Privacy Policy

Last Updated: July 29, 2025

Welcome to Nusoko.co.ke, a multivendor e-commerce platform connecting buyers with sellers worldwide. At Nusoko.co.ke, we are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how Nusoko.co.ke and its affiliates (“we,” “us,” or “our”) collect, use, share, and protect your personal information through our website (www.nusoko.co.ke), mobile applications, and related services (collectively, “Our Services”). By using Our Services, you consent to the practices described in this Privacy Policy.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Kenya’s Data Protection Act, 2019, and other applicable data protection laws. It also meets the requirements for apps listed on Google Play and the Apple App Store, ensuring transparency, user control, and secure data handling.

1. What Personal Information Do We Collect?

We collect personal information to provide, improve, and personalize Our Services. The types of information we collect include:

Information You Provide to Us

• Account Information: When you create an account on Nusoko.co.ke, we collect your name, email address, phone number, billing and shipping addresses, and payment details (e.g., credit card or bank account information processed through third-party payment processors).
• Transaction Information: Details about your purchases, such as items ordered, order dates, and payment methods.
• User-Generated Content: Reviews, ratings, comments, or messages you post on our platform or send to sellers or customer service.
• Marketing Preferences: Your preferences for receiving promotional emails, newsletters, or push notifications.
• Customer Service Interactions: Information you provide when contacting us, including emails, chat logs, or call recordings (with your consent where required).

Information Collected Automatically

• Device and Usage Data: IP addresses, device type, operating system, browser type, app version, pages visited, time spent on Our Services, and clickstream data.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track browsing behavior, personalize experiences, and deliver targeted ads. For details, see our Cookie Policy.
• Location Data: Approximate location based on your IP address or precise location (with your consent) for delivery or personalized recommendations.
• Analytics Data: Aggregated data on how users interact with Our Services, collected via tools like Google Analytics (subject to your consent where required).

Information from Third Parties

• Sellers and Vendors: If you purchase from third-party sellers on Nusoko.co.ke, they may share transaction-related information, such as shipping details, with us.
• Third-Party Services: We may receive information from payment processors, advertising partners, or analytics providers to facilitate Our Services.

Children’s Privacy

We do not sell products for purchase by children. Our Services are intended for adults, and we do not knowingly collect personal information from children under 13 without parental consent. If you are under 18, you may use Our Services only with the involvement of a parent or guardian. For more details, see our Children’s Privacy Disclosure.

2. How Do We Use Your Personal Information?

We use your personal information for the following purposes, based on legal grounds such as performance of a contract, legitimate business interests, your consent, or compliance with legal obligations:

• To Provide Our Services:
  • Process orders, facilitate payments, and arrange shipping.
  • Create and manage your account on Nusoko.co.ke.
  • Communicate with you about orders, returns, or customer service inquiries.
• To Improve Our Services:
  • Analyze usage patterns to enhance website and app functionality and user experience.
  • Personalize content, such as product recommendations or tailored promotions.
• To Market Our Services:
  • Send promotional emails, newsletters, or push notifications (with your consent).
  • Deliver interest-based ads through third-party platforms (e.g., Google Ads).
• To Ensure Security and Compliance:
  • Detect and prevent fraud, abuse, or security threats.
  • Comply with legal obligations, such as tax or accounting requirements under Kenyan law and other applicable regulations.
• To Support Third-Party Transactions:
  • Share necessary information with sellers or vendors to fulfill orders.
  • Enable third-party services, such as payment processors or delivery partners.

3. How Do We Share Your Personal Information?

We share your personal information only as necessary to provide Our Services, comply with legal obligations, or protect our rights. We do not sell your personal information to third parties for their own marketing purposes.

Sharing with Third Parties

• Third-Party Sellers: When you purchase from a seller on Nusoko.co.ke, we share information like your name, shipping address, and order details to fulfill your order.
• Service Providers: We engage trusted third parties to perform functions on our behalf, such as:
  • Payment processors (e.g., PayPal, Stripe) to handle transactions.
  • Delivery companies (e.g., local and international couriers) to ship products.
  • Analytics providers (e.g., Google Analytics) to analyze usage data.
  • Marketing partners to deliver ads or emails (with your consent).
• Business Transfers: If Nusoko.co.ke is merged, acquired, or sold, your information may be transferred to the new entity, with notice to you where required.
• Legal Compliance: We may disclose information to comply with laws, including Kenya’s Data Protection Act, 2019, enforce our policies, or protect the rights, property, or safety of our platform, users, or others. This includes sharing with authorities for fraud prevention or legal claims.

