Roots AfricaRoots Africa

Your Privacy Matters

We are committed to protecting your personal information and being transparent about our data practices.

Privacy Policy

This Privacy Policy explains how Roots Africa Limited ("Roots Africa", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our marketplace platform at rootsafricashop.com. This policy complies with Kenya's Data Protection Act, 2019 and international privacy standards including GDPR where applicable.

1. Information We Collect

Information You Provide

  • • Personal details (full name, email address, phone number)
  • • Identity documents (National ID, Passport, KRA PIN)
  • • Business information for sellers
  • • Payment and banking details
  • • Product listings and descriptions
  • • Customer reviews and ratings
  • • Messages and communications on the platform

Automatically Collected Data

  • • Device type and browser information
  • • IP address and approximate location data
  • • Website usage and navigation patterns
  • • Cookies and similar tracking technologies
  • • Transaction history and order details
  • • Search queries and browsing preferences
  • • Platform performance and error logs

Special Categories of Data

We may process certain special categories of personal data under specific circumstances:

  • Financial Information: For payment processing and fraud prevention
  • Location Data: For delivery services and location-based features
  • Identity Verification Data: To comply with KYC obligations (sellers only)
  • Communication Records: For customer service and dispute resolution

2. How We Use Your Information

Primary Business Purposes

  • • Create and manage user accounts
  • • Process orders and facilitate transactions
  • • Enable communication between buyers and sellers
  • • Provide customer support services
  • • Verify seller identity and business credentials
  • • Process payments and prevent fraud
  • • Coordinate shipping and delivery
  • • Maintain platform security and integrity
  • • Resolve disputes and handle returns
  • • Comply with legal and regulatory requirements

Platform Improvement & Analytics

  • • Analyze usage patterns to improve user experience
  • • Develop and test new features and services
  • • Generate anonymized analytics and market insights
  • • Personalize content and product recommendations
  • • Conduct research to enhance platform quality

Marketing & Communication

We may use your information for marketing purposes only with your explicit consent:

  • • Send promotional emails about new products and features
  • • Provide personalized product recommendations
  • • Send SMS notifications about orders and promotions
  • • Display relevant advertisements on our platform
  • • Conduct customer satisfaction surveys

4. Information Sharing & Disclosure

Our Commitment

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We only share information as described below and as strictly necessary to provide our services.

Service Providers & Partners

  • Payment Processors: Licensed payment service providers including mobile money operators
  • Logistics Partners: Delivery companies and courier services for order fulfillment
  • Cloud Infrastructure: Secure, enterprise-grade cloud service providers
  • Analytics Services: Anonymized usage analytics providers
  • Security Services: Fraud prevention and cybersecurity providers
  • Communication Services: Email and SMS delivery providers

Legal & Regulatory Disclosure

  • • Law enforcement agencies (with proper legal process)
  • • Kenya Revenue Authority (KRA) for tax compliance
  • • Financial intelligence units for AML compliance
  • • Courts and legal authorities (via subpoena or court order)
  • • Regulatory bodies for industry compliance
  • • Emergency services for safety-related purposes

Business Transactions

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will provide advance notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Storage & Security

Technical Safeguards

  • • Industry-standard encryption for data at rest
  • • TLS encryption for all data in transit
  • • Multi-factor authentication (MFA) options
  • • Regular security assessments and reviews
  • • Automated backups and disaster recovery
  • • Role-based access controls (RBAC)
  • • Continuous security monitoring

Data Storage

  • • Primary data storage within Kenya / East Africa
  • • Redundant backup infrastructure for resilience
  • • Content delivery via globally distributed networks
  • • Payment data processed in PCI DSS compliant environments
  • • Analytics data is pseudonymized before processing
  • • Multi-region disaster recovery setup

Organizational Security Measures

Staff Training

  • • Regular security awareness training
  • • Privacy protection protocols
  • • Incident response procedures

Access Controls

  • • Principle of least privilege
  • • Regular access reviews
  • • Secure development practices

Compliance

  • • Kenya Data Protection Act compliance
  • • PCI DSS compliant payment handling
  • • Regular independent compliance reviews

6. International Data Transfers

Cross-Border Data Protection

When we transfer personal data outside Kenya, we ensure adequate protection through:

