ENZI ELECTRIC MOTOR COMPANY LTD
PRIVACY POLICY
OVERVIEW
- INTRODUCTION
1.1 Enzi Electric Motor Company Ltd is a limited liability company duly registered in the Republic of
Kenya under Certificate of Registration number PVT-PJUY5P73.
1.2 We provide e-mobility solutions to the motorcycle riders community in Kenya through
innovation that responds to their need for higher revenues. We aim to foster lasting
relationships by inspiring and empowering them to run their businesses efficiently, live better
lives and impact their communities positively.
1.3 In order to access our services and products you will be required to provide us with personal
data which includes your name, national identification or passport number, mobile number,
KRA PIN number, address among others as may be requested by our authorized representatives
on a case-to-case basis.
1.4 We recognize the importance of safeguarding the privacy and confidentiality of the personal
data entrusted to us. We have adopted organizational and technical measures to ensure the
safety of the personal data and are registered duly registered with the Office of the Data
Protection Commissioner as a Data Controller and Data Processor. Our registration number is
775-382C-6EEB.
1.5 This Privacy Policy outlines our commitment to protecting personal data in compliance with
relevant laws and regulations. - KEY DEFINITIONS
2.1 The definitions in this clause apply in this Policy.
Applicable Law: means any laws that are applicable to Personal Data and Sensitive Personal
Data in Kenya and includes any statute, regulation, notice, policy, directive, ruling or
subordinate legislation; any binding court order, judgement or ruling; any applicable industry
code, policy or standard enforceable by law; or any applicable direction, policy or order that is
given by any regulator or competent authority in Kenya;
Child: means any natural person under the age of eighteen (18) years;
Consent: means any express, unequivocal, free, specific and informed indication of the Data
Subject’s wishes by a statement or by a clear affirmative action, signifying agreement to the
processing of personal data relating to the Data Subject
Data Breach: means a breach of security leading to the accidental or unlawful destruction,
loss, alteration, unauthorized disclosure of, or access to, Personal Data under the control of or
in the possession of Enzi Electric Motor Company Ltd.
Data Subject: means any identified or identifiable natural person to whom Personal Data
relates;
Direct Marketing: means to approach a person, by electronic communication, for the purpose
of promoting or offering to supply, in the ordinary course of business, any goods or services to
them;
Employee: means any employee of Enzi Electric Motor Company Ltd;
Personal Data: means any information relating to an identified or identifiable natural person;
Policy: means this Data Privacy Policy;
Sensitive Personal Data: means any data revealing the natural person’s race, health status,
ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital
status, family details including names of the person’s children, parents, spouse or spouses, sex
of the data subject;
Services: means the provision of e-mobility solutions and any other services as shall be
determined by Enzi Electric Motor Company Ltd from time to time;
Third Party: means any independent contractor, agent, consultant, sub-contractor or any other
authorized representative of Enzi Electric Motor Company Ltd;
We or Us: means Enzi Electric Motor Company Ltd.
Website: means www.enzimotors.com - PURPOSE AND SCOPE OF THE POLICY
3.1 Purpose:
The purpose of this Policy is to inform you on how we process your Personal Data and Sensitive
Personal Data when you visit our physical offices or website by, inter alia, collecting or collating,
receiving, recording, storing, updating, distributing, erasing or destroying, disclosing and/or
generally using your Personal Data and Sensitive Personal Data.
3.2 Scope:
The scope of our Data Privacy Policy includes, but is not limited to all personal data collected,
processed, stored, or shared by us in the course of our activities, including data related to our
employees, volunteers, and other stakeholders. - APPLICABILITY OF THE POLICY
4.1 This policy is applicable to but not limited to:
(a) our customers;
(b) potential customers;
(c) our employees;
(d) our volunteers
(e) our stakeholders;
(f) our suppliers, contractors, consultants and service providers; and
(g) any other third party interacting with us.
4.2 We shall strive to observe, and comply with our obligations under the Data Protection Act, CAP
411C, laws of Kenya, the regulations under it and this Policy when we process your Personal
Data.
4.3 This Policy applies to Personal Data and Sensitive Personal Data processed by us:
a) when you visit our physical locations or visit our website;
b) when you purchase our products and services;
c) when you inquire about our products and services;
d) through our Direct Marketing campaigns (save for Sensitive Personal Data which is not
collected for this purpose);
e) online through our website, branded pages on Third Party platforms and applications
accessed or used through such websites or Third-Party platforms which are operated by
or on our behalf.
4.4 This Privacy Policy does not apply to the information practices of Third Parties (including,
without limitation, their websites, platforms and/or applications) which we do not own or
control; or individuals that we do not manage or employ. These Third-Parties may have their own
privacy policies and terms and conditions and we encourage you to read them before using
those Third-Party services. - DATA COLLECTION AND PROCESSING
5.1 We will only collect personal data directly from you for specified and lawful purposes, such as:
a) to enable us to render Services to you as per the Terms and conditions of our services;
b) to enable us to pursue the legitimate interest of ensuring that proper communication
takes place between us and yourself;
c) to comply with legal obligations imposed on us;
d) to prevent non-compliance with the terms and conditions of our services and to protect
our reputation;
e) to enable us to analyse and improve our business operations;
f) for safety and security purposes; and
g) for the possible establishment, exercise or defence of legal claims.
