Privacy Policy
Cynop Engineering Solutions Limited Website: shop.cynopengineering.com Email: info@cynopengineering.com Phone: +254 729 030 947 | +254 795 424 045
Effective Date: 25 April 2026 Last Updated: 25 April 2026
1. Introduction
Cynop Engineering Solutions Limited ("Cynop", "we", "us", or "our") is committed to protecting the privacy and personal data of every person who visits, registers on, or transacts through our online store at shop.cynopengineering.com (the "Website").
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over your information. It applies to all users of our Website, including customers, registered account holders, and visitors.
This policy is issued in compliance with the Data Protection Act, 2019 (Kenya) and the regulations and guidelines issued by the Office of the Data Protection Commissioner (ODPC). By using our Website, you consent to the practices described in this policy.
2. Who Is the Data Controller?
The data controller responsible for your personal information is:
Cynop Engineering Solutions Limited Nairobi, Kenya 📧 info@cynopengineering.com 📞 +254 729 030 947 | +254 795 424 045
If you have any questions about how your data is handled, please contact us using the details above.
3. What Personal Data We Collect
We collect personal data that you provide to us directly, as well as data generated automatically when you use our Website.
3.1 Data You Provide to Us
Category | Examples |
|---|---|
Identity Data | Full name, username or display name |
Contact Data | Email address, phone number, physical or delivery address |
Account Data | Username, password (hashed), account preferences |
Transaction Data | Products purchased, order history, payment amounts, invoices |
Payment Data | M-Pesa transaction reference, card type (last 4 digits only — full card details are not stored by us) |
Communication Data | Messages sent to us via email, phone, or contact form; support requests |
Service Data | Site address or premises details provided for installation or technical services |
3.2 Data Collected Automatically
When you visit our Website, we may automatically collect:
Usage Data — pages visited, time spent, links clicked, referral source
Technical Data — IP address, browser type and version, device type, operating system
Cookie Data — session identifiers, preferences, and analytics markers (see Section 9)
3.3 Data from Third Parties
We may receive limited personal data from:
Payment processors (e.g., M-Pesa/Safaricom, card payment gateways) confirming transaction status
Courier and logistics partners confirming delivery details
Analytics providers (e.g., Google Analytics) providing aggregated usage insights
4. How We Use Your Personal Data
We use your personal data only for legitimate purposes and on lawful bases as defined under the Data Protection Act, 2019. The table below outlines our key uses:
Purpose | Legal Basis |
|---|---|
Processing and fulfilling your orders | Performance of a contract |
Creating and managing your account | Performance of a contract |
Processing payments and preventing fraud | Performance of a contract / Legitimate interests |
Sending order confirmations, receipts, and shipping updates | Performance of a contract |
Providing installation and after-sales services | Performance of a contract |
Responding to enquiries, complaints, and support requests | Legitimate interests / Legal obligation |
Sending promotional emails, offers, and newsletters (opt-in only) | Consent |
Improving our Website, products, and services | Legitimate interests |
Complying with legal and regulatory obligations | Legal obligation |
Detecting and preventing fraudulent or unlawful activity | Legitimate interests / Legal obligation |
We will never use your personal data for purposes that are incompatible with those listed above without first informing you and, where required, obtaining your consent.
5. Marketing Communications
We will only send you marketing emails, SMS messages, or promotional notifications if you have opted in to receive them at the time of account creation, checkout, or through our newsletter subscription.
You may opt out at any time by:
Clicking the "Unsubscribe" link in any marketing email.
Contacting us directly at info@cynopengineering.com , sales@cynopengineering.com.
Updating your communication preferences in your account settings.
Opting out of marketing communications will not affect transactional messages related to your orders or account.
6. Sharing Your Personal Data
We do not sell, rent, or trade your personal data. We may share your data with trusted third parties only where necessary and under strict confidentiality obligations, including:
6.1 Service Providers
Party | Purpose |
|---|---|
Payment processors (e.g., Safaricom M-Pesa, card gateways) | Processing payments securely |
Courier and logistics companies | Delivering your orders nationwide |
Email and SMS service providers | Sending order updates and communications |
IT and hosting providers | Operating and maintaining our Website |
Installation and technical subcontractors | Providing on-site engineering services (where applicable) |
6.2 Legal and Regulatory Disclosure
We may disclose your personal data if required to do so by:
Kenyan law, court order, or lawful authority (e.g., Communications Authority, Kenya Revenue Authority, or law enforcement agencies)
A legal process to which we are a party
6.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
Data Type | Retention Period |
|---|---|
Account and identity data | Duration of account + 3 years after closure |
Transaction and order data | 7 years (Kenya tax and financial records obligations) |
Communication records | 3 years |
Marketing preferences | Until opt-out or account deletion |
Technical and usage data (cookies/logs) | Up to 12 months |
When personal data is no longer needed, we securely delete or anonymise it.
