Privacy Policy

Last updated: 1 September 2025

1. Introduction

SMEgicTouch Marketing Limited (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy complies with Kenya’s Data Protection Act 2019, the General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide to us, including:

  • Contact Information: Name, email address, phone number, business address
  • Business Information: Company name, industry, business size, job title
  • Account Information: Username, password, profile information
  • Payment Information: Billing address, payment method details (processed securely by third-party payment processors)
  • Communication Data: Messages sent through contact forms, emails, chat systems, or during consultations
  • Service-Related Data: Information provided during consultations, project requirements, feedback, and reviews

2.2 Information Collected Automatically

When you visit our website or use our services, we may automatically collect:

  • Device Information: IP address, browser type, device type, operating system
  • Usage Data: Pages visited, time spent on pages, click patterns, referral sources
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking Data: Information collected through cookies and similar technologies

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

  • Providing and delivering our marketing services, courses, and consultations
  • Processing payments and sending purchase confirmations
  • Creating and managing your account
  • Customizing services to meet your specific business needs

3.2 Communication

  • Responding to your inquiries and support requests
  • Sending service updates, course materials, and important notifications
  • Providing marketing newsletters (with your consent)
  • Scheduling and conducting consultations

3.3 Business Operations

  • Improving our services and developing new offerings
  • Analyzing usage patterns to optimize our website and services
  • Preventing fraud and ensuring security
  • Complying with legal obligations

4. Legal Basis for Processing

Under GDPR and Kenya’s Data Protection Act, we process your personal data based on:

  • Contract Performance: To fulfill our services and contractual obligations
  • Legitimate Interests: To improve our services, prevent fraud, and conduct business operations
  • Consent: For marketing communications and optional data collection
  • Legal Compliance: To meet regulatory and tax obligations

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers who assist us in:

  • Payment processing (Stripe, PayPal, mobile money providers)
  • Email delivery and marketing automation
  • Website hosting and cloud storage
  • Analytics and performance monitoring
  • Customer support tools

These providers are contractually bound to protect your information and use it only for the specified purposes.

5.2 Legal Requirements

We may disclose your information when required by law, court order, or regulatory authority, or to:

  • Protect our legal rights and interests
  • Investigate fraud or security incidents
  • Comply with tax and financial reporting obligations
  • Protect the safety of our users and the public

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide ongoing services to you
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce our agreements

Specific retention periods:

  • Account Data: Until account deletion or 3 years after last activity
  • Transaction Records: 7 years for tax and accounting purposes
  • Communication Data: 2 years unless ongoing business relationship
  • Website Analytics: 26 months (Google Analytics default)

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • SSL encryption for data transmission
  • Secure cloud storage with access controls
  • Regular security assessments and updates
  • Employee training on data protection practices
  • Multi-factor authentication for sensitive systems

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

8. Your Rights

Under applicable data protection laws, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

  • Remember your preferences and settings
  • Analyze website traffic and user behavior
  • Provide personalized content and advertisements
  • Improve website functionality and user experience

You can control cookies through your browser settings, but this may affect website functionality.

10. International Data Transfers

As we serve clients across Africa and use international service providers, your data may be transferred outside Kenya. We ensure adequate protection through:

  • Adequacy decisions by relevant data protection authorities
  • Standard contractual clauses approved by the European Commission
  • Certification schemes and codes of conduct

11. Children’s Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last modified” date. For significant changes, we will provide additional notice through email or website notifications.

13. Contact Information

For questions about this Privacy Policy or our data practices, contact us:

14. Regulatory Authority

If you have concerns about our data handling practices that we cannot resolve, you have the right to lodge a complaint with:

  • Kenya: Office of the Data Protection Commissioner
  • EU/GDPR: Your local supervisory authority

SMEgicTouch Marketing Limited
Registered in Kenya
Business Registration Number:  PVT-RXU2EY8L

This Privacy Policy is effective as of September 1, 2025.