Privacy Policy

Who we are

Our website address is: https://cigarashopafrica.com.

Cigara Shop Africa values your privacy and takes stringent steps to ensure the confidentiality, integrity, and lawful processing of your personal data. We are committed to handling your personal information in accordance with Kenya’s Data Protection Act, 2019, and all applicable regulations, especially considering the sensitive nature of tobacco product sales.

This report outlines our data collection, usage, and retention practices, and your rights regarding personal data.

Who This Applies To

This report applies to all:

Customers (including age-restricted buyers), Retail partners, distributors, Website visitors, Online store users, Delivery recipients, and Office visitors

  • By using our website or purchasing our products, you acknowledge that you have read and understood this Privacy Report.

What Personal Data We Collect

 Type of Personal Data

Customers: Full name, national ID/passport, date of birth (age verification), contact info, shipping address, payment details, order history, browsing activity, feedback forms, and IP address.

Retailers: Business name, contact person’s details, KRA PIN, licensing information, contracts, payment info, and delivery records.

Website Users: Cookies, IP address, location, browser/device type, browsing behavior.

Office Visitors: Name, ID number, phone number, car registration, CCTV footage.

Why We Collect Your Data.

We process your data for the following purposes:

  • To verify legal age (21+) for tobacco purchases.
  •  To fulfill product orders and deliveries.
  • For payment processing.
  • For customer communication, feedback, and complaint resolution.
  • To improve our website and marketing effectiveness.
  • To meet legal obligations regarding regulated products.

Legal Basis:

  •  Contract—for processing orders and payments.
  •  Legal Obligation—age restrictions and tax compliance.
  • Legitimate Interests—marketing, customer service, internal reporting.

CONSEQUENCES OF FAILING TO PROVIDE PERSONAL DATA

  • In some cases, if you choose not to provide certain personal data requested by us, it may impact our ability to fully provide you with the requested services, or information. The specific consequences of not providing personal data will depend on the context and the purpose for which the data is requested.
  • We encourage you to carefully consider the personal data requested and its importance for the intended purposes. If you have concerns about providing certain information, please contact us to discuss your specific circumstances and requirements. We will endeavor to find alternative solutions or assess if any legal or contractual obligations require the provision of the requested data.

Data Sharing.

Your data may be shared with:

  • Service Providers: We may engage third-party service providers to perform various services on our behalf, such as IT data processors and legal services providers. These service providers will have access to your personal data as necessary to perform their functions but are strictly prohibited from using your personal data for any other purposes.
  • Business Partners: We may share your personal data with trusted business partners who collaborate with us to provide products or services to you. These partners may use your personal data only for the purposes specified in our agreement with them.
  • Legal Obligations: We may disclose your personal data if required to do so by law or in response to a valid legal request, such as a court order or government inquiry.
  • Corporate Transactions: In the event of a merger, acquisition, or any form of corporate restructuring, we may transfer your personal data to the involved parties, if they agree to treat your personal data in accordance with this privacy policy.
  • Consent: We may share your personal data with third parties if you have given us explicit consent to do so. You have the right to withdraw your consent at any time.
  • When sharing your personal data with third parties, we prioritize the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.
  • We carefully select and evaluate third-party service providers, business partners, and other recipients of your personal data. We enter into contractual agreements with these parties, imposing obligations to protect your personal data and restricting their use of the information solely for the specified purposes outlined in our agreement. Furthermore, we require these third parties to implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction of your personal data.

We do not sell your data. Strict data protection agreements bind all third parties.

Data Security Measures.

We use the following safeguards to protect your data:

  • Encryption for online transactions and communication.
  • Access controls and role-based permissions for staff.
  • Secure backups and retention policies
  • Staff training on data protection and tobacco sale compliance.

Data Retention.

We retain your data only as long as necessary to meet our legal, contractual, and operational obligations. After the retention period, your data will be securely deleted or anonymized.

Cookies & Online Tracking.

We use cookies on our website to:

  • Improve user experience.
  • Track marketing performance.
  • Ensure site security.
  • Cookie Consent: By using our website, you consent to the placement of cookies on your device as described in our Cookie Policy. You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may impact the functionality and performance of our website. 
  • Third-Party Cookies: We may allow certain third-party service providers to place cookies on our website for advertising, analytics, or other purposes. These third parties have their own privacy policies and may collect information about your browsing activities on our website and other websites.
  • Data Collected by Cookies: The information collected by cookies may include your IP address, browser type, device information, and browsing behavior. We take appropriate measures to protect the security and confidentiality of cookie data. We ensure that any third parties that have access to cookies comply with strict data protection standards and process the information in accordance with our instructions.

You can opt out via your browser settings. See our full Cookie Policy for more info.

Your Rights under Kenya’s Data Protection Act.

  • Under the Data Protection Act, 2019, you have several rights regarding your personal data:-

You have the right to:

  • Be informed about how your data is used.
  • Access and correct your data.
  • Object to processing (especially for marketing).
  • Request deletion of your data.
  • Withdraw consent at any time.
  • File a complaint with the Office of the Data Protection Commissioner (ODPC).

NOTE: If you wish to exercise any of the rights outlined above, please write an email to the Data Protection Officer (DPO) on  dpo@cigarashopafrica.com.

Special Notes for Tobacco Customers.

We verify age before processing any sale, online or offline. If you’re under 21, you are not allowed to purchase our products. Parents/guardians must not provide third-party data (e.g., children’s info) unless legally required.

Changes to This Report

We may update this report periodically. Significant changes will be shared on our website or via email. Continued use of our services constitutes your acceptance.

 

Shopping Cart
Scroll to Top