1. INTRODUCTION
The purpose of this policy is to provide guidelines relating to the collection and processing of personal data by Basco Products Kenya Limited in compliance with Article 31 of the Constitution which guarantees every person the Right to Privacy and the Data Protection Act 2019.
Basco Products Kenya Limited is committed to ensure that data in its possession is stored safely in an accurate form and is processed lawfully, fairly and in a transparent manner.This privacy policy statement demonstrates our commitment to protect the privacy of individuals with respect to personal identifiable information and is designed to assist you in understanding our policies and practices in relation to the collection, use, retention, transfer and access of your personal information.
Basco Products (K) Limited (hereinafter, the “Company”, “Basco” or “we” or “our” or “us”) is a company incorporated in Kenya.
This statement should be read together with the Terms and Conditions of Use for other Basco products and services. Where there is a conflict, this statement will prevail.
In the course of its activities, the Company processes personal data of its employees, customers and their agents, suppliers, visitors, service providers, shareholders, directors and other stakeholders (hereinafter, the “Data Subjects” “you”, or “your”).
2. DEFINITIONS
Consent means any freely given, unambiguous and informed indication by a statement or by a clear positive action, signifies an agreement by the user to the processing of his/her personal data
Data Controller’ means natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of processing of personal data;
‘Data protection officer’ is a person designated or appointed by the Authority to monitor compliance with the Data Protection Act, No. 24 of 2019 and Regulations made under the Act.
‘Data Collection’ means gathering of information that relates to you.
‘Identifiable natural person’ means a person who can be identified directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or social identity
Personal Data- means any information relating to an identifies or identifiable natural person;
Processing means any operation or sets of operations which is performed on your personal data whether or not by automated means, such as: collection, recording, organization or structuring; Storage, adaptation or alteration; Retrieval, consultation or use; Disclosure by transmission, dissemination, or otherwise making available; Alignment or combination, restriction, erasure or destruction.
Sensitive personal data is data revealing your racial or ethnic origin, political opinions, professional membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's gender.
Third Party - means a natural or legal person, public authority, agency or body other than the user.
You/ Your (s) means any person who gives his personal data to the company or whose personal data is collected, processed or dealt with in the course of doing its business.
3. COLLECTION OF PERSONAL DATA
When collecting personal data from the user, the company shall inform the user of the following in writing/orally and in a manner and language that is understandable to the user:
- The specific purpose(s) for which the personal data or categories of personal data will be processed.
- Whether such data will be transferred to third parties and the specific third parties.
- The data subject’s right to request access to their personal data, or correction or deletion of it.
We collect your personal information with your knowledge and consent when you do any of the following (please note that this list is not exhaustive)
- Register for and Redeem Zawadika points on the Zawadika Na Marangi Loyalty reward Program which is the company’s national database.
- Purchase of the company products through an online platform, on a mobile or other device, and/or in Basco retail outlets.
- Register for a cash account or a credit account through the Cash account opening form and/or Credit Application Form, manually or electronically.
- ask Basco for more information about a product or service or contact Basco with a query or complaint;
- respond to or participate in a survey, marketing promotion, prize competition or special offer;
- visit, access or use Basco or third-party websites;
- We may also collect your information from other organizations including credit-reference bureaus, fraud prevention agencies and business directories
We do not onboard minors (any person under 18 years of age) except where you additionally register on their behalf as their parent and/or legal guardian. If you allow a child to use our products or services, you should be aware that their personal information could be collected as described in this statement.
4. WHAT PERSONAL INFORMATION IS COLLECTED?
The information we collect and store about you includes but is not limited to the following:
- Your identity, including your name, photograph, address, location, phone number, identity document type and number, date of birth, email address, age, gender, profession and mobile number portability records. Your business ownership details for verification of existence and ownership.
- Your credit or debit card information, information about your bank account numbers and SWIFT codes or other banking information
- Your transaction information when you use MPESA services
- Your preferences for particular products and services, based on information provided by you or from your use of Basco’s (or third party) network, products and services.
- Your contact with us, such as when you: call us or interact with us through social media, email (we may record your conversations, social media or other interactions with us).
