1. Data Collection and Usage

  • Personal Information: We collect names, email addresses, phone numbers, and physical addresses to facilitate auction transactions and account management.
  • Verification Data: To maintain marketplace integrity, we may collect government-issued identification for vendor verification and “Know Your Customer” (KYC) compliance.
  • Transaction Records: We maintain logs of all bids, winning auctions, and payment history as part of the binding contract between buyers and sellers.

2. Purpose of Processing

  • Platform Facilitation: We use data to facilitate the bidding process and automate the 8% platform fee and vendor payouts.
  • Notifications: To send automated auction reminders and “Winner Status” notifications via your registered email or phone.
  • Compliance: To fulfill KRA eTIMS tax invoicing requirements and maintain records for the mandatory 7-year legal retention period.

3. Data Storage and Security

  • Storage Location: User data is stored in secure, encrypted databases hosted on professional data center servers.
  • Protection Measures: We implement industry-standard security protocols, including SSL encryption, to prevent unauthorized access or alteration of personal information.
  • Data Retention: We retain personal data as necessary to provide services and comply with Kenyan tax and auction laws.

4. Disclosure of Information

  • Transaction Facilitation: We share necessary contact information between a winning Buyer and the Seller to complete the delivery and return process.
  • Third-Party Services: Data is shared with integrated partners, specifically Paystack (a PCI-DSS compliant payment processor), solely to execute your orders and payouts.
  • Legal Requirements: We may disclose information if required by Kenyan law or in response to valid legal requests by the ODPC or KRA.

5. Your Rights (Kenya Data Protection Act, 2019)

  • Access and Correction: You have the right to access your data and request corrections to any inaccurate information.
  • Right to Erasure: You may request account deletion; however, specific transaction data must be retained for legal audit purposes.
  • Object to Processing: You have the right to object to data processing for marketing purposes at any time.