Privacy Policy

1. Introduction

At Exmas International Solutions Ltd, we prioritize your privacy and are committed to protecting the personal data you share with us. This Privacy Policy outlines our practices regarding the collection, use, and security of your personal information when you interact with our company, website, and services.

We recognize the importance of safeguarding personal data and ensuring compliance with relevant data protection laws, including but not limited to:

The General Data Protection Regulation (GDPR) for individuals within the European Economic Area (EEA).
The Kenyan Data Protection Act, 2019, for residents of Kenya.
Other applicable international and local privacy regulations that govern our operations.
This Privacy Policy applies to:

  • Individuals who visit our website or use our online services.
  • Clients and prospective clients who engage with our IT solutions, cybersecurity services, or network installations.
  • Vendors, contractors, and business partners with whom we collaborate.
  • Any other individuals who provide us with their personal information in connection with our services.

By accessing our website or using our services, you acknowledge and consent to the collection and processing of your personal data as described in this Privacy Policy. If you do not agree with any part of this policy, we advise that you refrain from using our services or providing personal information.

We encourage you to read this document carefully to understand how we handle your data and the rights you have concerning it. If you have any questions, please contact us at [email protected].

2. Information We Collect

At Exmas International Solutions Ltd, we collect various types of personal information to provide and improve our services. The types of data we collect depend on your interactions with us, whether through our website, direct communication, or business transactions. Below is a detailed breakdown of the information we may collect:

2.1 Personal Identifiable Information (PII)

We collect personally identifiable information that can be used to identify or contact you, including but not limited to:

  • Full Name – Required for communication and service personalization.
  • Email Address – Used for inquiries, updates, and newsletters.
  • Phone Number – Required for customer service and transactional communication.
  • Postal Address – Needed for billing, shipping, and service delivery.
  • Company Name & Job Title – If you engage with us as a business entity.

2.2 Technical and Device Information

When you visit our website, we may collect certain data automatically to enhance user experience and security, such as:

  • IP Address – Helps us understand geographic location and prevent fraud.
  • Device Type & Browser Information – Enables us to optimize website performance.
  • Operating System – Assists in improving compatibility with our services.
  • Time Zone & Language Preferences – Ensures a personalized experience.

2.3 Usage Data

We track how users interact with our website and services, including:

  • Billing Details – Including name, address, and payment method for processing invoices.
  • Payment Information – Such as bank details or credit card information (securely processed by third-party payment gateways).
  • Purchase History – Helps us manage client accounts and provide customer support.

2.5 Communications and Customer Support Data

When you contact us via email, phone, or live chat, we may collect:

  • Customer Queries and Requests – Used to respond and provide support.
  • Feedback and Reviews – Helps us improve our products and services.
  • Survey Responses – Used for market research and service enhancement.

2.6 Information from Third Parties

We may receive personal information from:

Business Partners and Affiliates – Shared with us as part of collaboration agreements.
Marketing and Advertising Platforms – Such as Google Ads, social media, and analytics tools.
Publicly Available Sources – Information obtained from professional directories or corporate websites.

2.7 Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve user experience and collect analytical data. Information collected includes:

Session Cookies – Temporary cookies that improve navigation and expire after your session.
Persistent Cookies – Stored on your device for future visits to enhance personalization.
Third-Party Tracking (Google Analytics, Facebook Pixel, etc.) – Provides insights into website traffic and user behavior.
We provide options to manage cookies via browser settings or through our cookie policy page.

2.8 Sensitive Information

We do not intentionally collect sensitive personal data, such as:

  • Religious beliefs
  • Political opinions
  • Health information
  • Biometric data

However, if such data is required for a specific service, we will obtain explicit consent before collection and processing.

How We Ensure Data Accuracy

To maintain data accuracy and completeness, we:

  • Regularly update and verify contact details.
  • Allow users to edit or correct their information upon request.
  • Use automated tools to detect outdated or incorrect data.

By providing your personal information, you consent to its collection, storage, and processing as described in this policy. You have the right to request details on the data we hold and update it at any time by contacting [email protected].

3. How We Collect Information

we collect personal information through various channels to ensure seamless service delivery and customer engagement. Below is a detailed explanation of how we gather this data.

