Privacy Policy

This Privacy Policy describes how Global Uniforms Ltd ("Global Uniforms", "we", "us", "our") collects, uses, discloses, and otherwise processes Personal Data about individuals who interact with us.

We take your privacy seriously. When you visit our website, submit an enquiry, place an order, communicate with us by phone or WhatsApp, or visit our premises, we are committed to handling your Personal Data with care and in compliance with the Data Protection Act, No. 24 of 2019 and the regulations made under it.

This Privacy Policy applies to Personal Data collected through:

• Your use of our website at https://globaluniformsltd.com, including when you use our quote estimator, submit a quote request, use the chat assistant, or contact us through the website;
• Information you provide to our staff in person at our premises on Duruma Road, Nairobi;
• Communications made by phone, email, or WhatsApp;
• Information provided by suppliers and other third parties who engage with us in the course of business;
• Any information you provide when you place or enquire about an order, whether online or in person.

This list is non-exhaustive. Data protection is a matter of trust and your privacy is important to us. We will only collect information where it is necessary and relevant to our dealings with you. All use of your Personal Data will be in the manner set out in this Privacy Policy.

Please read this Privacy Policy carefully before using our website or submitting any information to us. By using our website or engaging with our services you acknowledge that you have read and understood this policy.

The following definitions apply throughout this Privacy Policy:

We collect and process your Personal Data only where we have a lawful basis for doing so. The legal bases on which we rely include:

• Performance of a contract. Where processing is necessary to fulfil an order you have placed or to take steps at your request before entering into a contract with us.
• Legitimate business interests. Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. This includes processing orders, managing payments, recovering debts, preventing fraud, and understanding how our customers use our services.
• Compliance with a legal obligation. Where processing is necessary to comply with a legal requirement applicable to us, such as tax and financial reporting obligations under the Income Tax Act, the Value Added Tax Act, the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (as amended), and other applicable Kenyan laws.
• Your consent. Where you have given clear, affirmative consent to the processing of your Personal Data for a specific purpose, such as receiving marketing communications. Consent may be given by a written statement, a tick box, or another positive action. Consent can be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawal may, however, affect our ability to provide certain services to you.
• Vital interests. Where processing is necessary to protect your vital interests or those of another person.

Where we rely on consent as a legal basis, we will inform you clearly at the time of collection and will not bundle consent with other terms or make it a condition of service unless it is strictly necessary.

The Personal Data we collect depends on the nature of your interaction with us. We collect and store information including, but not limited to, the following:

• Identity and contact information. Your name, organisation name, email address, telephone number, and physical address when you submit a quote request, contact form, or place an order, whether online, by phone, by WhatsApp, or in person.
• Order and transaction details. The products you order, quantities, specifications, sizing requirements, delivery address, and any custom branding or artwork requirements associated with your order.
• Payment confirmation data. Confirmation of payment received (such as M-Pesa transaction references or bank transfer confirmation). We do not collect, store, or process your payment card numbers, M-Pesa PIN, or banking credentials. Payment transactions are processed through Safaricom's M-Pesa platform or directly through your bank, and we only receive confirmation of payment.
• Logo and artwork files. Logos, crests, badge designs, or other artwork that you provide to us for the purpose of branding your order. By submitting such files you confirm that you own or are authorised to use them.
• Communications. Records of communications between us, including emails, WhatsApp messages, phone call logs, and any notes our staff make when recording your requirements or resolving issues.
• Chat assistant interactions. Messages you send through our website's AI-powered chat assistant. These messages are transmitted to a third-party AI processing service (Groq, Inc.) in real time to generate a response. See section 5 and section 10 for more detail.
• Website usage data. When you visit our website, we may automatically collect technical data such as your Internet Protocol (IP) address, browser type and version, the pages you visit, the time and date of your visit, and the time spent on those pages. This data is collected through cookies and similar technologies described in section 5 below.
• Supplier and business contact information. Where you represent a supplier or business partner, we collect your name, job title, organisation, contact details, and information relevant to our business relationship.

