PDPL guide for Egyptian e-commerce stores and marketplaces. Cookie consent, marketing licences, abandoned-cart emails, third-party pixels, and seller data.
If the analytics tool sets a persistent identifier or shares data with a third party (Google Analytics, Hotjar, Clarity), yes. Server-side first-party stats can usually run without consent.
Yes for transactional. For marketing, the safest legal basis is consent collected at checkout with an easy opt-out and a clear description of what you'll send.
Same rules as email — explicit consent, clear purpose, easy opt-out. Egypt's electronic marketing rules also apply, so check that you have the right NTRA-side approvals if you're sending at volume.
Keep what you legitimately need. Tax law often requires up to 5 years of invoice data; that's fine if documented. Marketing-only data should be purged faster (e.g., 24 months of inactivity).
Often yes — at least jointly. Sign a written agreement with sellers defining roles, prohibit unauthorised use, and provide buyers a single channel to exercise their rights against the marketplace.