We, at Copia Kenya Limited (hereafter “Copia”, “we”, “us”, or “our”), are committed to safeguarding the privacy of individuals whose personal data we process, for instance our customers, suppliers/ service providers, job candidates, website users, mobile application users and agents/ their representatives as is required by the European Union General Data Protection Regulation (hereafter the “GDPR”), Kenya Data Protection Act 2019 (hereafter the “KDPA”), the Kenya Data Protection (General) Regulations 2021 (hereafter the “Regulations”, “KDPR”), and the Kenya Data Protection (Registration of Data Controllers and Processors) Regulations, 2021 (hereafter the “Registration Regulations”) together referred to as data protection laws.
We recommend you read this Privacy Notice so that you understand our approach towards the processing of your personal data.
Our Platforms (Website and App) may contain links to third-party websites that are not covered by this Privacy Notice. We, therefore, ask you to review the privacy statements of other websites and applications to understand their information practices.
This notice applies where we are acting as a data controller, determining the purposes and means of processing your personal data.
Our Platforms are owned, operated, hosted, and maintained by Copia Global.
Personal data we may collect about you
The type of data we collect will depend on the purpose for which it is collected and used. We will only collect data that we need for that purpose.
We collect your personal data in the following ways:
When the data is collected directly from you for e.g., when you are creating an account on our website or the copia app, you correspond with us and provide us with your information via emails or phone calls, send us your CV and/or when you register with Copia as agents.
When we obtain data indirectly for e.g., such as obtaining customer data through agents and surveys.
When it is publicly available. For example:
On your website or other online sources (i.e. information relating to your contact details).
On social media platforms (i.e. information relating to your contact and individual details) depending on your privacy settings.
The types of personal data that are collected and processed may include:
Categories of Personal Data
First name, surname, personal email address, phone number, office number, telephone number, physical address, geolocation, and alternate person’s contact details, billing address, mobile device ID, contact details of your referees
Educational and professional background
CV/ resumé, academic and professional qualifications, employment history (including information on your previous position held and the name and title of your previous supervisor), reference letters, interview notes.
Identification numbers issued by government bodies or agencies such as your passport number or identity card number, passport.
Gender, education level, age, marital status
Bank details, Income level, commission received, credit score, payment card number
Your preference in receiving marketing offers from us
IP addresses, browser type and version, access time and length of access, page views, user activity and website usage in log files, time zone
CCTV Footage For personal data processed via CCTV, kindly request for our CCTV Policy
Sensitive personal data
Sex, social class, religious belonging, age of children, criminal records
Number of children, call records, recording of calls on Copia communication channels and interactions, sanctions imposed on directors.
Depending on our collaboration, other types of personal data may be collected. These will only be processed in accordance with this notice.
Purpose(s) for processing your personal data
Copia will only use your personal data for the purposes for which it was collected or agreed with you.
The different purposes for processing your personal data are as follows:
For order processing, tracking and invoicing.
For commission and rewards calculation and payment processing.
For identity verification.
For record keeping.
For performance reporting.
For marketing and sending promotional messages.
To resolve customer complaints.
For retail sales.
Directors and Shareholders
Purpose of processing
For conducting due diligence on the directors
Record keeping purposes
For offering and supplying relevant services to you (For processing orders).
For marketing and promotional messages.
For billing and invoicing purposes.
For record keeping purposes.
To manage our relationships and communicate with customers.
For identity verification when you exercise your data subject’s rights.
For retail sales.
For business reporting.
For tracking orders.
For resolving customer complaints.
For managing our relationships with suppliers and for communicating with suppliers.
For payment purposes.
For identity verification when you are exercising your data subject’s rights.
For record keeping purposes.
As required for the recruitment process at Copia: – for communicating with you, – to analyse your qualifications and assess your suitability for the job, – to conduct candidate screening and assess candidate credibility, and – to set out your job conditions.
To contact your referees and previous employers for authenticating your employment history and performance.
Storing your CV and contact details for the purpose of contacting you in the event there are future job opportunities
Website Users/ Mobile Application Users
To confirm and verify your identity or to create an account for you on the App.
To analyse the use of our website.
To monitor compliance with our policies and standards.
To ensure the security of our platforms and maintain back-ups of our databases.
To develop and improve our app and other related products and services.
For troubleshooting and customer support.
To confirm and verify your identity when you request to access, rectify, restrict or delete the information we hold on you.
To reply to any requests, complaints, comments, or enquiries you submit to us regarding our services and notify you about changes to our service. For record keeping purposes.
In addition to the above-mentioned specific purposes for which we process your personal data, we may also process any of your personal data where such processing is necessary for compliance with legal and regulatory requirements which apply to us, or when it is otherwise allowed by law, or when it is in connection with legal proceedings.
Legal basis for processing your personal data.
We process your personal data based on one or more of the following legal bases:
Contractual Necessity: Processing is necessary for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Legal Obligations: Processing is necessary to comply with our legal obligations.
Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party provided that such interests are not overridden by your rights and interests.
Consent: Processing is based on your explicit consent which you can withdraw at any time.
Disclosure of personal data
In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.
