Privacy Policy

Privacy Policy
Last Updated July 21, 2021

This Privacy Policy (“Policy”) describes how Kasha Technologies, Ltd., Kasha Rwanda Ltd. and their affiliates (collectively, “Kasha,” “we,” “us,” or “our”) collect and process data relating to individuals (“Personal Data”) when you visit Kasha’s websites (each “Site” and together the “Sites”) or purchase products from us through the Site, USSD, or call center (collectively, the “Services”), or otherwise interact with or use the Services. Kasha respects your privacy and is committed to protecting your Personal Data.

Specifically, in this Policy we will cover:

    ● Who We Are

    ● Data Controller

    ● Information We Collect

    ● How We Use Information

    ● How We Share and Disclose Information

    ● Data Retention

    ● Children

    ● Your Rights

    ● Links to Other Sites

    ● Cookies and Similar Technologies

    ● Security

    ● Changes to the Privacy Policy

    ● Data Transfers

    ● Contact Us

Please read this Policy carefully to learn how we collect, use, share, and otherwise process Personal Data and to learn about your rights and choices regarding your Personal Data. By using the Services or otherwise providing Personal Data to us, you agree to the practices described in this Policy. If you do not agree to this Policy, please do not access the Services or otherwise provide Personal Data to us.

This Policy constitutes an integral part of our Terms and Conditions, accessible here:.

Kasha provides an e-commerce platform for women’s health, personal care and beauty in Africa. Our mission is to make it easy for all women to get the health and self-care products and information they need to live their best lives, including women in low-income rural areas of emerging markets. We work with corporations and organizations aligned with our purpose to deliver genuine health care and women-based products and services to women and people that need them.

The relevant Kasha entity with whom you engage is the data controller for Personal Data that we collect in connection with the Services. You can find our contact details under “Contact Us” below.

In providing the Services, we collect various types of Personal Data. We have grouped the types of Personal Data that we process as follows: Information We Collect Directly From You
Account Information: If you choose to sign up for an account with Kasha on the Site we will collect your email address and password. If you create an account or log into your account using third-party services, such as Google or Facebook, we will receive your name and email address as permitted by your profile settings on the third-party service in order to authenticate you. The information we receive when you authenticate through a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in the relevant third-party services to understand what data may be disclosed to us. Moreover, we may collect additional information if you elect to provide it, such as age and gender.
Order Information: When you place an order, we may collect information about the ordered products, the name that you provide, your email address, address, phone number, delivery location and any additional information that you may elect to provide. We may also retain a history of the products you browse and/or purchase using the Services. Moreover, if you place an order through our call center, the conversation may be recorded for quality control purposes.
Information You Provide In Correspondence and Through Forms: We may collect Personal Data that you provide to us when you request information by entering Personal Data into form fields, contact us by phone, email, use the chat functionality available on the Services or otherwise, or leave comments on our Site, such as when using our blog (however, your email will not be published). You decide what Personal Data is provided to Kasha, but this may include your name, email address or phone number, and any other information that you elect to share with us. Providing this information is optional to you.
Surveys: We may collect information when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing this information is optional to you.Payment Information: If you make a purchase through our Services, our payment processors DPO Group or Mpesa, will process certain payment and billing information, such as billing address, payment card details and bank account information. If you have questions about how DPO Group or Mpesa protects such information, please read DPO Group’s privacy policy here: . MPesa’s privacy policy can also be read here: .
Information We Collect Through our Pharmaceutical and Telemedicine Solution: If you make a purchase of pharmaceuticals through our Services, we may collect information about your age, a copy of the prescription, and other health related information which is necessary to fulfill your order.
Medical Disclaimer: The information on our Services is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment. All content, including text,graphics, videos, images and information, contained on or available through our Services is for general information purposes only. You are encouraged to confirm any information obtained from or through the Services with other sources, and review all information regarding any medical condition or treatment with your physician. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HAVE READ ON OR ACCESSED THROUGH THESE WEBSITES. IF YOU OR A LOVED ONE ARE EXPERIENCING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY NUMBER.
Information We Collect Through Our Social Media Pages: We have pages on social media sites like Facebook, Instagram, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Data that you elect to provide to us through your settings on the Social Media site, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Automatically Collected Data: When you visit, use and interact with the Services, we may receive certain information about your visit, use or interactions. For example, we may monitor the number of people that visit our Services, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g.,,, etc.), and which browsers people use to access and visit our Services (e.g., Firefox, Microsoft Internet Explorer), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
    ● Log data: Information that your browser automatically sends whenever you visit the Site (“log data”). Log data includes your Internet Protocol (“IP”) address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.
    ● Cookies and Similar Technologies: Like many websites, we use “cookies” and similar technologies. Please see the “Cookies and Similar Technologies” section below to learn more about how we use cookies and similar technologies.
    ● Device information: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
    ● Usage Information: We collect information about how you use our Site, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency and duration of your activities. Information We Collect From Other Sources: In some instances, local government entities may provide Kasha with a list of patients’ contact information who are approved to order products through our Services. Moreover, we might receive information about you from other sources, such as updated delivery and address information from our carriers, which we use to correct our records and deliver your next purchase more easily.

