1. Introduction
At Ogen-ebites ("we," "our," "us"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile application, or make purchases through our platform.
Important: Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read and understood this policy. If you do not agree with our policies and practices, please do not use our Services.
This policy complies with the Kenya Data Protection Act, 2019, and other applicable data protection laws. We are registered with the Office of the Data Protection Commissioner (ODPC) under registration number [DP-REG-NO].
2. Information We Collect
2.1 Personal Information You Provide
We collect information that you voluntarily provide to us when you:
- Create an account or register for our Services
- Make a purchase or place an order
- Subscribe to our newsletter or marketing communications
- Complete a survey or provide feedback
- Contact customer support
- Participate in promotions, contests, or sweepstakes
- Write product reviews or testimonials
The personal information we collect may include:
| Information Type | Examples | Purpose |
|---|---|---|
| Identity Information | Full name, username, date of birth, gender | Account creation, personalization |
| Contact Information | Email address, phone number, shipping/billing addresses | Order fulfillment, communication |
| Payment Information | Credit card details, M-Pesa number, bank account | Payment processing (handled by secure payment gateways) |
| Account Credentials | Password, security questions | Account security and authentication |
| Profile Information | Profile picture, preferences, wishlist items | Personalization, recommendations |
2.2 Information Automatically Collected
When you access our Services, we automatically collect certain information about your device and usage:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, time spent, click patterns, search queries, referring website
- Location Information: General location based on IP address (city/country level)
- Cookies and Tracking Technologies: See Section 7 for details
2.3 Information from Third Parties
We may receive information about you from third-party sources, including:
- Payment processors (transaction confirmations)
- Shipping carriers (delivery status updates)
- Social media platforms (if you connect your account)
- Marketing partners and analytics providers
- Credit reference agencies (for fraud prevention)
3. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Account Management | Contract performance | Identity, contact, credentials |
| Order Processing & Fulfillment | Contract performance | Identity, contact, payment, shipping |
| Customer Support | Legitimate interest | Identity, contact, order history |
| Marketing Communications | Consent | Contact, preferences |
| Personalization | Legitimate interest | Usage, preferences, history |
| Fraud Prevention | Legal obligation | Identity, device, transaction |
| Analytics & Improvement | Legitimate interest | Usage, device, aggregated data |
| Legal Compliance | Legal obligation | As required by law |
4. Sharing Your Information
We may share your personal information with the following categories of recipients:
4.1 Service Providers
We engage trusted third-party service providers to perform functions on our behalf:
- Payment Processors: Safaricom (M-Pesa), Stripe, PayPal, banks
- Shipping Carriers: G4S, Wells Fargo, Courier companies
- Cloud Hosting: AWS, Google Cloud
- Analytics: Google Analytics, Facebook Pixel
- Customer Support: Zendesk, Intercom
- Marketing: Mailchimp, SendGrid
4.2 Business Partners
We may share information with:
- Sellers/Vendors: To fulfill orders placed through our platform
- Marketing Partners: For co-branded promotions (with your consent)
- Payment Partners: For transaction processing and fraud prevention
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, law enforcement).
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership.
Note: We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: SSL/TLS encryption for all data transmission
- Access Controls: Strict authentication and authorization protocols
- Regular Security Audits: Penetration testing and vulnerability assessments
- PCI Compliance: Payment card industry standards compliance
- Staff Training: Regular privacy and security awareness training
- Data Minimization: Collecting only necessary information
- Secure Storage: Encrypted databases with restricted access
Despite our efforts, no security measure is 100% secure. We cannot guarantee absolute security of your information. In the event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by law.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | 5 years after account closure | Legal compliance, audit purposes |
| Order History | 7 years | Tax and accounting requirements |
| Payment Records | 7 years | Financial audit trail |
| Customer Support Inquiries | 3 years | Service improvement, dispute resolution |
| Marketing Data | Until consent withdrawn | As long as you subscribe |
| Website Usage Logs | 12 months | Security, analytics |
After the retention period, your data will be securely deleted or anonymized for statistical purposes.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and personalize content.
7.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for site functionality (shopping cart, login) | Session / Persistent |
| Analytics Cookies | Track usage patterns, improve performance | Up to 2 years |
| Functional Cookies | Remember preferences, language settings | Up to 1 year |
| Advertising Cookies | Deliver relevant ads, track campaign performance | Up to 90 days |
| Social Media Cookies | Enable social sharing, integration | Varies |
7.2 Managing Cookies
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Options → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Cookies and website data
- Edge: Settings → Cookies and site permissions
Disabling cookies may affect certain features of our Services.
8. Your Privacy Rights
Under the Kenya Data Protection Act, 2019 and other applicable laws, you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Request a copy of your personal data | Account dashboard or written request |
| Right to Rectification | Correct inaccurate or incomplete data | Account settings or contact support |
| Right to Erasure | Request deletion of your data (subject to legal exceptions) | Submit deletion request |
| Right to Restriction | Limit processing of your data | Contact our Data Protection Officer |
| Right to Data Portability | Receive your data in a structured, machine-readable format | Request data export |
| Right to Object | Object to processing based on legitimate interests | Opt-out mechanisms, contact support |
| Rights Related to Automated Decision-Making | Not be subject to decisions based solely on automated processing | Request human intervention |
To exercise your rights, please contact our Data Protection Officer using the contact information in Section 13. We will respond to your request within 30 days.
Right to Lodge a Complaint: If you believe we have violated your privacy rights, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC):
ODPC Contact:
Website: www.odpc.go.ke
Email: complaints@odpc.go.ke
Phone: +254 703 042 000
9. Children's Privacy
Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.
For users between 13 and 18 years of age, parental consent is required for account creation and purchases. We may request verification of parental consent.
10. International Data Transfers
Your information may be transferred to and processed in countries outside Kenya where our service providers operate. We ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by the European Commission
- Binding corporate rules
- Adequacy decisions by relevant authorities
- Data processing agreements compliant with Kenya data protection laws
By using our Services, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.
11. Third-Party Links
Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes by:
- Posting the updated policy on our website with a revised "Last Updated" date
- Sending an email notification to registered users (for significant changes)
- Displaying a notice on our website or application
We encourage you to review this policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the revised policy.
13. Contact Information
Data Controller
Ogen-ebites Ltd is the data controller responsible for your personal information.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee our data protection practices:
- DPO Name: [DPO Name]
- Email: dpo@Ogen-ebites.com
- Phone: +254 700 123 457
- Address: Data Protection Office, Ogen-ebites Ltd, 123 Commerce Street, Nairobi, Kenya
Customer Support
For general privacy inquiries or to exercise your rights:
- Email: privacy@Ogen-ebites.com
- Phone: +254 700 123 456
- Hours: Monday-Friday, 8:00 AM - 5:00 PM EAT
By using Ogen-ebites services, you consent to the collection and use of your personal information as described in this Privacy Policy.