PhoneCart Kenya (“we”, “us”, “our”) operates the e-commerce website https://phonecart.co.ke/ and related services (collectively, the “Services”). We are committed to protecting your privacy and handling your personal data responsibly in accordance with the Data Protection Act, 2019 (the “Act”), the Constitution of Kenya, and other applicable laws.
This Privacy Policy explains how we collect, use, disclose, store, protect, and otherwise process your personal data when you visit our website, create an account, place an order, contact us, or use any of our Services.
By using our Services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our website or Services.
1. Who We Are (Data Controller)
PhoneCart Kenya Physical address: Mithoo Business Centre, 1st Floor, Moi Avenue, Nairobi, Kenya Email: phonecartkenya@gmail.com Phone: +254 799 050104 Website: https://phonecart.co.ke/
We act as the data controller for the personal data we collect through our Services, unless otherwise stated.
2. Personal Data We Collect
We may collect the following categories of personal data:
- Identity and contact information: full name, billing/shipping address, email address, phone number, date of birth (optional), national ID number (where required for age-restricted products or delivery verification).
- Account and profile data: username, password, order history, wishlist, saved payment methods (tokenized), preferences.
- Transaction and payment data: order details, items purchased, payment method (we do not store full card numbers; we use secure third-party payment gateways), transaction IDs, invoices.
- Communication data: messages, emails, chat transcripts, customer support tickets, feedback, reviews.
- Device and technical data: IP address, browser type/version, operating system, device identifiers, pages visited, time/date of visit, referring/exit pages, clickstream behavior.
- Location data: approximate location derived from IP address or delivery address (we do not collect precise geolocation without consent).
- Marketing and preference data: subscription status for newsletters/SMS, marketing preferences.
We do not knowingly collect sensitive personal data (e.g., health, biometric, ethnic origin) unless you voluntarily provide it (e.g., in a support ticket) or it is strictly necessary and lawful.
3. How We Collect Your Personal Data
We collect personal data:
- Directly from you (when you register, place orders, fill forms, contact support, post reviews, subscribe to newsletters).
- Automatically via cookies, pixels, server logs, analytics tools (Google Analytics, etc.), and similar technologies.
- From third parties (payment processors, delivery partners, fraud prevention services) when you transact or ship products.
- From public sources (where lawful and relevant).
4. How We Use Your Personal Data (Purposes & Lawful Basis)
We process your personal data for the following purposes and on the following lawful bases under the Data Protection Act, 2019:
| Purpose | Lawful Basis | Examples |
|---|---|---|
| Process and fulfil orders | Contract performance | Shipping, payment processing, delivery updates |
| Provide customer support | Contract performance / Legitimate interests | Responding to inquiries, returns, complaints |
| Manage your account & authentication | Contract performance | Login, order history, password reset |
| Prevent fraud & secure our Services | Legitimate interests / Legal obligation | Fraud detection, chargeback handling |
| Send transactional communications | Contract performance | Order confirmations, shipping notifications |
| Marketing (email/SMS promotions) | Consent (you can withdraw anytime) | Newsletters, product offers, abandoned cart |
| Improve our website & Services | Legitimate interests | Analytics, bug fixes, A/B testing |
| Comply with legal obligations | Legal obligation | Tax records, audits, responding to authorities |
| Enforce terms & protect rights | Legitimate interests | Dispute resolution, legal claims |
5. Sharing Your Personal Data
We may share your personal data with:
- Service providers (processors): payment gateways (e.g., Pesapal, M-Pesa integrations), logistics/delivery companies (e.g., G4S, Sendy, Wells Fargo), cloud hosting providers, email service providers, analytics providers — all under strict data processing agreements.
- Business partners (with consent where required): for joint promotions or affiliate programs.
- Legal authorities: courts, police, ODPC, or regulators when required by law.
- In a business transfer: to a buyer or successor in case of merger, acquisition, or sale of assets.
We do not sell your personal data to third parties for their independent marketing purposes.
6. International Data Transfers
Some of our service providers (e.g., cloud providers, analytics tools) may be located outside Kenya. Where personal data is transferred outside Kenya, we ensure appropriate safeguards are in place (e.g., adequacy decisions, standard contractual clauses, binding corporate rules, or your explicit consent) as required by Section 48–50 of the Data Protection Act.
7. Data Retention
We retain personal data only for as long as necessary for the purposes outlined above or as required by law:
- Account & order data: 7 years after last transaction (for tax & accounting purposes).
- Marketing data: until you unsubscribe/withdraw consent.
- Logs/technical data: typically 12–24 months.
After retention periods, data is securely deleted or anonymized.
8. Your Data Protection Rights
Under the Data Protection Act, 2019 you have the right to:
- Access your personal data
- Rectify inaccurate/incomplete data
- Erase data (right to be forgotten — subject to legal exceptions)
- Restrict processing
- Data portability
- Object to processing (including direct marketing)
- Withdraw consent (where processing is based on consent)
- Not be subject to automated decisions with legal effects (if applicable)
To exercise any of these rights, contact us at phonecartkenya@gmail.com. We will respond within the statutory timelines (usually 14 days for access requests). We may request identity verification.
You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe your rights have been violated.
9. Cookies & Similar Technologies
We use cookies and similar tracking technologies to enhance user experience, analyze traffic, and serve personalized content/ads. For details, see our separate Cookie Policy (link on website footer).
You can manage cookie preferences via your browser settings or our cookie banner.
10. Data Security
We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration, including:
- Encryption (SSL/TLS) for data in transit
- Secure payment processing
- Access controls
- Regular security assessments
However, no method of transmission over the internet or electronic storage is 100% secure.
11. Children’s Privacy
Our Services are not directed to children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date. Significant changes will be communicated via email or a prominent notice on our website.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, contact:
PhoneCart Kenya Email: phonecartkenya@gmail.com Phone: +254 799 050104 Address: Mithoo Business Centre, 1st Floor, Moi Avenue, Nairobi, Kenya
Thank you for trusting us with your personal data.