Privacy Policy
- Home
- Privacy Policy
Privacy Policy
Last updated: 14 July 2026
SHOPVISTA LABS LIMITED, trading through Zaynvero (“Zaynvero”, “we”, “us”, or “our”), operates the website https://zaynvero.com/ (the “Website”).
This Privacy Policy explains how we collect, use, store, disclose, transfer, and protect personal data when you visit the Website, create an account, place an order, contact us, or otherwise use our services.
We process personal data in accordance with applicable Kenyan law, including the Data Protection Act, 2019 and the Data Protection (General) Regulations, 2021.
1. Data Controller
The data controller responsible for personal data processed through the Website is:
SHOPVISTA LABS LIMITED
Company Number: PVT-7LUXXD6X
The Oval Building, Ring Road Parklands
Westlands District
P.O. Box 1644, Sarit Centre
Nairobi, Kenya
Website: https://zaynvero.com/
Email: shopvistalabsltd@gmail.com
Telephone: +254 721 458 458
2. Personal Data We Collect
Depending on how you use the Website, we may collect the following categories of personal data:
| Data Category | Examples | Purpose |
|---|---|---|
| Identity Data | First name, last name, username, and account identifier | Account creation, customer identification, order processing, and fraud prevention |
| Contact Data | Email address, telephone number, billing address, and postal address | Order communication, billing, invoicing, customer support, and legal notices |
| Transaction Data | Products purchased, order value, currency, payment status, refunds, and transaction references | Processing orders, issuing refunds, maintaining financial records, and preventing fraud |
| Account Data | Login details, saved preferences, account history, and support history | Managing accounts, maintaining security, and providing support |
| Technical Data | IP address, browser type, operating system, device type, time zone, and log data | Security, fraud prevention, troubleshooting, analytics, and Website improvement |
| Usage Data | Pages visited, links selected, session duration, referrals, and Website interactions | Analytics, performance measurement, and user-experience improvement |
| Communication Data | Messages, complaints, enquiries, reviews, and correspondence | Customer service, dispute resolution, and record keeping |
| Marketing Data | Marketing preferences and consent records | Sending permitted marketing communications and recording consent or withdrawal |
| Cookie Data | Cookie identifiers, consent choices, and analytics identifiers | Website operation, preference management, analytics, and security |
We may also create aggregated or anonymised data that does not directly identify an individual.
3. How We Collect Personal Data
We may collect personal data:
- Directly from you when you create an account, place an order, complete a form, contact us, or submit a complaint.
- Automatically through cookies, server logs, analytics tools, and security technologies.
- From payment processors, fraud-prevention providers, hosting providers, delivery partners, and other service providers involved in fulfilling your order.
- From publicly available sources where permitted by law.
4. Payment Information
We do not intentionally collect or store complete payment-card numbers, CVV codes, or full card credentials on our Website servers.
Payments are processed by independent third-party payment service providers. Payment details are entered into the payment provider’s secure environment and are handled according to that provider’s privacy and security practices.
We may receive limited payment-related information, including transaction status, payment method type, currency, payment reference, card brand, and limited masked card information where provided by the payment processor.
3D Secure
Card payments may be subject to 3D Secure authentication where supported or required by the payment provider, card network, card issuer, or applicable rules.
5. Purposes and Lawful Bases for Processing
We process personal data only where a lawful basis applies. Depending on the circumstances, the basis may include:
5.1 Performance of a Contract
We process personal data to create and manage accounts, process orders, deliver digital products, issue invoices, communicate about purchases, provide support, and handle refunds or disputes.
5.2 Consent
We may rely on consent for optional marketing communications, non-essential cookies, or other activities where consent is required. You may withdraw consent at any time without affecting processing carried out before withdrawal.
5.3 Legal Obligations
We may process or retain personal data to comply with tax, accounting, anti-fraud, consumer-protection, data-protection, regulatory, court, and law-enforcement obligations.
5.4 Legitimate Interests
Where permitted by law, we may process data for legitimate business interests, including Website security, prevention of fraud, protection of legal rights, service improvement, administration, and network security, provided those interests do not unfairly override your rights.
6. How We Use Personal Data
We may use personal data to:
- Register and manage customer accounts.
- Process purchases and provide digital products or licence information.
- Verify payments and reduce fraudulent transactions.
- Send order confirmations, receipts, account notices, and service messages.
- Respond to customer enquiries, complaints, and refund requests.
- Maintain business, accounting, tax, and transaction records.
- Protect the Website, users, systems, and business from misuse or unauthorised access.
- Monitor Website performance and improve products, services, and user experience.
- Send marketing communications where legally permitted and consented to where required.
- Enforce our Terms and Conditions and protect legal rights.
- Comply with legal and regulatory obligations.
7. Cookies and Similar Technologies
We use cookies and similar technologies for essential Website operation, shopping-cart management, account login, security, fraud prevention, analytics, preference storage, and, where enabled, marketing.
For more information, including the categories of cookies used and how to manage preferences, please review our Cookie Policy.
8. Sharing and Disclosure of Personal Data
We may share personal data only where necessary and permitted by law with:
- Payment processors and financial service providers.
- Hosting, cloud-storage, security, and technical service providers.