- We use Closed Circuit Television (CCTV) surveillance recordings. CCTV Devices are installed at strategic locations to provide a safe and secure environment in all Basco premises as a part of our commitment to community safety, security and crime prevention.
- We maintain a register of visitors in which we collect and keep your personal data such as names, company/institution details, telephone number, vehicle registration details and National ID number. This information is collected for health, safety and security purposes.
- When you use Basco WIFI for guest and visitors, we collect email IDs and will provide user name and password. We record the device address and also log traffic information in the form of sites visited, duration and date sent/received.
- We collect your personal information when you visit us for purposes of accident and incident reporting. Basco will collect personal data from the injured party or person suffering from ill health, such as, Name, Address, Age, next of kin, details of the incident to include any relevant medical history.
- The data is collected as Basco has a legal duty to document workplace incidents/accidents and to report certain types of accidents, injuries and dangerous occurrences arising out of its work activity to the relevant enforcing authority.
- Incidents and accidents will be investigated to establish what lessons can be learned to prevent such incidents/accidents reoccurring including introduction of additional safeguards, procedures, information instruction and training, or any combination of these. Monitoring is undertaken but on an anonymised basis. The information is also retained in the event of any claims for damages.
- We also collect information that cannot be used to personally identify you such as anonymous usage data, general demographic information, referring/exit pages and URLs, platform types,preferences that are generates based on the data that you submit and number of clicks
5. USE OF INFORMATION
We may use and analyse your information for the following purposes:
- Processing products that you have bought from Basco on our ecommerce platforms;
- Billing you for using our or third-party products or services or taking the appropriate amount of credit from you;
- Responding to any of your queries or concerns;
- Verifying your identity information through publicly available and/or restricted government databases in order to comply with applicable regulatory requirements;
- Carrying out credit checks and credit scoring;
- Keeping you informed generally about new products and services and contacting you with offers or promotions based on how you use our or third-party products and services unless you opt out of receiving such marketing messages (you may contact Basco at any time to opt out of receiving marketing messages);
- to comply with any legal, governmental or regulatory requirement or for use by our lawyers in connection with any legal proceedings;
- In business practices including to quality control, training and ensuring effective systems operations;
- To protect our network including to manage the volume of calls, texts and other use of our network;
- To understand how you use our network, products and services for purposes of developing or improving products and services;
- Preventing and detecting fraud or other crimes and for debt recovery;
- For research, statistical, survey and other scientific or business purposes;
- Provide aggregated data (which do not contain any information which may identify you as an individual) to third parties for research and scientific purpose;
- Administer any of our online platforms/websites.
6. LAWFUL BASIS FOR PROCESSING YOUR INFORMATION
We will process your personal information based on any of the lawful basis provided for under the Data Protection law:
- The performance of a product/service agreement with you
- Basco’s legitimate business interest
- Compliance with a mandatory legal obligation
- Consent you provide
- Public interest
- Your vital interest
7. RETENTION OF INFORMATION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal
data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.
Anonymised information that can no longer be associated with you may be held indefinitely.
8. DISCLOSURE OF INFORMATION
Any disclosure of your information shall be in accordance with applicable law and regulations.
We may disclose your information to:
- Law-enforcement agencies, regulatory authorities, courts or other statutory authorities in response to a demand issued with appropriate lawful mandate and where the form and scope of the demand is compliant with the law.
- Fraud prevention and Anti money laundering agencies, credit reference agencies;
- Publicly available and/or restricted government databases to verify your identity information in order to comply with regulatory requirements
- Debt-collection agencies or other debt-recovery organization
- Survey agencies that conduct surveys on behalf of Basco
- Any other person that we deem legitimately necessary to share the data with.
Some of your information may be available to any third party involved in the operation of mobile application, zawadika program service provider, website developers and other data processors of Basco.
We shall not release any information to any individual or entity that is acting beyond its legal mandate.
We will get your express consent before we share your personal data with any third party for direct marketing purposes.
9. RIGHT TO PRIVACY
Basco shall endeavor to protect the privacy of the data subject, by anonymising where possible and in consistency with the purpose for which the data is being processed, to hide the identity of the data subject.
