Privacy Policy

Maschon Home(hereinafter “we,” “us,” or “our”) is the data controller responsible for your personal data. We are registered with the Office of the Data Protection Commissioner (ODPC) of Kenya.

We may collect the following categories of personal data:

• Directly from you — when you register, place an order, or contact us.
• Automatically — via cookies and similar tracking technologies when you browse our site.
• Third parties — payment processors (e.g., M-Pesa/Safaricom), delivery partners, and analytics providers.

You may withdraw consent for marketing communications at any time by emailingprivacy@maschon.co.ke or using the unsubscribe link in any email we send.

We do not sell your personal data. We may share it with the following categories of recipients:

• Payment processors: Safaricom (M-Pesa), card acquirers — for transaction processing only.
• Delivery partners: DHL, Aramex, Fargo, EasyCoach, Little — to fulfil your orders.
• IT service providers: Hosting, analytics, and email providers bound by confidentiality obligations.
• Regulators & law enforcement: Where required by Kenyan law (KRA, CAK, police).

All third parties are contractually required to protect your data and use it only for the specified purpose.

Some of our service providers may process data outside Kenya. Where this occurs, we ensure adequate safeguards are in place (such as standard contractual clauses) in line with Section 48 of the Data Protection Act 2019.

We retain your personal data only as long as necessary for the purposes outlined in this Policy or as required by Kenyan law (e.g., tax records must be retained for 5 years under the Tax Procedures Act). When data is no longer needed, it is securely deleted or anonymised.

Under the Data Protection Act 2019, you have the following rights:

To exercise any of these rights, please contact our Data Protection Officer at privacy@maschon.co.ke. We will respond within 21 days as required by law.

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.

We use cookies and similar technologies to enhance your browsing experience. Cookies we use include:

• Strictly necessary cookies: Required for the platform to function (session management, security). These cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site (e.g., Google Analytics). You can opt out via your browser settings.
• Preference cookies: Remember your choices (language, region).

You may control cookies via your browser settings. Disabling cookies may affect the functionality of our platform.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

• SSL/TLS encryption for all data transmitted over our platform.
• Secure password hashing (bcrypt).
• Access controls limiting staff access to personal data on a need-to-know basis.
• Regular security assessments.

In the event of a data breach that poses a risk to your rights, we will notify the ODPC within 72 hours and affected users without undue delay, in accordance with Section 43 of the Data Protection Act 2019.

Our platform is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this Policy periodically. Material changes will be communicated via email or a prominent notice on our site.