- Email, customer-support, and communication service providers.
- Analytics providers, including Google Analytics where configured.
- Digital product suppliers, fulfilment providers, and licence-delivery partners.
- Fraud-prevention, identity-verification, chargeback, and risk-management providers.
- Professional advisers, including accountants, auditors, insurers, and legal advisers.
- Government authorities, courts, regulators, or law-enforcement bodies where disclosure is legally required.
- A purchaser, investor, successor, or adviser in connection with a merger, restructuring, financing, or sale of all or part of the business.
Service providers are expected to process personal data only for authorised purposes and to apply appropriate confidentiality and security safeguards.
9. International Transfers
Some service providers may process or store personal data outside Kenya.
Where personal data is transferred outside Kenya, we will take reasonable steps to ensure that the transfer complies with applicable Kenyan data-protection law and that appropriate safeguards are used. These safeguards may include contractual protections, consent where legally appropriate, proof of adequate protection, or other lawful transfer mechanisms.
10. Data Security
We use reasonable technical and organisational measures designed to protect personal data against accidental loss, unlawful destruction, alteration, unauthorised disclosure, misuse, or access.
Measures may include encrypted connections, restricted access, access controls, security monitoring, backups, software updates, anti-fraud checks, and contractual confidentiality obligations.
No internet transmission or electronic storage system is completely secure. We therefore cannot guarantee absolute security.
11. Personal Data Breaches
If a personal data breach occurs, we will investigate and take reasonable steps to contain and address it.
Where required by Kenyan law, we will notify the Office of the Data Protection Commissioner and affected data subjects within the applicable legal timeframes.
12. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including legal, accounting, tax, security, fraud-prevention, and dispute-resolution purposes.
Typical retention considerations include:
- Order and invoice records: retained for the period required by applicable tax, accounting, payment, and legal obligations.
- Customer account data: retained while an account remains active and for a reasonable period afterward where needed for legal or operational purposes.
- Support and complaint records: retained for as long as necessary to resolve enquiries, disputes, and legal claims.
- Marketing consent records: retained until withdrawal and afterward where necessary to demonstrate compliance.
- Security and technical logs: retained for a limited period based on security, fraud-prevention, and troubleshooting needs.
- Cookie preferences: retained according to the relevant cookie duration and consent-management configuration.
After the applicable retention period, personal data will be deleted, anonymised, or securely isolated unless further retention is required by law.
Encrypted backup copies may remain temporarily until overwritten through the normal backup cycle.
13. Your Rights
Subject to the Data Protection Act, 2019 and applicable limitations, you may have the right to:
- Be informed about how your personal data is used.
- Request access to personal data held about you.
- Object to the processing of all or part of your personal data.
- Request correction of inaccurate, incomplete, false, or misleading data.
- Request deletion of personal data where legally applicable.
- Request restriction of processing in applicable circumstances.
- Request data portability where applicable.
- Withdraw consent where processing is based on consent.
- Object to direct marketing.
- Lodge a complaint with the Office of the Data Protection Commissioner of Kenya.
These rights are not absolute and may be limited by applicable law, contractual necessity, fraud-prevention requirements, legal obligations, or the rights of other persons.
14. Exercising Your Rights
To exercise a privacy right, contact us at:
Please describe your request clearly. We may ask for information reasonably necessary to verify your identity and prevent unauthorised disclosure.
We will respond within the timeframe required by applicable law. Where a request cannot be fulfilled, we will explain the reason where legally required.
15. Marketing Communications
We may send marketing communications only where legally permitted. Where consent is required, marketing messages will be sent only after consent has been obtained.
You may unsubscribe through the link included in a marketing message or by contacting us. Service communications relating to an account, order, security issue, or legal notice are not marketing communications and may still be sent where necessary.
16. Automated Decision-Making and Fraud Prevention
Payment processors and fraud-prevention providers may use automated tools to assess transaction risk, detect suspicious activity, or prevent fraud.
Such assessments may consider transaction details, IP address, device information, location indicators, payment history, and related risk signals. A transaction may be delayed, declined, or referred for manual review where suspicious activity is detected.
17. Children's Privacy
The Website and its commercial services are not intended for persons under the age of 18.
We do not knowingly collect personal data from a child without any consent or authorisation required by applicable law. If you believe that a child has provided personal data to us improperly, contact us so that we can investigate and take appropriate action.
18. Third-Party Links
The Website may contain links to third-party websites or services. We do not control those third parties and are not responsible for their privacy practices. Users should review the privacy notice of each external service they visit.
19. Complaints
If you have a privacy concern, please contact us first using the details below so that we can attempt to resolve it.
You also have the right to lodge a complaint with the:
Office of the Data Protection Commissioner (ODPC)
Kenya
20. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in law, technology, service providers, business operations, or the way we process personal data.
The revised version will be posted on this page and the “Last updated” date will be changed. Where required, we may provide additional notice of material changes.
21. Contact Details
SHOPVISTA LABS LIMITED
Company Number: PVT-7LUXXD6X
The Oval Building, Ring Road Parklands
Westlands District
P.O. Box 1644, Sarit Centre
Nairobi, Kenya
Website: https://zaynvero.com/
Email: info@zaynvero.com
Telephone: +254 721 458 458