We process your information as necessary to:

    ● Enable us to process your orders pursuant to the applicable Terms and Conditions or to take steps at your request prior to entering into a contract with you (“Contract”), and/or
    ● Enable us to comply with legal obligations (“Legal Obligation”), and/or
    ● Pursue legitimate interests of Kasha or those of third parties, including as applicable your interests (“Legitimate Interest”), provided your interests and fundamental rights do not override those interests. This Policy describes when we process your Personal Data for Legitimate Interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.

We generally do not rely on your consent as a legal basis for processing your Personal Data, except where we need your consent to send you marketing emails as explained in more details below (in such case, you have the right to withdraw your consent at any time by following the instructions contained in each marketing email we send you or by contacting us).

We have set out below, in table format, the ways we use your Personal Data, and the legal bases we rely on to do so. We may use your Personal Data for other purposes which you have consented to at the time of providing your data.

Type of Personal Data Why Processed Legal Basis for Processing
Account Information     ● To set up and maintain your account and contact you regarding your use of the Services
    ● To monitor and enforce compliance with our Terms and Conditions
    ● To administer and protect our business and the Services, prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data)
    ● With your consent, to send you information on our new products or services or other promotions. If you provide us with your consent for such purpose, you have the right to withdraw your consent at any time.
    ● In relation to information about age and gender (if you elect to provide it), to de- identify and/or anonymize this information and share it in de-identified and/or anonymized way only as described under the section below titled “How We Share And Disclose Information.
    ● Contract
    ● Legal Obligation
    ● Legitimate Interest in (i) conducting and protecting our business and operations, (ii) enforcing or defending legal rights, or preventing damage, (iii) keeping our Services, network and information systems secure; and (iv) provide valuable insights to third parties for commercial, statistical and market research purposes, as further described under the section below titled “How We Share And Disclose Information”.
    ● Consent, for sending marketing communications regarding other products and services that may be of interest to you
Order Information     ● To take and handle orders, deliver products and services and communicate with you about orders, products and services.
    ● In relation to recording calls with our call center, to maintain, monitor and improve the usability and functionality of the Services.
    ● To remember a history of the products ordered to recommend features, products, and services that might be of interest to you, identify your preferences, and personalize your experience with our Services.
    ● To de-identify and/or anonymize information and share de-identified and/or anonymized information as described under the section below titled “How We Share And Disclose Information”.
    ● Contract
    ● Legitimate Interest in (i) personalizing your experience, and (ii) provide valuable insights to third parties for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people, and conducting research on consumer demographics, interests and behavior, as further described under the section below titled “How We Share And Disclose Information”.
Information You Provide In Correspondence and Through Forms     ● To respond to your requests or concerns     ● Legitimate Interest in communicating with you
Surveys     ● For market research purposes     ● Our Legitimate Interest is better understanding our customer base so we can improve our products and services
Payment Information     ● To manage payment, fees and charges     ● Contract
    ● Legal Obligation
    ● Legitimate Interest in enforcing or defending legal rights, or preventing damage
Information We Collect Through our Pharmaceutical and Telemedicine Solution     ● To provide your with our products that require a prescription     ● Contract
    ● Legal Obligation
Information that You Provide Through our Social Media Pages     ● To respond to your inquiries
    ● With your consent, to send you information on our new products or services or other promotions. If you provide us with your consent for such purpose, you have the right to withdraw your consent at any time.
    ● Legitimate Interest in responding to your inquiries
    ● Consent to send you marketing information
Automatically Collected Data     ● To administer our Services, provide functionality, fix errors, analyze how you interact with our Services and provide, maintain and improve the usability and functionality of the Services.
    ● To protect our business, prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture and networks
    ● To comply with legal obligations and to protect our operations and rights and enforcing or defending legal rights, or preventing damage
    ● Legitimate Interest in (i) analyzing the use of our Services in order to develop and enhance them, (ii) conducting and protecting our business and operations, (iii) keeping our Services, network and information systems secure
    ● Legal obligation

