dispute resolution

  • Arbitration

  • Collections activity

  • Legal compliance

  • Regulatory compliance

  • Enforcement of agreements

  • Marketplace integrity protection

Retention periods may vary depending on legal obligations, fraud prevention needs, security requirements, operational needs, chargeback risk, dispute history, payment processor requirements, customs obligations, regulatory requirements, tax reporting obligations, arbitration requirements, collections activity, or Platform protection concerns.

Personal data may continue to be retained after account closure, suspension, restriction, or termination where reasonably necessary for fraud prevention, legal compliance, customs compliance, dispute resolution, payment processor obligations, arbitration, collections activity, regulatory investigations, chargeback handling, tax obligations, or protection of Platform integrity.

8. Data Security Measures

Ya’Mar implements commercially reasonable technical, organizational, administrative, and operational safeguards designed to protect personal data including:

  • Encryption where appropriate

  • Secure authentication measures

  • Access controls

  • Role-based permissions

  • Monitoring systems

  • Fraud prevention systems

  • Security reviews

  • Access logging

  • Risk management procedures

  • Incident response procedures

  • Operational security reviews

Ya’Mar may maintain internal audit procedures, monitoring systems, incident response plans, operational review procedures, and security assessment practices designed to identify, investigate, contain, remediate, and respond to unauthorized activity, fraud, cyber threats, security incidents, or operational risks.

Despite commercially reasonable safeguards, Ya’Mar cannot guarantee absolute security, uninterrupted security, or prevention of all unauthorized access, cyberattacks, fraud, data loss, operational disruptions, or security incidents.

Users remain responsible for protecting account credentials, devices, authentication methods, email accounts, passwords, and phone numbers associated with their accounts.

9. Personal Data Breach Response

Ya’Mar maintains procedures designed to detect, assess, investigate, contain, remediate, document, and respond to personal data breaches and security incidents.

Where required by applicable law:

  • Relevant supervisory authorities may be notified within seventy-two (72) hours of becoming aware of a qualifying breach.

  • Affected individuals may be notified where a breach is reasonably likely to result in a high risk to their rights and freedoms.

Notifications may be delayed where legally permitted for law enforcement purposes, fraud investigations, security investigations, customs investigations, payment processor reviews, operational protection, or regulatory compliance purposes.

10. Data Protection Governance

Ya’Mar maintains internal governance and accountability measures designed to support compliance with applicable privacy and data protection laws.

Where legally required, Ya’Mar may designate:

  • Privacy personnel

  • Compliance personnel

  • Security personnel

  • Internal review procedures

  • A Data Protection Officer (“DPO”)

responsible for oversight of privacy compliance, regulatory inquiries, security oversight, incident response coordination, operational review, fraud prevention oversight, and handling data subject requests.

11. International Data Transfers

Personal data may be processed, stored, transferred, reviewed, or accessed within:

  • The United States

  • Canada

  • The United Kingdom

  • The European Union

  • Other jurisdictions where Ya’Mar or its providers operate

Users acknowledge that personal data may be transferred to jurisdictions that may not provide the same level of data protection as the user’s home jurisdiction.

Where required by law, Ya’Mar relies on legally recognized safeguards for cross-border data transfers including:

  • Standard Contractual Clauses (“SCCs”)

  • Adequacy decisions

  • Contractual protections

  • Recognized transfer mechanisms

  • Other lawful safeguards permitted under applicable law

12. Cookies and Tracking Technologies

Ya’Mar may use cookies, SDKs, analytics technologies, authentication technologies, fraud prevention technologies, tracking technologies, monitoring technologies, and related operational tools to support Platform functionality, fraud prevention, analytics, account authentication, security monitoring, and marketplace integrity.

Additional information regarding cookies, SDKs, analytics technologies, tracking technologies, and related technologies is available within the Ya’Mar Privacy Policy or Cookie Policy where applicable.

13. Special Categories of Data

Ya’Mar does not intentionally collect or process special categories of personal data except where voluntarily submitted by users, legally required, necessary for fraud prevention, dispute handling, legal compliance, identity verification, security purposes, or otherwise permitted under applicable law.

Users should avoid submitting unnecessary sensitive personal information through the Platform unless expressly requested.

14. Third-Party Providers and Service Integrations

Ya’Mar may use third-party providers to support:

  • Payment processing

  • Shipping services

  • Identity verification

  • OTP authentication

  • Fraud prevention

  • Analytics

  • Infrastructure

  • Cloud hosting

  • Customer support

  • Operational monitoring

  • Security services

Third-party providers may process personal data subject to contractual obligations, security requirements, operational safeguards, applicable privacy laws, and legal compliance obligations.

Ya’Mar is not responsible for independent third-party privacy practices outside Ya’Mar’s reasonable control.

15. Policy Updates

This Policy may be updated periodically to reflect:

  • Regulatory changes

  • Legal requirements

  • Operational changes

  • Security practices

  • Fraud prevention measures

  • Platform functionality

  • Business practices

  • Payment processor requirements

  • Shipping integrations

  • Marketplace operations

Updated versions become effective upon posting within the Platform or on Ya’Mar’s website.

Continued use of the Platform after updates constitutes acceptance of the revised Policy where permitted by law.

16. Contact and Data Rights Requests

For GDPR-related inquiries, privacy concerns, or data subject rights requests, contact:

Ya’Mar LLC-Privacy & Data Protection
📧 legal@yamarapp.com

Ya’Mar LLC
7901 4TH Street N. Suite 300
St. Petersburg, Florida 33702 USA

EU and UK residents may also lodge complaints with their local supervisory authority or applicable data protection regulator.

France-Specific Notice (CNIL)

For users located in France, Ya’Mar complies with GDPR and applicable French data protection laws under the supervision of the Commission Nationale de l’Informatique et des Libertés (“CNIL”).

French users may exercise GDPR rights described in this Policy and may submit complaints directly to the CNIL if they believe their rights have been violated.

bottom of page