Third-Party Data Collection

Some third-party services (e.g., payment processors or analytics tools) may collect information directly from you when you interact with Our Services. These third parties have their own privacy policies, and we encourage you to review them.

4. How Do We Protect Your Personal Information?

We take your privacy and security seriously and implement robust measures to protect your data:

• Encryption: We use Secure Socket Layer (SSL) and other encryption protocols to protect data during transmission.
• Compliance Standards: We follow the Payment Card Industry Data Security Standard (PCI DSS) for handling payment information.
• Access Controls: Only authorized personnel have access to your personal information, and we regularly audit our systems for security.
• Data Minimization: We collect and retain only the data necessary for the purposes outlined in this Privacy Policy.

In the event of a data breach, we will notify affected users and relevant authorities, such as Kenya’s Office of the Data Protection Commissioner, within 72 hours, as required by GDPR, the Data Protection Act, 2019, and other applicable laws.

5. Your Rights Under GDPR, CCPA, and Kenya’s Data Protection Act

If you are a resident of the European Union (EU), European Economic Area (EEA), United Kingdom (UK), California, Kenya, or other regions with applicable privacy laws, you have the following rights over your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal retention obligations.
• Right to Restrict Processing: Limit how we use your data in certain cases.
• Right to Data Portability: Receive your data in a machine-readable format or have it transferred to another service.
• Right to Object: Object to processing for marketing or other purposes based on legitimate interests.
• Right to Withdraw Consent: Revoke consent for data processing at any time, where consent is the legal basis.
• Right to Non-Discrimination: We will not deny services or charge different prices based on your exercise of these rights.
• Right to Lodge a Complaint: In Kenya, you may lodge a complaint with the Office of the Data Protection Commissioner if you believe your data rights have been violated.

6. How to Request Data Deletion

You can request the deletion of your personal data at any time, subject to legal retention requirements (e.g., for tax or fraud prevention purposes under Kenyan law). Follow these steps to submit a deletion request:

1. Log into Your Account:
   • Visit www.nusoko.co.ke and sign into your account.
   • Navigate to “Your Account” > “Privacy Settings” or “Data Requests.”
2. Submit a Deletion Request:
   • Select “Request Deletion of My Data” and follow the prompts.
   • Alternatively, email our Data Protection Officer at privacy@nusoko.co.ke with the subject line “Data Deletion Request.”
   • For app users, go to the Nusoko app’s “Settings” > “Privacy” > “Request Data Deletion.”
3. Verification:
   • We may ask you to verify your identity to ensure the request is legitimate. This may involve confirming your email address or providing additional details.
4. Processing Time:
   • We will process your request within 30 days (extendable to 60 days for complex requests, with notice).
   • You will receive confirmation via email to your registered email address once your data is deleted, except for data we are legally required to retain (e.g., transaction records for 7 years under Kenyan tax laws).
5. Data Retained After Deletion:
   • We may retain limited data to comply with legal obligations (e.g., order history for tax purposes) or to prevent fraud. This data will not be used for marketing or other non-essential purposes.
6. Third-Party Deletion:
   • If your data was shared with third-party sellers or service providers, we will instruct them to delete it, unless they are required to retain it for legal reasons.

To submit a data deletion request or exercise other rights, email privacy@nusoko.co.ke or visit www.nusoko.co.ke/DataRequests.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law:

• Account Data: Kept as long as your account is active or needed to provide Our Services.
• Transaction Data: Retained for 7 years to comply with Kenyan tax and accounting laws or longer if required by other applicable regulations.
• Marketing Data: Kept until you withdraw consent or opt out of marketing communications.
• Cookies and Analytics Data: Retained for up to 24 months, unless you opt out or delete cookies.

