Same-day Nairobi delivery on selected items Instant airtime top-up — automated after payment 14-day money-back guarantee Support: +254 700 000 000 Free delivery on orders above KES 10,000 Same-day Nairobi delivery on selected items Instant airtime top-up — automated after payment 14-day money-back guarantee Support: +254 700 000 000 Free delivery on orders above KES 10,000
Home All Products Smartphones Laptops Accessories Routers Power Airtime
Free Delivery Above KES 10,000
PhoneHouse
Home Privacy Policy
Contents

Privacy Policy

Last updated: 1 May 2025  |  Compliant with the Kenya Data Protection Act, 2019

Your privacy matters to us. This policy explains in plain language how PhoneHouse Store collects, uses, stores and protects your personal data. It applies to our website, in-store point-of-sale, mobile communications and all customer interactions.

1. Introduction

PhoneHouse Store ("we", "us", "our") is committed to protecting and respecting your privacy in accordance with the Data Protection Act, 2019 of Kenya ("DPA"), the Kenya Information and Communications Act (KICA) and any other applicable data protection legislation.

This Privacy Policy explains what personal data we collect, how we use it, your rights in respect of it, and the measures we take to keep it secure. Please read this policy carefully. By using our website, purchasing our products or otherwise interacting with us, you acknowledge that you have read and understood this policy.

2. Data Controller

The data controller responsible for your personal data is:

PhoneHouse Store
Nairobi, Kenya
Email: privacy@phonehouse.co.ke
Phone: +254 700 000 000

We are registered with the Office of the Data Protection Commissioner (ODPC) of Kenya as required by the DPA. Our Data Protection registration number is available on request.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Data You Provide to Us

  • Identity data: first name, last name, username or similar identifier;
  • Contact data: email address, telephone number (including M-Pesa registered number), delivery address;
  • Transaction data: details of products purchased, order reference numbers, payment method used, transaction amounts;
  • Financial data: M-Pesa transaction ID, partial card details (last 4 digits, card type — we do NOT store full card numbers);
  • Account data: login credentials (password stored as a cryptographic hash — never in plain text), saved wishlists, order history;
  • Communication data: messages you send us via contact forms, email, WhatsApp or phone, including support tickets;
  • Digital service data: phone numbers provided for airtime top-up services.

3.2 Data We Collect Automatically

  • Technical data: IP address, browser type and version, device type and operating system, screen resolution, time zone;
  • Usage data: pages visited, products viewed, search terms, referral source, session duration, click patterns;
  • Cookie data: session identifiers, preference data, cart contents (see Section 10).

3.3 Data We Receive from Third Parties

  • Payment confirmation data from M-Pesa and card payment processors;
  • Delivery confirmation data from our logistics partners;
  • Fraud screening data from payment security providers.

Special Category Data: We do not intentionally collect sensitive personal data (such as health data, biometric data, ethnic origin, political opinions or religious beliefs). Please do not submit such information through our channels.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Order fulfilment: processing and delivering your orders, sending order confirmations and delivery notifications;
  • Payment processing: verifying and processing payments via M-Pesa and card gateways;
  • Digital service delivery: processing and crediting airtime top-ups to specified numbers;
  • Account management: creating and managing your customer account, saved wishlists and order history;
  • Customer support: responding to your enquiries, complaints and return requests;
  • Fraud prevention: detecting and investigating potentially fraudulent transactions or misuse of our services;
  • Legal compliance: maintaining records required by Kenyan tax law, the Consumer Protection Act and other regulations;
  • Marketing communications: sending you promotional emails, SMS updates and flash sale notifications — only with your explicit consent or as permitted by applicable law;
  • Site improvement: analysing usage patterns to improve website performance, product offerings and user experience;
  • Security: protecting the security and integrity of our systems and services.

We will only use your personal data for the purposes listed above or compatible purposes. If we need to use your data for a materially different purpose, we will notify you and obtain appropriate consent.

6. Data Sharing & Disclosure

We do not sell, rent or trade your personal data. We share your data only in the following limited circumstances:

  • Payment processors: Safaricom (M-Pesa), Visa/Mastercard gateway providers — to process your payments securely;
  • Delivery partners: courier companies and delivery agents — name, delivery address and phone number only;
  • Technology service providers: cloud hosting, email delivery, SMS gateway providers — under data processing agreements that bind them to our privacy standards;
  • Legal authorities: where required by law, court order or to protect the rights, property or safety of PhoneHouse, our customers or the public;
  • Business transfer: in the event of a merger, acquisition or sale of assets, your data may be transferred — you will be notified in advance.

All third parties with whom we share data are contractually required to maintain appropriate security standards and to use the data only for the specified purpose.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.

  • Customer account data: for the lifetime of your account, plus 3 years after account closure;
  • Transaction records: 7 years, as required by Kenyan tax and accounting regulations;
  • Customer support communications: 2 years from the date of resolution;
  • Marketing consent records: 3 years from consent or last communication;
  • Website usage logs: 12 months, then anonymised;
  • Airtime delivery records: 2 years for dispute resolution purposes.

