USER PRIVACY NOTICE

1. IMPORTANT INFORMATION AND WHO WE ARE

We take the privacy of our online platform and mobile application users very seriously. We ask that you read this privacy policy (“Policy”), carefully as it contains important information about how we will use your personal data. For the Purposes of the Data Protection Act, No. 24 of 2019, Twiga Foods Limited, a limited liability company incorporated in Kenya with Company number CPR/2013/124558 of P.O. Box 38714 - 00100, Nairobi, Kenya is the data controller and responsible for your data.

2. CONTACT DETAILS

Our full Details are:
Full name of legal entity: Twiga Foods Limited
Name or title of DPO: Enterprise Technology Operations Manager
Email address: infosec@twiga.com
Postal address: 38714-00100, Nairobi
Telephone number: 0709 258 000

3. PERSONAL DATA WE PROCESS

We will obtain personal information about you such as your name, email, address, identity data, financial data, profile data, transaction data whenever you complete forms on the Twiga website (www.twiga.com) and Twiga mobile applications (including iOS, Android and Web applications (Apps)) together, the Services.

4. HOW WE USE YOUR PERSONAL DATA

We will use your personal data in the following circumstances:
i) where we need to perform the contract we are about to enter into or have entered into with you;
ii) to handle your orders, payments, collect your farm produce and provide you with the right services;
iii) to communicate with you about Twiga’s products and services;
iv) to provide fintech services to you;
v) to provide functionality, analyse performance, fix errors, and improve usability and effectiveness of the Services.
vi) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
vii) where we need to comply with a legal obligation. We adhere to the principles relating to processing of personal data as set out in the Data Protection Act.

5. DISCLOSURE OF PERSONAL DATA

We may disclose your personal data to:
i) other companies within our group;
ii) a third party who acquires or substantially acquires all of its assets, in which case the personal data shall be one of the acquired assets;
iii) our agents and service providers;
iv) law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law;
v) our business partners in accordance with the ‘Marketing or Opting out “ clause 6.

6. MARKETING AND OPTING OUT

If you have given permission, we may contact you by email, telephone, SMS, about our services, promotions or offers that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time.

7. KEEPING YOUR DATA SECURE

We will use technical and organisational measures to safeguard your personal data, for example:
i) access to your account is controlled by a password and username that are unique to you; and
ii) we store your personal data on secure servers. While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

8. MONITORING

We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance.

9. DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 10. YOUR LEGAL RIGHTS Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights include:
i) request access to your personal data;
ii) request correction of your personal data;
iii) request erasure of your personal data;
iv) object to processing of your personal data;
v) request restriction of processing your personal data;
vi) request transfer of your personal data; and
vii) right to withdraw consent. If you wish to exercise any of the rights set out above, please contact us.

11. CHANGES TO THIS PRIVACY POLICY

We may change this Policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version that will apply each time you use the Service.

12. CONTACTS, NOTICES

If you have any concern about privacy or want to contact one of our data controllers, please contact us through the address set out above, with a thorough description and we will try to resolve the issue for you. Further, the data protection officer for the above mentioned data controllers can be contacted at infosec@twiga.com.