ibuQa Capital Limited
We care about your personal data
ibuQa is a logistics company that seeks to offer safe and dependable logistics services for online shops, wholesalers, distributors, and other businesses.
Protecting your privacy is a top priority for us as our customers and clients expect us to carefully handle and protect the personal information shared with us.
The ibuQa application is available on the web at https://ibuqa.io/ and may also published on the Google Play Store, Apple App Store, and other distribution channels.
Your Personal Information may be collected by the following entity:
ibuQa Capital Ltd
Suite C6, Kindaruma Apartments, Kindaruma Road, Nairobi
+254 743 750000
This company will be the data controller and processor of the Personal Information collected to provide the Services to you.
- What is Personal Information?
“Personal Information” is the information that identifies and relates to you, or to other individuals who also benefit from our Services e.g., email address, your names, company name, and phone number "Sensitive Personal Data" includes information revealing your race, health status, ethnic social origin, conscience, belief, property details, marital status, family details including names of your children, parents, spouse or spouses, and your sex or sexual orientation. Your Personal Information may be provided to us by yourself or by a third party entitled to provide us with such information. “You” means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
- Who is a data controller and processor?
A data controller is an individual or legal person who determines the purpose and means of processing data, while a data processor processes personal data on behalf of a controller. Both controllers and processors are responsible to keep and use personal data in paper or electronic files. We are the data controller and processor as defined by relevant data protection laws and regulations.
- What types of personal information will be collected?
We will collect and process various types of personal data about you, such as:
- a) General information such as your name, address, contact details (email address and telephone numbers), date of birth and gender
- b) Information linked to the provision of the Services e.g., to review
- c) Information about your job including job title or any other that may be strictly required to provide the Services to you, if there is a connection between the access to the Services and your job or job title.
- d) Financial information such as your bank, mobile money, card or other payment details.
- e) Location information.
- f) IP addresses when visiting web pages with cookies.
- g) Telephone recordings and other logs of your correspondence with us; and,
- h) Sensitive data including details of your gender,
- i) Shipping origin
- j) Shipping destination
- k) Product type
- How will we obtain your personal information?
We will collect and use the personal information that you provide to us and that we receive about you from different sources for several purposes and with your explicit consent unless applicable laws and regulations do not require us to obtain your explicit consent. The sources include:
- a) You directly when you provide it to us.
- b) From someone else on your behalf (e.g., a family member that you have authorized);
- c) As we are required to collect your Personal Information because of contractual agreements, the failure to provide this information may prevent or delay the fulfilment of these obligations. For example, if you do not provide certain Personal Information, we will not be able to provide you with the Services.
- Why will we obtain your personal information?
Your Personal Information is collected to provide the Services you are entitled to. We use your Personal Information to:
- a) Verify your identity information.
- b) Process products and services on our platforms.
- c) To attend and manage your service requests to Us.
- d) Provide insurance and assistance services including, e.g., claim assessment, processing and settlement.
- e) Communicate with you and others, as part of our Services.
- f) Send you important information regarding changes to our policies, other terms and conditions and other administrative information.
- g) Make non-automated decisions about whether to provide the Services to you.
- h) Provide improved quality, training and security (e.g., with respect to recorded or monitored phone calls to our contact numbers);
- i) To detect, prevent, investigate, and protect our business against fraud or other crimes.
- j) Manage our systems and infrastructure, ensure effective business operations, and comply with internal policies and procedures, including those relating to audits, finance and accounting, billing and collections, IT systems, business continuity, and records, document, and print management.
- k) To customise our services for you, including providing recommendations, personalised content, and customised search results.
- l) Continuously improve the quality of our Services and processes e.g., conducting surveys, measuring performance, research, and data analysis to understand how our Services are used.
- m) Resolve complaints, respond to queries, and settle disputes.
- n) Carrying out credit checks and credit scoring for services that are accessed on credit.
- o) To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
- p) Comply with applicable laws and regulatory obligations, including those relating to anti-money laundering and anti-terrorism; and respond to requests from public and governmental authorities and litigation; and,
- q) Establish and defend legal rights; protect our operations or those of any of our insurance business partners; safeguard our rights, privacy, safety, or property, and/or you or others; and pursue available remedies or limit our damages.
- What is the legal basis for processing?
We may use your Personal Information for several different purposes as outlined above that are always connected with the Services we provide. Consequently, we will rely on the following legal grounds to use your Personal Information:
- a) The use of your Personal Information is necessary for the performance of a contract to which you are a party.
- b) We have a legal or regulatory obligation to use your Personal Information. For example, we will rely on this ground to comply with anti-money laundering and anti-terrorism obligations; and
- c) We have a legitimate interest in using your Personal Information. We may rely on this legal ground for the purpose of providing improved quality, training, and managing our infrastructure and operations. When collecting and processing your Personal Information under this ground we put in place robust safeguards to ensure that your privacy is protected and that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
- d) Due to the nature of the Services, you are entitled to, we may process sensitive data connected with the provision of such Services.
- e) Generally, your consent shall be required when signing up for our Services, and in specific situations due to the nature of the data required to be disclosed, or where required under any applicable laws and regulations.
- Disclosure of Information
Your personal information may be disclosed where it is necessary for providing you with the Services you are entitled to, or for any of the purposes described in this Policy, we may disclose your Personal Information to other parties. We shall assess and review each application for information and may decline to grant such information to the requesting party. Where granted, only minimum and necessary personal information may be shared. Sensitive information will not be shared without seeking your express consent.