We share your information with third parties in the following situations:

    ● Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with service providers, including hosting and other information technology services; email communication software providers and email newsletter providers; providers of call center services; database and sales/customer relationship management services; payment service providers; order fulfillment service providers, and web analytics services (for more details on the third parties that place cookies and similar technologies through the Site, please see the “Cookies and Similar Technologies” section below). Pursuant to our instructions, these parties will access, process or store Personal Data in the course of performing their duties to us.
    ● De-identified/Anonymized Data: We may de-identify and/or anonymize the information we process in connection with the Services and use such de-identified and/or aggregated data for our own internal business purposes, including but not limited to sharing anonymized and de-identified data with affiliated companies, our current and prospective brands, business partners, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people, and conducting research on consumer demographics, interests and behavior.
    ● Business Transfers: Your Personal Data will be used by us or shared with our affiliated companies for internal reasons, primarily for business and operational purposes. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data may be shared in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
    ● Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.

We keep Personal Data for as long as your account is active; as needed to provide you products or services; as needed for the purposes outlined in this Policy or at the time of collection; as necessary to comply with our legal obligations (e.g., to honor opt-outs), resolve disputes, and enforce our agreements; or to the extent permitted by law.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

The Services are not directed to children who are under the age of 18. Kasha does not knowingly collect Personal Data from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided Personal Data to Kasha through the Services, please contact us and we will endeavor to delete that information from our databases.

Subject to certain conditions and exceptions contained in applicable law, you have the following rights in relation to your Personal Data:
    ● Right to information: you have a right to be informed of your rights, the fact that we are collecting your personal data, the purposes for which the data is being collected, the legal basis upon which we collect such data, the third parties to whom we will transfer your personal data, the measures we have taken to ensure integrity and confidentiality of your data and the consequences if any, where you fail to provide all or any part of the requested data. We have fulfilled this right through this Privacy Policy.
    ● Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
    ● Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it.
    ● Right to erasure: You may ask us to delete or erase or destroy your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible.
    ● Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as:
o Where you contest the accuracy of the data;
o Your data is no longer required for the purposes of the processing, unless we require the data for the establishment, exercise or defence of a legal claim;
o The processing is unlawful, and you oppose the erasure of personal data and ask for restriction of its use instead; and
o Where you object to us processing it (please read below for information on your right to object).
    ● Right to data portability: You have the right to obtain your Personal Data from us provided that (i) the processing is not necessary for the performance of a task carried out in public interest or in the exercise of an official authority and (ii) your right does not adversely affect the rights and freedoms of others. We will give you your Personal Data in a structured, commonly used and machine-readable format.
    ● Right not to be subjected to automated individual decision making: If applicable, in certain instances, you have the right not to be subjected to a decision based solely on automated processing, including profiling.
    ● Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
o If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or your data is needed to establish, exercise, or defend legal claims;
o If we are processing your Personal Data for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above).
    ● Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
    ● Right to raise a complaint to the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the Data Commissioner in Rwanda through its website on
    ● Right to Compensation: You have a right to seek compensation if you suffer damage or believe that we have contravened the requirements of the data protection law.

