What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, identity number, social security number or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
To personalize user's experience and to allow us to deliver the type of content and product offerings in which you are most interested.
To improve our website in order to better serve you.
To allow us to better service you in responding to your customer service requests.
To administer a contest, promotion, survey or other site feature.
Identify persons who may be violating the law, the YOUR COMPANY SITE/NETWORK legal notice and Web site User Agreement, the rights of third parties, or otherwise misusing the YOUR COMPANY SITE/NETWORK or its related properties;
To send periodic emails regarding your order or other products and services.
How do we protect visitor information?
We do not use vulnerability scanning and/or scanning to PCI standards.
We do not use Malware Scanning.
We do not use an SSL certificate.
Do we use 'cookies'?
- Understand and save user's preferences for future visits.
- Keep track of advertisements.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies.
If users disable cookies in their browser:
If you disable cookies off, some features will be disabled. It will turn off some of the features that make your site experience more efficient and some of our services will not function properly.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We do not include or offer third-party products or services on our website.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We use Google AdSense Advertising on our website.
We have implemented the following:
Remarketing with Google AdSense
Google Display Network Impression Reporting
Demographics and Interests Reporting
DoubleClick Platform Integration
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.
The Data Protection Act, 2019
The Data Protection Act of 2019 which was assented to by the President of the Republic of Kenya on 08 November 2019 (the "Act"). The Act brings into play comprehensive laws that protect the personal information of individuals. It establishes the Office of the Data Protection Commissioner, makes provision for the regulation of the processing of personal data, provides for the rights of data subjects and obligations of data controllers and processors.
Why Data Privacy?
With data crossing borders following the increased internet penetration and increased use of social media and other digital information platforms, it is becoming more important to ensure that personal data is protected, processed and used for the correct purpose.
Highlights of the Act
Establishment of the Office of the Data Protection Commissioner
The Act establishes the office of the Data Protection Commissioner (the "Commissioner"). The Commissioner's office is mandated with overseeing the implementation of the Act together with establishing and maintaining a register of data controllers and data processors; receiving and investigating any complaints on infringements of the rights under the Act; carrying out inspections of public and private entities with a view to evaluating the processing of personal data; imposing administrative fines for failures to comply with the Act, amongst other functions.
Registration of Data Controllers and Data Processors
All data controllers and data processors are required to be registered with the Commissioner. The Commissioner is required to prescribe thresholds for mandatory registration and is to consider the nature of industry; the volumes of data processed; whether sensitive personal data is being processed amongst other matters. Until such thresholds are prescribed, mandatory registration does not come into play.
Every data controller or processor is required to ensure that all personal data is processed lawfully, fairly and in a transparent manner in relation to any data subject. The Act applies to data controllers and processors established or resident in or outside Kenya in so far as they process personal data while in Kenya or of data subjects located in Kenya.
The data subjects have the right to be informed of the use to which their personal data is to be put; to access their personal data; to object to the processing of all or part of their personal data; to correction of false or misleading data; and to deletion of false or misleading data about them.
Care should be taken in the manner in which data is collected, used and processed. The primary overarching principle being that personal data should only be collected directly from the data subject and used (be it for processing, commercial use or otherwise) with the express consent of the subject. There are certain exclusions on the collection of personal data such as data already contained in public records, collection from a different source authorised by the subject and so on.
Storage of Data
There are no prescribed durations for the retention of personal data. Data controllers and processors are required to apply a reasonableness test in assessing retention durations.
Data that reveals race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of children, parents, spouse or spouses, sex or the sexual orientation are deemed sensitive data. Specific provisions apply to the collection, storage and processing of such data. For example, personal data relating to the health of a data subject may only be processed by or under the responsibility of a health care provider.
Transfer of Personal Data Outside Kenya
Data controllers and processors will be permitted to transfer personal data to another country only where the data controller or data processor has given proof to the Commissioner on the appropriate safeguards with respect to the security and protection of the personal data. It is not clear what process needs to be followed in this regard. Further, the Cabinet Secretary may prescribe, based on grounds of strategic interests of the state or protection of revenue, certain nature of processing that can only be effected through a server or a data centre located in Kenya. There is no indication as to when or whether such a restriction will be implemented.
General exemptions from the provisions of the Act apply in cases where publication of data would be in the public interest, for journalism, literature and art, research, history and statistics (all under specific circumstances).
The Act gives the Commissioner wide powers on investigation of data breaches including powers of entry and search and issuing administrative fines. Where personal data has been accessed or acquired by an unauthorised person, and there is a real risk of harm to the data subject whose personal data has been subjected to the unauthorised access, a data controller is required to notify the Commissioner without delay, within seventy-two hours of becoming aware of such breach.
Offences under the Act attract a fine of up to KES5-million and/or a term of imprisonment of up to ten years.
California Online Privacy Protection Act
According to CalOPPA:
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
Last Edited on 2020-03-09