Privacy Policy
How we collect, use, and protect your personal information
Last updated: 1 February 2026
1. Introduction
PrimeBird Poultry Limited ("PrimeBird", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (www.primebirdpoultry.co.ke), mobile applications, physical stores, and any related services.
This policy complies with the Kenya Data Protection Act, 2019 and the regulations issued by the Office of the Data Protection Commissioner (ODPC). By using our services, you consent to the practices described below.
2. Information We Collect
2.1 Information You Provide
- • Account details: Full name, email address, phone number, password (hashed).
- • Delivery information: Physical address, building name, GPS coordinates, delivery instructions.
- • Payment data: M-Pesa phone number, last 4 digits of card (we do not store full card numbers — payments are processed by our PCI-DSS compliant payment partners).
- • Business information: For wholesale accounts — business name, KRA PIN, business permit number.
- • Communications: Messages sent via WhatsApp, email, phone, or contact forms.
2.2 Information Collected Automatically
- • Device data: IP address, browser type, operating system, device identifiers.
- • Usage data: Pages visited, products viewed, search queries, time spent, referral source.
- • Location data: Approximate location based on IP address; precise GPS only with your explicit consent for delivery tracking.
- • Cookies: Session cookies, preference cookies, and analytics cookies (see Section 8).
2.3 Information From Third Parties
- • Payment providers: Transaction confirmations from M-Pesa (Safaricom), card processors.
- • Delivery partners: Proof of delivery, delivery timestamps.
- • KRA eTIMS: Tax invoice validation data (for VAT-registered customers).
3. How We Use Your Information
Order Fulfilment
Process, pack, and deliver your orders; send order confirmations and tracking updates.
Account Management
Create and maintain your account, authenticate logins, manage preferences.
Payment Processing
Process M-Pesa, card, and bank transfer payments; issue receipts and eTIMS invoices.
Customer Support
Respond to enquiries, process returns, resolve complaints.
Marketing
Send promotional offers, product updates, and loyalty rewards (with your opt-in consent).
Analytics
Understand purchasing trends, improve product offerings, and optimise website performance.
Legal Compliance
Meet obligations under Kenyan tax law (KRA), food safety regulations, and data protection law.
Security
Detect fraud, prevent unauthorised access, and protect our systems and your data.
4. Legal Basis for Processing
Under the Kenya Data Protection Act 2019, we process your data on the following bases:
- Consent: For marketing communications and non-essential cookies.
- Contractual necessity: To fulfil your orders and provide our services.
- Legal obligation: For tax invoicing (KRA eTIMS), statutory record-keeping, and food safety compliance.
- Legitimate interest: For fraud prevention, service improvement, and business analytics.
5. Who We Share Your Data With
We do not sell your personal data. We share it only with:
- • Payment processors: Safaricom (M-Pesa), Flutterwave, or other gateway providers — to process transactions securely.
- • Delivery partners: Third-party logistics providers for last-mile delivery — limited to name, phone, and delivery address.
- • Government authorities: Kenya Revenue Authority (for eTIMS), KEBS, and county government — as required by law.
- • Cloud service providers: Hosting and infrastructure providers with data processing agreements in place.
- • Analytics providers: Anonymised/aggregated data for business intelligence (no personal identifiers shared).
6. How We Protect Your Data
Encryption
HTTPS/TLS for data in transit; AES-256 encryption for sensitive data at rest.
Access Control
Role-based access control (RBAC) — staff only access data necessary for their role.
Authentication
JWT-based authentication with short-lived tokens and automatic rotation.
Audit Logging
All data access and modifications are logged with timestamps and user IDs.
Password Security
Passwords are hashed with bcrypt (12 salt rounds) — we never store plain-text passwords.
Regular Audits
Periodic security reviews, vulnerability assessments, and penetration testing.
7. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Service provision |
| Order records | 7 years | KRA tax compliance |
| Payment records | 7 years | Financial regulations |
| Marketing consent | Until withdrawn | Consent-based |
| Website analytics | 26 months | Business insights |
| Audit logs | 3 years | Security & compliance |
8. Cookies
We use the following types of cookies:
- Essential cookies: Required for login, cart, checkout — cannot be disabled.
- Preference cookies: Remember your language, delivery zone, and display preferences.
- Analytics cookies: Help us understand how you use our site (anonymised). You can opt out via your browser settings.
We do not use advertising/tracking cookies or share cookie data with third-party advertisers.
9. Your Rights
Under the Kenya Data Protection Act 2019, you have the right to:
Right to Access
Request a copy of the personal data we hold about you.
Right to Correction
Request correction of inaccurate or incomplete data.
Right to Deletion
Request deletion of your data (subject to legal retention requirements).
Right to Objection
Object to processing of your data for marketing purposes.
Right to Portability
Request your data in a structured, machine-readable format.
Right to Withdraw Consent
Withdraw consent at any time for consent-based processing.
To exercise any of these rights, email us at privacy@primebirdpoultry.co.ke or call 0700 000 000. We will respond within 30 days as required by law.
10. Children's Privacy
Our services are not directed at persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact our Data Protection Officer:
PrimeBird Poultry Limited
Email: privacy@primebirdpoultry.co.ke
Phone: +254 700 000 000
Location: Nairobi, Kenya
You may also lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.