Effective date: 1st June, 2025

1. Data Controller

The data controller responsible for your personal data is:

DUKAMNETI ONLINE SHOPS
Business Name: BN-RPC2MXMX
Republic of Kenya
Email: support@dukamneti.co.ke

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our services and the choices you have associated with that data. Unless otherwise defined in this Privacy Policy, terms used have the same meanings as in our Terms and Conditions.

2. Data We Collect

We collect the following categories of personal data:

Account Data

When you register, we collect:

  • Email address
  • First name and last name
  • Username

Lawful basis: Performance of a contract — necessary to create and manage your account and provide subscription access.

Payment Data

When you subscribe, payment transactions are processed by our payment providers (PayPal, M-Pesa/Safaricom). We do not store your full card details. We retain records of transaction IDs, subscription status, and payment amounts.

Lawful basis: Performance of a contract; legal obligation (financial record-keeping).

Usage Data

We automatically collect information about how you use our website, including:

  • IP address
  • Browser type and version
  • Pages visited and time spent
  • Device type and unique device identifiers
  • Referring URLs

Lawful basis: Legitimate interests — to maintain, improve, and secure the website.

Push Notification Subscriptions

If you opt in to browser push notifications, we store your browser's push subscription token (endpoint URL and encryption keys) to deliver match alerts and tip updates. No personally identifiable information is contained in the token itself.

Lawful basis: Consent — you explicitly enable notifications via the opt-in prompt. You can withdraw consent at any time by disabling notifications in your browser settings.

Cookies and Tracking Data

We use the following types of cookies:

  • Strictly necessary cookies — Django session and CSRF tokens required for the website to function. No consent required.
  • Analytics cookies — Google Analytics 4 (GA4) to understand how visitors use the website. Data is pseudonymised.
  • Social/marketing cookies — Facebook SDK, used for social login and audience engagement.

You can configure your browser to refuse all cookies. Disabling strictly necessary cookies will prevent you from logging in or using subscription features.

Lawful basis: Strictly necessary cookies — legitimate interests. Analytics and marketing cookies — consent (where required by applicable law).

3. How We Use Your Data

PurposeData usedLawful basis
Provide and maintain the websiteAccount, UsageContract performance
Process subscription paymentsAccount, PaymentContract performance
Send match alerts and tip updatesPush subscription, EmailConsent
Customer supportAccount, correspondenceContract performance / Legitimate interests
Improve our servicesUsage, AnalyticsLegitimate interests
Fraud prevention and securityUsage, AccountLegitimate interests / Legal obligation
Comply with legal obligationsAccount, PaymentLegal obligation

4. Data Retention

  • Account data: Retained for the duration of your account. Deleted within 30 days of a verified deletion request, subject to legal obligations.
  • Payment records: Retained for 7 years to comply with financial and tax record-keeping obligations.
  • Usage / analytics data: Retained for up to 26 months in Google Analytics (pseudonymised). Server logs retained for up to 90 days.
  • Push notification tokens: Retained until you unsubscribe or the token expires. Invalid tokens are deleted automatically.

5. Third-Party Service Providers

We share data with the following processors, who are contractually bound to use it only for the purposes we specify:

  • Google LLC — Google Analytics 4 (usage analytics), Google Sign-In. Privacy Policy
  • Meta Platforms, Inc. — Facebook SDK (social login, audience engagement). Privacy Policy
  • PayPal Holdings, Inc. — Payment processing for subscriptions. Privacy Policy
  • Safaricom PLC (M-Pesa) — Mobile payment processing. Privacy Policy
  • Mailgun Technologies, Inc. — Transactional email delivery. Privacy Policy
  • Amazon Web Services, Inc. (AWS) — Cloud hosting, file storage (S3), and CDN (CloudFront). Data may be stored in the EU (Frankfurt region). Privacy Policy
  • Google Firebase / FCM — Push notification delivery for Android and web browsers. Privacy Policy
  • Apple Inc. — Push notification delivery for Safari/iOS users. Privacy Policy

6. International Data Transfers

Your data may be transferred to and processed in countries outside your own, including the United States, where data protection laws may differ from those in your country. Where we transfer data from the European Economic Area (EEA) or the United Kingdom to third countries, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), or we transfer to countries with an adequacy decision.

AWS stores data in the EU (eu-central-1, Frankfurt) where possible. For further information on the safeguards in place, contact us at support@dukamneti.co.ke.

7. Disclosure of Data

We may disclose your Personal Data where required to:

  • Comply with a legal obligation or court order
  • Protect and defend the rights or property of Dukamneti Sports
  • Prevent or investigate fraud or wrongdoing
  • Protect the personal safety of users or the public
  • Protect against legal liability

We do not sell your personal data to third parties.

8. Security of Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including HTTPS encryption, access controls, and regular security reviews. However, no method of internet transmission or electronic storage is 100% secure.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any of them, email support@dukamneti.co.ke or use our contact form. We will respond within 30 days.

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of your personal data where there is no legitimate reason for us to continue processing it.
  • Right to restriction — Request that we restrict processing of your data in certain circumstances.
  • Right to data portability — Request a machine-readable copy of the personal data you provided to us.
  • Right to object — Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent (e.g. push notifications), you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — You have the right to complain to a data protection supervisory authority in your country of residence. EU users may contact their national DPA (list at edpb.europa.eu). UK users may contact the ICO at ico.org.uk.

10. Links To Other Sites

Our website may contain links to third-party sites. We have no control over and assume no responsibility for the content or privacy practices of those sites. We encourage you to review the privacy policy of every site you visit.

11. Children's Privacy

Dukamneti Sports does not address anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes To This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or a prominent notice on our website at least 14 days before they take effect, and will update the effective date at the top of this page. Continued use of the website after the effective date constitutes acceptance of the updated policy.