1. Introduction & Who We Are

Welcome to Nairobi Deals Hadada ("NairobiDeals", "we", "our", or "us"). We operate a premier B2B wholesale marketplace at https://nairobideals.com, connecting manufacturers, wholesalers, buyers, and suppliers across Kenya and the wider East African region.

We are committed to protecting the personal data of every individual who interacts with our platform — whether as a buyer, seller, visitor, or business partner. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have.

2. Personal Data We Collect

2.1 Account Registration Data

When you create a buyer or seller account, we collect:

• Full name and business name
• Email address and phone number
• Business location and physical address
• KRA PIN or business registration number (for seller verification)
• Username and password (stored encrypted — we never see your plain-text password)
• Profile photo (optional)

2.2 Marketplace Transaction Data

When you buy or sell on our platform, we collect:

• Order details: product names, quantities, prices, and order dates
• Shipping and delivery addresses
• Payment method and transaction reference numbers
• Invoice and receipt data
• Buyer–seller communication records (messages sent through our platform)

2.3 Payment Data

We facilitate payments through third-party processors including M-Pesa (Safaricom) and card/mobile banking integrations. We do not store full card numbers or M-Pesa PINs on our servers.

• We store: transaction reference numbers, payment status, amounts, and timestamps
• We do NOT store: card numbers, CVV codes, M-Pesa PINs, or bank account credentials

2.4 Seller Listing Data (Publicly Visible)

Sellers voluntarily publish the following, which becomes publicly visible on the marketplace:

• Business name, location, and contact details
• Product descriptions, images, prices, and availability
• Seller ratings and reviews received from buyers

2.5 Technical & Usage Data

When you visit our website, we automatically collect:

• IP address and approximate location
• Browser type, version, and operating system
• Device type (mobile, tablet, or desktop)
• Pages visited, time spent, and clickstream data
• Referring website or search engine
• Error logs and performance data

2.6 Communications Data

If you contact us via email, phone, or our contact form, we collect your name, contact details, the content of your message, and records of our responses.

2.7 Comments & User-Generated Content

If you leave comments or reviews on the site, we collect the information shown in the comment form, your IP address, and browser user agent string to help with spam detection. An anonymized hash of your email address may be shared with Gravatar to check if you have a profile picture configured.

2.8 Media Uploads

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors may download and extract any location data from images you upload.

3. How We Use Your Personal Data

We use your personal data only where we have a valid legal basis under the Kenya Data Protection Act, 2019:

3.1 To Provide Our Services

• Creating and managing your buyer or seller account
• Processing orders, payments, and facilitating transactions
• Providing order tracking and delivery updates
• Enabling messaging between buyers and sellers
• Displaying your product listings to potential buyers

3.2 Platform Safety & Trust

• Verifying seller identities and business credentials
• Detecting and preventing fraud, scams, or policy violations
• Enforcing our Terms & Conditions
• Moderating reviews and comments

3.3 Legal Compliance

• Complying with Kenyan tax obligations (e.g., KRA requirements)
• Responding to lawful orders from courts or government authorities
• Retaining financial records as required by Kenyan law

3.4 Platform Improvement

• Analysing usage patterns to improve site performance and features
• Fixing bugs and technical issues

3.5 Marketing Communications (Consent Only)

• Sending newsletters, promotional offers, or platform updates — only if you have opted in
• You can unsubscribe at any time via the link in any marketing email

4. Who We Share Your Data With

4.1 Between Buyers and Sellers

To complete transactions, relevant contact and business information is shared between the buyer and seller involved — for example, a buyer's delivery address is shared with the seller fulfilling the order.

4.2 Payment Processors

We share transaction data with payment providers (M-Pesa / Safaricom, payment gateway partners) strictly to process payments. These providers operate under their own privacy policies and applicable financial regulations.

4.3 Service Providers (Data Processors)

We engage trusted third-party providers who process data on our behalf under strict agreements:

• Web hosting: We use international recognized cloud servers.
• CDN & security: Cloudflare, Inc.
• Spam detection: Automattic (Akismet)
• Analytics: Website analytics tools (data anonymised where possible)
• Email delivery: Transactional email service providers

4.4 Legal Authorities

We may disclose your personal data to law enforcement, courts, or regulatory authorities when required by a valid court order or legal obligation under Kenyan law. We will notify you of such requests where legally permitted to do so.

4.5 Business Transfers

If NairobiDeals is acquired, merged, or undergoes significant restructuring, your data may be transferred to the new entity. We will notify you via email and a notice on our website before any such transfer occurs.

5. Cookie Policy

Our website uses cookies — small text files stored on your device. Here is a breakdown:

5.1 Strictly Necessary Cookies (Cannot be disabled)

• Session cookies: Maintain your login state during a browsing session
• Security cookies: Protect against cross-site request forgery (CSRF)
• Cloudflare cookies (__cf_bm, cf_clearance): Bot detection and site security
• Cookie acceptance test: A temporary cookie set when you visit our login page to check if your browser accepts cookies — contains no personal data and is discarded when you close your browser

5.2 Functional Cookies

• Login cookies: Last 2 days; or 2 weeks if you select "Remember Me"
• Screen/display preference cookies: Last 1 year
• Comment convenience cookies: Save your name, email, and website for 1 year — opt-in only
• Post-editor cookie: Records the post ID of an article you just edited; expires after 1 day; contains no personal data

5.3 Analytics Cookies

We use analytics tools to understand how visitors interact with the site. Where possible, data is anonymised or pseudonymised before processing.

5.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect site functionality. A cookie consent notice is shown on your first visit, where you can manage non-essential cookies.

6. How Long We Retain Your Data

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS / TLS encryption for all data in transit
• Encrypted storage of passwords (bcrypt hashing — your plain-text password is never stored)
• Cloudflare DDoS protection and Web Application Firewall (WAF)
• Access controls limiting staff access to personal data on a need-to-know basis
• Regular security updates and vulnerability monitoring

8. Your Rights Under the Kenya Data Protection Act, 2019

As a data subject, you have the following rights. You may exercise any of them by emailing customercare.nairobideals@gmail.com with the subject line "Data Rights Request". We will respond within 21 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.

9. Children's Privacy

Our platform is intended for business use by adults aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us at customercare.nairobideals@gmail.com.

10. Third-Party Links & Embedded Content

Our website may contain links to external websites or embed content (videos, social media posts, etc.) from third-party platforms. When you interact with embedded content, the third-party platform may collect data about you, use cookies, and track your interactions — exactly as if you had visited their website directly.

We are not responsible for the privacy practices of third-party websites. We encourage you to review their individual privacy policies before engaging.

11. International Data Transfers

Some of our service providers (such as Hostinger, Cloudflare, and email delivery services) may process your data outside Kenya. Where this occurs, we ensure that appropriate safeguards are in place — including Standard Contractual Clauses or equivalent mechanisms — to protect your data in line with the Kenya Data Protection Act, 2019.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our homepage for at least 30 days
• Send a notification email to registered users where the changes significantly affect their rights

Continued use of our platform after the effective date of an update constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or data rights requests, please reach out to us: