Privacy Policy

This Privacy Policy describes how Ishara Experience Limited (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE SITE.

(This Site is not intended for children and we do not knowingly collect data relating to children).

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
Disclosure for a business purpose: shared with our processor WordPress.

Order information

Examples of Personal Information collected: name, country of origin/citizenship (and copies of supporting evidence), proof of COVID vaccination status (as required by law from time to time), billing address, shipping address, payment information (including credit card numbers), email address, allergies, personal preferences and medical information and a telephone number.
Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our bookings for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor WordPress.

Customer support information

Purpose of collection: to provide customer support.
Source of collection: collected from you.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Specific information required for purposes of your health and safety include your Vaccination Status (provided there is a Kenyan legal requirement to request this) and any allergies or medical information we ought to be aware of.

Sharing Personal Information

We share your Personal Information with certain service providers to help us provide our services and fulfill our contracts with you, as described above.

We require all service providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive from time to time.

Behavioural Advertising

We may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

We will not assign any third party to process your personal information or share your personal information with any third party for targeting advertisement or other commercial purposes without your prior consent.

You can opt out of targeted advertising by:

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

We may also use your information where we have a legitimate interest. Where we rely on legitimate interest for processing your information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing.

Retention

We only retain your information for as long as is necessary for us to use your information as described above, where it is in our legitimate interest, or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

When determining the relevant retention periods, we will take into account factors including:

our contractual obligations and rights in relation to the information involved;
legal obligation(s) under applicable law to retain data for a certain period of time;
our legitimate interest where we have carried out a balancing test;
statute of limitations under applicable law(s);
potential disputes;
if you have made a request to have your information deleted; and
guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

Automatic decision-making

You have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

Your Rights

By law, you have a number of rights when it comes to your personal information. Please contact us using the contact details below to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulator in your country.

a) The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).

b) The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.

c) The right of access
You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection laws.

d) The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.

e) The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

f) The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

g) The right to data portability
You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

h) The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.

i) The right to withdraw consent
If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

• baseless or excessive/repeated requests, or
• further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We shall respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we shall provide an update.

Transfer of Data outside Kenya

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below. The transfer of data will be carried out in accordance with the provisions of the Data Protection Act and the applicable Regulations.

Re-organisation

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity, as permitted by law. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur, and that the transferee may decline to honor commitments we made in this Privacy Policy.

Third-Party Websites

The site may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.

Security of Your Information

We follow generally accepted industry standards to promote safety and security on our services and take reasonable steps to secure the personal information you provide to us.

Cookies

Reporting And Analytics

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted.

Consent

By using the Site, you consent to our Privacy Policy.

You may withdraw your consent to our access or permissions by writing to us at Ishara.ke/contact

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by using the details provided below:

Ishara.ke/contact

Last updated: [03/09/2022]

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: https://www.odpc.go.ke/