Privacy Policy

1. Introduction

Epimax Kenya ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website epimaxkenya.com and make purchases from us.

2. Information We Collect

2.1 Personal Information You Provide

When you place an order, create an account, or contact us, we collect:

• Identity Information: Full name, date of birth (if provided)
• Contact Information: Email address, phone number, delivery address
• Payment Information: Payment details (securely processed through our payment providers)
• Order Information: Products purchased, order history, preferences
• Communication Data: Your inquiries, feedback, and correspondence with us

2.2 Information Automatically Collected

When you browse our website, we automatically collect:

• Technical Data: IP address, browser type and version, device type, operating system
• Usage Data: Pages visited, time spent on pages, links clicked, search queries
• Location Data: General location based on IP address
• Cookie Data: Information from cookies and similar technologies (see Section 8)

2.3 Information from Third Parties

We may receive information from:

• Payment Processors: Transaction confirmation and payment status
• Delivery Partners: Delivery status and confirmation
• Social Media: If you interact with us on social platforms

3. How We Use Your Information

3.1 To Process Orders and Provide Services

• Process and fulfill your orders
• Arrange delivery of products
• Process payments and prevent fraud
• Send order confirmations and shipping updates
• Handle returns and refunds

3.2 To Communicate With You

• Respond to your inquiries and customer service requests
• Send important updates about your orders
• Provide skincare tips and product information
• Send promotional emails (only if you've opted in)
• Conduct surveys to improve our services

3.3 To Improve Our Website and Services

• Analyze website usage and customer behavior
• Improve website functionality and user experience
• Develop new products and services
• Personalize your shopping experience

3.4 For Legal and Security Purposes

• Comply with legal obligations and regulations
• Prevent fraudulent transactions and protect against security threats
• Enforce our Terms and Conditions
• Protect our rights, property, and safety

4. Legal Basis for Processing (Kenya Data Protection Act, 2019)

We process your personal data based on:

• Contract Performance: To fulfill our contract with you when you place an order
• Consent: When you opt in to receive marketing communications
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with Kenyan laws and regulations

5. Information Sharing and Disclosure

5.1 Service Providers We Share Data With

We share your information with trusted third parties who help us operate our business:

• Delivery Partners: We share your name, phone number, and delivery address with courier services (G4S, Fargo Courier, Posta Kenya) to deliver your orders
• Payment Processors: Payment information is securely processed by authorized payment gateway providers
• Website Hosting: Shopify hosts our website and stores order data securely
• Email Service Providers: To send order confirmations and marketing emails (if opted in)
• Analytics Providers: To understand website usage and improve our services

5.2 Legal Disclosures

We may disclose your information when required by law:

• To comply with court orders, legal processes, or government requests
• To enforce our Terms and Conditions
• To protect our rights, property, and safety, or that of others
• In connection with fraud prevention and investigation

5.3 Business Transfers

If Epimax Kenya is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5.4 What We Do NOT Do

• We do NOT sell your personal information to third parties for marketing purposes
• We do NOT share your information with advertisers without your consent
• We do NOT use your information for purposes other than those stated in this policy
• We do NOT spam you - you can unsubscribe from marketing emails anytime

6. Data Security

6.1 Security Measures

We implement appropriate technical and organizational security measures to protect your personal information:

• SSL/TLS Encryption: All data transmission is encrypted
• Secure Payment Processing: PCI-DSS compliant payment systems
• Access Controls: Limited access to personal data by authorized personnel only
• Regular Security Audits: We regularly review and update our security practices
• Data Backup: Regular backups to prevent data loss
• Employee Training: Staff trained on data protection and privacy

6.2 Data Retention

We retain your personal information for as long as necessary to:

• Fulfill the purposes outlined in this policy
• Comply with legal, accounting, or reporting requirements
• Resolve disputes and enforce our agreements

When data is no longer needed, we securely delete or anonymize it.

7. Your Rights Under Kenya Data Protection Act, 2019

You have the following rights regarding your personal data:

7.1 Right to Access

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements.

7.4 Right to Restrict Processing

You can request that we limit how we use your data.

7.5 Right to Data Portability

You can request your data in a structured, commonly used format.

7.6 Right to Object

You can object to certain types of processing, including direct marketing.

7.7 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with:

Office of the Data Protection Commissioner
Kenya
Email: info@odpc.go.ke
Phone: +254 (0) 20 2185027

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: epimaxkenya@gmail.com
• Phone: +254 796 140021
• Written Request: Stanbank House Shop A604, Wing A 6th floor, Nairobi

We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us improve your experience and understand how you use our site.

8.2 Types of Cookies We Use

Essential Cookies (Required)

• Enable core website functionality
• Remember items in your shopping cart
• Maintain your login session

Analytics Cookies (Optional)

• Track website traffic and usage patterns
• Help us understand which pages are most popular
• Improve website performance

Marketing Cookies (Optional)

• Track your browsing habits across websites
• Deliver personalized advertisements
• Measure effectiveness of marketing campaigns

8.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality. To manage cookies:

• Chrome: Settings → Privacy and Security → Cookies
• Safari: Preferences → Privacy → Cookies and website data
• Firefox: Settings → Privacy & Security → Cookies and Site Data

9. Marketing Communications

9.1 What You'll Receive

If you opt in to receive marketing emails, we'll send you:

• New product launches and arrivals
• Special offers, discounts, and promotions
• Skincare tips and advice
• Exclusive deals for newsletter subscribers
• Seasonal promotions and sales

9.2 Frequency

We typically send 2-4 marketing emails per month. We respect your inbox and won't spam you.

9.3 How to Unsubscribe

You can unsubscribe at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email
• Emailing us at epimaxkenya@gmail.com
• Updating your preferences in your account settings
• Contacting us via WhatsApp at +254 796 140021

Note: Even if you unsubscribe from marketing emails, we'll still send you important transactional emails about your orders.

10. Children's Privacy

Our website and services are not directed to children under 18 years of age. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove that information from our systems.

11. International Data Transfers

Your information is primarily stored and processed in Kenya. However, some of our service providers (such as Shopify) may store data on servers outside Kenya.

When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with Kenya's data protection laws.

12. Third-Party Links

Our website may contain links to third-party websites (such as social media platforms). This Privacy Policy does not apply to those websites.

We are not responsible for the privacy practices of third-party websites. We encourage you to read their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make changes:

• We'll post the updated policy on this page
• We'll update the "Last Updated" date at the top
• For significant changes, we'll notify you by email or prominent notice on our website
• Your continued use of our website after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Epimax Kenya

• Email: epimaxkenya@gmail.com
• Phone: +254 796 140021
• WhatsApp: +254 796 140021 (Fastest response)
• Physical Address: Stanbank House Shop A604, Wing A 6th floor, Nairobi, Kenya

Business Hours: Monday to Friday, 9:00 AM - 6:00 PM EAT
Response Time: We aim to respond to all privacy inquiries within 48 hours.

This Privacy Policy is compliant with the Kenya Data Protection Act, 2019