3.1 Direct Interactions

You may provide us with personal information when you:

  • Fill out forms on our website, including contact forms, service request forms, or subscription forms.
  • Communicate with us via email, phone calls, WhatsApp, or live chat.
  • Make a purchase of our IT solutions, cybersecurity services, or networking products.
  • Request customer support or submit inquiries regarding our services.
  • Participate in surveys, promotions, or contests that we conduct.
  • Provide testimonials or reviews about our services.

3.2 Automated Technologies and Tracking Tools

When you visit our website, we automatically collect certain technical and usage data through:

  • Cookies – Small text files stored on your browser that help us improve user experience.
  • Google Analytics – Tracks website interactions, such as time spent on pages and referral sources.
  • Facebook Pixel & Other Ad Trackers – Helps us analyze advertising effectiveness.
  • Log Files – Records IP addresses, browser types, and timestamps for security and performance analysis.

Users have the option to accept or decline cookies through their browser settings or our cookie consent banner.

3.3 Third-Party Sources

We may receive information from:

Business partners and service providers who work with us to deliver IT solutions.
Social media platforms (Facebook, LinkedIn, Instagram) when you interact with our content or ads.
Public directories and professional networks (e.g., LinkedIn) when businesses reach out to us.
We ensure that any third-party data collection aligns with relevant data protection regulations.

4. Use of Personal Information

We use the personal data we collect for specific business, operational, and legal purposes. Below is a detailed breakdown of how we utilize this data.

4.1 Service Provision and Customer Support

We use your data to:

  • Deliver our services – Including IT consulting, network installations, cybersecurity solutions, and software development.
  • Process orders and payments – Ensuring secure transactions for purchases.
  • Provide technical support and troubleshooting – Helping customers resolve issues with their IT infrastructure.
  • Schedule consultations and site visits – Where physical interaction is necessary.

4.2 Communication and Engagement

We use personal data to:

  • Respond to inquiries via email, phone, or chat.
  • Send service updates and maintenance notifications when necessary.
  • Deliver newsletters and promotional content to users who have opted in.
  • Request customer feedback and conduct surveys to improve our offerings.

You can opt out of marketing emails at any time by clicking the “unsubscribe” link in our emails.

4.3 Business Operations and Analytics

Your data helps us:

  • Analyze service performance and identify areas for improvement.
  • Monitor website traffic and optimize user experience.
  • Track sales and revenue trends for business growth.
  • Detect and prevent fraudulent activities using security tools and risk assessment measures.

4.4 Legal and Regulatory Compliance

We may process your data to:

  • Comply with tax, financial, and legal obligations.
  • Meet regulatory requirements under Kenyan and international data protection laws.
  • Investigate security breaches, fraud, or other violations.
  • Enforce contractual agreements and protect our legal rights.

4.5 Marketing and Advertising

With your consent, we may use your data to:

  • Show targeted ads on social media, Google, and other platforms.
  • Run retargeting campaigns to remind you of our services.
  • Offer promotions and special discounts via email or SMS.

We do not sell or rent personal information to third parties for marketing purposes.

4.6 Data Aggregation and Anonymization

We may aggregate user data for research, statistical analysis, or business reporting.
Anonymized data ensures individuals cannot be personally identified.
By using our services, you consent to the above uses of your personal data. If you have any concerns or wish to adjust your preferences, contact us at [email protected].

5. Sharing of Personal Information

At Exmas International Solutions Ltd, we take the confidentiality of your personal information seriously. We do not sell, rent, or trade your data. However, we may share your personal information with trusted third parties under specific circumstances to ensure service efficiency, legal compliance, and business operations. Below is a detailed breakdown of when and how we share your data.

5.1 Service Providers and Business Partners

We work with third-party service providers and business partners who assist in delivering our IT solutions and cybersecurity services. These include:

  • Cloud Hosting and Data Storage Providers – To store data securely and enhance system performance.
  • Payment Processors – To handle transactions securely. These providers adhere to PCI DSS (Payment Card Industry Data Security Standards) to protect financial data.
  • Marketing Agencies and Advertising Partners – For running targeted campaigns and analytics.
  • IT Support and Maintenance Teams – Who help manage our systems and ensure technical security.
  • Shipping and Logistics Providers – If we need to deliver physical products or hardware solutions.

All third-party vendors are bound by strict confidentiality agreements to prevent misuse of your data.

5.2 Legal and Regulatory Authorities

We may share personal data when required by law, including but not limited to:

Government authorities and law enforcement agencies in compliance with legal obligations.
Regulatory bodies to adhere to tax, financial, or licensing laws.
Court orders and legal proceedings if we are involved in a legal dispute.
We will only disclose the necessary information and ensure that such disclosures comply with data protection laws.