When data is no longer needed, we securely delete or anonymize it. For example, deleted account data is removed from our systems within 180 days, unless legal obligations apply.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized ads. You can manage cookie preferences through our Cookie Consent Tool or your browser settings. For details, see our Cookie Policy.

Google Play and Apple App Store require us to disclose our use of cookies and obtain your consent before collecting non-essential data. Our apps comply with Google Consent Mode v2 (effective March 2024) for users in the EEA and UK, ensuring that analytics and ad tracking respect your consent choices.

9. International Data Transfers

If you are in the EU, EEA, UK, or Kenya, your data may be transferred to countries outside these regions (e.g., the United States) for processing. We ensure these transfers comply with GDPR and Kenya’s Data Protection Act through:

• EU-US Data Privacy Framework: We participate in this framework to protect data transferred to the US.
• Standard Contractual Clauses (SCCs): Used for transfers to third countries without adequacy decisions.
• Safeguards: Encryption and strict access controls to protect your data.

10. App-Specific Information (Google Play and Apple App Store)

Our mobile apps, available on Google Play and the Apple App Store, adhere to their privacy requirements:

• Google Play:
  • We comply with Google’s Developer Program Policies, including transparent data collection disclosures and user consent for tracking (e.g., via Google Consent Mode v2).
  • App users can manage data permissions through the app’s “Settings” menu or Android’s system settings.
• Apple App Store:
  • We provide a Privacy Nutrition Label detailing data collection practices, as required by Apple.
  • In-app tracking (e.g., for ads) requires your explicit consent via Apple’s App Tracking Transparency (ATT) framework.
  • You can disable personalized ads or limit tracking in the app’s “Privacy” settings.

For both platforms, we ensure that:

• Data collection is limited to what is necessary for app functionality.
• You can request data deletion directly through the app (see Section 6).
• We do not collect sensitive data (e.g., health or biometric data) without explicit consent.

11. Children’s Privacy Disclosure

We do not knowingly collect personal information from children under 13 without verifiable parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA) and Kenya’s Data Protection Act, 2019. If we learn that a child’s data was collected without consent, we will delete it promptly. Parents or guardians can contact our Data Protection Officer at privacy@nusoko.co.ke to review or delete their child’s data.

12. Third-Party Services

Nusoko.co.ke integrates with third-party services, such as payment processors (e.g., PayPal, Stripe), shipping providers, and analytics tools (e.g., Google Analytics). These services may collect and process your data under their own privacy policies. We ensure that third-party providers comply with GDPR, Kenya’s Data Protection Act, and other applicable laws through contractual agreements.

13. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, please contact:

Data Protection Officer
Nusoko.co.ke
Email: privacy@nusoko.co.ke
Phone: [1-800-XXX-XXXX]
Address: [Your Business Address]

For EU/EEA residents, our EU representative is:
[EU Representative Name]
[EU Representative Address]
Email: privacy@nusoko.co.ke

For Kenyan residents, complaints can be lodged with:
Office of the Data Protection Commissioner
[ODPC Contact Details]

14. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on www.nusoko.co.ke or our app and, where required, by email to your registered email address. The “Last Updated” date at the top indicates the latest version.

15. Additional Disclosures

California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal data we collect and how it’s used or shared.
• Opt out of the sale of your personal information (we do not sell your data).
• Request deletion of your data, subject to exceptions.
• Not be discriminated against for exercising your rights.

Submit CCPA requests at www.nusoko.co.ke/DataRequests or email privacy@nusoko.co.ke.

EU/EEA and UK Residents (GDPR)

We act as a data controller for personal data collected through Our Services. Our legal bases for processing include:

• Contract: To fulfill orders and provide Our Services.
• Consent: For marketing or non-essential cookies.
• Legitimate Interests: For fraud prevention or improving Our Services.
• Legal Obligation: For tax or accounting purposes.

Kenyan Residents (Data Protection Act, 2019)

We comply with Kenya’s Data Protection Act, 2019, ensuring lawful, fair, and transparent processing of personal data. You may contact the Data Protection Officer at privacy@nusoko.co.ke to exercise your rights or report concerns to the Office of the Data Protection Commissioner.