Privacy Policy | Zaynvero

Privacy Policy

Last updated: 14 July 2026

SHOPVISTA LABS LIMITED, trading through Zaynvero (“Zaynvero”, “we”, “us”, or “our”), operates the website https://zaynvero.com/ (the “Website”).

This Privacy Policy explains how we collect, use, store, disclose, transfer, and protect personal data when you visit the Website, create an account, place an order, contact us, or otherwise use our services.

We process personal data in accordance with applicable Kenyan law, including the Data Protection Act, 2019 and the Data Protection (General) Regulations, 2021.


1. Data Controller

The data controller responsible for personal data processed through the Website is:

SHOPVISTA LABS LIMITED
Company Number: PVT-7LUXXD6X
The Oval Building, Ring Road Parklands
Westlands District
P.O. Box 1644, Sarit Centre
Nairobi, Kenya

Website: https://zaynvero.com/
Email: shopvistalabsltd@gmail.com
Telephone: +254 721 458 458


2. Personal Data We Collect

Depending on how you use the Website, we may collect the following categories of personal data:

Data Category Examples Purpose
Identity Data First name, last name, username, and account identifier Account creation, customer identification, order processing, and fraud prevention
Contact Data Email address, telephone number, billing address, and postal address Order communication, billing, invoicing, customer support, and legal notices
Transaction Data Products purchased, order value, currency, payment status, refunds, and transaction references Processing orders, issuing refunds, maintaining financial records, and preventing fraud
Account Data Login details, saved preferences, account history, and support history Managing accounts, maintaining security, and providing support
Technical Data IP address, browser type, operating system, device type, time zone, and log data Security, fraud prevention, troubleshooting, analytics, and Website improvement
Usage Data Pages visited, links selected, session duration, referrals, and Website interactions Analytics, performance measurement, and user-experience improvement
Communication Data Messages, complaints, enquiries, reviews, and correspondence Customer service, dispute resolution, and record keeping
Marketing Data Marketing preferences and consent records Sending permitted marketing communications and recording consent or withdrawal
Cookie Data Cookie identifiers, consent choices, and analytics identifiers Website operation, preference management, analytics, and security

We may also create aggregated or anonymised data that does not directly identify an individual.


3. How We Collect Personal Data

We may collect personal data:

  • Directly from you when you create an account, place an order, complete a form, contact us, or submit a complaint.
  • Automatically through cookies, server logs, analytics tools, and security technologies.
  • From payment processors, fraud-prevention providers, hosting providers, delivery partners, and other service providers involved in fulfilling your order.
  • From publicly available sources where permitted by law.

4. Payment Information

We do not intentionally collect or store complete payment-card numbers, CVV codes, or full card credentials on our Website servers.

Payments are processed by independent third-party payment service providers. Payment details are entered into the payment provider’s secure environment and are handled according to that provider’s privacy and security practices.

We may receive limited payment-related information, including transaction status, payment method type, currency, payment reference, card brand, and limited masked card information where provided by the payment processor.

3D Secure

Card payments may be subject to 3D Secure authentication where supported or required by the payment provider, card network, card issuer, or applicable rules.


5. Purposes and Lawful Bases for Processing

We process personal data only where a lawful basis applies. Depending on the circumstances, the basis may include:

5.1 Performance of a Contract

We process personal data to create and manage accounts, process orders, deliver digital products, issue invoices, communicate about purchases, provide support, and handle refunds or disputes.

5.2 Consent

We may rely on consent for optional marketing communications, non-essential cookies, or other activities where consent is required. You may withdraw consent at any time without affecting processing carried out before withdrawal.

5.3 Legal Obligations

We may process or retain personal data to comply with tax, accounting, anti-fraud, consumer-protection, data-protection, regulatory, court, and law-enforcement obligations.

5.4 Legitimate Interests

Where permitted by law, we may process data for legitimate business interests, including Website security, prevention of fraud, protection of legal rights, service improvement, administration, and network security, provided those interests do not unfairly override your rights.


6. How We Use Personal Data

We may use personal data to:

  • Register and manage customer accounts.
  • Process purchases and provide digital products or licence information.
  • Verify payments and reduce fraudulent transactions.
  • Send order confirmations, receipts, account notices, and service messages.
  • Respond to customer enquiries, complaints, and refund requests.
  • Maintain business, accounting, tax, and transaction records.
  • Protect the Website, users, systems, and business from misuse or unauthorised access.
  • Monitor Website performance and improve products, services, and user experience.
  • Send marketing communications where legally permitted and consented to where required.
  • Enforce our Terms and Conditions and protect legal rights.
  • Comply with legal and regulatory obligations.

7. Cookies and Similar Technologies

We use cookies and similar technologies for essential Website operation, shopping-cart management, account login, security, fraud prevention, analytics, preference storage, and, where enabled, marketing.

For more information, including the categories of cookies used and how to manage preferences, please review our Cookie Policy.


