At Stahili Commerce Limited (Stahili or We or Us), we're all about keeping your information safe. By accessing or using our services, you consent to the practices described in this policy. We are committed to protecting your personal data in compliance with Data Protection Act (2019) and global best practices, including the General Data Protection Regulation (GDPR). This privacy policy (the Privacy Policy) outlines how Stahili collects, uses, stores and safeguards your personal information when you interact with us on the App, any affiliated digital platforms, websites, software interfaces, or electronic mediums (the Mediums) including any in-person engagements and tells you about your privacy rights and how the law protects you.
This Privacy Policy applies to all information Stahili processes regardless of the Medium on which that data is stored or whether it relates to past or present employees, workers, customers, clients or suppliers contacts, shareholders, website users, or any other person or entity.
This Privacy Policy should be read and applied together with (INSERT LNK TO STAHILI TERMS OF USE AND THE ACCEPTABLE USE POLICY) and you also have the right to withdraw your consent at any time, subject to applicable laws and the terms outlined in this policy.
We keep it straightforward. Here's the information we may collect directly from you:
i) Basic Information: Your name, email, age, date of birth, gender, phone number and CCTV images when you visit our offices. All this information is available only when you share them with us.
ii) Survey Insights: Your answers to our micro-surveys help us understand your needs and preferences.
iii) App Usage: Device information and interaction data to ensure smooth app performance
iv) Social Media Login: If you sign in using social media, we’ll only use the necessary details to set up your profile.
v) Camera Usage: We may access your device’s camera to let you personalize your profile by capturing or uploading a profile picture. Rest assured, your photos are only used for this purpose and are never stored or shared beyond what is needed to display your profile.
Where information is not collected directly from you then:
i) it is contained in a public record;
ii) You have deliberately made the data public;
iii) You have consented to the collection from another source;
iv) You have an incapacity and the guardian appointed has consented to the collection from another source;
v) the collection from another source would not prejudice your interests.
Where the information is received from another source then Stahili will process the information if: -
i) It is in aid of law enforcement purposes including crime prevention, detection, investigation, prosecution, and criminal sanctions;
ii) It is for enforcement of legal provisions involving financial penalties or statutory fines;
iii) It is to safeguard your rights and welfare or other affected individuals;
iv) It is for national security and public safety requirements;
v) It is for compliance with court orders or judicial proceedings;
vi) It is for emergency response and disaster management situations.
We don’t believe in asking for your personal information unless there is a really good reason, and one that you’ll end up benefitting from.
We use your information to enhance your Stahili experience, connect you with great opportunities, and ensure you receive your well-earned rewards.
We may use your information for the following purposes to:
i) Improve Stahili: Your feedback helps us enhance our services.
ii) Deliver Value: We work with partners to provide the products and services you care about.
iii) Communicate: Updates, exclusive deals, and rewards are sent directly to you.
iv) Process Payments: Your completed activities earn you rewards, and we process your information to ensure accurate payments.
v) Comply with Legal Requirements: We handle your data as needed to meet legal and regulatory obligations
vi) Customize Your Profile: We use the camera feature to allow you to personalize your profile by capturing or uploading your profile picture.
We shall only use your information where: -
i) You have given clear, informed, and voluntary consent for one or more specified purposes;
ii) where processing is necessary for the performance of a contractual or regulatory obligation;
iii) where processing is necessary to protect your life, health, or safety or another individual;
iv) where processing is carried out for a task in the public interest or under official authority;
v) where processing is necessary for Stahili or a third party’s legitimate interests, provided such interests do not override your rights and freedoms of the data subject;
vi) where processing is for historical, statistical, journalistic, artistic, literary, or scientific research, subject to safeguards.
We shall only collect and process your information for explicit and legitimate purposes;
Where We intend to process your information beyond the original scope, We shall require your consent unless otherwise permitted in law;
we shall only process your information where proper authorization and a justified need;
We shall only retain your information only as long as required for its intended purpose. Once obsolete, the information shall be anonymized, securely deleted, or destroyed without undue delay;
the information we keep shall be accurate and up-to-date. Inaccurate or outdated information must be corrected or erased promptly upon notification.
We shall on own motion or through your request restrict the processing of personal information where: -
i) the accuracy of the information is contested by you for a period allowing Stahili ample time to verify the accuracy of the data;
ii) your information is no longer required for the purpose of the processing except where the information is to be used in aid of exercise or defence of a legal claim;
iii) our processing is unlawful, and you are opposed to the erasure and you request the restriction of its use instead;
iv) you have objected to the processing, pending verification as to whether the legitimate interests of Stahili override your interest.