5.2 Personal data will be collected directly from you whenever possible, by telephone, text or email
and/or via our website. We will request for your consent where required by law.
5.3 We will collect Personal Data in a fair, lawful and reasonable manner to ensure that your privacy
is protected and will process your Personal Data based on any available lawful grounds in a
manner that does not adversely affect you.
5.4 Should we need to obtain your Personal Data from Third Parties, we will ensure that we obtain
your consent.
5.5 Where we are relying on your Consent as the legal basis for processing Personal Data, you may
withdraw the Consent at any time but such withdrawal shall not affect the lawfulness of any
processing of the Personal Data that had already been lawfully carried out before the
withdrawal of Consent.
5.6 If the Consent is withdrawn or if there is otherwise a justified objection against the use or the
Processing of such Personal Data, we will ensure that your Personal Data is no longer
processed. - NOTIFYING DATA SUBJECTS
6.1 We will inform you of the fact that we are processing your Personal Data and the specific
purpose for which we will be processing such Personal Data, including making you aware of any
Third-Party recipients of the Personal Data (which may also include cross-border transfers of
Personal Data).
6.2 We will not use your Personal Data and Sensitive Personal Data for any purpose other than the
purposes set out under this Policy without your Consent, unless we are permitted or required to
do so by law. - RIGHTS OF DATA SUBJECTS
7.1 You shall have the following rights:
a) to be informed of the use of your Personal Data;
b) to access your Personal Data which is in our custody;
c) to request for and receive a copy of the Personal Data we hold about you
d) to have any false or misleading Personal Data corrected or deleted;
e) not to be subject to a decision based solely on automated processing which will
significantly affect you;
f) to object to the processing of all or part of your Personal Data;
g) to withdraw your consent at any time;
h) to lodge a complaint with the relevant authority, if you are concerned about the way in
which we are handling your Personal Data.
7.2 You will not usually need to pay a fee to exercise any of the above rights. However, we may
charge a reasonable fee if your request is clearly unfounded or excessive.
7.3 You may exercise any of the above-mentioned rights by submitting a request to us in writing
either by email at the following email address: info@enzimotors.com or by post under the
following address: P.O. Box 62724 City Square, Nairobi in the Republic of Kenya. - SPECIAL PROVISIONS FOR THE PROCESSING OF SENSITIVE PERSONAL DATA AND PERSONAL DATA OF CHILDREN
8.1 We acknowledge that we will generally not process your Sensitive Personal Data unless –
a) processing is carried out in accordance with your Consent;
b) processing is necessary for the establishment, exercise or defence of a legal claim;
c) processing is necessary for purposes of carrying out the obligations and exercising
specific rights of Enzi Electric Motor Company Ltd or yourself;
d) the Sensitive Personal Data has been made public by yourself; or
e) processing is necessary for protecting your vital interests or those of another person.
8.2 We acknowledge that we may not process any Personal Data or Sensitive Personal Data
concerning a Child and will only do so where we have obtained the Consent of the parent or
guardian of that Child and subject to processing procedures that advance the rights and best
interests of the Child. - DATA SHARING AND DISCLOSURE
We will only share personal data with third parties when necessary for the fulfillment of the
purposes for which it was collected, and will ensure that appropriate data sharing agreements
are in place to protect data privacy. - DATA ACCESS AND SECURITY
10.1 Access to your personal data will be restricted to authorized individuals who require access to
perform their duties, and access controls will be implemented to prevent unauthorized access.
10.2 Personal data will be stored securely, physical and electronic form, and appropriate measures
will be taken to prevent data breaches. - RETENTION OF PERSONAL DATA
11.1 We may keep records of the Personal Data we have collected, correspondence, or comments in
electronic or hardcopy format.
11.2 We shall not retain your personal information for a period longer than is necessary to achieve
the purpose for which it was collected or processed. We will delete or destroy (in such a way
that it cannot be reconstructed) or de-identify the information provided to us as soon as is
reasonably practicable once the purpose has been achieved, no longer applies or becomes
obsolete. This prohibition will not apply where the retention of the record for a longer period
than that stated above –
a) is required or authorized by law;
b) is reasonably necessary for a lawful purpose; or
c) is authorized or consented to by yourself.
11.3 Accordingly, we will, subject to the exceptions noted herein, retain your Personal Data for as
long as necessary to fulfill the purposes for which that Personal Data was collected and/or as
permitted or required by Applicable Law.
11.4 In instances where we de-identify your Personal Data, we may use such de-identified
information indefinitely without further notice to you. - FAILURE TO PROVIDE PERSONAL DATA
12.1 Should we need to collect your Personal Data by law or to enable the delivery of the Services,
and you fail to provide the Personal Data when requested, we may be unable to deliver the
Services to you.