We do not intentionally collect Sensitive Personal Data as part of our ordinary business operations. If any such data is shared with us incidentally, we will treat it with an additional level of care and will only retain it to the extent strictly necessary.

A cookie is a small text file placed on your device when you visit a website. It allows the website to remember information about your visit, such as your preferences or session state. Cookies may be stored on your computer, smartphone, or tablet. Our website also uses browser localStorage, which is a similar mechanism that stores data within your browser without an expiry date unless cleared by the user or by our code.

For general information about cookies, how they work, and how to manage them, visit allaboutcookies.org.

Our website uses cookies and localStorage to distinguish you from other users, to maintain your session, to remember your cookie consent preference, and to provide improved functionality as you browse. Unless you have adjusted your browser settings to refuse cookies, our systems may issue cookies or write to localStorage where necessary to enable basic website functions.

Disabling cookies may mean that some parts of the website do not work as expected.

The specific cookies and localStorage items used on this website are set out below:

We do not currently use advertising cookies, tracking pixels, or third-party analytics cookies. If we introduce additional cookies in future, this table will be updated and, where required by law, we will seek your consent before activating them.

Some functionality on our website is provided by third parties whose services may result in cookies or tracking technologies being set on your device independently of our own. These include:

• Google Fonts — used to load the typefaces displayed on this website. Google may process your IP address when serving font files. See Google's privacy policy.
• Netlify — our web hosting provider. Netlify may log request data including IP addresses for security and performance purposes. See Netlify's privacy policy.

We are not responsible for the cookies set by third parties. Please refer to those third parties' privacy and cookie policies for more information.

You can withdraw or change your cookie preference at any time by clicking "Cookie Settings" in the footer of this website. You can also manage cookies through your browser settings. Most browsers allow you to refuse some or all cookies or to delete cookies already stored. The method for doing so varies by browser; refer to your browser's help documentation or visit allaboutcookies.org for guidance.

Note that blocking cookies may affect the functionality of this website and the services we can offer you online.

We process your Personal Data for purposes based on our legitimate business interests, the performance of our contract with you, compliance with legal obligations, and, where applicable, your consent. We will only use your Personal Data for the purposes for which it was collected, or for purposes that are compatible with those original purposes. If we need to use your Personal Data for a materially different purpose, we will notify you and explain the legal basis for doing so.

We may use and analyse your information for the following purposes:

• Processing, confirming, and fulfilling orders and quote requests, and communicating with you about them.
• Issuing quotes, invoices, receipts, and other transaction documentation.
• Responding to your customer service enquiries, requests, or complaints.
• Managing payments and recovering amounts owed to us.
• Preventing and detecting fraud or other criminal activity.
• Understanding how customers use our products and services for the purpose of developing and improving them.
• Business practices including quality control, staff training, and ensuring effective system operation.
• Complying with any legal, governmental, or regulatory requirement applicable to us, including tax returns, financial reporting, and health and safety obligations.
• Protecting your vital interests or the interests of another person, including for security and health and safety purposes.
• Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your data protection rights.
• Sending you marketing and promotional communications where you have consented or opted in (see section 9 below). You may withdraw this consent at any time.
• Sharing anonymised or aggregated demographic information with certain third parties during the ordinary course of business. Such sharing does not include any Personal Data capable of identifying any individual.
• Sharing your Personal Data with Third Parties to the extent set out in this Privacy Policy and only as permitted by law (see section 10 below).

Our website may contain links to third-party websites, including our social media pages (WhatsApp, Instagram, etc.) and the websites of delivery or payment service providers. If you click on any such link, you will be taken to a website that we do not operate and this Privacy Policy will no longer apply.

Your use of, and interaction with, any third-party website is subject to that website's own terms of use and privacy policy. We strongly encourage you to read the privacy policies of any website you visit. We are not responsible or liable for the content, privacy practices, or security of any third-party website.

We retain your Personal Data for as long as is necessary to fulfil the purposes set out in this Privacy Policy, for as long as we are otherwise required by law, or for as long as is necessary to resolve any disputes or enforce any agreements.

