(This Site is not intended for children and we do not knowingly collect data relating to children).
Collecting Personal Information
- Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor WordPress.
- Examples of Personal Information collected: name, country of origin/citizenship (and copies of supporting evidence), proof of COVID vaccination status (as required by law from time to time), billing address, shipping address, payment information (including credit card numbers), email address, allergies, personal preferences and medical information and a telephone number.
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our bookings for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor WordPress.
Customer support information
- Purpose of collection: to provide customer support.
- Source of collection: collected from you.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Specific information required for purposes of your health and safety include your Vaccination Status (provided there is a Kenyan legal requirement to request this) and any allergies or medical information we ought to be aware of.
Sharing Personal Information
We share your Personal Information with certain service providers to help us provide our services and fulfill our contracts with you, as described above.
We require all service providers to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive from time to time.
We may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
We will not assign any third party to process your personal information or share your personal information with any third party for targeting advertisement or other commercial purposes without your prior consent.
You can opt out of targeted advertising by:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
We may also use your information where we have a legitimate interest. Where we rely on legitimate interest for processing your information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing.
We only retain your information for as long as is necessary for us to use your information as described above, where it is in our legitimate interest, or to comply with our legal obligations. However, please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- our legitimate interest where we have carried out a balancing test;
- statute of limitations under applicable law(s);
- potential disputes;
- if you have made a request to have your information deleted; and
- guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once this is no longer needed.
You have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
By law, you have a number of rights when it comes to your personal information. Please contact us using the contact details below to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulator in your country.
a) The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
b) The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
c) The right of access
d) The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
e) The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
f) The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
g) The right to data portability
You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
h) The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.
i) The right to withdraw consent
If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
• baseless or excessive/repeated requests, or
• further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We shall respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we shall provide an update.
Transfer of Data outside Kenya
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below. The transfer of data will be carried out in accordance with the provisions of the Data Protection Act and the applicable Regulations.
Security of Your Information
We follow generally accepted industry standards to promote safety and security on our services and take reasonable steps to secure the personal information you provide to us.
Reporting And Analytics
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
You may withdraw your consent to our access or permissions by writing to us at Ishara.ke/contact
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by using the details provided below:
Last updated: [03/09/2022]
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: https://www.odpc.go.ke/