12.2 In such a case, we may have to decline to provide relevant Services or receive any services as
the case may be, and you will be notified where this is the case. - SAFEKEEPING, SECURITY AND ACCESS OF PERSONAL DATA
13.1 We shall preserve the security of your Personal Data and, in particular, prevent its alteration,
loss and damage, or access by non-authorized third parties.
13.2 We will ensure the security and integrity of your Personal Data in our possession or under our
control with appropriate, reasonable technical and organizational measures to prevent loss,
unlawful access and unauthorized destruction thereof.
13.3 We have implemented physical, organizational, contractual and technical security measures
(having regard to generally accepted information security practices or industry specific
requirements or professional rules) to keep all your Personal Data, including:
a) implementing an access control restriction process for various systems to ensure
individuals only have access to the data that they are authorized to access on a need-to-
know basis;
b) password policy implementation including two-factor authentication;
c) embracing modern technologies by reliable Third Parties that have in place stringent
data security measures; and
d) conducting regular preventive maintenance of our devices including security checks to
confirm no unauthorized software is installed on our devices.
13.4 Furthermore, we maintain and regularly verify that the security measures are effective and
regularly update the same in response to new risks. - BREACH OF PERSONAL DATA
14.1 A Data Breach may happen for many reasons, which include:
a) loss or theft of data or equipment on which your Personal Data or Sensitive Personal
Data is stored;
b) inappropriate access controls allowing unauthorized use;
c) equipment failure;
d) human error;
e) unforeseen circumstances, such as a fire or flood;
f) deliberate attacks on systems, such as hacking, viruses or phishing scams;
g) alteration of your Personal Data or Sensitive Personal Data without permission; and
h) loss of availability of your Personal Data or Sensitive Personal Data.
14.2 We will address any Data Breach in accordance with the terms of the Data Protection Act and
the regulations under it.
14.3 We will notify (in writing) the Office of the Data Protection Commissioner and yourself within
seventy-two (72) hours of becoming aware of a Data Breach in respect of your Personal Data
(unless the Applicable Law requires that we delay notifying you). - KEEPING PERSONAL DATA ACCURATE
15.1 We will take reasonably practicable steps to ensure that your Personal Data and Sensitive
Personal Data is complete, accurate, not misleading and up to date (having regard to the
purpose for which Personal Data is collected or further processed).
15.2 Accordingly, we will take reasonable steps to ensure that all Personal Data and Sensitive
Personal Data is kept as accurate, complete and up-to-date as reasonably possible.
15.3 We may from time to time send automated prompts to you requiring that you confirm that the
Personal Data and/or Sensitive Personal Data in our possession is accurate and up to date.
15.4 You must, however, notify us from time to time in writing of any updates required in respect of
your Personal Data and/or Sensitive Personal Data. Such notifications should be submitted to
us in writing either by email at the following email address: info@enzimotors.com or by post
under the following address: P.O. Box 62724 City Square, Nairobi, Kenya. - COMPLAINTS PROCEDURE
16.1 You have the right to complain in instances where any of your rights have been infringed. We
shall take all complaints very seriously and will address all such complaints in accordance with
the following procedure –
a) Complaints must be submitted to us in writing either by email at the following email
address: info@enzimotors.com or by post under the following address: P.O. Box 62724
City Square, Nairobi, Kenya.
b) Our response to you may comprise any of the following –
i. a suggested remedy for the complaint;
ii. a dismissal of the complaint and the reasons as to why it was dismissed; and/or
iii. an apology (if applicable) and any action proposed to be taken.
16.2 If you are not satisfied with the suggested remedies, you have the right to complain to the Office of the Data Protection Commissioner. - INTERNATIONAL DATA TRANSFERS
Your Personal Data may be processed outside of Kenya. We will not transfer your Personal Data
or Sensitive Personal Data outside of Kenya without ensuring that appropriate safeguards are in
place to protect your data privacy and security in compliance with the Data Protection Act. - TRAINING AND AWARENESS
We have trained and are providing continuous awareness programs to our employees and
volunteers on data protection principles, their responsibilities under this policy, and how to
handle Personal Data or Sensitive Personal Data securely. - COMPLIANCE AND REVIEW
We commit to comply with all relevant data protection laws and regulations governing the
collection, storage, and processing of your personal data. In the event of any legal obligation to
disclose information, we will do so only to the extent mandated by law and will notify you, if
permissible. Compliance with this policy will be monitored regularly, and periodic reviews will
be conducted to ensure its effectiveness and continued compliance with applicable laws and
regulations. - CHANGES TO THIS POLICY
20.1 We reserve the right to make amendments to this Policy from time to time and will use
reasonable efforts to notify you of such amendments.
20.2 The current version of this Policy will govern the respective rights and obligations between you
and Enzi Electric Motor Company Ltd.
Thank you for visiting www.enzimotors.com
This Privacy Policy is subject to change by www.enzimotors.com at any time and at our discretion without notice by updating this posting.