5.3 Business Transfers

In the event of:

  1. A merger, acquisition, or sale of assets, your data may be transferred to the new entity.
  2. A business restructuring, we may share information with affiliated companies under common ownership.

Any such transfers will be done in a secure and lawful manner, ensuring continued protection of your data.

5.4 Third-Party Integrations and APIs

If you engage with third-party tools through our platform (e.g., Google Maps, CRM integrations), those services may collect and process data under their own privacy policies. We encourage users to review these policies before using such services.

5.5 International Data Transfers

If we transfer data across countries, we ensure compliance with applicable data protection regulations, including:

  • GDPR (for European users) – ensuring that cross-border data transfers meet EU privacy laws.
  • Kenyan Data Protection Act, 2019 – for data collected and processed in Kenya.

We implement secure transfer mechanisms such as Standard Contractual Clauses (SCCs) and data encryption for international data exchanges.

6. Data Security

At Exmas International Solutions Ltd, we prioritize data security to protect personal information from unauthorized access, misuse, and breaches. We implement technical, administrative, and organizational security measures to ensure data confidentiality, integrity, and availability.

6.1 Security Measures We Implement

We use the following safeguards to protect your data:

  • Encryption Technologies – Sensitive data is encrypted using AES-256 encryption for storage and TLS 1.2/1.3 for secure transmissions.
  • Access Controls & Authentication – We enforce multi-factor authentication (MFA) and role-based access controls (RBAC) to restrict access to authorized personnel only.
  • Firewalls and Intrusion Detection Systems – To prevent unauthorized access and monitor suspicious activity.
  • Regular Security Audits & Penetration Testing – To identify vulnerabilities and strengthen our defenses.
  • Secure Data Storage – Personal data is stored in ISO-certified data centers with strict security controls.
  • Backups & Disaster Recovery Plans – We conduct regular data backups to prevent data loss and ensure business continuity.

6.2 How We Protect Financial Data

Secure Payment Gateways – We do not store credit card details; all transactions are processed through PCI-compliant payment providers.
Fraud Detection Systems – Our system monitors and flags suspicious transactions for review.

6.3 Employee and Contractor Data Security Awareness

Our employees and contractors receive mandatory cybersecurity training to handle personal data responsibly.
We enforce non-disclosure agreements (NDAs) with all staff handling sensitive data.

6.4 User Responsibility for Data Security

We encourage our users to:

  • Use strong and unique passwords for their accounts.
  • Enable two-factor authentication (2FA) where applicable.
  • Be cautious of phishing attempts and avoid sharing sensitive information via unsecured channels.

6.5 Data Breach Response Plan

In case of a data breach, we will:

  • Investigate and contain the breach immediately.
  • Notify affected users within the timeframe required by applicable laws.
  • Report the breach to relevant authorities (e.g., Kenya’s Office of the Data Protection Commissioner for Kenyan users or GDPR regulators for European users).
  • Implement corrective measures to prevent future breaches.

6.6 Retention Periods and Data Deletion

We do not retain personal data longer than necessary. Our retention periods follow:

  • Customer Accounts & Transactional Data – Retained for 7 years (to comply with tax and accounting regulations).
  • Website Analytics Data – Retained for 26 months before being anonymized.
  • Inactive User Accounts – Deleted after 24 months of inactivity.
  • Users can request data deletion at any time by contacting [email protected].

By following these security measures, we ensure that your personal information remains safe, private, and protected from cyber threats.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Below is a detailed breakdown of our data retention practices.

7.1 How Long We Keep Your Data

The retention period depends on the type of data collected and its purpose. We retain:

  • Customer account information – Until account deletion or after 24 months of inactivity.
  • Transactional data (invoices, payments, contracts, etc.) – For seven years to comply with financial and tax regulations.
  • Customer support communications – For two years for quality assurance and dispute resolution.
  • Marketing and subscription data – Until the user opts out (by unsubscribing).
  • Website analytics data – For 26 months before it is anonymized.
  • Job applications (resumes, CVs, etc.) – For 12 months to keep records of potential hires.
  • Legal records and compliance data – For a period required by law, typically between five and ten years.

If legal obligations require us to retain certain data for longer periods, we will ensure it is stored securely and only used for compliance purposes.

