HOTPOINT APPLIANCES LIMITED (‘Hotpoint’) understands that your privacy is important to you and that we care about how your personal data is used. We respect and value the privacy of all our customers and users and we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the Data Protection legislation (as defined hereinbelow).
This is Hotpoint Privacy Notice (“Privacy Notice”) which may be accessed from the webpage https://hotpoint.co.ke/privacy-policy/ where you submit personal data to access the service or may be obtained as a hard copy when you submit personal data at our branches/outlets. Hotpoint Appliances Limited is the leading supplier of home and electrical appliances manufactured by leading companies - Von, Samsung, LG, Panasonic, Apple, JBL, Nikon, Bosch, Ariston, Kenwood, Nutribullet, Beurer, Delonghi and Others.
We are referred to in this Privacy Notice as “Hotpoint”, "we" “our” or “us”. An individual who is the subject of the personal data is referred to as a “Customer”, “User” or “you”.
This Privacy Notice only covers users of our websites, retail outlets, service centres, marketing, business to business and any other divisions in our company that process personal data. Hotpoint’s employees' or third-party vendors' personal details are handled in line with the terms of the employment agreement or contractual relationships, or our separate policies that we provide, as relevant, independent of this Privacy Notice.
1. Information about us
- HOT POINT APPLIANCES LIMITED a limited company registered in the Republic of Kenya.
- Registered address: Hot Point Building, Off Thika Highway, Kiambu, Ruiru.
- Postal Address: P.O. Box 402 - 00606
- Email address: firstname.lastname@example.org
- Telephone number: +254 20 3699000
- Website: https://hotpoint.co.ke/
2. What does this Privacy Notice cover?
2.1 This Privacy Notice explains how we use your personal data: how it is collected, how it is held and how it is processed. It also explains your rights under the law relating to your personal data.
2.2 We will process any personal data we collect from you in accordance with this Privacy Notice and our Terms and Conditions (together with any other documents referred to in it). Kindly carefully read this Notice carefully so that you can understand how we handle your personal data.
3. What Is personal data?
3.1 Processing of personal data is governed by the Data Protection Act, 2019(‘the Act’), The Data Protection General Regulations 2021, The Data Protection (Registration of Data Controllers and Data Processors) 2021, The Data Protection (Complaints Handling and Enforcement Procedures) Regulations 2021 and as may be amended from time to time, and any other regulations made thereunder (collectively, “the Data Protection Legislation”).
3.2 Personal data refers to any information about you that enables you to be identified as an individual such as your name, contact details, and identification numbers but it also covers less obvious information such as electronic location data, and other online identifiers.
The personal data that we collect and use is set out in Part 4, below.
4. How do we collect your personal data?
4.1 When you visit our websites, retail outlets, corporate services, service centres, marketing, business to business and any other divisions in our company we collect personal data about you or if you communicate with us by phone, e-mail and social media.
4.2 The personal data we collect includes:
- Personal details such as your name, address, date of birth, email address, phone number and other contact information, transaction information, such as the product you purchased, its price, your method of payment and your payment details.
- Information about you like your employment details, financial position and information taken from identification documents like your passport or identification number when we review your credit application for our services.
- Your account information – such as dates of payments owed and received, the subscription services you use or any other information related to your account.
- The phone numbers that you call/send messages to or the phone numbers that you receive calls/messages from.
- The date and time of the calls and messages you send or receive through our network, and your location at the time these communications take place.
4.3 When you use our website, the details we collect include:
- Account data, like your username and password you use to access our website or to buy our products and services.
- Any relevant detail that you provide in your dealings with us includes when you register to use our online services, or when you subscribe to our offers or services.
4.4 The circumstances when you provide personal data could include when you:
- Purchase products from our websites, retail outlets, corporate services, service centres, marketing, business to business and any other divisions in our company
- Register or use our website
- Request to receive marketing or other communications
- Enter one of our competitions or when you complete one of our customer surveys
- Submit information when you’re providing feedback
5. How do we use your personal data?
For us to ‘process’ and use your personal data legally there are a number of options available to us under the Data Protection Legislation. We will categorically set out in this Privacy Notice which option(s) we have chosen for the service we provide to you for processing your personal data.
5.1 The most common for us will be:
5.1.1 Contract - for the performance of taking steps prior to entering a contract or for purposes of fulfilling a contract with you;
5.1.2 Legal obligation – where we are required to comply with any legal obligation to which we are subject;
5.1.3 Legitimate Interest – where we need to pursue the interest by us as a data controller; and
5.1.4 Consent – where allowed under Data Protection Legislation to send email and text messages to you about our products and services, competitions, offers, promotions or special events where you tick a box.
We will not send you any unsolicited or unlawful marketing messages. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation.
5.2 ‘Vital Interests’ can be used as a lawful basis where we need to share your personal data in emergency circumstances or where it is a matter of life and death.
5.3 We will not use your personal data for any other purpose other than the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s). If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us.