Where the processing of your information is restricted: -
i) the information shall, unless being stored, only be processed with your express consent or for the establishment, exercise or defence of a legal claim, the protection of the rights of another person or for reasons of public interest;
ii) we stall inform you before withdrawing the restriction on processing your information.
we shall implement mechanisms to ensure that time limits are established for the rectification, erasure or restriction of processing of personal information or for a periodic review of the need for the storage of the information is observed.
We shall only retain your information for as long as reasonably necessary to fulfil the purposes we collected it for, unless our retention is:
i) required or authorized by law or reasonably necessary for a lawful purpose, for instance for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements;
ii) you have authorized or consented to the retention for any reason, including for the purposes of carrying out any obligation to accruing on you;
iii) for historical, statistical, journalistic literature and art or research purposes.
We may retain your information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we shall consider:
i) the amount, nature, and sensitivity of the information;
ii) the potential risk of harm from unauthorized use or disclosure of your information;
iii) the purposes for which we process your information and whether we can achieve those purposes through other means;
iv) the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.
We shall delete, erase, anonymize or pseudonymize your information that is not necessary to be retained at the expiry of the retention period.
Your rights and exercise of your rights on the information provided is taken into consideration and we shall ensure that: -
i) you are informed the purpose and use of your information including being allowed access;
ii) you are allowed to object to the collection of their Personal Data;
iii) all erroneous information is corrected to the best of its ability and all false or misleading data is deleted;
iv) where you that you are a minor, by a person who has parental authority or by a guardian;
v) where you have a mental or other disability, by a person duly authorised to act as their guardian or administrator;
vi) in any other case, by a person duly authorised by you.
To exercise any of your rights, including accessing, correcting, or deleting your information, you can take the following steps to contact us:
i) Submit a Request: Email us at hello@stahili.com. or use the "Contact Us" feature in the app. Please include your full name and contact information and a clear description of the request (e.g., access, rectification, or deletion).
ii) Verification: For security reasons, we may need to verify your identity before processing your request. This could include confirming your email address or providing additional identification
iii) Processing Time: Once your request is verified, we will process it within [24 hours], unless exceptional circumstances apply.
iv) Confirmation: After completing your request, we will notify you via email or other provided contact methods.
You may also Contact us at dataprotection@stahili.com, and we’ll respond within 24 hours.
If you have any concerns about how we handle your data, you also have the right to file a complaint with the Office of the Data Protection Commissioner.
Stahili engages third party processors to handle your information, we therefore retain all responsibility for the security and proper usage of your information, in such cases, We will: -
i) appoint processors with adequate safeguards;
ii) verify their security measures;
iii) establish written contracts specifying processing purposes and data scope.
We ensure that all third party processers and external contractors comply with data protection laws and acknowledge that unauthorized disclosure or violations may cause irreparable harm, subject to contractual penalties and legal consequences under any data protection regulations.
We use cookies (tiny files on your device) to make your Stahili experience smoother and more personalized. They help us remember who you are and what you like.
These are sent to your browser from our mediums that you visit and are stored on your phone/computer. Subject to your consent, we shall use cookies for the following purposes:
i) to identify your preferred language so that it can be automatically selected when you return to our Channels;
ii) to ensure that the bets you place are associated with your bet slip and account
iii) to ensure that you receive any bonuses that you are eligible for;
iv) to analyse our medium’s traffic in order to make suitable improvements.
You have the option to either accept or refuse these cookies, as you shall be informed of when you access the Mediums through your phone/computer. Please note that if you choose to refuse our cookies, you may not be able to access some of the features on the respective Mediums. Click here (INSERT COOKIES POLICY LINK) to learn more.
Any disclosure of your information shall be done in accordance of the applicable laws and regulations.
We may disclose your information to: -
i) law-enforcement agencies, regulatory authorities, courts, or other statutory authorities in response to a demand issued with the appropriate lawful mandate and where the form and scope of the demand is compliant with the law;
ii) Our tech experts who assist with data storage and analysis. But they only access your information when necessary, and are bound by strict confidentiality;
iii) our subsidiaries, associates, partners, merchants, or agents who are involved in delivering our products and services. In this case the information shared shall be basic and anonymous in nature;
iv) third parties to whom we may choose to sell, transfer or merge parts of our business or our assets or to whom we may seek to acquire our businesses or merge with;
v) fraud prevention and anti-money laundering agencies;
vi) publicly available and/or restricted government databases to verify your identity information in order to comply with regulatory requirements;
vii) any other person that we are lawfully permitted to share the data with.
We will only use your Information for marketing and advertising purposes with your explicit consent, unless permitted by applicable law. If legally authorized to use your data for such purposes without consent, we will inform you at the time of collection;
Whenever possible, we will anonymize your information for marketing purposes to ensure you cannot be identified;
We will not share your information with third parties for direct marketing without your express permission;
You may opt out of any marketing communication by writing to Us at hello@stahili.com (ii) using the unsubscribe instructions in any email/SMS communications sent to you or at the device level through settings.