We may disclose your Personal Information will be accessed by:
- a) IbuQa Capital but restricted to those individuals and entities who have a requirement to access the information for the purposes described in this Policy.
- b) External third-party service providers, such as IT systems, support, and hosting service providers; document and records management providers; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
- c) Marketing and promotion service providers where you have provided your express consent to opt into the service, and where you opt-out, your personal information will not be shared.
- d) External professional advisors and partners such as, accountants, actuaries, auditors, experts, consultants, lawyers; banks and financial institutions that service our accounts; claim investigators, adjusters, and others.
- e) Any financial institutions, credit reference agencies or credit bureaus, for the purposes of obtaining or providing credit references.
- f) Investigative firms we brief to investigate claims on our behalf in relation to suspected fraud.
- g) Our regulators and other governmental or public authorities where necessary to comply with a legal or regulatory obligation, formal request, court order, or similar legal procedure.
- h) The police and other third parties or law enforcement agencies, court, regulator, government authority or other similar third parties where necessary for the prevention or detection of crime or to comply with a legal or regulatory obligation; or otherwise, to protect our rights or the rights of a third party.
- i) Debt collection agencies and organisations.
- j) Survey agencies that conduct surveys on our behalf.
- k) Selected third parties in connection with any sale, transfer or disposal of our business.
- l) Other third parties, such as emergency providers (fire, police, and medical emergency services) and travel carriers.
- m) Publicly available and/or restricted government databases to verify your identity information to comply with regulatory requirements; and,
- n) Your employer or a company acting on your employer’s behalf to monitor, audit or otherwise administer the Services and fulfill contractual obligations in relation to the Services.
- International Data Transfers
- a) Due to the nature of the Service, the data that we collect from you may be transferred to and stored at, a destination outside Kenya.
- b) Your Personal Information can be shared with or accessed by parties located in other countries outside Kenya that have a different data protection regime from Kenya.
- c) In any case, where we transfer your Personal Information outside Kenya, we will conduct the transfer in accordance with the applicable data protection laws and ensure that there are appropriate safeguards, such as contractual obligations in place with respect to the protection of your Personal Information in accordance with this Policy.
- Retention of Personal Information
- a) We will only retain your Personal Information for as long as is necessary to: provide you with the Services; fulfil the purposes outlined in this Policy; and for the purposes of complying with, or satisfying any legal obligations, or regulatory, tax, accounting or reporting requirements.
- b) We ensure that proper procedures are in place to manage your Personal Information and to remove or archive it when necessary.
- c) We will delete your personal information once our retention period of 6 years after your last use of our services expires, and once we have complied with any afore-mentioned purposes.
- d) Anonymised information that can no longer be associated with you may be held indefinitely.
- Your Rights
Under data protection laws you have certain rights in relation to the Personal Information that we hold about you. You may exercise, as may be applicable, these rights at any time by contacting us using the details set out in the “Contact Us” section below.
- a) Your rights include:
- b) The right to information - You are entitled to be informed of the purpose to which your personal information is to be put.
- c) The right to access your Personal Information - You are entitled to a copy of the Personal Information we hold about you. Your information will be provided to you in electronic means unless otherwise requested.
- d) The right to object to or restrict processing - You are entitled to object to our processing of your Personal Information or ask us to stop using your Personal Information. Please note that in some circumstances exercise of these rights will render us unable to continue providing you with the Services, or compliance with the request may not be possible where there may be compelling and legitimate reasons that override your interests.
- e) The right to rectification - You are entitled to correct, amend, or update the Personal Information we hold about you. Please note that we take reasonable steps to ensure that the Personal Information we hold about you is accurate and complete.
- f) The right to erasure - You are entitled to request the erasure of your Personal Information, including information that is inaccurate, outdated, incomplete or misleading.Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with the Services.
- g) The right to data portability - You have the right to ask that we provide your Personal Information to you in a commonly used electronic format, and to transfer any Personal Information that you have provided to us to another third party of your choice where technically possible.
- h) The right to object to direct marketing - You are entitled to object to the commercial use of your data, or to request us to stop sending you marketing communication. Where you give your express consent, the data shall be anonymised to ensure you are no longer identifiable.
- i) The right not to be subject to automated decision-making (including profiling) - You have a right to not be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning or significantly affecting you. We do not base our decisions solely only on automated means. Please note that in some circumstances exercise of these rights will render us unable to continue providing you with the Services, or compliance with the request may not be possible where there may be compelling and legitimate reasons that override your interests.
- j) The right to withdraw consent - You have a right to withdraw your consent at any time. We seek and obtain your consent to collect and process your Personal Information in order to provide the Services. Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with the Services.
- k) The right to lodge a complaint - You have a right to complain to our Data Protection Officer and the Office of the Data Protection Commissioner if you believe that any use of your Personal Information by us is in breach of applicable data protection laws and regulations. Making a complaint will not affect any other legal rights or remedies that you have.
- Security of Personal Information
We will take appropriate technical, physical, legal, and organizational measures, which are consistent with applicable data protection laws to protect your Personal Information.
- Changes to this Policy
- How to Contact Us
As a Data Controller and Processor, below are the contact details of our Data Protection Officer:
Data Protection Officer
IbuQa Capital Ltd
+254 743 750000