At Eva Nairobi Art Supplies, your privacy is paramount. This policy outlines how we collect, use, protect, and handle your personal information when you use our website, make purchases, or interact with us. We are committed to transparency and compliance with both Kenya's Data Protection Act, 2019, and the General Data Protection Regulation (GDPR) for our international customers.

1. Who We Are

Eva Nairobi Art Supplies (the "Company," "we," "us," or "our") is a registered business operating in Nairobi, Kenya. Our website is www.nairobiartsupplies.com

2. Information We Collect

We collect information to provide and improve our services, process orders, and enhance your shopping experience. This may include:

• Personal Identification Information: Name, email address, phone number, shipping address, billing address. We collect this when you register an account, place an order, subscribe to our newsletter, or contact us.
• Payment Information: We do not directly store credit card details. All payment transactions are processed securely through trusted third-party payment gateways (e.g., Shopify Payments, M-Pesa, PayPal), which are PCI DSS compliant.
• Technical Data: IP address, browser type and version, time zone setting, operating system and platform, and other technology on the devices you use to access this website.
• Usage Data: Information about how you use our website, products, and services (e.g., pages viewed, products added to cart, time spent on pages).
• Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

3. How We Use Your Information

We use the collected information for various purposes, including:

• To Process Orders: Fulfilling your purchases, processing payments, and arranging shipping and delivery.
• To Provide Customer Support: Responding to your inquiries, providing assistance, and resolving issues.
• To Personalize Your Experience: Tailoring product recommendations and website content to your interests.
• To Improve Our Website and Services: Analyzing usage patterns to enhance functionality, product offerings, and user experience.
• For Marketing Purposes: Sending you newsletters, promotional offers, and updates about new products or events (only with your explicit consent where required).
• To Comply with Legal Obligations: Meeting regulatory requirements, preventing fraud, and ensuring the security of our platform.

4. Legal Basis for Processing (GDPR)

For our customers falling under GDPR, we process your personal data based on the following legal grounds:

• Contractual Necessity: To fulfill a contract with you (e.g., processing your order).
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided your rights and freedoms are not overridden (e.g., improving our services, preventing fraud).
• Consent: Where you have given explicit consent for specific processing activities (e.g., sending marketing communications). You have the right to withdraw your consent at any time.
• Legal Obligation: Where processing is necessary to comply with a legal obligation (e.g., tax regulations).

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, customer order data is retained for 7 years for tax purposes after your last interaction, unless you request deletion earlier (subject to legal obligations).

6. Sharing Your Information

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties without your explicit consent, except in the following limited circumstances:

• Service Providers: We may share data with trusted third-party service providers who assist us in operating our website, conducting our business, or serving you (e.g., payment processors, shipping companies, email marketing platforms). These third parties are contractually obligated to keep your information confidential and use it only for the purposes for which we disclose it to them.
• Legal Compliance: We may disclose your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.

7. Your Data Protection Rights

Under Kenya's Data Protection Act, 2019, and GDPR, you have several rights regarding your personal data:

• Right to Be Informed: To know what data we collect and how we use it.
• Right of Access: To request copies of your personal data held by us.
• Right to Rectification: To request correction of inaccurate or incomplete personal data.
• Right to Erasure (Right to Be Forgotten): To request deletion of your personal data, under certain conditions.
• Right to Restriction of Processing: To request that we limit the way we use your data, under certain conditions.
• Right to Data Portability: To request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
• Right to Object: To object to our processing of your personal data, under certain conditions (e.g., for direct marketing).
• Rights in Relation to Automated Decision-Making and Profiling: To object to decisions made solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month (or within 21 days as per Kenyan DPA requirements where applicable).

8. Cookies and Tracking Technologies

Our website uses "cookies" to enhance your Browse experience. Cookies are small files placed on your device that help us remember your preferences, track items in your shopping cart, and analyze website traffic. You can choose to disable cookies through your browser settings, but please note that some features of our website may not function properly as a result.

9. Security of Your Data

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. These include:

• SSL (Secure Sockets Layer) encryption for all sensitive data transmission.
• Regular security audits and vulnerability scanning.
• Restricted access to personal data for authorized personnel only.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure.

10. Links to Other Websites

Our website may contain links to other websites not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Children's Privacy

Our website and services are not intended for individuals under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise any of your rights, please contact us:

Email: nairobiartsupplies@gmail.com
Phone: +254777438481 / +254745054049
Address:
Magunas Building, 2nd Floor
Behind Naivas Mountain Mall
Roasters Stage, Thika Road
Nairobi, Kenya

Last Updated: July 15, 2025