Privacy Policy

1. Introduction and Compliance

Sherehe Events Limited ("we", "our", "us") respects your privacy and is legally committed to protecting your personal data. This privacy policy complies with the rigorous standards set forth by the Kenya Data Protection Act, 2019 (DPA) and outlines how we handle data collected through our website, during physical consultations, and via our WhatsApp API integration.

2. The Data We Collect

To execute highly complex logistical events, we must collect specific, accurate data. This includes:

• Identity Data: First name, last name, and corporate entity name (if booking on behalf of an organization).
• Contact Data: Billing addresses, delivery locations, email addresses, and active telephone/WhatsApp numbers for on-site coordination.
• Financial Data: M-Pesa phone numbers used for till payments, bank account details for refunds, and invoicing history. (Note: We do not store credit card numbers).
• Logistical Data: Private venue addresses, geolocation pins, guest counts, and event specific timelines.
• Technical Data: IP addresses, browser types, and operating systems collected anonymously via standard web analytics.

3. Purpose of Data Processing

We process your data strictly under the legal basis of "Contractual Necessity" and "Legitimate Interests". Specifically:

• To register you as a new client and issue legally binding quotations.
• To calculate accurate transport logistics and surcharges using your venue geolocation.
• To dispatch 3-10 ton trucks and coordinate our setup crews to your private residence or venue securely.
• To process payments, issue KRA-compliant ETR receipts, and rapidly refund damage deposits.
• To notify you of any emergency changes to delivery schedules due to traffic or weather.

4. Data Sharing & Third Parties

Sherehe Events operates a strict zero-sale policy regarding your data. We only share necessary data with vetted third parties essential for event execution:

• Logistics Contractors: Third-party truck drivers receive ONLY the venue pin and a designated contact number for delivery day execution. They do not receive invoicing data.
• Financial Gateways: Safaricom PLC (for M-Pesa API integration) and our banking partners to clear payments.
• Government Authorities: Kenya Revenue Authority (KRA) for mandatory tax compliance on invoicing.

5. Data Retention Limits

We do not hold data indefinitely. Our retention policies are mathematically tied to Kenyan law:

• Financial Records: Invoices, contracts, and MPESA logs are retained for seven (7) years as mandated by Kenyan corporate tax laws (KRA).
• Logistical Data: Private venue addresses and event details are wiped from our active logistics dashboard thirty (30) days post-event, unless you opt-in to become a recurring corporate client.

6. Security & Breach Protocols

We have implemented heavy physical and digital security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. In the highly unlikely event of a suspected data breach, we adhere strictly to the DPA requirement of notifying the Office of the Data Protection Commissioner (ODPC) and all affected clients within 72 hours of the breach discovery.

7. Your Legal Rights (DPA 2019)

Under the DPA 2019, you retain full control over your data. You have the explicit right to:

• Request Access: Obtain a full export of all personal data we hold on you.
• Request Correction: Demand immediate correction of inaccurate venue or billing data.
• Request Erasure: Demand the deletion of your data (subject to our overriding legal tax retention obligations for 7 years).

To exercise these rights, please email our appointed Data Protection Officer at legal@sherehe.co.ke. We aim to respond to all legitimate requests within 14 working days.

8. Cookies & Web Tracking

Our website utilizes essential session cookies to ensure the site functions correctly (e.g., maintaining your quote session). We also use anonymous Google Analytics cookies to track aggregate traffic (e.g., how many users visit the "Tents" page). You can disable non-essential cookies via your browser settings without affecting the core functionality of the site.