8. Data Security
We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include:
Encrypted data transmission using HTTPS/SSL protocols
Secure, access-controlled database systems
Hashed (not plain-text) storage of passwords
Payment data handled by PCI-DSS compliant third-party processors
Regular security reviews of our systems and processes
Restricted access to personal data on a need-to-know basis
Despite these measures, no transmission over the internet or electronic storage system is completely secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ODPC and affected individuals as required by the Data Protection Act, 2019.
9. Cookies and Tracking Technologies
9.1 What Are Cookies?
Cookies are small text files placed on your device by our Website. They help us deliver a better user experience, remember your preferences, and understand how the Website is used.
9.2 Types of Cookies We Use
Cookie Type | Purpose |
|---|---|
Essential Cookies | Enable core site functions (login sessions, shopping cart, checkout) — cannot be disabled |
Preference Cookies | Remember your language, region, and display preferences |
Analytics Cookies | Track Website usage to help us improve performance and user experience (e.g., Google Analytics) |
Marketing Cookies | Used to show relevant promotions — only with your consent |
9.3 Managing Cookies
You may control cookie settings through your browser preferences. Note that disabling essential cookies may impair the functionality of the Website. You can also opt out of Google Analytics tracking via tools.google.com/dlpage/gaoptout.
10. Your Rights Under Kenyan Law
Under the Data Protection Act, 2019, you have the following rights regarding your personal data:
Right | Description |
|---|---|
Right of Access | Request a copy of the personal data we hold about you |
Right to Rectification | Request correction of inaccurate or incomplete data |
Right to Erasure | Request deletion of your data (subject to legal retention obligations) |
Right to Restriction | Request that we limit how we process your data in certain circumstances |
Right to Data Portability | Receive your data in a structured, machine-readable format |
Right to Object | Object to processing based on legitimate interests, including direct marketing |
Right to Withdraw Consent | Withdraw consent at any time where processing is based on consent |
Right to Lodge a Complaint | File a complaint with the Office of the Data Protection Commissioner (ODPC) |
How to Exercise Your Rights
Submit a written request to: 📧 info@cynopengineering.com
We will respond to verified requests within 21 days as required by law. We may need to verify your identity before processing your request.
Contacting the ODPC
If you are unsatisfied with our response, you have the right to lodge a complaint with:
Office of the Data Protection Commissioner (ODPC) Website: www.odpc.go.ke Email: info@odpc.go.ke
11. Children's Privacy
Our Website and services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such data.
If you believe a child has submitted personal information to us, please contact us at info@cynopengineering.com.
12. Third-Party Websites and Links
Our Website may contain links to third-party websites (e.g., brand manufacturers, courier tracking portals, payment gateways). This Privacy Policy applies only to our Website. We are not responsible for the privacy practices of third-party websites and encourage you to review their respective privacy policies before submitting any personal data.
13. International Data Transfers
Cynop Engineering Solutions operates primarily within Kenya. Where any of our service providers or tools process data outside of Kenya, we ensure that adequate safeguards are in place, consistent with the requirements of the Data Protection Act, 2019 and ODPC guidance, including standard contractual clauses or equivalent protections.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The updated policy will be published on this page with a revised "Last Updated" date.
Where changes are material, we will notify registered users via email or a prominent notice on our Website. We encourage you to review this policy periodically.
Your continued use of the Website after any changes constitutes your acceptance of the updated policy.
15. Contact Us
For any questions, requests, or concerns about this Privacy Policy or the handling of your personal data, please reach out to us:
Cynop Engineering Solutions Limited 📧 Email: info@cynopengineering.com 📞 Phone: +254 729 030 947 | +254 795 424 045 🌐 Website: shop.cynopengineering.com 📋 FAQ: shop.cynopengineering.com/shop/faq