Privacy Policy

1. Introduction

Konnekt Marketplace ("Konnekt," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile applications, or engage with our services (collectively, the "Platform").

By using our Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Platform.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

Account Registration

• Full name
• Email address
• Password (encrypted)
• Phone number
• Profile picture (optional)
• Date of birth (for age verification)

Seller Verification (KYC)

• Government-issued identification (passport, national ID, driver's license)
• Proof of address documents
• Business registration documents
• Tax identification number
• Bank account or mobile money details
• Facial photograph for identity verification

Transaction Information

• Shipping addresses
• Billing information
• Purchase history
• Payment method details (processed securely by payment providers)
• Order notes and special instructions

Communications

• Messages between buyers and sellers
• Customer support inquiries
• Feedback and reviews
• Survey responses
• Email correspondence

User-Generated Content

• Product listings and descriptions
• Product images and videos
• Reviews and ratings
• Comments and forum posts
• Profile information

2.2 Information Collected Automatically

When you access or use our Platform, we automatically collect certain information, including:

Device and Technical Information

• IP address
• Device type and model
• Operating system and version
• Browser type and version
• Screen resolution
• Unique device identifiers
• Mobile network information

Usage Information

• Pages viewed and time spent on pages
• Products searched and viewed
• Click patterns and navigation paths
• Features used
• Date and time of access
• Referring website or application
• Search queries

Location Information

• Approximate location based on IP address
• Precise location (with your consent) for delivery and local search features
• Country and region for currency and language preferences

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Identity verification services
• Payment processors (transaction status, fraud indicators)
• Social media platforms (if you connect your account)
• Marketing partners and analytics providers
• Public databases and government sources for verification

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Providing and Improving Services

• Creating and managing your account
• Processing transactions and payments
• Facilitating communication between buyers and sellers
• Providing customer support
• Fulfilling orders and arranging deliveries
• Personalizing your experience
• Improving Platform features and functionality
• Developing new products and services

3.2 Safety and Security

• Verifying user identity and preventing fraud
• Detecting and preventing unauthorized access
• Monitoring for suspicious activity
• Enforcing our Terms of Service
• Resolving disputes between users
• Protecting our legal rights

3.3 Communications

• Sending transaction confirmations and receipts
• Notifying you about order status updates
• Responding to your inquiries
• Sending service announcements
• Marketing communications (with your consent)
• Promotional offers and discounts

3.4 Analytics and Research

• Analyzing usage patterns and trends
• Measuring the effectiveness of features
• Conducting market research
• Generating anonymized, aggregated statistics

3.5 Legal Compliance

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Meeting tax and financial reporting requirements
• Anti-money laundering compliance

4. Legal Bases for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contract with you, including providing our services, processing transactions, and managing your account.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, improving our services, and marketing (where not overridden by your rights).
• Consent: Processing based on your explicit consent, such as for marketing communications, cookies, and location tracking. You can withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with legal obligations, including tax reporting, anti-money laundering requirements, and responding to legal processes.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 With Other Users

To facilitate transactions, we share relevant information between buyers and sellers, including names, shipping addresses, and communication through our messaging system.

5.2 Service Providers

We share information with trusted third-party service providers who assist us in operating the Platform, including:

• Payment processors (Xprizo, M-Pesa)
• Cloud hosting providers
• Email service providers
• Customer support platforms
• Analytics services
• Identity verification services
• Shipping and logistics partners

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal processes, including court orders, subpoenas, or government requests.

5.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5.6 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or marketing purposes.

6. Data Security

We implement comprehensive security measures to protect your personal information:

6.1 Technical Safeguards

• SSL/TLS encryption for all data in transit
• Encryption of sensitive data at rest
• Secure password hashing (bcrypt)
• Regular security audits and penetration testing
• Firewall protection and intrusion detection
• DDoS protection

6.2 Organizational Measures

• Limited access to personal data on a need-to-know basis
• Employee training on data protection
• Background checks for employees handling sensitive data
• Confidentiality agreements with employees and contractors
• Incident response procedures

6.3 Payment Security

Payment card information is processed by PCI-DSS compliant payment processors. We do not store complete credit card numbers on our servers.

6.4 Session Security

For your protection, sessions are automatically terminated after 5 minutes of inactivity. We recommend logging out when using shared or public devices.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Account Information: Retained while your account is active and for 7 years after account deletion for legal and tax purposes.
• Transaction Records: Retained for 7 years to comply with tax and financial regulations.
• Communications: Retained for 3 years after the last interaction for customer service purposes.
• Usage Data: Retained for 2 years for analytics purposes, then anonymized.
• KYC Documents: Retained for 7 years after account closure as required by anti-money laundering regulations.

7.2 Extended Retention

We may retain information longer if required by law, legal proceedings, or ongoing disputes. Anonymized data may be retained indefinitely for statistical purposes.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. You can access much of this information directly through your account settings. For additional data, contact our support team.

8.2 Correction

You have the right to correct inaccurate or incomplete personal information. You can update most information through your account settings.

8.3 Deletion

You have the right to request deletion of your personal information, subject to legal retention requirements. See Section 12 for details on account deletion.

8.4 Restriction and Objection

You may request that we restrict processing of your personal information or object to certain types of processing, including direct marketing.

8.5 Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

8.6 Marketing Opt-Out

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in emails or adjusting your notification preferences in account settings.

8.7 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@konnekt.co.ke. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Platform.

9.1 Types of Cookies We Use

• Essential Cookies: Required for the Platform to function properly. These cannot be disabled. They include session cookies, authentication cookies, and security cookies.
• Functional Cookies: Remember your preferences such as language, currency, and display settings.
• Analytics Cookies: Help us understand how visitors use our Platform, which pages are most popular, and identify areas for improvement.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns.

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform. Most browsers allow you to:

• View cookies stored on your device
• Block all or specific cookies
• Delete cookies when you close your browser
• Receive alerts before cookies are placed

9.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals. However, you can manage your privacy preferences through the options described above.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information, including:

• Standard contractual clauses approved by relevant data protection authorities
• Transfers to countries with adequate data protection laws
• Binding corporate rules for intra-group transfers
• Your explicit consent for specific transfers

11. Children's Privacy

Our Platform is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

12. Account Deletion

You have the right to request deletion of your account and associated personal data. To request account deletion:

• Log in to your account and visit the Account Deletion page
• Or email our support team at support@konnekt.co.ke
• Or visit our public account deletion page at konnekt.co.ke/account-deletion

12.1 What Gets Deleted

• Your profile information and account settings
• Your product listings and reviews
• Your shopping preferences and wishlist
• Messages and communications (after legal retention period)

12.2 What We Must Retain

Certain information must be retained for legal, tax, and regulatory compliance:

• Transaction records (7 years)
• Tax-related information (7 years)
• KYC documents (7 years)
• Information related to legal disputes (until resolved)

12.3 Processing Time

Account deletion requests are typically processed within 30 days. You will receive confirmation once your account has been deleted.

13. Third-Party Links and Services

Our Platform may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

Third-party services we integrate with include payment processors, shipping providers, analytics services, and social media platforms. Each has its own privacy policy governing the use of your information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this policy
• We will notify you by email or through the Platform
• We may require you to acknowledge the changes before continuing to use the Platform

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Data Protection Officer

For matters related to data protection and privacy, you may contact our Data Protection Officer at:

17. Complaints

If you believe we have not handled your personal information properly or have not addressed your concerns, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.