Privacy Policy

Effective date: 3^rd January,2023

At Auto Server Solutions Limited, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal information. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Privacy Policy.

Remember that your use of the Services is at all times subject to our terms of use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.

You may print a copy of this Privacy Policy by visiting our Company website. If you have a disability, you may access this Privacy Policy in an alternative format by contacting us using any of the methods provided for in Contact Information below.

What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” as guided by Data Protection Act No. 24 0f 2019, Laws of Kenya, rules and/or regulations and all the enabling laws. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

Categories of Personal Data We Collect

The chart in this section details the categories of Personal Data that we collect and have collected over the past 12 months:

Sources of Personal Data (Column 3)

We collect Personal Data about you from the following categories of sources:

• “You/Data subject”

o   When the data subject provides such information directly to us.

o   When Personal Data about the data subject is automatically collected in connection with your use of our Services (see the subsection titled “Information Collected Automatically” below).

• “Third Parties”

o   Third parties that provide us with Personal Data about you, including but not limited to financial institutions

Information Collected Automatically

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, to analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.

How We Use Your Personal Data

We process Personal Data to operate, improve, understand and personalize our Services. We use Personal Data for the following purposes:

• To meet or fulfill the reason you provided the information to us.
• To communicate with you about the Services, including Service announcements, updates or offers.
• To provide support and assistance for the Services.
• To create and manage your Account or other user profiles.
• To personalize website content and communications based on your preferences.
• To process transactions.
• To respond to user inquiries and fulfill user requests.
• To improve and develop the Services, including testing, research, analysis and product development.
• To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our Services.
• To comply with our legal or contractual obligations, resolve disputes, and enforce our Terms of Use.
• To respond to law enforcement requests and as required by the Data Protection Act No. 24 of 2019 Laws of Kenya, rules and regulations or court order.
• For any other business purpose stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

As noted in the list above, we may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us, which helps us improve our Services. If you do not want to receive communications from us, please indicate your preference by emailing through our official email.

How We Share Your Personal Data

Categories of Third Parties with Whom We Share Personal Data (Column 4)

We disclose your Personal Data as indicated in the chart above to the following categories of service providers and other parties:

• “Service Providers”
  • These are third parties that help us provide our Services, including payment processors, security and fraud prevention providers, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel.
• “Acquirors”
  • These are parties who acquire your Personal Data through an acquisition or other change of control. Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
• “Selected Recipients”
  • These are third parties that we share your Personal Data with at your direction, including:
    • Other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the Services).
    • Third-party business partners who you access through the Services.
    • Other parties authorized by you

Disclosures of Personal Data for a Business Purpose

We disclose your Personal Data to service providers and other parties for the following business purposes:

• Auditing related to a current interaction and concurrent transactions, including, but not limited to, auditing compliance with this specification and other standards.
• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
• Debugging to identify and repair errors that impair existing intended functionality.
• Short-term, transient use of Personal Data that is not used by another party to build a consumer profile or otherwise alter your consumer experience outside the current interaction.
• Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, or processing payments.

Data Security and Retention

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.

We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some casess we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Personal Data of Children

Under The Law of Contract, Chapter 23 Laws of Kenya, minors do not have the capacity to enter into an enforceable contract, therefore if a minor shares his or her personal date, the same shall be deleted with immediate effect.

Access

You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:

• The categories of Personal Data that we have collected about you.
• The categories of sources from which that Personal Data was collected.
• The business or commercial purpose for collecting or selling your Personal Data.
• The categories of third parties with whom we have shared your Personal Data.
• The specific pieces of Personal Data that we have collected about you.

If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third party recipient.

Deletion

You have the right to request that we delete the Personal Data that we have collected about you. Under the Data Protection Act No. 24 of 2019, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

Exercising Your Rights

To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request using the following methods:

• Call us at: +254 719 875 311 / +818074100831
• Email us at: inquiry@assl-auctio.com
• Our physical offices located at: Astrol Petrol Station, Kiambu Road, Kenya (Next to Ridgeways Mall) 1^st Floor Room No. A2

You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

We Will Not Discriminate Against You for Exercising Your Rights Under the Data Protection Act and all the Enabling Provisions of the Law.

We will not discriminate against you for exercising your rights under the DPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the DPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the DPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.

Changes to this Privacy Policy

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to any such changes by placing a notice on our website , by sending you an email and/or by some other means. Please note that if you’ve opted not to receive notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact Information:

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:

• Call us at: +254 719 875 311 / +818074100831
• Email us at: inquiry@assl-auctio.com
• Our physical offices located at: Astrol Petrol Station, Kiambu Road, Kenya (Next to Ridgeways Mall) 1^st Floor Room No. A2