8. Sharing and Disclosure of Personal Data

We may share personal data only where necessary and permitted by law with:

  • Payment processors and financial service providers.
  • Hosting, cloud-storage, security, and technical service providers.
  • Email, customer-support, and communication service providers.
  • Analytics providers, including Google Analytics where configured.
  • Digital product suppliers, fulfilment providers, and licence-delivery partners.
  • Fraud-prevention, identity-verification, chargeback, and risk-management providers.
  • Professional advisers, including accountants, auditors, insurers, and legal advisers.
  • Government authorities, courts, regulators, or law-enforcement bodies where disclosure is legally required.
  • A purchaser, investor, successor, or adviser in connection with a merger, restructuring, financing, or sale of all or part of the business.

Service providers are expected to process personal data only for authorised purposes and to apply appropriate confidentiality and security safeguards.


9. International Transfers

Some service providers may process or store personal data outside Kenya.

Where personal data is transferred outside Kenya, we will take reasonable steps to ensure that the transfer complies with applicable Kenyan data-protection law and that appropriate safeguards are used. These safeguards may include contractual protections, consent where legally appropriate, proof of adequate protection, or other lawful transfer mechanisms.


10. Data Security

We use reasonable technical and organisational measures designed to protect personal data against accidental loss, unlawful destruction, alteration, unauthorised disclosure, misuse, or access.

Measures may include encrypted connections, restricted access, access controls, security monitoring, backups, software updates, anti-fraud checks, and contractual confidentiality obligations.

No internet transmission or electronic storage system is completely secure. We therefore cannot guarantee absolute security.


11. Personal Data Breaches

If a personal data breach occurs, we will investigate and take reasonable steps to contain and address it.

Where required by Kenyan law, we will notify the Office of the Data Protection Commissioner and affected data subjects within the applicable legal timeframes.


12. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including legal, accounting, tax, security, fraud-prevention, and dispute-resolution purposes.

Typical retention considerations include:

  • Order and invoice records: retained for the period required by applicable tax, accounting, payment, and legal obligations.
  • Customer account data: retained while an account remains active and for a reasonable period afterward where needed for legal or operational purposes.
  • Support and complaint records: retained for as long as necessary to resolve enquiries, disputes, and legal claims.
  • Marketing consent records: retained until withdrawal and afterward where necessary to demonstrate compliance.
  • Security and technical logs: retained for a limited period based on security, fraud-prevention, and troubleshooting needs.
  • Cookie preferences: retained according to the relevant cookie duration and consent-management configuration.

After the applicable retention period, personal data will be deleted, anonymised, or securely isolated unless further retention is required by law.

Encrypted backup copies may remain temporarily until overwritten through the normal backup cycle.


13. Your Rights

Subject to the Data Protection Act, 2019 and applicable limitations, you may have the right to:

  • Be informed about how your personal data is used.
  • Request access to personal data held about you.
  • Object to the processing of all or part of your personal data.
  • Request correction of inaccurate, incomplete, false, or misleading data.
  • Request deletion of personal data where legally applicable.
  • Request restriction of processing in applicable circumstances.
  • Request data portability where applicable.
  • Withdraw consent where processing is based on consent.
  • Object to direct marketing.
  • Lodge a complaint with the Office of the Data Protection Commissioner of Kenya.

These rights are not absolute and may be limited by applicable law, contractual necessity, fraud-prevention requirements, legal obligations, or the rights of other persons.


14. Exercising Your Rights

To exercise a privacy right, contact us at:

shopvistalabsltd@gmail.com

Please describe your request clearly. We may ask for information reasonably necessary to verify your identity and prevent unauthorised disclosure.

We will respond within the timeframe required by applicable law. Where a request cannot be fulfilled, we will explain the reason where legally required.


15. Marketing Communications

We may send marketing communications only where legally permitted. Where consent is required, marketing messages will be sent only after consent has been obtained.

You may unsubscribe through the link included in a marketing message or by contacting us. Service communications relating to an account, order, security issue, or legal notice are not marketing communications and may still be sent where necessary.


16. Automated Decision-Making and Fraud Prevention

Payment processors and fraud-prevention providers may use automated tools to assess transaction risk, detect suspicious activity, or prevent fraud.

Such assessments may consider transaction details, IP address, device information, location indicators, payment history, and related risk signals. A transaction may be delayed, declined, or referred for manual review where suspicious activity is detected.


17. Children's Privacy

The Website and its commercial services are not intended for persons under the age of 18.

We do not knowingly collect personal data from a child without any consent or authorisation required by applicable law. If you believe that a child has provided personal data to us improperly, contact us so that we can investigate and take appropriate action.


18. Third-Party Links

The Website may contain links to third-party websites or services. We do not control those third parties and are not responsible for their privacy practices. Users should review the privacy notice of each external service they visit.


19. Complaints

If you have a privacy concern, please contact us first using the details below so that we can attempt to resolve it.

You also have the right to lodge a complaint with the:

Office of the Data Protection Commissioner (ODPC)
Kenya


20. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in law, technology, service providers, business operations, or the way we process personal data.

The revised version will be posted on this page and the “Last updated” date will be changed. Where required, we may provide additional notice of material changes.


21. Contact Details

SHOPVISTA LABS LIMITED
Company Number: PVT-7LUXXD6X
The Oval Building, Ring Road Parklands
Westlands District
P.O. Box 1644, Sarit Centre
Nairobi, Kenya

Website: https://zaynvero.com/
Email: info@zaynvero.com
Telephone: +254 721 458 458