Privacy policy

Last Updated: 14.10.2024

You can change your privacy settings here: At the bottom of each page you find on the left side a cookie icon. If you click on it, you can adjust your privacy settings.

Kazi Yetu UG (“Kazi Yetu,” “we,” “us,” or “our”) respects individual privacy and is committed to protecting the personal data of its website users and shoppers (“user”, “you” or “your”). In this Privacy Policy (“Policy”), we inform you about the handling of your data when using our website, including shopping from the online store section. 

This Policy applies to users of our website from the EU, EEA, the UK and similar areas under the General Data Protection Regulation (“GDPR”). By accessing our website and shopping our products, you agree to how we handle your information as described in this Policy. If you do not agree with this Policy, you must immediately stop using our website.  

 

1. Data Controller and Data Protection Officer Information 

Kazi Yetu is your Data Controller, meaning that we are responsible for the data we collect from you concerning your use of our website and services. We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice according to the GDPR (in German Datenschutzgrundverordnung (“DSGVO”)). If you have any questions regarding this Policy, please contact us through our DPO using the details below.

Contact Details:

Kazi Yetu UG

Stegelkoppel 12

23560 Lübeck

Germany

E-Mail: hello@kazi-yetu.com.


2. Why You Need This Policy

This Policy lets you know how we look after your personal data when you visit our website, interact with the content and/or shop with us. It also describes the rights you have under applicable laws. 

 

3. Meaning of Personal Data

Personal data refers to any information we collect that is able to identify a natural person. This may include your name, email address, device IP Address, billing address and location. 

If any information is unable to identify a natural person, we refer to it as non-personal, de-identified, anonymised, or aggregated data. 


4. What Data We Collect 

We collect the data needed to facilitate our services, including receiving your orders, processing your payments, communicating with you and delivering your order, as well as complying with the law. The data we collect may include the following categories:

  • Registration and profile data. We collect the data you submit when you create an account with us. This may include your name, email address, and password. You may provide additional data in your profile. This may include your shipping address containing your phone number, company name, house address, etc. 
  • Contact data. We collect contact data needed to communicate with you. This may include your email address and phone number. We may collect this data when you create an account, subscribe to our mailing list, contact us and provide your order data. 
  • Order data. We collect the details of your order, including the item purchased, quantity, order note, shipping address, order history and payment method used. This data may include your home address, location, time zone and similar data. 
  • Payment and billing data. Depending on the payment method you select on our website, we may collect your payment method data to enable us and our payment processors to process payments for your orders. This may include (where applicable) the card number, name, security code, expiry date, email address and billing address. Your payment method data is not stored in our database. The payment page is handled by Stripe and similar processors directly as trusted third-party payment processors. We enter into a Data Processing Addendum (“DPA”) agreement with these payment processors to only use the data to only process your payments.  

We may use the following payment service providers: Apple Pay, Google Pay, Klarna, PayPal, Visa, and MasterCard. We may use Shopify Payments to facilitate all of these payment service providers. 

  • Data from your content. We may collect any personal data you include in your order notes, comments, feedback and the media you submit to us. 
  • Transaction data. We automatically log the details of transactions. This may include the amount paid, payment method used, time and date of payment and item purchased. 
  • Data from cookie. We use cookies, beacons, pixels and similar tracking tools to automatically collect certain aggregated or non-personal data, including your device properties (IP Address, geolocation, browser type, operating system, etc.), your actions on our website, the errors you encounter and similar data. We collect this data anonymously when you first access our website or use some of the features. Please learn more about cookies, including opting out, in section 9 of this Policy.  


5. How We Collect Your Data

As highlighted, we may collect the data described above: 

  1. directly from your submission (such as when you fill out forms on our website);
  2. automatically through cookies, pixels and similar technologies and third-party tools; and 
  3. from certain third parties (such as when Stripe provides us with transaction data, including payer name, service/product purchased, amount paid, billing data, payment method used, transaction ID, etc.). 

Please note that you are under no obligation to provide us with any data when you use our website and purchase from us. However, we are unable to provide our service without the required data (for example, we are unable to pack and send an order if you do not specify the item, provide your shipping address, pay for the item or any other service that depends on the data). 