We will establish and implement comprehensive policies and procedures to ensure full compliance with all applicable data protection laws and regulations;
We have in place a Data Protection Officer (the DPO) who is responsible for ensuring compliance with the Data Protection Act and who is accessible via the email dataprotection@stahili.com;
It is our requirement that Our staff who handle your information must adhere to the provisions of this Privacy Policy;
When we engage third-party processors to handle your information, we will ensure they have in place organizational compliance with all applicable data protection laws and regulations.
Stahili has in place robust data protection measures in accordance with our internal policies and procedures. All access and use of information by staff and authorized personnel shall strictly adhere to these established protocols to ensure the security and confidentiality of the information. These measures are designed to safeguard the information in compliance with applicable laws and best practices. However, while we do our best, no online system is 100% secure, and absolute protection cannot be guaranteed.
To maintain the highest standards of data protection, Stahili shall continuously review and enhance its security frameworks. The Data Protection Office is designated person who shall oversee the governance, implementation, and compliance of these measures, ensuring ethical standards are upheld in the collection, storage, and use of data. This ongoing oversight guarantees that your information safety remains a priority in line with evolving regulations and industry practices.
Personal Data means any information relating to an identified or identifiable natural person and Sensitive Data means data revealing the natural person's race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person's children, parents, spouse or spouses, sex or the sexual orientation of the data subject.
We don’t collect your Personal Data and Sensitive Data without any reason. If we ask for any information in respect of both, it’s for a reason that ultimately benefits you.
The Personal Data and Sensitive Data we collect will uniquely identify you, either on its own (e.g. your ID number) or in combination with other details (e.g. name and date of birth) and could also be used for discrimination.
To keep our promise, we only collect the absolute minimum Personal Data and Sensitive Data.
Our policy is to avoid collecting Sensitive Data unless strictly necessary for legitimate business or legal purposes and We want to assure you that:
i) No Sensitive Data Is Collected Without Necessity: Stahili will only collect Sensitive Data if it is required for a specific purpose, and in such cases, we will explicitly communicate why it is being collected and how it will be used;
ii) Protection of Inferred Sensitive Data: Any Sensitive Data inferred from responses will be treated with the highest level of protection and confidentiality. It will only be used in aggregate and anonymous forms to prevent identification of individual users
iii) To further safeguard your information, all data collected and stored by Stahili is encrypted both in transit and at rest, ensuring its security and reducing the risk of unauthorized access.
Below is our approach of Personal Data and Sensitive Data and how we stay true to our commitment;
| Personal Data | Usual Approach | Stahili Approach |
|---|---|---|
| Age | Date of Birth – Easily combined with other data to personally identify the user | Year of Birth – Much harder to use to identify someone but still provides the basic age information |
| Address | Full Address - Easily identifies and exposes the user | County & Constituency - Allows us to show our partners where demand is based,without exposing personal information |
| Personal Sensitive Data | What we use it for |
|---|---|
| Year of birth |
|
| County & Constituency |
|
| Gender |
|
| Phone Number |
|
Stahili is a registered data controller and processor under the Office of the Data Protection Commissioner (ODPC) in compliance with applicable data protection laws. As the sole data controller, Stahili is committed to upholding the highest standards of privacy and security in the processing of your personal data. These measures reflect our dedication to protecting your information at every stage of its handling.
To support our operations, Stahili engages trusted third-party data processors, including:
i) Google (Google Cloud Platform) – Provides secure technical infrastructure for hosting and managing consumer data
ii) Marketing Partners – Assist in delivering promotional communications to users who have consented to such messages
Stahili shall review this Privacy Policy at least once every two (2) years to ensure its continued relevance, effectiveness, and compliance with evolving best practices. Additionally, the Policy shall be promptly amended in the event of any changes to applicable data protection laws, regulations, or significant operational requirements
Any updates to the Privacy Policy will be communicated to all relevant stakeholders, and staff shall be trained on revised provisions as necessary. Amendments may also be made as deemed appropriate by the Data Protection Officer to address emerging risks or organizational needs.
For any questions on this Privacy Policy, reach out to us at dataprotection@stahili.com. We're happy to assist!
Stahili reserves the right to terminate any agreement with you for failure to comply with the provisions of this Privacy Policy and the Terms of Use and reject any application for information contrary to this Privacy Policy.
We're a Kenyan company, but we know that people from all over the world may use the Mediums operated by Stahili. We adhere to the Data Protection Act 2019, its regulations while also complying with GDCR global standards, to ensure your privacy is safeguarded.
© 2024 StahiliCommerce