Please see the “Contact Us” section below for information on how to exercise your rights.

The Services may contain links to other websites not operated or controlled by Kasha, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

We and our partners use cookies and similar technologies on our Services to operate and administer the Services, conduct analytics and improve the Services. In this section we explain these technologies, why we use them, and the choices you have.
What Are Cookies?
A cookie is a text file which is stored on your computer or other device when you visit a website.
We use two types of cookies: session and persistent cookies. Session cookies are stored temporarily on your device while you browse the Site and are deleted from your device when you finish browsing. Persistent cookies remain on your device after you have finished browsing the Site so that we can remember your preferences when you visit the Site in future.
Some cookies are set by us (first party cookies); some cookies are set by another party’s website (third-party cookies).
For more information about cookies, including how to set your internet browser to restrict, block or delete cookies, please go to
What Types of Technologies Do We Use?
We use cookies, web beacons and other technologies to improve and customize our Services and your experience; to allow you to access and use the Services without re-entering your username or password; to understand usage of our Services and the interests of our customers; to determine whether an email has been opened and acted upon; and to present you with advertising relevant to your interests.
How Do We Use Them?

    ● Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.
    ● For functionality. These cookies and similar technologies remember choices you make such as language or search parameters. We use these cookies and similar technologies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.
    ● For performance and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our website to identify areas for improvement such as navigation, user experience, and marketing campaigns. For more information about Google Analytics visit To prevent the storage and processing of this data (including your IP address) by Google, you can download and install the browser-plugin available at the following link:
    ● Targeting or advertising cookies. These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. They remember the websites you have visited and that information is shared with other parties such as advertising technology service providers and advertisers.
    ● Social media cookies. These cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

What Choices Do I Have?

On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
    ● Internet Explorer
    ● Mozilla Firefox
    ● Google Chrome
    ● Apple Safari
Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Services and you may not be able to benefit from the full functionality of the Services .
Most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative’s online resources at and follow the opt-out instructions there.
If you access the Services on your mobile device, you may not be able to control tracking technologies through the settings.

You use the Site at your own risk. We have implemented physical, technical, and administrative security measures designed to protect Personal Data. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services or e-mail. Please keep this in mind when disclosing any Personal Data to Kasha via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third party websites.

The Services, and our business may change from time to time. As a result we may change this Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Services or providing us with Personal Data after we have posted an updated Policy, or notified you if applicable, you consent to the revised Policy and practices described in it.

In connection with the operation of our Services, your Personal Data will be stored on servers in Rwanda, Kenya, and the European Economic Area (“EEA”). Your Personal Data may be processed outside your jurisdiction by us, our contractors and third-parties disclosed in Section 5 above that are based in other countries, as needed for the purposes described in Section 4 above. Those countries may not provide for the same level of data protection as your jurisdiction. When we transfer your Personal Data outside of the country where you reside, we ensure that we have binding cross-border transfer agreements with the parties disclosed in section 5 in place and that adequate protection for your personal data is provided as required by applicable law.

If you have any questions about our Policy or the information practices of the Services, or would like to exercise any of your rights in relation to your Personal Data, please feel free to contact us at , or by post at:

Kasha Technologies, Ltd.
P.O Box 2611-00606, Nairobi, Kenya


Return to top of the page