Global Sourcing Specialists — 24+ Years of Excellence
WhatsApp admin@rigndig.com

Privacy Policy

Last updated: 15 March 2026

Your privacy matters to us. This Privacy Policy explains how Rig & Dig Suppliers ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our website or engage our services. We are committed to compliance with the laws of the Islamic Republic of Pakistan, including the Prevention of Electronic Crimes Act (PECA) 2016, the Electronic Transactions Ordinance 2002, and the Personal Data Protection Act, and where applicable, the data protection laws of your own country.

1. Who We Are (Data Controller)

The organisation responsible for your personal data under this Privacy Policy is:

Rig & Dig Suppliers
A business entity registered under the laws of the Islamic Republic of Pakistan
Email: admin@rigndig.com

For any privacy-related concerns or requests, contact us at the email address above. We will acknowledge and respond within 30 days.

2. Legal Framework

Our data handling practices are governed by the following applicable laws and regulations:

  • Prevention of Electronic Crimes Act (PECA) 2016 — Pakistan: Governs data security, cybercrime, and unauthorised access to personal data in digital systems.
  • Electronic Transactions Ordinance 2002 — Pakistan: Provides the legal basis for electronic communications, digital records, and online agreements.
  • Personal Data Protection Act — Pakistan: Establishes rights of data subjects and obligations of data controllers in Pakistan in respect of personal information.
  • Income Tax Ordinance 2001 — Pakistan: Requires us to retain certain financial and business records for prescribed periods.
  • Companies Act 2017 — Pakistan: Imposes obligations on registered entities regarding record-keeping and corporate governance.
  • International Clients: Where you are located outside Pakistan, your local data protection laws may also apply to our processing of your personal data. Refer to Section 11 for further details.

3. What Personal Information We Collect

We collect personal information that you voluntarily provide or that is automatically generated when you use our website or services:

  • RFQ and Enquiry Forms: Full name, email address, phone number, company name, job title, industry sector, and the details of your enquiry or procurement requirement.
  • Service Engagements: National Tax Number (NTN), STRN, company registration details, banking information (for payment processing only), delivery/shipping addresses, and technical procurement specifications.
  • Website Browsing: IP address, browser type, device information, geographic region, pages visited, and time spent on pages — collected via standard web analytics tools.
  • Email and Direct Communications: Any personal information you include in emails, messages, or documents you send to us.

We do not collect sensitive personal information such as CNIC numbers, biometric data, health information, political affiliation, or religious beliefs in the ordinary course of our business.

4. How We Use Your Personal Information

We use your personal information strictly for the following lawful purposes:

  • To respond to your enquiries, RFQs, and service requests;
  • To prepare, issue, and manage quotations, purchase orders, and invoices;
  • To carry out procurement, sourcing, and logistics on your behalf;
  • To manage our ongoing commercial relationship with you;
  • To comply with legal, tax, and regulatory obligations under Pakistani law (including FBR, SECP, and customs requirements);
  • To improve our website and services through aggregated, anonymised analytics data;
  • To send service-related communications such as order status updates, shipping notifications, and invoice reminders;
  • To detect, prevent, and investigate fraud, cybercrime, or unauthorised access in compliance with PECA 2016.

We do not sell, rent, share, or lease your personal information to third parties for marketing or commercial purposes unrelated to your engagement with us.

5. Legal Basis for Processing

We process your personal information on the following recognised lawful bases:

  • Contractual Necessity: Processing is necessary to enter into and perform a contract with you (e.g. fulfilling an RFQ, processing an order, issuing an invoice).
  • Legitimate Interest: We have a legitimate business interest in responding to commercial enquiries, maintaining client records, and protecting our business from fraud.
  • Legal Obligation: We are required by Pakistani law (Income Tax Ordinance, Sales Tax Act, Companies Act) to retain certain records for prescribed periods.
  • Consent: Where we rely on your consent (for example, for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of prior processing. To withdraw consent, email us at admin@rigndig.com.

6. How We Share Your Information

We share your personal information only as strictly necessary for the following purposes:

  • Suppliers and Manufacturers: We share procurement specifications and delivery details with verified domestic and international suppliers solely to fulfil your order.
  • Freight and Logistics Providers: We share necessary shipping and contact information with freight forwarders, customs clearing agents, and transport companies to arrange delivery.
  • Financial Institutions and Payment Processors: We share payment-related information with banks and financial intermediaries to process transactions.
  • Regulatory and Law Enforcement Authorities: We disclose information when required to do so by a court order, regulatory authority, or law enforcement body under Pakistani law (including FBR, customs, SECP, or law enforcement agencies under PECA 2016).
  • Technology and Hosting Providers: Our website hosting, email systems, and analytics platforms process data on our behalf. We ensure these providers maintain appropriate security standards.

7. International Data Transfers

Given the global nature of our sourcing and procurement operations, your personal information may need to be transferred to and processed in countries other than Pakistan — including the UAE, Saudi Arabia, China, the UK, the EU, and the USA. When such transfers occur:

  • We share only the minimum information necessary for the specific transaction or service;
  • We require our international service providers and suppliers to maintain appropriate data security standards;
  • Where the transfer involves EU residents' personal data, we ensure appropriate safeguards in accordance with GDPR requirements (including Standard Contractual Clauses where applicable).