In determining the appropriate retention period for any category of Personal Data, we consider:

• The amount, nature, and sensitivity of the Personal Data;
• The potential risk of harm from unauthorised use or disclosure;
• The purposes for which we process the data and whether those purposes can be achieved by other means; and
• Applicable legal requirements.

As a general guide:

• Order and customer records are retained for 7 years from the date of the transaction, as required under Kenyan tax and accounting law.
• Enquiries that do not result in an order are retained for up to 12 months in case you follow up, after which they are securely deleted.
• Marketing consent records are retained until consent is withdrawn and for a reasonable period afterwards to demonstrate compliance.
• Chat assistant conversations are not permanently stored by us. Chat history is held in your browser's localStorage for the duration of your session only and is automatically cleared when you close or refresh the page.

Where we are required to retain data beyond these periods to comply with a legal obligation or to defend a legal claim, we will retain it for the minimum period required and will ensure appropriate safeguards are applied.

We may use your contact information to send you marketing and promotional communications only where you have consented or opted in to receiving them. We will not send unsolicited marketing messages.

Where you consent to marketing, we may send you information about our products, services, promotions, and offers. Your consent is specific to the communication channels and purposes described at the time of collection.

You may withdraw your consent to receive marketing communications at any time by:

• Clicking the unsubscribe or opt-out link in any marketing email we send you;
• Sending an email to info@globaluniformsltd.com with the subject line "Unsubscribe"; or
• Calling us on +254 722 770891.

Withdrawal of marketing consent does not affect the lawfulness of any processing carried out before you withdrew consent, nor does it affect our ability to communicate with you for the purpose of fulfilling any existing order or legal obligation.

We may share your Personal Data with Third Parties in the following circumstances, and only to the extent permitted by law:

• Service providers and Data Processors. We engage third-party service providers who process Personal Data on our behalf, under our instruction, to provide services that support our business. These include:
  • Netlify, Inc. (United States) — website hosting and serverless function execution;
  • Groq, Inc. (United States) — AI processing of chat assistant messages;
  • Google LLC (United States) — font delivery via Google Fonts;
  • Courier and delivery services — where delivery to locations outside Nairobi is arranged, your name, phone number, and delivery address will be shared with the relevant courier.
• Legal and regulatory disclosures. We may disclose your Personal Data to regulatory or law enforcement authorities where required to do so by law or in response to a valid legal process.
• Business transfers. In the event that our business or any part of it is acquired, merged, or transferred to another entity, your Personal Data may be transferred to the new owners. We will notify you of any such transfer and the new entity's privacy arrangements where required by law.

International transfers. Some of our third-party service providers are based outside Kenya, including in the United States. Where we transfer your Personal Data outside Kenya, we ensure that appropriate safeguards are in place to protect your data to a standard equivalent to that required under Kenyan Data Protection Law. This may include relying on standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

Where messages sent through our chat assistant are processed by Groq, Inc. in the United States, those messages are transmitted over an encrypted HTTPS connection and are processed in real time solely to generate a response. We do not instruct Groq to store your messages beyond what is required for that immediate processing.

If you would like further information about the specific safeguards we rely on when transferring your Personal Data internationally, please contact us using the details in section 16.

We have put in place appropriate technical and organisational measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• All data transmitted between your browser and our website is encrypted using HTTPS (TLS);
• API keys and server credentials are stored as environment variables and are never exposed in browser-facing code;
• Access to customer data is restricted to staff members who require it to fulfil their duties;
• Our website is hosted on infrastructure maintained by Netlify, Inc., which applies its own security controls at the platform level.

We will regularly evaluate and review the effectiveness of these safeguards. However, please be aware that no method of transmission over the internet or electronic storage is 100% secure. While we take all reasonable steps to protect your Personal Data, we cannot guarantee its absolute security.

Data breaches

A personal data breach occurs when there is a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. We have procedures in place to detect, investigate, and respond to any suspected personal data breach. Where we are legally required to do so, we will notify you and the Office of the Data Protection Commissioner (ODPC) of a breach within the timelines prescribed by the Data Protection Act.