7.2 Data Deletion and Anonymization

Once the retention period expires, we will:

  • Permanently delete the data from our systems.
  • Anonymize it, making it impossible to identify the individual.
  • Archive it securely if required by law.

7.3 User Control Over Data Retention

Users have the right to:

  • Request account deletion, upon which all associated personal data will be erased, except for legally required records.
  • Request data portability, allowing them to obtain a copy of their stored data in a readable format.
  • Update or correct inaccurate data at any time.

To request data deletion or updates, users can contact [email protected].

8. Your Rights

At Exmas International Solutions Ltd, we respect your rights regarding personal data and provide ways to exercise control over your information. Your rights may vary depending on your jurisdiction, such as the General Data Protection Regulation (GDPR) in the European Union (EU) or the Kenyan Data Protection Act, 2019

8.1 Right to Access (Data Access Request)

You have the right to:

  • Request a copy of the personal data we hold about you.
  • Understand how we process your data, including its purpose and storage location.

To request access, users can email [email protected] with the subject: “Data Access Request.”

8.2 Right to Rectification (Correction of Data)

Users can request corrections if:

  • Their information is outdated or inaccurate.
  • They have changed contact details, addresses, or other relevant data.

We will update the information promptly upon verification.

8.3 Right to Erasure (Right to Be Forgotten)

Users can ask us to delete their personal data under the following conditions:

  • The data is no longer needed for the original purpose.
  • They withdraw consent for processing.
  • They object to data processing, and there is no overriding legal basis.
  • The data has been unlawfully processed.

We will respond to deletion requests within 30 days, subject to legal requirements.

8.4 Right to Restrict Processing

Users have the right to request temporary restriction of data processing if:

  • They contest its accuracy.
  • Processing is unlawful, but they do not want the data deleted.
  • They need data for legal claims, but we no longer need it.
  • They have objected to processing, and we are verifying legitimate grounds.

While restricted, the data will not be used except for legal purposes.

8.5 Right to Object to Data Processing

Users can object to:

  • Direct marketing activities (they may unsubscribe from promotional emails).
  • Automated decision-making, including profiling.

We will stop processing unless we have compelling legitimate grounds overriding the request.

8.6 Right to Data Portability

Where applicable, users can request their data in a structured, machine-readable format to transfer it to another service provider.

8.7 Right to Withdraw Consent

If we rely on explicit consent (e.g., for marketing emails), users may withdraw it at any time.

8.8 How to Exercise Your Rights

To make a request, users can contact us via:

Email: [email protected]
Phone: +254 725 415 177
Address: Landmark Plaza, Argwings Kodhek Road, Nairobi, Kenya
We process requests within 30 days, depending on complexity.

Summary

We only retain data for as long as necessary.
Users have full control over their personal information.
We comply with data protection laws, ensuring privacy rights are respected.
For inquiries or concerns, users can contact our Data Protection Officer (DPO) at [email protected].

9. Cookies and Tracking Technologies

At Exmas International Solutions Ltd, we use cookies and similar tracking technologies to enhance user experience, analyze website performance, and deliver targeted content. This section explains what cookies are, how we use them, and how users can manage their preferences.

9.1 What Are Cookies?

Cookies are small text files stored on your browser or device when you visit our website. They allow us to recognize you, remember your preferences, and improve site functionality.

9.2 Types of Cookies We Use

We use different types of cookies, each serving a specific purpose:

Essential Cookies – Required for the website to function properly (e.g., security, authentication).
Performance Cookies – Collect information about how visitors use our website (e.g., page visits, load times).
Functionality Cookies – Store user preferences, such as language selection and customization options.
Analytics Cookies – Help us analyze website traffic and improve content (e.g., Google Analytics).
Advertising Cookies – Used to deliver targeted advertisements and measure marketing effectiveness (e.g., Facebook Pixel).

9.3 How We Use Cookies and Tracking Technologies

We use cookies to:

  • Improve website navigation and user experience.
  • Remember login details and preferences for returning visitors.
  • Analyze traffic patterns to enhance site performance.
  • Serve relevant advertisements based on browsing behavior.
  • Detect and prevent fraudulent activities.

9.4 Third-Party Tracking Technologies

We may allow third-party services, such as Google, Facebook, and LinkedIn, to set cookies on our website. These third parties may collect information about:

  • Your browsing habits across different websites.
  • Interaction with ads and marketing campaigns.
  • Device and browser information.

