1. INTRODUCTION
Savannah Digital Bit Oasis Private Limited (“Savannah Digital Bit Oasis”, “we”, “our”, or “us”) is committed to protecting your personal information and complying with applicable data protection and privacy laws.
In Kenya, we comply with the Data Protection Act, 2019, and the guidance of the Office of the Data Protection Commissioner (ODPC). We also align with global data protection standards, including the General Data Protection Regulation (EU) 2016/679 (GDPR), where applicable to cross-border operations.
This Privacy Policy sets out our approach to the collection, use, storage, disclosure, and protection of your personal data. It also explains your rights and how you can access, correct, or delete your information, or lodge a complaint.
This Policy operates in conjunction with our Terms of Service. Copies of this Policy are available free of charge on our website or upon request.
Definitions:
- “Disclosing” means providing personal data to third parties outside of Savannah Digital Bit Oasis.
- “Personal data” means any information relating to an identified or identifiable individual.
- “Sensitive data” refers to information on race, religion, health, biometrics, political opinions, or sexual orientation.
- “Privacy Officer” means our designated Data Protection Officer (DPO) responsible for handling inquiries and complaints.
- “Platform” refers to our digital systems, portals, or trading platform.
2. WHAT PERSONAL INFORMATION WE COLLECT
We may collect the following types of personal data:
- Identity and Contact Information: Full name, date of birth, address, email, phone number, national ID/passport, and employment data.
- Financial and Transactional Data: Bank or wallet details, transaction history, and trading behaviour.
- Technical Information: IP address, browser, operating system, cookies, and device identifiers.
- Communications Data: Chat logs, emails, and support requests.
Failure to provide required information may limit your ability to access certain services.
3. HOW WE COLLECT INFORMATION
We collect data:
- Directly from you during registration, verification, or communication;
- Through third-party identity verification and compliance service providers;
- From public registries or authorized agencies when required by law.
Sensitive data is only collected with your explicit consent or when permitted by Kenyan law.
4. COOKIES AND TRACKING
Our website uses cookies and similar technologies to:
- Enhance user experience;
- Analyse usage and performance;
- Provide relevant services and promotions.
You may manage or disable cookies through your browser, though some site features may be limited.
5. UNSOLICITED INFORMATION
If we receive personal data unintentionally:
- We will determine if it is necessary for our operations;
- Otherwise, it will be securely deleted or anonymized in accordance with data minimization principles.
6. WHO WE COLLECT INFORMATION ABOUT
We may collect data about:
- Current and prospective customers;
- Business partners and service providers;
- Employees, contractors, and job applicants.
7. PURPOSES FOR COLLECTION
We collect and process personal data for:
- Onboarding, account verification, and customer service;
- Legal compliance (AML/CTF and taxation);
- Fraud prevention and risk management;
- Marketing communications (with consent);
- Analytics, service improvements, and cybersecurity.
We do not process data for unrelated purposes unless permitted by law or with your consent.
8. DISCLOSURE OF INFORMATION
We may share your data with:
- Cloud and IT infrastructure providers;
- KYC/AML and compliance service providers;
- Payment processors and financial institutions;
- Regulatory and law enforcement agencies such as the Financial Reporting Centre (FRC), Central Bank of Kenya (CBK), or Capital Markets Authority (CMA);
- Legal, tax, and audit professionals.
Where data is transferred outside Kenya, we implement adequate safeguards as per the Data Protection (General) Regulations, 2021.
9. INTERNATIONAL DATA TRANSFERS
If your data is processed outside Kenya, we ensure that:
- The recipient entity maintains adequate data protection standards;
- Binding contractual clauses or equivalent safeguards are in place;
- You are informed where required.
10. DATA SECURITY
We employ strict security measures including:
- Role-based access control and two-factor authentication;
- End-to-end encryption and secure data storage;
- Employee background screening and confidentiality agreements;
- Periodic vulnerability and compliance audits.
11. DIRECT MARKETING
We may send marketing communications only if:
- You have given consent, or
- We have a legitimate business interest under Kenyan law.
You can opt out at any time through the unsubscribe link or by contacting us directly.
12. MAINTAINING ACCURACY
We take reasonable steps to ensure your data remains accurate and up to date. You may:
- Request correction of incorrect or outdated data;
- Request that updates be communicated to third parties where relevant.
13. ACCESS TO INFORMATION
You may request access to your personal data. Upon verification, we will respond within 30 days, unless restricted by law.
14. POLICY UPDATES
We may update this Policy in response to legal, operational, or technological changes. Significant updates will be communicated to you where required.
15. OUR RESPONSIBILITIES
Management ensures:
- Staff training on privacy and data protection;
- Regular audits and breach response drills;
- Appointment of a Data Protection Officer (DPO);
- Timely reporting of data breaches to the ODPC as required by law.
16. CONTACT INFORMATION
For privacy-related inquiries or complaints, contact our DPO:
📧 privacy@savannah-digital-bit-oasis.online