Our website and services are not directed at children under the age of eighteen (18) years. We do not knowingly or intentionally collect Personal Data from minors. A user must be of the age of majority to independently access or use our website and to submit information to us.

If a person under the age of eighteen wishes to use our website or services, they may do so only under the supervision and with the consent of a parent or legal guardian who agrees to be bound by this Privacy Policy.

If we become aware that we have collected Personal Data from a person under the age of eighteen without adequate parental or guardian verification, we will take prompt steps to delete that information from our records. If you believe that we may have inadvertently collected such information, please contact us immediately at info@globaluniformsltd.com.

Subject to applicable legal and contractual exceptions, you have the following rights under the Data Protection Act, No. 24 of 2019 in relation to your Personal Data:

• Right to be informed. The right to be informed that we are collecting Personal Data about you and how we process it, including the purposes and legal bases for processing. This Privacy Policy is part of how we fulfil that obligation.
• Right of access. The right to request access to the Personal Data we hold about you and to receive information about how it is processed.
• Right to rectification. The right to request that we correct any inaccurate or incomplete Personal Data we hold about you.
• Right to erasure. The right to request that we delete your Personal Data. Note that we may be required or entitled to continue retaining your information where we have a legal obligation or legitimate reason to do so, in which case we will inform you of this.
• Right to withdraw consent. Where we process your Personal Data on the basis of your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. We may not be able to provide certain services to you if you withdraw consent.
• Right to object. The right to object to the processing of your Personal Data where we rely on legitimate interests as our legal basis. We will assess your objection and either cease the processing or demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Right to restriction. The right to request that we restrict the processing of your Personal Data in certain circumstances, for example while we investigate a rectification request. We may be legally obligated to continue processing in some situations and will advise you accordingly.
• Right to data portability. Where processing is carried out by automated means and based on your consent or a contract, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format.
• Right to lodge a complaint. You have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe that your Personal Data is being processed unlawfully or that your data protection rights have been violated. The ODPC can be reached at www.odpc.go.ke.

To exercise any of your rights, please contact us using the details in section 16 below. We will respond to all verified requests within 21 days. In complex cases, we may extend this by a further 21 days, in which case we will notify you and provide reasons for the extension.

We may need to verify your identity before processing a request. We will not charge a fee for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive.

Either you or Global Uniforms Ltd shall have the right to terminate any agreement or contractual relationship for either party's material failure to comply with the provisions of this Privacy Policy.

Global Uniforms reserves the right to reject any request for access to information, or to refuse to provide services, where doing so would be contrary to this Privacy Policy, applicable Data Protection Law, or any other applicable legal obligation.

If you have a concern about the way in which we have handled your Personal Data, we encourage you to contact us in the first instance so that we can attempt to resolve the matter. If you remain unsatisfied with our response, you may contact the ODPC.

We reserve the right to modify and update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or our business operations. The current version of this Privacy Policy, together with its effective date, is always available on this page.

Where changes are material, meaning they represent a fundamental change in how we process your Personal Data or meaningfully affect your data protection rights, we will bring those changes to your attention by posting a prominent notice on our website for a minimum of 30 days from the date of the change.

Any amendment or modification to this Privacy Policy will take effect from the date stated on this page. If you do not agree with any changes to this Privacy Policy, you should discontinue use of our website and services before those changes take effect. Your continued use of our website or services after any such changes constitutes acceptance of the amended Privacy Policy.

If you would like to access, correct, amend, or delete any Personal Data we hold about you, wish to exercise any of your other privacy rights, have a question about this Privacy Policy, or wish to raise a complaint, please contact us using any of the methods below:

If you are not satisfied with the response you receive from us, or if you believe your data protection rights have been infringed, you may contact the Office of the Data Protection Commissioner (ODPC) of Kenya:

• Website: www.odpc.go.ke
• Address: Teleposta Towers, 12th Floor, Kenyatta Avenue, Nairobi