Each third party has its own privacy policies, which we encourage users to review.

9.5 Managing Cookies and Opt-Out Options

Users can control cookie preferences in the following ways:

  • Browser Settings – Most browsers allow you to block or delete cookies.
  • Cookie Consent Banner – Users can manage cookie settings when they visit our site.
  • Opting Out of Tracking Technologies – Users can opt out of targeted ads via the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI).

Please note that disabling cookies may affect website functionality and user experience.

10. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not controlled by Exmas International Solutions Ltd. This section explains how these links operate and our responsibility regarding external websites.

10.1 Links to External Websites

We may provide links to:

  • Partner websites offering complementary services.
  • Social media platforms (e.g., Facebook, LinkedIn, Twitter).
  • Blogs, news articles, or industry resources.
  • Payment gateways or third-party service providers.

Clicking on these links will direct you to third-party websites, where their own privacy policies and terms of service apply.

10.2 Our Disclaimer on Third-Party Privacy Practices

  • We do not control or endorse the privacy practices of third-party sites.
  • We are not responsible for how third parties collect, use, or secure your data.
  • We advise users to review the privacy policies of any external websites they visit.

10.3 Third-Party Widgets and Plugins

Our website may also feature third-party widgets, such as:

  • Social Media Plugins (Facebook Like button, Twitter Share button).
  • Embedded Videos (YouTube, Vimeo).
  • Live Chat and Customer Support Tools.

These widgets may collect user data, including IP addresses and browsing behavior. Interacting with them means you are subject to the third-party provider’s privacy policies.

10.4 Security Risks with Third-Party Links

While we strive to ensure external links are safe, we cannot guarantee their security. Users should:

  • Verify the legitimacy of external websites before sharing personal information.
  • Avoid clicking on suspicious or unverified links.
  • Report any fraudulent or unsafe links found on our platform.

Summary

  • We use cookies to improve user experience, analyze website traffic, and run targeted ads.
  • Users can manage cookies through browser settings or opt-out mechanisms.
  • Our website contains third-party links and widgets, but we are not responsible for their privacy practices.
  • Users should review third-party privacy policies before sharing personal data.

For further inquiries, contact [email protected].

11. Changes to This Privacy Policy

At Exmas International Solutions Ltd, we reserve the right to update or modify this Privacy Policy at any time to reflect changes in legal requirements, business operations, technology advancements, or industry best practices. This section outlines how and when updates occur and how users will be notified.

11.1 When We Update This Policy

We may revise our Privacy Policy under the following circumstances:

  • Changes in data protection laws – If new regulations require us to modify how we handle personal data.
  • Expansion of our services – If we introduce new products, services, or business partnerships.
  • Changes in data collection methods – If we adopt new technologies, such as AI-driven analytics or third-party integrations.
  • Security and compliance updates – If we implement new security measures or update our compliance policies.
  • User feedback or industry standards – If feedback from customers or regulatory authorities necessitates policy changes.

11.2 How We Notify Users of Updates

Whenever we update this Privacy Policy, we will notify users through one or more of the following methods:

  • Website Announcement – A banner or pop-up notification on our website.
  • Email Notification – If users have opted in to receive updates, we may send an email detailing the changes.
  • Account Dashboard Alerts – Users with registered accounts may receive an in-app notification.
  • Social Media Updates – Important privacy changes may be shared via our official social media pages.

11.3 User Consent for Policy Changes

  • If the changes are minor and do not affect user rights, they will take effect immediately after publication.
  • If the changes are significant (such as new data-sharing practices or legal obligations), we may require explicit user consent before processing data under the updated terms.
  • Continued use of our services after the updated Privacy Policy is published constitutes acceptance of the changes.

11.4 Accessing Previous Versions of the Policy

Users can request previous versions of our Privacy Policy by contacting [email protected].

11.5 Encouraging Users to Stay Informed

We encourage all users to:

  • Review this Privacy Policy periodically.
  • Stay updated on their privacy rights.

Reach out to us if they have any concerns regarding privacy practices.

Summary

  • We may update this Privacy Policy to reflect changes in laws, services, or security measures.
  • Users will be notified of updates via website announcements, emails, or social media.
  • Significant changes may require user consent before implementation.
  • Users can request previous versions of the Privacy Policy at any time.

For any questions, users can contact our Data Protection Officer (DPO) at [email protected].