1. Introduction

Aashirya Limited ("we," "us," or "our") is committed to protecting your privacy and ensuring compliance with the Kenya Data Protection Act, 2019 (DPA). This Privacy Policy outlines how we collect, use, process, store, and protect your personal data when you use our website, services, or interact with us. By accessing our website or using our services, you consent to the practices described herein.


2. Data Controller

The data controller responsible for processing your personal data is:
Aashirya Limited
West Park Suites, Ojijo Cl, Nairobi, Kenya
Nairobi, Kenya
Email: privacy@aashirya.co
Phone: +254700455466


3. Legal Basis for Processing

We process personal data in accordance with the DPA, relying on the following legal grounds:

  • Consent (Section 30): Where you provide explicit consent for specific purposes.
  • Contract Performance (Section 31): To fulfill obligations under a contract with you.
  • Legal Obligation (Section 32): To comply with Kenyan laws and regulations.
  • Legitimate Interests (Section 33): For purposes such as improving our services, fraud prevention, and security.


4. Data We Collect

4.1 Data You Provide

  • Contact details (name, email, phone number, address).
  • Business information (company name, registration details).
  • Payment information (bank details, credit/debit card numbers).
  • Communications (inquiries, feedback, support requests).

4.2 Automatically Collected Data

  • Technical data (IP address, browser type, device information).
  • Usage data (pages visited, time spent, click patterns).
  • Cookies and similar technologies (see Section 10).

4.3 Data from Third Parties

  • Business partners, service providers, or public sources (where legally permissible).


5. How We Use Your Data

We use your personal data for the following purposes:

  • Providing and improving our services.
  • Processing transactions and payments.
  • Communicating with you (e.g., customer support, newsletters).
  • Analyzing website usage and trends.
  • Complying with legal obligations.
  • Marketing (with your consent).


6. Data Sharing and Disclosure

We may share your data with:

  • Service Providers: Payment processors, cloud hosting providers, analytics tools.
  • Business Partners: Delivery companies, financial institutions (only as necessary).
  • Legal Authorities: When required by law or to protect our rights.

All third parties are contractually obligated to protect your data per the DPA.


7. Data Security

We implement technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest.
  • Access controls and authentication mechanisms.
  • Regular security assessments and audits.

However, no method of transmission over the internet is 100% secure.


8. Data Retention

We retain personal data only as long as necessary for the purposes outlined herein, or as required by law (e.g., tax records for 7 years). Data is securely deleted thereafter.

9. Your Rights Under the DPA

You have the right to:

  • Access (Section 26): Request details of your personal data held by us.
  • Correction (Section 27): Request correction of inaccurate or incomplete data.
  • Deletion (Section 28): Request erasure of data under certain conditions.
  • Objection (Section 30): Object to processing based on legitimate interests.
  • Data Portability (Section 33): Receive your data in a machine-readable format.

To exercise these rights, contact us at privacy@aashirya.co.


10. Cookies and Tracking Technologies

We use cookies to enhance user experience and analyze website traffic. Cookies are small text files stored on your device. Types include:

  • Essential Cookies: Required for website functionality.
  • Analytical Cookies: Help us understand how users interact with our site.
  • Marketing Cookies: Used for targeted advertising (with consent).

You can manage cookie preferences via your browser settings. Disabling cookies may limit website functionality.


11. Third-Party Links

Our website may contain links to third-party sites (e.g., LinkedIn). We are not responsible for their privacy practices. Please review their policies separately.


12. International Data Transfers

Where data is transferred outside Kenya, we ensure adequate safeguards per Section 48 of the DPA (e.g., standard contractual clauses).


13. Children’s Privacy

Our services are not directed at children under 18. We do not knowingly collect their data. If we become aware of such collection, we will delete it promptly.


14. Changes to This Policy

We may update this policy periodically. Changes will be posted on our website with an updated effective date. Continued use of our services constitutes acceptance of the revised policy.

15. Complaints and Contact

If you have concerns about our data practices, contact our Data Protection Officer at dpo@aashirya.co. You may also lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya.

Effective Date: 6/18/2023


Terms & Conditions Apply