When your data is no longer required, we securely delete or anonymise it in accordance with our data retention schedule.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration or disclosure. These measures include:

  • TLS/SSL encryption for all data transmitted between your browser and our servers;
  • Bcrypt hashing for all stored passwords — we never store passwords in plain text;
  • PCI-DSS-compliant payment processing — we do not store full card numbers;
  • Role-based access controls ensuring staff access only the data required for their role;
  • Regular security audits and vulnerability assessments;
  • Secure, encrypted cloud storage for backups.

Despite these measures, no transmission over the internet or electronic storage system is 100% secure. We cannot guarantee absolute security. In the event of a data breach that is likely to result in high risk to your rights, we will notify you and the ODPC as required by the DPA within 72 hours of becoming aware of the breach.

9. Your Rights Under the Data Protection Act, 2019

As a data subject under the Kenya Data Protection Act, 2019, you have the following rights:

  • Right of access: you may request a copy of the personal data we hold about you;
  • Right to rectification: you may request correction of inaccurate or incomplete data;
  • Right to erasure ("right to be forgotten"): you may request deletion of your data where it is no longer necessary for the purpose collected, where you withdraw consent, or where processing is unlawful;
  • Right to restrict processing: you may request that we limit how we use your data in certain circumstances;
  • Right to data portability: you may request your data in a structured, machine-readable format;
  • Right to object: you may object to processing based on legitimate interests or for direct marketing purposes;
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time — withdrawal does not affect the lawfulness of prior processing;
  • Right not to be subject to automated decision-making: you have the right not to be subject to a decision made solely by automated means where it significantly affects you.

To exercise any of these rights, please contact us at privacy@phonehouse.co.ke. We will respond within 30 days. We may need to verify your identity before processing your request. Requests are generally free of charge, but we may charge a reasonable fee for excessive or repetitive requests.

10. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience and analyse site usage. A cookie is a small text file placed on your device by your browser.

Types of cookies we use:

  • Essential cookies: required for the website to function (session management, cart contents, CSRF protection). Cannot be disabled.
  • Preference cookies: remember your settings (e.g., language, grid layout). Can be disabled.
  • Analytics cookies: anonymous usage statistics to understand how visitors interact with our site. Can be disabled.
  • Marketing cookies: used to show you relevant advertisements on third-party platforms. Used only with your consent.

You can control cookies through your browser settings. Disabling non-essential cookies will not prevent you from using our site or making purchases, but may affect some features.

We do not use cookies to track your activity across unrelated websites.

11. Digital Products — Special Privacy Considerations

When you purchase airtime or digital top-up services, we collect and process your phone number solely for the purpose of delivering the purchased top-up. This data is:

  • Transmitted directly to Safaricom or Airtel via their official API for fulfilment;
  • Retained in our system for 2 years for dispute resolution and regulatory compliance;
  • Never shared with third parties for marketing purposes.

By providing a phone number for top-up, you confirm that you are the owner of that number or have the authorisation of the owner to submit it for top-up.

12. Automated Decision-Making & Profiling

We may use automated systems to detect potentially fraudulent orders. If your order is flagged, it will be reviewed by a human member of our team before any action is taken. You have the right to request human review of any automated decision that significantly affects you.

We may use anonymised purchase data to power product recommendations on our website. This profiling does not involve sensitive personal data and does not produce legal or similarly significant effects.

13. Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@phonehouse.co.ke and we will promptly delete the data.

14. Cross-Border Data Transfers

Our primary data storage and processing is within Kenya. Where we use cloud service providers (e.g., email services, analytics) that may process data outside Kenya, we ensure adequate protections are in place, including:

  • Standard contractual clauses approved by the ODPC or equivalent;
  • Transfer only to jurisdictions that the ODPC has deemed to provide adequate protection;
  • Assessment and documentation of adequacy under DPA Section 48 requirements.

By using our services, you consent to any such transfers, subject to the safeguards described above.

15. Data Protection Officer

PhoneHouse Store has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this policy and applicable data protection laws. You may contact the DPO directly:

Data Protection Officer
PhoneHouse Store
Email: dpo@phonehouse.co.ke
Phone: +254 700 000 000

16. Complaints

If you have a concern about how we are handling your personal data and are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya:

Office of the Data Protection Commissioner
Nairobi, Kenya
Website: www.odpc.go.ke
Email: info@odpc.go.ke

We encourage you to contact us first at privacy@phonehouse.co.ke as we aim to resolve all data privacy concerns promptly and professionally.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. We will post the updated policy on this page with a revised "Last updated" date. For material changes, we will provide prominent notice on our website or notify you by email.

We encourage you to review this page periodically to stay informed about how we protect your information. Your continued use of our services after changes take effect constitutes acceptance of the revised policy.

See also: Terms & Conditions  |  Contact Us