How we look after your data.

01 Who we are

RIVER VALE Industries (Private) Limited is a fashion, apparel, carpet yarn and fibre‑to‑yarn manufacturer headquartered at Uni Center, 7th Floor, Karachi, 74200, Pakistan, registered with the Securities & Exchange Commission of Pakistan. This policy applies to all websites, sub‑domains, web‑hosted ordering portals and Android mobile applications operated by River Vale and distributed under our publisher account on Google Play.

For privacy enquiries the data controller is reachable at:

02 Scope of this policy

This policy covers personal data processed when you (a) browse rivervl.com or any sub‑site we operate, (b) submit a brief, sample request, RFQ or careers application, (c) install or use any of our Android applications listed on Google Play, (d) communicate with our sales, sourcing or support teams, or (e) attend an in‑person meeting at our Karachi head office or any of our manufacturing facilities.

It does not cover personal data collected by independent third parties — including freight forwarders, customs brokers, banks and your own corporate IT systems — even where that processing is initiated by an interaction with River Vale. Where we embed third‑party content (for example, Google Fonts, font CDNs and image CDNs), those providers operate under their own privacy policies which we link to in section 11 below.

03 Information we collect

We collect only the categories of personal data we genuinely need in order to run our business. The categories below are the maximum we ever collect; in many interactions we collect only a small subset.

We do not knowingly collect special categories of personal data (such as health, race, religion, political opinions, biometric data or genetic data) except where you voluntarily disclose it in a recruitment context and applicable law permits us to process it on that basis.

04 How we use information

We use personal data for the following purposes:

1. To respond to enquiries and briefs — answering sample requests, sourcing questions, RFQs and careers applications.
2. To run our customer programmes — costing, sampling, lab dip approval, production, quality assurance, shipping and after‑sales support.
3. To operate and improve our website and apps — understanding which sections are useful, debugging errors and protecting against misuse.
4. To meet legal and regulatory obligations — including export documentation, KYC checks, tax reporting and supply‑chain due diligence.
5. To protect our staff, premises, IT systems and intellectual property — including detecting and preventing fraud, unauthorised access and security incidents.
6. To send infrequent business communications — capability updates, capacity availability and trade‑show schedules. You can opt out of any of these at any time without it affecting your ability to use our services.

We do not use your personal data for behavioural advertising. We do not sell, rent or licence personal data to third parties. We do not run profiling that has legal or similarly significant effects on you.

05 Legal basis (where GDPR / UK GDPR applies)

Where you are located in the EEA, the United Kingdom or another jurisdiction with similar rules, our legal bases for processing are:

• Contract — processing necessary to take steps at your request before entering into a contract or to perform a contract you are a party to (sample programmes, supply contracts).
• Legitimate interests — to run our business efficiently, prevent fraud, secure our IT estate, and provide replies to unsolicited business enquiries. We balance these interests against your fundamental rights.
• Legal obligation — for tax, export and customs records, anti‑bribery compliance and similar obligations.
• Consent — where required (for example, where you opt in to receive a capability newsletter). You may withdraw consent at any time.

06 Sharing & international transfers

We share personal data only where it is necessary to do so, and only with the categories of recipients listed below:

• Group companies — our group entities involved in spinning, weaving, finishing and apparel manufacturing.
• Service providers — vetted vendors that host our website, deliver email, provide customer‑relationship management, freight forwarding, customs clearance, payment processing and accounting services. Each one is bound by a written data‑processing agreement.
• Professional advisers — auditors, lawyers, insurers and tax advisers, where their advice requires it.
• Authorities — where compelled by law, court order, or legitimate request from a regulator (Pakistan Customs, FBR, SBP, or competent authority abroad).
• Acquirers — in the event of a merger, restructuring or sale of all or part of the business, with appropriate confidentiality protections.

Many of our customers, suppliers and service providers are based outside Pakistan. Where we transfer personal data internationally we use appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, and we apply additional technical measures (encryption in transit, pseudonymisation where practical) where the destination country is not recognised as offering an adequate level of protection.

07 How long we keep data

We keep personal data only for as long as we genuinely need it. Our retention windows are:

• General enquiry data — 24 months from last contact, then deleted or anonymised.
• Customer programme records — 7 years from contract close, to meet tax, export and warranty obligations.
• Recruitment data — 12 months from the close of the role, unless you ask us to keep it on file longer.
• Web server logs — 30 days, then rotated.
• Mobile‑app crash and diagnostic logs — 90 days.

When the relevant period ends we delete the data, anonymise it so it can no longer identify a person, or — where deletion is not technically practical (for example, backup tapes) — isolate it from active use until it is deleted in the next backup rotation.

08 Security

We protect personal data with technical and organisational measures that are proportionate to its sensitivity. These include encryption in transit (TLS 1.2 or higher) on all customer‑facing endpoints, encryption at rest for our databases, role‑based access control with two‑factor authentication for all administrative accounts, internal network segmentation between corporate IT and shop‑floor systems, formal supplier security review before onboarding any processor, and yearly penetration testing on internet‑facing services.

No system is perfectly secure. If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, the affected individuals, in line with the timelines of applicable law.

09 Your rights

Subject to applicable law, you have the following rights in relation to your personal data:

• Access — to be told what data we hold about you and to receive a copy.
• Rectification — to correct inaccurate or incomplete data.
• Erasure — to ask us to delete data we no longer need.
• Restriction — to ask us to pause processing while we investigate a complaint.
• Objection — to object to processing based on legitimate interests.
• Portability — to receive a structured, machine‑readable copy of data you supplied.
• Withdrawal of consent — at any time, where consent is the legal basis.
• Complaint — to lodge a complaint with your local supervisory authority. We would appreciate the chance to address your concern first.

To exercise any of these rights, write to privacy@rivervl.com. We will respond within 30 days. We may ask you to verify your identity before we release any data, to protect against impersonation.

10 Children

Our website, our customer‑facing applications and our buyer portals are intended for adults working in a professional capacity. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided personal data to us, please contact our privacy office and we will delete it promptly.

11 Cookies & similar technologies

Our website uses a small number of cookies and equivalent technologies. We do not use advertising cookies.

Strictly necessary

Required to remember your cookie preference and to keep authenticated sessions secure. These cannot be disabled without breaking parts of the site.

Analytics

We use a privacy‑respecting analytics tool that aggregates usage statistics, anonymises IP addresses on collection and does not use cross‑site identifiers. You can opt out from the cookie banner.

Embedded fonts & images

We load typography from Google Fonts and images from a CDN. These providers may receive your IP address as part of normal HTTP requests. We do not place tracking cookies through these embeds.

You can clear or block cookies through your browser settings; some site features may then no longer work as designed.

12 Mobile app data & Google Play disclosures

Where you install one of our Android applications from Google Play (such as our buyer‑portal app or shop‑floor inspection app) the following disclosures apply, in line with the Google Play Developer Programme Policy and the Data safety section of our Play Store listing.

You can review these disclosures in summary form in the Data safety section of any of our Google Play listings. Where there is a discrepancy between the Data safety section and this policy, the more protective interpretation applies.

13 Changes to this policy

We review this policy at least once a year and whenever we make a material change to how we process personal data. Updated versions are published at this URL with a new effective date. For substantive changes affecting registered customers, we will also notify you by email at least 30 days before the change takes effect.

14 Contact us

If you have a privacy question, a request, or a complaint, please contact:

We will acknowledge your enquiry within 5 working days and provide a substantive response within 30 days. Where your enquiry concerns one of our Android applications, please reference the app name and version so that we can route it to the right team.