Privacy Policy

Introduction

Pumzi Teas Limited ("Pumzi Teas," "we," "us," or "our"), a company registered and operating in the Republic of Uganda, is committed to protecting and respecting your privacy. This Privacy Policy explains in detail how we collect, use, disclose, transfer, and store your personal information when you:

• Visit our website at pumziteas.com (the "Website")
• Purchase our products or services
• Create an account with us
• Subscribe to our newsletter or marketing communications
• Contact us through any channel
• Interact with us on social media platforms
• Participate in surveys, competitions, or promotions

This Privacy Policy is drafted in compliance with the Data Protection and Privacy Act, 2019 of Uganda, the Computer Misuse Act, 2011, the Electronic Transactions Act, 2011, and other applicable data protection regulations. We also align our practices with international standards including the EU General Data Protection Regulation (GDPR) where applicable.

By using our Website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Website or services.

1. Data Controller Information

For the purposes of applicable data protection laws, the data controller is:

2. Information We Collect

We collect and process various types of personal information depending on how you interact with us:

2.1 Information You Provide Directly

2.2 Information Collected Automatically

When you visit our Website, we automatically collect certain technical information:

• Device Information: Device type, operating system, unique device identifiers, browser type and version, screen resolution
• Network Information: IP address, internet service provider, mobile network information
• Location Data: Country, region, city (derived from IP address), timezone
• Usage Data: Pages visited, time spent on pages, click patterns, scroll depth, navigation paths, search queries on our site
• Referral Data: Referring website URL, search engine and keywords used, marketing campaign source
• Session Data: Session duration, frequency of visits, return visitor status

2.3 Information from Third Parties

We may receive information about you from:

• Payment Processors: Transaction confirmation, payment status, fraud prevention data
• Delivery Partners: Delivery status, delivery confirmation, recipient verification
• Social Media Platforms: If you interact with us on social media or use social login features
• Analytics Providers: Aggregated website usage statistics
• Marketing Partners: Campaign performance data (anonymized)

2.4 Sensitive Personal Data

We do not intentionally collect sensitive personal data (also known as special category data) such as:

• Racial or ethnic origin
• Political opinions or religious beliefs
• Health or medical information
• Biometric data
• Sexual orientation

If you voluntarily provide such information (e.g., in a message to us), we will treat it with the highest level of confidentiality and only use it for the specific purpose you intended.

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Website. For comprehensive information about our cookie practices, please see our Cookie Policy.

3.1 Types of Cookies We Use

3.2 Managing Your Cookie Preferences

You can manage your cookie preferences at any time by:

• Clicking the "Cookie Settings" link in our website footer
• Adjusting your browser settings to block or delete cookies
• Using browser extensions that manage cookies

Please note that disabling certain cookies may affect the functionality of our Website.

3.3 Other Tracking Technologies

• Web Beacons: Small transparent images used to track email opens and website interactions
• Local Storage: Stores data locally on your device for faster page loading

4. SMS Communications and Data Handling

4.1 SMS Services

We use SMS (Short Message Service) to communicate with you for various purposes. Our SMS services include:

4.2 SMS Data Collection

When you interact with our SMS services, we may collect:

• Phone Number: The mobile number where messages are sent
• Consent Status: Your preferences for receiving SMS messages
• Message Metadata: Timestamps, delivery status, read receipts (where available)
• Message Content: Content of SMS messages you send to us (for support purposes)
• Interaction Data: Your responses to our SMS messages

4.3 SMS Consent and Opt-Out

• Express Consent: By providing your phone number, you consent to receive SMS messages from us
• Opt-Out: You can opt out of marketing SMS messages at any time by replying "STOP"
• Transactional Messages: Essential order and account messages cannot be opted out
• Confirmation: We will confirm your opt-out request via SMS
• Re-subscription: You can re-subscribe to marketing messages by contacting us

4.4 SMS Data Security

We protect your SMS data through:

• Encryption: SMS data is encrypted during transmission and storage
• Access Controls: Only authorized personnel can access SMS data
• Data Minimization: We only collect SMS data necessary for our services
• Secure Providers: We use reputable SMS service providers with strong security practices

5. How We Use Your Information

• Web Beacons: Small graphic images in emails to track open rates and clicks
• Pixel Tags: Used to understand browsing activity and measure campaign effectiveness
• Local Storage: Stores data locally on your device for faster page loading

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Order Fulfillment and Service Delivery

• Process and fulfill your orders accurately and efficiently
• Arrange shipping and delivery of products
• Process payments and refunds
• Send order confirmations, shipping notifications, and delivery updates
• Handle returns, exchanges, and warranty claims
• Provide post-purchase support

4.2 Account Management

• Create and maintain your user account
• Authenticate your identity when you log in
• Enable account features like order history and saved addresses
• Process account changes and password resets
• Manage your communication preferences

4.3 Customer Service and Support

• Respond to your inquiries, questions, and complaints
• Provide technical support and troubleshooting
• Follow up on previous interactions
• Train our customer service team (using anonymized data)

4.4 Marketing and Communications

• Send newsletters with tea tips, recipes, and company news
• Notify you about new products, special offers, and promotions
• Personalize marketing content based on your preferences and purchase history
• Conduct surveys to gather feedback
• Administer competitions and promotions

Note: We only send marketing communications with your explicit consent. You can opt out at any time.