5.4 If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so or seek your consent.
5.5 In some circumstances, where permitted or required by law, we may disclose your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
6. What are your rights under the Data Protection Legislation?
Under the Data Protection Legislation, you have the following rights, which we will always work to respect and uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
b) The right to access the personal data we hold about you.
c) The right to have your personal data corrected if any of your personal data held by us is false, erroneous or misleading.
d) The right to ask us to delete or otherwise dispose of any of your personal data that we hold.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us to our use of your personal data for a particular purpose or purposes.
g) The right to withdraw consent. This means that, if we are relying on your consent as the lawful basis for using your personal data, you are free to withdraw that consent at any time.
h) The right to data portability. You have a right to request your personal data, which you have provided to us in a structured and commonly used format for your own use across different services.
i) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us by email as set out in Part 13.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Office of the Data Protection Commissioner. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.
7. What sensitive personal data do we collect and how?
7.1 We do not collect any ‘sensitive’ personal data like data relating to your race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, marital status, or family details including names of your children, parents, spouse or spouses, sex or the sexual orientation. In future and if the need arises, we’ll only collect sensitive data about you if we have your explicit consent, or if required under the Data Protection Legislation.
7.2 We may collect your property details for purposes of fulfilling our contract with you and delivering the goods and services you may have purchased from our Hotpoint.
7.3 In some circumstances, where permitted or required by law, we collect sensitive personal data and such data will be anonymised or aggregated for statistical and business research purposes. This will only be done within the strict bounds of the Data Protection Legislation and your legal rights.
8. Closed Circuit Television (C.C.T.V.)
8.1 We use the C.C.T.V. system to capture an overview of our offices/outlets retail centre and for purposes of security of our offices/outlets.
8.2 Why do we collect C.C.T.V. data?
The C.C.T.V. data we collect is for the purposes of security in the interest of the public and visitors of our offices/outlets.
8.3 What is the lawful basis allowing us to collect and process C.C.T.V. information?
The lawful basis for processing personal data collected by the system is our legitimate interest as set out in Section 30(1)(b)(vii) of The Data Protection Act 2019 for purposes of security of our premises, products, customers and visitors.
8.4 How long do we keep C.C.T.V. information?
The C.C.T.V. data is retained not more than 45 days, except where an incident has been reported in which case it will be stored for a reasonable period for purposes of evaluating and concluding any incident and then deleted.
8.5 We may share C.C.T.V. data in limited circumstances as follows:
a) For detection, prevention or resolution of crime in our offices and outlets.
b) Where required to share under any statute or a court order of competent jurisdiction, and;
c) With authorised third parties.
9. Do we share your personal data?
All data sharing will be undertaken in line with the Data Protection Legislation.
9.1 Transfer of your personal data outside of the Republic of Kenya.
- Subject to one or more appropriate safeguards set out in the Data Protection Legislation, we may from time to time transfer your personal data to our suppliers and service providers based outside of the Republic of Kenya for the purposes described in this Privacy Notice.
- When transferring your personal data we will ensure that it is protected in the same way as if it was being processed in the Republic of Kenya.
- We will ensure that the recipient country of your personal data has equivalent data protection laws in place and we will put in place a written contract with the recipient that means they must protect it to the same standards as the Republic of Kenya.
9.2 Within Hotpoint
For administrative and operational purposes, we share data internally across our departments in Hotpoint as the departments need to access data to fulfil our service to you. The sharing across our departments is reasonable, is in line with Data Protection Legislation, and respects your rights.
9.3 Outside Hotpoint
A number of organisations assist us in delivering our services to you and from time to time we do share, store or handle your information with these organisations for purpose of fulfilling our contract with you or where it is in our legitimate interest to do so. We may provide them access, without sharing our personal data, to our platform for purposes of facilitating our service to you. For example, external service providers who assist us in repairing or servicing the products or appliances you purchase from us. We are responsible for your personal data and ensure that appropriate safeguards are in place.
We’re obliged by law to share some personal data with Government, law and enforcement agencies. Where possible, we make this anonymous and only share statistics.
Where your consent is needed to transfer the data, we will make this clear to you in simple and clear language so you may make an informed decision.
We will never share your information if it’s not legal to do so, and will always consider your rights, and whether there is another way of achieving our aim, before doing so.
10. We keep your personal data safe
We use a high level of protection, both organisational and technical measures, to ensure we process our customer's data safely. Some of the measures are:
- Servers that meet the highest standards for security.
- Access to data via secure log-in, which is restricted by our IT teams.
- Buildings and areas that have access only through staff passes, and secure files stored in areas that are further restricted bypasses and keys.
- Systems are only available through strictly controlled security processes. We ensure that only the right people have access to systems.
- Organisational data protection policies and data protection contracts with third parties with whom we may share your personal data with.
11. How long do we keep your personal data?
We are required under the Data Protection Legislation to keep your personal data only for a specific period as lawfully required. Some of the considerations we take into account when deciding on the retention of your data are:
- Where it is stipulated under the law; and
- The necessary time your data is needed for us to deliver the service to you.
12. How to Contact us
If you wish to contact us in respect of part of this Privacy Notice or have any questions or would like further information regarding our handling of your personal data, please contact us by email:
- Designation: Data Protection Officer
- Physical Address: Hot Point Building, Off Thika Highway, Kiambu, Ruiru.
- Postal Address: P.O. Box 39210 – 00100, Nairobi
- Email address: email@example.com
13. Amendments to this Privacy Notice
We may change, modify or adopt a new Privacy Notice from time to time.
If we do so, we will post it on our website. It’s your responsibility to check the Privacy Notice every time you submit your personal data to us.
14. Changes to your personal data
Please keep us informed of any changes to your personal data by emailing us with full details of the changes at firstname.lastname@example.org