1. Data Controller

Experix Africa Limited is the Data Controller and is responsible for your Personal Data.

Contact for Privacy Matters:
Email:
privacy@experixafrica.com

We are responsible for determining how and why your Personal Data is processed.

2. The Personal Data We Collect

We collect Personal Data directly from you and automatically when you interact with our Site or services. The data we collect falls into these categories:

• Identity Data: Full name, company name
• Contact Data: Email address, phone number, mailing address
• Transaction Data: Payment details, billing information, service purchase history
• Technical Data: IP address, device type, browser, pages visited, interaction behavior
• Marketing Data: Service preferences, newsletter subscriptions, communication preferences

2.1 Personal Data You Provide

We collect Personal Data when you:

• Request a consultation
• Purchase a service
• Fill in a form
• Subscribe to our communications
• Submit a project brief or inquiry

2.2 Personal Data Collected Automatically

We collect technical information when you visit our Site to understand user behavior and improve the digital experience.

2.3 Payment Data

Payments made through WooCommerce or other processors may include:

• Billing details
• Transaction references
• MPESA confirmation
• Card payment confirmation
• Bank transfer validation

Note: Experix Africa does not store card numbers, CVV codes, or MPESA PINs.

2.4 Children’s Data

Our services are intended for adults aged 18 and above. We do not knowingly collect Personal Data from children under 18. If we become aware that a child has provided Personal Data, we will delete it promptly.

3. Purpose of Processing Your Personal Data

We process your Personal Data to:

• Respond to enquiries and requests
• Schedule and deliver CX services, training, and consultations
• Manage customer relationships
• Process payments and send receipts
• Send service-related updates (mandatory) and marketing communications (optional)
• Improve our website and digital services
• Comply with legal, regulatory, and financial obligations

4. Legal Basis for Processing

We process Personal Data based on:

• Consent – where you opt in for communications or services
• Contractual necessity – to provide requested services
• Legitimate business interests – improving operations and customer experience
• Legal obligations – financial, tax, and regulatory compliance

You may withdraw consent at any time, without affecting lawfully processed data before the withdrawal.

5. Sharing of Personal Data

We do not sell, rent, or trade your Personal Data.

We may share Personal Data with:

• Technology providers (Mailchimp, WooCommerce, Namecheap)
• Payment processors (MPESA, card payment gateways)
• Auditors or professional advisers
• Regulators or law enforcement authorities where required by law

All third parties must comply with appropriate security measures and only process Personal Data on our instructions.

6. Third Party Processors

Our trusted third parties include:

• Mailchimp – CRM and email communication
• WooCommerce – service transactions
• Namecheap – website hosting
• Payment processors – financial transactions

Each processor operates under a data processing agreement in line with the KDPA.

7. Cross-Border Transfers

Some service providers may store or process data outside Kenya (e.g., EU, USA). We ensure:

• Adequate legal safeguards are in place
• Appropriate contractual agreements or your consent are obtained

All transfers comply with the Kenya Data Protection Act, 2019.

8. Cookies and Web Analytics

We use cookies and analytics tools to:

• Maintain Site functionality
• Measure traffic and performance
• Understand user interactions
• Improve user experience

Consent: Non-essential cookies are only placed after your consent. You can manage or disable cookies via your browser, though this may affect functionality.

9. Security of Personal Data

We implement appropriate technical and organizational measures, including:

• SSL encryption
• Secure hosting environments
• Restricted staff access
• Access authentication
• Regular system updates

Only authorized personnel have access to Personal Data.

10. Data Breach Notification

In the event of a personal data breach, Experix Africa will:

• Notify affected data subjects without undue delay
• Report the breach to the ODPC as required under the KDPA
• Take corrective measures to mitigate impact and prevent recurrence

11. Data Retention

Personal Data is retained only as long as necessary for:

• Service delivery
• Legal or financial obligations
• Maintaining active business relationships

When no longer required, Personal Data is securely deleted or anonymized.

12. Your Rights & Data Subject Requests

Under the KDPA, you have the right to:

• Access your Personal Data
• Correct inaccuracies
• Request deletion (Right to be Forgotten)
• Withdraw consent
• Object to processing
• Restrict processing
• Obtain a copy of your data

How to submit a request:

1. Send an email to hello@experixafrica.com
2. Include your full name, the email linked to your data, and the nature of your request
3. Provide any supporting information required to verify your identity

We will respond to valid requests within 14 working days. Requests may be refused if excessive, repetitive, or unverified.

13. Third Party Links

Our Site may link to external websites. We are not responsible for their privacy practices. Please review their privacy notices.

14. Updates to this Notice

We may update this Privacy Notice to reflect changes in:

• Services or products
• Technology or tools
• Legal or regulatory requirements

The most recent version will always be available on our website.