Copia may share your personal data with its Affiliates (Affiliates may include companies within the same group, our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us), and such third-party service providers to assist us in fulfilling our responsibilities regarding our relationship with you and for the purposes listed above. When we share your data, we do so on a need-to-know basis and under clear contractual terms and instructions for the processing of your personal data.
We may also make certain personal data available to third-party companies that provide us with software and tools relevant to our business operations.
We are also required to disclose your personal data to other third parties such as lawyers, bankers, consultants, auditors as well as public and government authorities where:
We have a duty or a right to disclose in terms of law or for national security and/or law enforcement purposes;
We believe it is necessary to protect our rights;
We need to protect the rights, property or personal safety of any member of the public or a customer of our company or the interests of our company; or
You have given your consent.
We require our service providers and other third parties to keep your personal data confidential and that they only use the personal data in furtherance of the specific purpose for which it was disclosed. We have written agreements in place with our processors to ensure that they comply with these privacy terms.
Transfer Personal data outside Kenya
We may transfer, or store, your personal data outside our respective jurisdictions as may be necessary for the purposes mentioned above.
These transfers would always be made in compliance with the data protection laws. Data transfers do not change any of our commitments to safeguard your privacy and your personal data remains subject to existing confidentiality obligations.
If we transfer your personal data to other countries which provide a lower level of protection, we will ensure that there are appropriate safeguards in place with regard to the protection of your personal data.
If you would like further details on the transfer of your personal data outside our respective jurisdictions, please contact our Data Protection Officer (hereafter “DPO”) (refer to Section 11.1).
Personal data security
We prioritise the security of your personal data and take appropriate technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction. We employ a combination of physical, administrative, and technological safeguards to ensure the confidentiality, integrity, and availability of your data. Here are some of the security measures we have implemented: Access controls, encryption, secure storage, incident response, and employee training amongst others.
We collect and process your personal data for the purposes mentioned above for no longer than necessary and for a period of 7 years after end of our engagement with you.
CCTV images will be retained for a period adequate to fulfil the purposes specified. This will normally be for a maximum period of one month. After this period, the CCTV images will be automatically overwritten.
All personal data processed for payment purposes are retained for a period of 10 years after the end of our engagement with you.
All personal data processed during call recordings and for job candidates are retained for a period of 1 year.
We will delete your personal data as soon as the retention period has lapsed.
Your data protection rights
You have certain rights regarding your personal data as detailed below and we are committed to respecting and facilitating the exercise of these rights:
Right of Access: You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation of whether we process your personal data and to receive a copy of that information.
Right to Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it.
Right to Erasure: In certain circumstances, you may have the right to request the erasure of your personal data. This includes situations where your personal information is no longer necessary for the purposes for which it was collected, or you withdraw your consent and there is no other legal basis for processing.
Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain conditions. This means we will temporarily suspend the processing of your personal data, such as when you contest its accuracy or when you object to the processing.
Right to Data Portability: If the processing of your personal information is based on your consent or the performance of a contract, you may have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format. You may also have the right to transmit this data to another data controller.
Right to Object: You have the right to object to the processing of your personal data for certain reasons, such as direct marketing or legitimate interests. If you exercise this right, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Right to Withdraw Consent: If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise your rights or if you have any privacy-related inquiries or complaints, please contact us using the information provided at the end of this notice. We will respond to your request as required by applicable data protection laws.
Changes to this privacy notice
We may update this notice from time to time to reflect best practices in data management, security and control and to ensure compliance with any changes or amendments made to the data protection laws and any laws or regulations thereof. The latest version will also be available on our website. We encourage you to periodically review this notice to be informed of how we are using and protecting your personal data.
The primary point of contact for questions relating to this privacy notice, including any requests to exercise your legal rights, is our DPO who can be contacted:
by post, Tatu City Industrial Park, ALP North, 2 Ruiru Kamiti Road, Ruiru, Kenya
Browse the categories and decide which product you would like.Then click the shopping cart button to add it to your cart.When you have added all the products you would like to purchase, View your Cart to adjust the quantities and then go through the Check-Out process.
Currently, Copia only accepts M-Pesa payment.When you place your order, you will receive a pop up message on your phone with the amount of your Copia order.All you need to do is put in your PIN and the payment happens automatically to our till.There are no charges.Please make sure you have your phone ready and enough M-Pesa funds before you place your order.
If they live in our delivery area, then we probably have an Agent near them. If you would like to confirm before placing your order, then please contact Customer Care on 0709 339000 or using the webchat at the bottom right of this site.
Currently, there is no fee for delivery to one of our Agents in our existing delivery area. In the future there will be a charge for home deliveries (as we need to make an extra stop outside of our existing network) and this will be clearly outlined upon check-out.
The confirmation you receive will include the expected delivery date for the arrival of your order.This can sometimes change due to stock situations or if it takes a while to contact your family member/friend.Typically orders are delivered within 2-4 days.
Returns can be initiatied within 7 days of delivery.Your family member/friend or yourself should call Customer Care on 0709 339000 or by the webchat at the bottom right of this site.The goods will need to be returned to the Agent for pick-up of the return.The goods must be in the same condition in which they were delivered.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.