Privacy policy

Last updated: 1 April 2024

Introduction

Bee You Collections (hereinafter “we”, “us”, or “our”) is committed to protecting the privacy and security of your personal information (hereinafter “personal information”). As part of our operations, we will need to collect, store, transmit, and otherwise process or use (hereinafter “process”) your personal information. Personal information will include any offline or online data that relates to an identified or identifiable you.

This Privacy Policy describes how we process your personal information when you visit, use our services, or make a purchase from beeyoucollections.com (the "Site") or otherwise communicate with us (collectively the, "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose personal information we have collected pursuant to this Privacy Policy.

We, our employees and third parties working with us are expected to comply with all applicable laws and this Privacy Policy in so far as relates to the processing of any Personal information and must ensure that all Personal information is processed in accordance with this policy and the Applicable Laws.

Please read this Privacy Policy carefully. 

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date and take any other steps required by applicable law.

How We Collect Your Personal Information

To provide the Services, we collect personal information about you from a variety of sources, as set out below. The information that we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

  • Basic contact details including your name, address, phone number, email.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, phone number.
  • Account information including your username, password, security questions.
  • Shopping information including the items you view, put in your cart or add to your wishlist.
  • Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect through Cookies

We also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

We use Cookies on our Site to power and improve our Services, run analytics and better understand user interaction with the Services. Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf. Where we do this, we enter into contracts with our third-party data processors in accordance with applicable laws that manage how these third parties process your personal information on our behalf.

Processing Your Personal Information

Lawful Bases for processing

The applicable laws allow processing of personal information bases on several legal bases, some of which are set out below:

  • you have given your consent;
  • the processing is necessary for the performance of a contract with you including our Terms of Service;
  • the processing is necessary to meet compliance of our legal obligations;
  • the processing is necessary to protect your vital interests or those of another person; or
  • the Processing is necessary to pursue our legitimate interests (or those of a third party) provided such interests are not overridden by your interests or your fundamental rights and freedoms; or 
  • the processing is necessary for historical, statistical, journalistic, literature and art or scientific research purposes.

Where you have provided your personal information based on consent, the following guidelines shall apply:

  • you consent to the processing of your personal information if you indicate agreement to the processing clearly – either by a statement or positive action. Consent requires affirmative action from an individual and as such silence, pre-ticked boxes, or inaction will not be sufficient.
  • if consent is given in a document that deals with other matters, then we will keep the consent separate from those other matters. 
  • in obtaining your consent, you will need to have the capacity to consent. Further, you must voluntarily give consent and the consent will need to be specific to the purpose or purposes of processing. Consent may need to be refreshed if we intend to process personal information for a different and incompatible purpose which was not disclosed when you first consented.
  • you will be able to withdraw consent to processing at any time. Further details about withdrawing consent can be found below. 
  • we will maintain a record of all consents in accordance with our applicable policies.

How We Use Your Personal Information

Specifically, we may use your personal information for the following purposes:

  • Providing products and Services. We use your personal information to provide you with the Services, including to process your payments, fulfill your orders, and to enable you to post reviews.
  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, and to better tailor the Services and advertising on our Site and other websites.
  • Security and Fraud Prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity.
  • Communicating with you. We use your personal information to provide you with customer support and improve our Services.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How We Disclose Personal Information

We may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy and applicable laws, specifically:

  • With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners, including Shopify, to provide services and advertise to you. 
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations, with your consent.
  • With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

We do not process sensitive personal information for the purposes of inferring characteristics about you.

Rights of the Data Subjects

Under the applicable laws, you have the right to:

  1. Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. An application for access should be made to us in is form and we shall respond within 7 days of receipt of the request. 
  2. Request rectification of the personal information that we hold about you which is untrue, inaccurate, outdated, incomplete or misleading. A request for rectification of personal information should be made in writing by you in this form and we shall ensure that the rectification is done within 14 days of receipt of the request where we are satisfied that the rectification is necessary.  Where the request is declined, we shall notify you within seven days and shall provide a reason for the refusal. 
  3. Object to processing of your personal information for a specified purpose or in a specified manner. A request to object to processing of any personal information should be made in writing by you in this form and we shall deal with the request within 14 days of receipt. Where the request is declined, we shall notify the data subject of rejection of the request and the reason for declining the request.
  4. Request erasure or destruction of certain personal information e.g. where the personal information is no longer necessary for the purpose for which it was collected; or where you have withdrawn your consent which was the lawful basis for retaining the personal information; or where erasure is necessary to comply with a legal obligation. A request for erasure or destruction of personal information should be made in this form and we shall respond within 14 days of receipt of the request.
  5. Request the restriction of processing of your personal information e.g. where you contest the accuracy of your personal information, where you no longer need your personal information but we require it in order to establish, exercise or defend a legal claim etc. A request for restriction should be made in this form and we shall take the relevant action within 14 days of receipt of the request.
  6. Data portability which allows you to request for the transfer of your personal information to a third party. The request should be made in the prescribed form and shall be subject to payment such fees as shall be necessary to effect the request. We shall take the relevant action within 30 days of receipt of the request. 

If you wish to exercise any of your rights, you should send your specific requests to beeyoucollectionske@gmail.com and we shall coordinate a response in accordance with the applicable laws.

Any application by a data subject with respect to the matters set out above shall be subject to you providing such information or documentation as we may require. Where you are dissatisfied with any decision made in response to a request, you have a right to lodge a complaint to the ODPC.

Other Considerations

Data Security Measures: We employ stringent security measures to safeguard users' personal information. These measures include encryption protocols, secure server infrastructure, regular security audits, and ongoing employee training on data protection best practices.

Data Retention Policy: We retain users' personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable laws. The criteria used to determine the retention period include legal requirements, business needs, and user preferences.

International Data Transfers: Where we transfer users' personal information outside their country of residence, we undertake such transfers in accordance with applicable laws. We ensure adequate protection of their data through mechanisms such as standard contractual clauses or certification under international frameworks like the EU-US Privacy Shield.

Updates to the Privacy Policy: We may update this privacy policy from time to time to reflect changes in our practices or for legal or regulatory reasons. We will notify users of any material changes to the privacy policy through email, website banners, or other appropriate means.

Contact Information: If users have any questions, concerns, or requests regarding their personal information or this privacy policy, they can contact us at:

  • Email: beeyoucollectionske@gmail.com
  • Mailing Address: BYC, Ltd, Nairobi, 00100, Kenya

GDPR Compliance: For users in the European Union, we comply with the General Data Protection Regulation (GDPR). Users have rights under the GDPR, including the right to access, rectify, or erase their personal information. For inquiries regarding GDPR compliance, please contact us using the information provided above.