10. DATA MINIMIZATION
A member or agent of Basco will ensure that they collect only personal data that is required for the legitimate purpose of collection.
11. ACCURACY
- The Company shall store personal data/information as accurately as possible and update and systematically review it to ensure it fulfills the purpose(s) for which it is processed.
- The data subject may request the correction of personal data that is inaccurate, incomplete, unnecessary or excessive.
- When personal data is corrected, the company will notify, as soon as is reasonably practicable, all third parties to whom the relevant personal data was transferred and to the data subject.
12. DIRECT MARKETING
You can ask us to stop sending you marketing messages at any time by writing to us on privacy@bascopaints.com or contacting us at any time through the provided contacts.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product, service already taken up, warranty registration, product or service experience or other transactions.
13. THE USE OF COOKIES
We may store some information (using "cookies") on your computer when you visit our websites. This enables us to recognise you during subsequent visits. The type of information gathered is non-personal (such as: the Internet Protocol (IP) address of your computer, the date and time of your visit, which pages you browsed and whether the pages have been delivered successfully.
We may also use this data in aggregate form to develop customised services - tailored to your individual interests and needs. Should you choose to do so, it is possible (depending on the browser you are using), to be prompted before accepting any cookies, or to prevent your browser from accepting any cookies at all. This will however cause certain features of the web site not to be accessible.
14. THE USE OF HYPERLINKS
Our websites may provide hyperlinks to other locations or websites on the Internet. These hyperlinks lead to websites published or operated by third parties who are not affiliated with or in any way related to us and have been included in our website to enhance your user experience and are presented for information purposes only.
We do not endorse, recommend, approve or guarantee any third- party products and services by providing hyperlinks to an external website or webpage and do not have any co-operation with such third parties unless otherwise disclosed. We are not in any way responsible for the content of any externally linked website or webpage.
By clicking on a hyperlink, you will leave the Basco webpage and accordingly you shall be subject to the terms of use, privacy and cookie policies of the other website that you choose to visit.
15. ACCESS TO AND UPDATING YOUR INFORMATION
While you are responsible for the accuracy of all personal information that you provide to us, we will use reasonable efforts to maintain the accuracy and integrity of your personal information, and to update that information as appropriate. We will take reasonable steps to ensure that the personal information we collect from you is relevant to its intended use, and that it is used only in ways that are compatible with the purposes for which it was collected or otherwise authorised by you.
16. SAFEGUARDING AND PROTECTION OF INFORMATION
Basco has put in place technical and operational measures to ensure integrity and confidentiality of your data via controls around: information classification, access control, cryptography, physical and environmental security and monitoring and compliance.
17. YOUR RIGHTS
Subject to legal and contractual exceptions, you have rights under data protection laws in relation to your personal data. You have a right to:
- Be informed that we are collecting personal data about you;
- Access personal data that we hold about you and request for information about how we process it;
- Request that we correct your personal data where it is inaccurate or incomplete;
- Request that we erase your personal data noting that we may continue to retain your information if obligated by the law or entitled to do so;
- Object and withdraw your consent to processing of your personal data. We may continue to process if we have a legitimate or legal reason to do so;
- Request restricted processing of your personal data noting that we may be entitled or legally obligated to continue processing your data and refuse your request;
- Request transfer of your personal data in [an electronic format].
If you wish to exercise any of the rights set out above, please contact us on privacy@bascopaints.com
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within reasonable time.
18. HOW TO CONTACT US
If you would like to contact us on any topics in this privacy policy, you can email us on privacy@bascopaints.com or submit a request via our digital platforms. As a Data Controller and Processor, below are the contact details:
Basco Products (K) Limited
Telephone: +254-20-6823555/6823955
E-mail: privacy@bascopaints.com
19. AMENDMENTS TO THIS STATEMTENT
Basco reserves the right to amend or modify this statement at any time. If this occurs, You can access the most current version of the privacy statement by visiting our website https://duracoat.com/ so that you will always know how your personal information is being used or shared, Any amendment or modification to this statement will take effect from the date of notification on the Basco Website.
This Policy was approved by the Board on 1st February 2023