Privacy Policy

Last Updated: May 2025
Effective Date: May 2025

1. Introduction

Kutumia Online Store we respects your privacy and is committed to complying with Uganda’s Data Protection and Privacy Act, 2019. This policy explains how we collect, process, store, and protect your personal data when you use our website kutumia.store or services.

By accessing our platform, you consent to this Privacy Policy. If you disagree, please discontinue use immediately.

2. Definitions

  • “Personal Data”: Any information relating to an identified or identifiable natural person (Section 2, DPPA 2019).
  • “Data Subject”: You, the individual whose data we process.
  • “Processing”: Any operation performed on personal data (collection, storage, use, etc.).

3. Lawful Basis for Processing (Section 27, DPPA 2019)

We process your data only when:
βœ” You consent (e.g., for marketing emails).
βœ” Necessary for contract fulfillment (e.g., processing orders).
βœ” Required by law (e.g., tax compliance).
βœ” For legitimate interests (e.g., fraud prevention), balanced against your rights.

4. Data We Collect

A. Personal Data (Section 4, DPPA 2019)

  • Identity Data: Name, date of birth, national ID/passport (for KYC checks).
  • Contact Data: Email, phone number, physical address.
  • Financial Data: Mobile Money (MTN/Airtel), card details (encrypted).
  • Transaction Data: Order history, payments, returns.

B. Automated Data

  • Cookies: Essential (e.g., login sessions) and analytics cookies (opt-out available).
  • Device Data: IP address, browser type, location (for fraud prevention).

5. How We Use Your Data

PurposeLegal Basis (DPPA 2019)
Order processing & deliveryContractual necessity
Customer supportLegitimate interest
Fraud preventionLegal obligation
Marketing (with consent)Explicit consent (Section 28)

6. Data Sharing & Transfers

A. Third Parties (Section 12, DPPA 2019)

We share data only with:

  • Vendors: For order fulfillment.
  • Payment Processors: Mobile Money providers, banks (PCI-DSS compliant).
  • Logistics Partners: Delivery services.
  • Regulators: If required by Ugandan law.

B. Cross-Border Transfers (Section 48)

If data leaves Uganda, we ensure:
βœ” Recipient countries have adequate protection laws.
βœ” Standard Contractual Clauses are in place.

7. Your Rights (Sections 34–43, DPPA 2019)

You have the right to:

  1. Access your personal data.
  2. Correct inaccurate information.
  3. Delete data (“Right to Erasure”).
  4. Restrict processing under certain conditions.
  5. Object to direct marketing.
  6. Data portability (request a copy in machine-readable format).

To exercise these rights, email dpo@kutumia.store with proof of identity.

8. Data Security (Section 24, DPPA 2019)

We implement:

  • Encryption (SSL/TLS) for data in transit.
  • Access controls (role-based permissions).
  • Regular audits to prevent breaches.
  • Staff training on data protection.

9. Data Retention

We retain data only as long as necessary:

  • Orders: 5 years (for tax compliance under Ugandan law).
  • Marketing data: Until consent is withdrawn.

10. Children’s Privacy (Section 29)

We do not knowingly collect data from children under 16 without parental consent.

11. Updates & Complaints

  • Policy Changes: Posted on our website with a new “Last Updated” date.
  • Complaints: Contact our Data Protection Officer (DPO) at dpo@kutumia.store. If unresolved, you may lodge a complaint with the Uganda Personal Data Protection Office.

Cookie Policy

We use necessary cookies to:
β€’ Remember your login
β€’ Save shopping cart items
β€’ Analyze site traffic

12. Contact Us

Data Controller: Kutumia Online Store
Emailinfo@kutumia.store
Physical Address: Lungujja, Kitunzi, Kampala, Uganda
Phone: +256750346386

Scroll to Top