  • • Standard Contractual Clauses (SCCs)
  • • Adequacy decisions by data protection authorities
  • • Binding Corporate Rules where applicable
  • • Explicit user consent where required by law
  • • Technical safeguards (encryption, pseudonymization)
  • • Legal safeguards (data processing agreements)
  • • Regular compliance audits
  • • Data localization where legally required

Kenya & EAC

Primary data processing and storage location

EU/EEA

Analytics and insights (fully pseudonymized)

Global CDN

Static assets only — no personal data transferred

7. Cookies & Tracking Technologies

Essential Cookies

Required for basic platform functionality — these cannot be disabled:

  • • Authentication and secure session management
  • • Shopping cart and checkout functionality
  • • Security and fraud prevention features
  • • User language and region preferences

Optional Cookies

These require your explicit consent:

  • • Analytics and platform performance tracking
  • • Personalized advertising and remarketing
  • • Social media integration features
  • • Enhanced personalization settings

Cookie Management

You can control cookies through:

Browser Settings

Configure cookie preferences directly in your web browser

Cookie Banner

Manage consent choices through our cookie consent tool on first visit

Account Settings

Update your communication and tracking preferences in your account

8. Your Privacy Rights

Right of Access

Request a copy of all personal data we hold about you, including how it is processed and stored.

Right to Rectification

Correct any inaccurate or incomplete personal information held in your account.

Right to Erasure

Request deletion of your personal data, subject to legal retention obligations.

Right to Restrict Processing

Limit how we process your data while maintaining your account.

Right to Data Portability

Receive a copy of your data in a structured, commonly-used, machine-readable format.

Right to Object

Object to processing for direct marketing or where we rely on legitimate interests.

How to Exercise Your Rights

Online

Use privacy controls in your account settings dashboard

Email

Contact us at support@rootsafricashop.com

Phone

Call us at +254 796 632 579

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law.

  • Active accounts: For the duration of your account
  • Transaction records: 7 years (tax compliance)
  • KYC documents: As required by Kenyan regulations
  • Marketing data: Until you withdraw consent
  • Support records: 3 years after resolution
  • Anonymized analytics: Indefinitely (no personal identifiers)

10. Children's Privacy

Our Platform is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data without parental consent, we will promptly delete such information. If you believe a child has provided us with their data, please contact us immediately at support@rootsafricashop.com.

11. Kenya Data Protection Act Compliance

Our Commitment to Kenyan Privacy Law

As a Kenyan company, we comply with the Data Protection Act, 2019 and regulations issued by the Office of the Data Protection Commissioner (ODPC). We are registered as a data controller and maintain a designated Data Protection Officer (DPO) responsible for oversight and compliance.

Data Subject Rights under Kenya DPA

  • • Right to be informed about data processing
  • • Right to access personal data
  • • Right to object to processing
  • • Right to correction of inaccurate data
  • • Right to deletion in certain circumstances
  • • Right to restrict processing
  • • Right to data portability
  • • Right to lodge a complaint with the ODPC

Regulatory Contact

Roots Africa — Privacy Contact

support@rootsafricashop.com

+254 796 632 579

Office of the Data Protection Commissioner

P.O. Box 95551-00100, Nairobi, Kenya

complaints@odpc.go.ke

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by:

  • • Sending an email notification to your registered email address
  • • Displaying a prominent notice on our Platform
  • • Updating the "Last Updated" date at the top of this page

Your continued use of the Platform after such modifications constitutes your acceptance of the updated policy.

13. Contact Information

Roots Africa Limited

Kenya's Marketplace for Authentic African Products

Nairobi, Kenya

Website: www.rootsafricashop.com

Email: support@rootsafricashop.com

Phone: +254 796 632 579

Privacy & Data Requests

For all privacy inquiries, data access requests, or complaints:

support@rootsafricashop.com

+254 796 632 579

Business Hours: Monday – Friday, 8:00 AM – 6:00 PM EAT

We aim to respond to all privacy requests within 30 days.

This Privacy Policy was last updated on March 22, 2026 — Version 2.1. Effective immediately and applies to all data collected on or after this date. Previous versions are available upon written request.

Privacy Policy | Roots Africa | Roots Africa