Data Protection and Privacy Compliance (Kenya)

1. Applicable Law

We process personal data in accordance with Kenyan law, including the Data Protection Act, 2019 (Act No. 24 of 2019). Where applicable, we also follow guidance and regulations issued by the Office of the Data Protection Commissioner (ODPC).

By using this platform, you acknowledge this data processing framework and the safeguards described below.

2. Personal Data We Process

Depending on your use of the platform, we may process identification details, contact information, booking details, payment-related records, communications, and technical usage data.

We only collect data that is relevant to account creation, service delivery, support, platform security, and legal obligations.

3. Legal Basis for Processing

• Performance of a contract when you use booking and account services.
• Consent where required, including optional marketing communications.
• Compliance with legal obligations, including fraud prevention and audits.
• Legitimate interests for platform reliability, safety, and service improvement.

4. Data Protection Principles We Follow

• Lawful, fair, and transparent processing.
• Purpose limitation and data minimization.
• Accuracy and timely updates where needed.
• Storage limitation with secure retention and disposal controls.
• Integrity, confidentiality, and accountability in processing operations.

5. Your Rights Under Kenya Data Protection Law

You may exercise your rights to:

• Be informed about how your data is used.
• Access your personal data.
• Object to certain processing.
• Request correction or deletion of inaccurate or unnecessary data.
• Request portability or restriction where applicable.

6. Security, Sharing, and Transfers

We apply administrative, technical, and organizational safeguards to protect personal data from unauthorized access, loss, misuse, or disclosure.

We share data only where necessary for service delivery, legal compliance, payment operations, or trusted service providers acting under confidentiality and data protection obligations.

If cross-border data transfers are required, we implement legal and contractual safeguards consistent with applicable Kenyan data protection requirements.

7. Data Retention and Deletion

We retain personal data only for as long as necessary for the purposes set out in these Terms, including legal, operational, accounting, and dispute-resolution requirements.

When retention is no longer required, data is securely deleted, anonymized, or archived according to internal retention controls and legal obligations.

8. Contact and Complaints

For privacy or data protection requests, contact us at support@timizawera.co.ke.

If you believe your rights have been violated, you may also lodge a complaint with the Office of the Data Protection Commissioner (ODPC), Kenya.

We may update these Terms from time to time. Material changes will be communicated on this page.