6. Our Legal Bases For Data Collection

We collect and process your data based on the following legal bases, as required by the GDPR/DSGVO:

  1. Consent. We rely on your consent to collect and process certain types of data. For example, when you sign up for marketing communications, you provide us with your explicit consent to use your email address for sending promotional content. Where we collect your data based on your consent, you have the right to withdraw your consent at any time (for example, a link to opt out of promotional content is provided in all our emails). 
  2. Performance of a contract. We may process your data to fulfil our contractual obligations to you. This includes processing your orders, completing transactions, delivering products, providing customer support and responding to inquiries.
  3. Fulfilment of our legal obligation. In some cases, we are required to process your data to comply with legal obligations. This includes tax reporting, accounting and compliance with consumer protection laws. We may also be required to share certain data with regulatory bodies or law enforcement if required by law.
  4. Satisfaction of our legitimate interests. We may process your data based on our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving our website and services, personalizing your experience, conducting marketing and promotional activities, preventing fraud and ensuring the security of our website and transactions.


7. Why We Collect Your Data

We collect your data to provide you with the best possible experience while using our website and services. We use the data we collect for the following purposes:

  • To process and fulfil orders. We collect your personal and payment data to process your orders, complete transactions and deliver products to your specified address. We also use this data to provide order confirmations and shipping updates and handle any returns or exchanges.
  • To improve and personalize your experience. We use cookies and tracking tools to remember your preferences, improve our website’s functionality and tailor content based on your browsing behaviour. Personalised recommendations, offers, and promotions may be provided based on your previous interactions with our website and products.
  • To communicate with you. We use your contact data to send you important updates about your orders, transactions and account. If you subscribe to our mailing list, we may also send you promotional emails, newsletters, or special offers about our products and services to your submitted email address. You can unsubscribe from these communications at any time using the unsubscribe instructions in any of the emails we send to you.
  • To enhance website performance. Technical data, such as your device properties and usage patterns, helps us monitor website performance, fix issues and optimise your browsing experience. We use analytics to understand how users engage with our website and make improvements to our content, layout and navigation.

We use Cloudflare to ensure our website loads quickly and securely. We may allow Cloudflare to collect your IP address to deliver our website and enhance its performance. You can review Cloudflare’s Privacy Policy to learn more. 

  • For security and fraud prevention. We collect and use data such as IP addresses, payment details and transaction history to detect, prevent and respond to fraudulent activities and security threats. This helps protect both our business and our users from unauthorised access and harmful behaviour.
  • To comply with legal obligations. We may need to collect and retain certain data to comply with legal and regulatory requirements, including tax reporting, accounting and compliance with consumer protection laws. In some cases, we may also be required to share certain data with authorities if required by law.
  • To improve our services. We analyse the data we collect, including user feedback, to identify trends, develop new features and improve the quality of our products and services. This allows us to provide better support, faster delivery and an overall enhanced customer experience.


8. How We May Share Personal Data

We are committed to safeguarding your privacy and do not share your data with third parties. However, in order to provide our services efficiently and comply with the law, we may need to share your data in the circumstances described below:

  1. Service providers. We work with third-party service providers to help us with essential business functions such as payment processing, shipping and delivery, website hosting and IT services, data storage services, communications, marketing, etc. (for example, we share your shipping address with shipping companies to enable them to deliver our products to you).  

These third-party service providers only have access to the personal information necessary to perform their functions and are contractually obligated to protect your data and use it only for the purposes specified by us. We ensure a DPA agreement is in place before third-party service providers process data on our behalf. 

Some of our major service providers may include Shopify, Apple, Klarna, PayPal, MasterCard, VISA, Google, Stripe, etracker and Meta (Facebook). 

