This Privacy Policy Statement outlines how Nsaale Health Products ("We," "Us," or "Our"), the operator of the website https://www.nsaalehealthproducts.com/ (the "Website"), collects, uses, protects, and discloses information gathered from you, the customer ("You" or "Customer").
This policy is designed for an e-commerce platform hosted on the Odoo SA Cloud and is structured to address the data handling requirements common in online retail, aligning with general data protection standards.
1. Data Controller and Data Processor Roles
- Data Controller: Nsaale Health Products is the Data Controller. We determine the purposes and means of processing the Personal Data collected through our Website (e.g., deciding what to collect for orders).
- Data Processor: Odoo SA acts as the primary Data Processor. Odoo SA provides the hosting and software services, processing your data strictly on our behalf, based on our explicit instructions, for the purpose of operating the Website.
2. The Information We Collect
We collect and process various categories of information about you, including:
| Category of Data | Description and Examples |
| A. Identity and Contact Data | Information used to identify and communicate with you. |
| Examples: Name, email address, phone number, physical address (shipping/billing), company name (if applicable), Odoo account username, and password (stored securely as a hash). | |
| B. Transaction and Financial Data | Details about payments and purchases you have made. |
| Examples: Purchase history, order quantity, order value, payment method, bank account details (if provided for refunds). Note: We do not store or record your full credit card details. All transactions are handled by trusted, PCI-DSS compliant third-party payment processors configured with Odoo SA Cloud platform. | |
| C. Profile Data | Information related to your preferences and how you use the Website. |
| Examples: Your interests, product preferences, feedback, reviews, and survey responses. | |
| D. Technical and Usage Data | Information automatically collected by the Odoo SA Cloud platform as you interact with the Website. |
| Examples: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access this Website. | |
| E. Marketing and Communications Data | Your preferences in receiving marketing from us. |
| Examples: Your opt-in or opt-out status for marketing communications. |
3. How We Collect and Use Your Information
We use your data primarily to manage our e-commerce operations, fulfill your orders, and provide services.
| Source of Collection | Purpose of Use | Legal Basis (Where Required) |
| Direct Interactions (Form/Account) | To register you as a new customer, manage your account, and deliver products you ordered. | Performance of a contract with you. |
| Automated Technologies (Odoo Cloud) | To administer and protect our Website, troubleshoot issues, and ensure security (e.g., recording IP addresses). | Our legitimate business interests (security and service integrity). |
| Third Parties (Payment Processors) | To process and confirm your payments securely. | Performance of a contract with you. |
| Marketing Opt-ins | To send you promotional materials about our products or services. | Your consent (which can be withdrawn at any time). |
4. Cookies and Tracking Technologies
The Odoo software and our Website use cookies and similar tracking technologies to enhance your experience.
- Functionality: Cookies are used to remember your preferences, keep you logged in, and maintain your shopping cart contents.
- Analytics: We use tools (like Google reCAPTCHA for security and potentially third-party analytics) to collect information about how you use the Website, which helps us improve performance.
You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies. Note that if you disable or refuse cookies, some parts of the Website may become inaccessible or not function properly.
5. Data Security, Hosting, and International Transfers Odoo SA Cloud Security Commitments
- Security Measures: We and Odoo SA implement robust technical and organizational security measures. This includes data encryption at rest (AES-256) and in transit (HTTPS/SSL), strict access controls, and hardened server configurations.
- Data Retention and Backups: Odoo SA maintains automated and verified backups, often replicated in multiple data centers, to ensure business continuity and minimize data loss.
International Data Transfers
Since the Odoo SA Cloud platform is global, your data may be stored and processed outside of Uganda or the African continent (e.g., in data centers in Europe, America, or Asia/Pacific regions, as maintained by Odoo).
- By using our Website and services, you acknowledge that your Personal Data may be transferred to and processed in countries outside your own. We rely on Odoo SA to implement appropriate safeguards (such as data processing agreements and standard contractual clauses) to ensure that your data is treated securely and in accordance with this privacy policy and applicable data protection laws.
6. Your Legal Rights
Under applicable data protection laws, you may have the right to:
- Request access to your Personal Data.
- Request correction of your Personal Data.
- Request erasure of your Personal Data.
- Object to processing of your Personal Data (e.g., for direct marketing).
- Request restriction of processing your Personal Data.
- Request the transfer of your Personal Data (data portability).
- Withdraw consent where we are relying on consent to process your Personal Data.
To exercise these rights, please contact us using the details below. For data stored within your Odoo database (like your address or profile), you can generally access, modify, or delete it directly through your account settings.
7. Data Retention
We will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Typically, customer account and transaction data will be retained for the duration of our business relationship and for a period thereafter to comply with tax, financial, and legal obligations.
8. Contact Information
If you have any questions, concerns, or wish to exercise your data rights, please contact us via this website.
Last Updated: November 12, 2025