8. Cookies and Website Analytics

Our website uses the following technologies to function and improve your experience:

  • Essential Cookies: Required for basic website functionality, including session management and CSRF security protection. These cannot be disabled without affecting website operation.
  • Analytics: We may use tools such as Google Analytics to understand visitor behaviour on our website. Data collected is anonymised and aggregated. IP addresses are not stored in identifiable form. You may opt out via the Google Analytics Opt-out Add-on.
  • Third-Party Embeds: Where third-party tools are embedded (e.g. maps, video), those providers may set their own cookies. Please review their respective privacy policies.

By using our website, you consent to our use of essential cookies. You may disable non-essential cookies in your browser settings; however, this may affect certain website features.

9. Data Retention

  • Client records, invoices, purchase orders, and commercial documentation are retained for a minimum of 6 years from the date of the last transaction, in accordance with the Income Tax Ordinance 2001 and the Sales Tax Act 1990 of Pakistan.
  • General enquiry and contact form submissions are retained for 3 years after the date of the last communication, to allow for follow-up business relationships.
  • Website analytics data is retained in anonymised, aggregated form for up to 26 months.
  • Data may be retained beyond these periods where required by a court order, regulatory authority, or ongoing dispute resolution process.
  • Where we no longer require your personal information, we will securely delete or anonymise it.

10. Your Rights as a Data Subject

Under applicable Pakistani data protection law, and where relevant under international law, you have the following rights in respect of your personal information:

  • Right of Access: Request a copy of the personal information we hold about you.
  • Right of Correction: Request that we correct inaccurate, incomplete, or outdated personal information.
  • Right of Deletion: Request deletion of your personal information where there is no lawful basis to continue retaining it.
  • Right to Object: Object to processing of your data where we are relying on legitimate interest as the legal basis.
  • Right of Portability: Request your personal data in a structured, commonly used, and machine-readable format (where technically feasible).
  • Right to Withdraw Consent: Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint: Lodge a complaint with the relevant authority. In Pakistan, the relevant authority is the Pakistan Telecommunication Authority (PTA) or such other body as designated under the Personal Data Protection Act. International clients may also contact their own country's data protection authority.

To exercise any of the above rights, please email us at admin@rigndig.com. We will acknowledge your request within 7 working days and respond in full within 30 days.

11. International Clients — Your Local Data Protection Rights

Notice to International Users: If you are accessing our website or services from outside Pakistan, this clause applies to you in addition to all sections above.

  • This Privacy Policy is primarily governed by the data protection laws of the Islamic Republic of Pakistan. However, we recognise that users from other countries may have additional rights and protections under their own national laws, and we respect those rights.
  • European Union / United Kingdom: If you are located in the EU or UK, the General Data Protection Regulation (GDPR) and/or the UK GDPR may apply to your personal data. You have the right to request access, correction, deletion, and portability of your data, and to lodge a complaint with your local Data Protection Authority (DPA).
  • United Arab Emirates: UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) may apply. You may have rights under that law in addition to those set out in this Policy.
  • Kingdom of Saudi Arabia: The Personal Data Protection Law (PDPL) of Saudi Arabia may apply to Saudi-based clients. We respect these obligations where they are applicable.
  • Other Jurisdictions: If you are located in any other country with applicable data protection legislation, you remain entitled to the protections provided under your own national law. By engaging our services, you acknowledge that your data will be processed in Pakistan in accordance with this Policy, while your local rights remain unaffected.
  • Where there is a conflict between this Policy and the mandatory data protection laws of your own country that cannot be contractually excluded, your local mandatory law shall prevail to the extent of that conflict.

12. Security Measures

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted via our website;
  • Strict access controls — only authorised personnel access personal data on a need-to-know basis;
  • Password hashing and CSRF token protection for all web forms;
  • Regular review of our security practices and infrastructure;
  • Physical security at our office premises where paper records are stored.

No method of data transmission or storage over the internet is completely secure. While we take all reasonable precautions, we cannot guarantee absolute security. If you believe your data has been compromised, please contact us immediately at admin@rigndig.com. Cybercrime incidents may also be reported to the FIA Cyber Crime Wing in Pakistan or the relevant authority in your country.

13. Third-Party Websites

Our website may contain links to third-party websites, supplier portals, or industry directories. We have no control over the content or privacy practices of those websites. This Privacy Policy applies only to our website and services. We encourage you to review the privacy policies of any third-party site before submitting your personal information to them.

14. Children's Privacy

Our services are directed exclusively at business professionals and commercial entities. We do not knowingly collect personal information from individuals under the age of 18. If you are a parent or guardian and believe that your minor child has submitted personal information to us, please contact us immediately at admin@rigndig.com and we will promptly delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The current version will always be available on this page, with the "Last updated" date prominently displayed. For material changes that significantly affect your rights, we will endeavour to notify you directly by email where we hold your contact details. Your continued use of our website or services after any changes are posted constitutes your acceptance of the updated Policy.

16. Contact the Privacy / Data Protection Officer

For all privacy-related enquiries, data subject requests, or complaints, please contact us in writing:

Privacy / Data Protection Officer
Rig & Dig Suppliers
Email: admin@rigndig.com

We take all privacy concerns seriously and will respond within 30 days of receipt.

Terms & Conditions Contact Us Submit an RFQ