  1. Advertising and analytics partners. We may share certain data with advertising partners (e.g., Google Ads and Facebook Pixel) and analytics services (e.g., Google Analytics) to improve our marketing efforts, display personalised ads and understand how users engage with our website. This may include de-identified or aggregated information, such as your browsing behaviour, interests, and interaction with our website.
  2. Business transfers. In the event of a business transaction such as a merger, acquisition or sale of assets, your personal information may be transferred to the relevant third parties as part of the transaction. In such cases, we will ensure that any entity acquiring your information honours the commitments we have made to you under this Policy.
  3. Legal requirements and compliance. We may disclose your personal information if required by law or in response to valid legal processes, such as (i) compliance with legal obligations or court orders; (ii) requests from government authorities, regulatory bodies or law enforcement agencies; and (iii) protecting our rights, property or the safety of our users, employees or the public.
  4. Social media and public forums. If you choose to engage with us on social media platforms or post content (e.g., reviews, comments) on public forums on our website, any personal information you voluntarily share may be accessible to other users and the general public. We encourage you to use caution when disclosing personal information in public forums.
  5. With your consent. In any other instances where we may need to share your personal information, we will obtain your consent before doing so. This might include sharing your details with partners for special promotions, collaborations or events.

 

9. Cookies And Tracking 

  1. Cookies and similar technologies 

Cookies are stored on your device when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transmit viruses to your device. They are used to make the website as a whole more user-friendly and effective.

We use the following types of cookies for the following purposes:

  • Strictly necessary cookies, which are responsible for many website features to work (for example, navigation, content hosting, security, etc.). These cookies cannot be turned off or deleted. 
  • Session cookies, which are used for the operation of our website. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to the website. The session cookies are deleted when you close the browser.
  • Persistent cookies are cookies that extend beyond a browser session unlike session cookies. They have their set expiry dates, which may go up to months unless earlier deleted. 
  • Analytics cookies, which are used to understand how our website visitors interact with our website. These cookies are used to gather the analytics information we collect when you access the website. 
  • Marketing cookies, which are set by our marketing third parties for retargeting and display of relevant ads on our website and across the internet. 
  • Functional cookies, which enable our website to offer additional settings and give you more settings and control. 

Third-party cookies. 

Some of our third-party service providers may set cookies on your browser to perform their services (for example, Google embeds cookies in Google Analytics). 

You have an option to manage our use of cookies. You can manage your cookie preference by using the Avada cookie consent banner on our website to toggle on/off each type of cookie. You can also control cookies from your device’s browser privacy settings area. However, please be aware that if you prevent the storage of cookies, you may not be able to use this website to its full extent.

  1. Third-party tracking tools

Cookies are also used in connection with the use of Google Analytics and etracker. These are third-party tracking tools that we use to analyze the traffic on our website. Aside from blocking analytics cookies, you can opt out of analytics from these tools by using their opt-out tools (for example, you can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on on your browser). 

We may use Google Tag Manager (GTM) to manage the marketing tags on our website. This tool helps us to deploy other tags without collecting personal data directly. However, the tags deployed may collect data on their own. Please review Google’s Privacy Policy for further information about GTM. 


10. Interest-Based Advertising 

We may participate in Google Ads, Meta Ads (Facebook ads), and other social media advertising platforms to market our products and services on their platform and across the internet. These parties may set cookies, pixels, and similar technologies on our website to gather anonymous user behaviours. We may also share with them the analytics we have gathered. They may then combine the data with those they have gathered across other platforms and use it to display advertisements that are relevant to your behaviours across the internet. 

As with cookies, you can opt out of interest-based advertising and ad retargeting. 

  • You can visit Google’s Ad Settings to adjust your preference or opt out of personalised ads from Google. 
  • You can adjust Facebook’s ad preference here
  • You can also block analytics and marketing cookies. 

 

11. How We Secure Your Data

We secure our website and other systems by technical and organizational measures against loss, destruction, access, modifications or distribution of your data by unauthorised persons. You should always keep your access data confidential and close browser window when you have finished communicating with us, especially if you share your device with others. 

The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. 


12. How Long We Retain Personal Data

We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of your personal data, and the purposes for which we process your personal data.

If you request that we delete your account data, we may retain your data for 30 days before deleting it. We may retain data regarding your transactions for longer periods to comply with the law and facilitate refunds or disputes. We may also retain data relating to your device properties for longer periods. However, such data will be de-identified and aggregated. 