4.5 Website Improvement and Analytics

• Analyze website traffic and usage patterns
• Identify and fix technical issues
• Test new features and functionality
• Improve website design and user experience
• Develop new products and services based on customer insights

4.6 Security and Fraud Prevention

• Protect against unauthorized access to accounts
• Detect and prevent fraudulent transactions
• Monitor for suspicious activity
• Enforce our terms of service
• Protect the rights and safety of our customers and business

4.7 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Maintain records for tax and accounting purposes
• Establish, exercise, or defend legal claims

5. Legal Basis for Processing

Under the Data Protection and Privacy Act, 2019 of Uganda, we process your personal data based on the following legal grounds:

6. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

6.1 Service Providers

We work with trusted third-party service providers who assist us in operating our business:

• Payment Processors: MTN Mobile Money, Airtel Money, and other payment gateways to process transactions securely
• Delivery Partners: Courier and logistics companies to deliver your orders
• Hosting Providers: Web hosting and cloud services to store and serve our Website
• Email Service Providers: To send transactional and marketing emails
• Analytics Providers: To analyze website usage and performance
• Customer Support Tools: To manage customer inquiries efficiently

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information when required by law or in response to:

• Court orders, subpoenas, or legal process
• Requests from law enforcement or government agencies
• Regulatory investigations
• Protection of our legal rights or defense against legal claims

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and your choices regarding your data.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Data Security

We implement comprehensive security measures to protect your personal information:

7.1 Technical Measures

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols
• Password Security: Passwords are hashed using bcrypt algorithm and never stored in plain text
• Firewall Protection: Our servers are protected by enterprise-grade firewalls
• Intrusion Detection: We monitor for unauthorized access attempts
• Regular Updates: We keep our software and systems updated with security patches
• Secure Payment Processing: Payment information is processed through PCI-DSS compliant providers

7.2 Organizational Measures

• Access Controls: Only authorized personnel have access to personal data on a need-to-know basis
• Staff Training: Our team receives regular training on data protection and security
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response: We have procedures in place to detect, report, and respond to data breaches
• Regular Audits: We conduct periodic security assessments and audits

7.3 Your Responsibilities

You can help protect your data by:

• Using strong, unique passwords for your account
• Not sharing your login credentials with others
• Logging out of your account when using shared devices
• Keeping your contact information up to date
• Reporting any suspicious activity to us immediately

7.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected individuals without undue delay
• Provide information about the breach and steps being taken
• Offer guidance on protective measures you can take

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

After the retention period expires, we securely delete or anonymize your data so it can no longer be associated with you.

9. Your Rights

Under the Data Protection and Privacy Act, 2019 of Uganda, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request, free of charge for the first request in any 12-month period.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in your account settings, or contact us for assistance.

9.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, including:

• When the data is no longer necessary for its original purpose
• When you withdraw consent (where consent was the legal basis)
• When you object to processing and there are no overriding legitimate grounds
• When the data has been unlawfully processed

Note: We may need to retain certain data for legal or legitimate business purposes.

9.4 Right to Restriction of Processing

You have the right to request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

9.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. If you object to marketing, we will stop processing your data for that purpose immediately.

9.7 Right to Withdraw Consent

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

9.8 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently make such automated decisions.

9.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• Phone: +256 778 605 277
• Mail: Pumzi Teas, Kampala, Uganda

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

10. Marketing Communications

10.1 Opt-In Requirement

We only send marketing communications to individuals who have explicitly opted in to receive them. You can opt in by:

• Checking the marketing consent box during checkout
• Subscribing to our newsletter
• Updating your preferences in your account settings

10.2 What We Send

Marketing communications may include:

• New product announcements
• Special offers and discounts
• Tea brewing tips and recipes
• Company news and events
• Seasonal promotions

10.3 How to Unsubscribe

You can opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Updating your preferences in your account settings
• Contacting us at [email protected]

Please note that opting out of marketing does not affect transactional communications (order confirmations, shipping updates, etc.).

11. International Data Transfers

Your personal data is primarily stored and processed in Uganda. However, some of our service providers may be located in other countries. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by relevant authorities
• Data processing agreements with all service providers
• Verification that recipients provide adequate data protection

12. Children's Privacy

Our Website and services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will take steps to delete such information from our systems.

13. Third-Party Links and Services

Our Website may contain links to third-party websites, plugins, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Third-party services we may link to include:

• Social media platforms (Facebook, Instagram, Twitter)
• Payment processors
• Mapping services
• Review platforms

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For significant changes, we will provide prominent notice (e.g., email notification, website banner)
• We will obtain fresh consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our Website after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 5 business days.

16. Complaints

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

• Personal Data Protection Office of Uganda - The national supervisory authority for data protection
• Uganda Communications Commission - For matters related to electronic communications
• Other relevant regulatory authorities - Depending on the nature of your complaint

We encourage you to contact us first so we can try to resolve your concerns directly.