Contact us
Return products
Hello, Guest!

TopCart

Hello, Guest!

Data Protection Policy

Purpose

The purpose of this policy is to ensure the protection, privacy, and lawful processing of customer data at “topcart” T/A East2West FIT Shop Limited. This policy defines the standards for collecting, storing, processing, and sharing customer data in compliance with the Data Protection Act, 2019 and ODPC regulations.

Scope

This policy applies to all customer personal data processed by topcart, including but not limited to:

  • Full Name
  • Contact Details (Email, Phone Number)
  • Delivery Address
  • Payment Information (MPesa, Credit Card Details)
  • Order History

Legal Basis for Processing

topcart processes customer data based on the following legal grounds:

  • Performance of a Contract – To fulfill customer orders and facilitate transactions.
  • Legal Compliance – To meet regulatory and tax obligations.
  • Legitimate Interests – To enhance customer experience and prevent fraud.
  • Consent – For marketing communications, where applicable.

Data Collection & Usage

  • Customer data is collected through the website, mobile app, and support channels.
  • Data is used solely for order processing, delivery, payment verification, and customer support.
  • Marketing communications are opt-in and require explicit consent.

Data Sharing & Third-Party Access

  • Data may be shared with logistics providers, payment processors, and fraud detection services only as necessary.
  • Third parties must comply with topcart’s Data Processing Agreement (DPA).

Data Retention & Deletion

  • Customer data is retained only as long as necessary for the stated processing purpose.
  • Order and payment records are retained for seven (7) years for legal compliance.
  • Customers may request deletion of personal data upon account closure, subject to legal limitations.

Security Measures

  • All customer data is stored encrypted at rest and in transit.
  • Access is restricted to authorized personnel through role-based access controls (RBAC).
  • Any data breaches will be reported in accordance with topcart’s Incident Response & Data Breach Policy.

Customer Rights

Customers have the right to:

  • Access their personal data.
  • Request corrections to inaccurate data.
  • Withdraw consent for marketing communications.
  • Request deletion of personal data, subject to legal limitations.

All customer data requests are to be made to: customercare@topcart.co.ke

Compliance & Enforcement

Failure to adhere to this policy may result in disciplinary action, termination of vendor partnerships, or legal consequences.

Effective Date: 01 August 2025
Policy Owner: Data Protection Officer (DPO), topcart