13. The International Transfer Of Your Data 

We may collect and transfer your data from your location in any GDPR area to other locations outside of the GDPR areas, including the US. This may be in connection with our third-party service providers operating from those areas. However, when we transfer any data to areas outside of the GDPR areas, we ensure appropriate safeguards are in place to protect your data in line with GDPR/DSGVO requirements. Some of these safeguards may include the following: 

  • Adequacy decision. We may transfer data to countries that the European Commission (“EC”) has deemed to have adequate data protection laws. This means that we may transfer your data to such locations without putting anything in place. 
  • Standard Contractual Clauses (SCCs). For transfers to countries without an adequacy decision, we use Standard Contractual Clauses approved by the EC to ensure your data is protected.
  • EU-US Privacy Shield. We also use some processors who have the EU-US Privacy Shield certificate. For example, Google US has submitted to the EU-US Privacy Shield
  • Other Safeguards. In certain cases, we may rely on additional safeguards, such as such third parties are bound by corporate rules; obtaining your explicit consent for the transfer; and de-identifying or aggregating such data before they are transferred. 

You have the right to request information on the safeguards we have implemented and copies of relevant transfer agreements by contacting us at hello@kazi-yetu.com


14. Your Privacy Rights

The GDPR/DSGVO grants you a variety of different rights. In the following, we would like to inform you about them:

  1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  2. Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  3. Request the erasure of your data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it (this right is subject to our data retention policy). You also have the right to ask us to delete your data where you have successfully exercised your right to object to processing (see below), where we may have processed your data unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  4. Request restriction of processing of your data. This enables you to ask us to suspend the processing of your data in the following scenarios: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  5. Right of information. You have the right to be informed by us if we have communicated any rectification or erasure of personal data or restriction of processing carried out in accordance with the applicable articles of the GDPR/DSGVO to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
  6. Request the transfer of your data to you or to a third party. Upon request, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.
  7. Withdraw consent at any time. As already highlighted, you have the right to withdraw your consent at any time where the processing of your data is based on your consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  8. Right to complain. If you consider that the processing of any personal data is in breach of the GDPR/DSGVO, you have the right to submit a complaint to a supervisory authority: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Frau Marit Hansen, Postfach 71 16, 24171 Kiel, Holstenstraße 98, 24103 Kiel, Telefon: 0431/988-1200, E-Mail: mail@datenschutzzentrum.de, Homepage: https://www.datenschutzzentrum.de.
  9. Right to object. You can object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes as described above. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms.

You can exercise these rights through your account, our website Contact Us section or by reaching out to us at hello@kazi-yetu.com. The means of exercising specific rights may be provided via other means communicated to you outside of this Policy. 


15. Children’s Privacy 

Our website and services are not targeted at anyone under the age of 16 (children). We do not knowingly collect personal information from children unless they demonstrate that they have verifiable approval from their parents or guardians. By purchasing from us and providing us with your data, you represent that you are at least 16 years of age. 

If you are a parent or legal guardian and are aware that your child has provided us with personal information, please contact us at hello@kazi-yetu.com. If we are aware that we have collected personal data from a child without parental verification, we take steps to remove that data from our servers. 


16. Third-Party Links

Our website may contain links to other websites or services that we do not operate. These may include media and content that lead to social media platforms like Instagram and Facebook. These third-party sites have their own privacy policies. We are not responsible for how they collect, use or share your data when you use their platforms. 

We encourage you to review the privacy policies of any third-party sites you visit to understand their practices. Please note that we do not control these websites and are not responsible for their content or activities.


17. Changes To This Policy

We may update this Policy from time to time to reflect changes in our practices, services or legal requirements. If we make material changes, we will notify you by (i) posting the updated Policy on our website with the "Last Updated" date at the top of the page; and/or (ii) sending you an email.

We encourage you to periodically review this Policy to stay informed about how we are protecting your data. Your continued use of our services after any changes take effect constitutes your acknowledgement and acceptance of the revised Policy.


18. Contacting Us

If you have any questions, inquiries, complaints, feedback or queries regarding how we handle your data as described in this Policy, please use the contact us section of our website or email us at hello@kazi-yetu.com