1. INTRODUCTION
1.1. Optimus is committed to protecting your privacy
1.2. The Privacy Policy Statement is made by the WPP Scangroup Plc Group consisting of Squad Digital Limited
among other entities (Collectively, “Optimus”, “we”, “us” or “our”)
1.3. This Privacy Policy was last updated on [11/09/2020].
1.4. We take your privacy and the security of your information seriously. When we obtain information about you,
we ask for information necessary, gathering only what we believe is essential for doing business, or the
specific transaction at hand. We will adhere to the principles and procedures set out in this Privacy Policy
(“the Policy”).
1.5. By using Optimus, you are accepting the terms of this Policy and consenting to the collection, processing,
further processing and storage of your information (including your personal information) as contemplated
in this Policy.
2. SCOPE OF THIS PRIVACY POLICY
2.1. The Policy applies to all Optimus or its client’s websites that link to it. It also applies to the products and
services provided by Optimus or its clients through these websites, our mobile applications and applications
posted on online marketplaces including third-party online marketplaces.
2.2. This privacy policy aims to give you information on how we collects and processes your personal data
whether you are Optimus client or end user that uses Optimus Client’s products, applications or services
(together, the “Services”), including any data you may provide through the Optimus Platform when you
use the Services.
2.3. It is important that you read this Privacy Policy together with any other privacy policy or fair processing
policy we may provide on specific occasions when we are collecting or processing personal data about
you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements
other notices and privacy policies and is not intended to override them.
3. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
3.1. We keep our Privacy Policy under regular review and we may modify or update the policy from time to
time. Where the changes will have a fundamental impact on the nature of the processing of your data or
your rights, we shall notify you in advance.
3.2. It is important that the personal data we hold about you is accurate and current. Please keep us informed
if your personal data changes during your relationship with us.
4. THIRD-PARTY LINKS
4.1. The Optimus Platform may include links to third-party websites, plug-ins and applications. Clicking on those
links or enabling those connections may allow third parties to collect or share data about you. We do not
control these third-party websites and are not responsible for their privacy statements. When you leave our
Optimus Platform, we encourage you to read the privacy policy of every website or platform you visit.
4.2. We will never sell your Personal Information to any third party.
5. INFORMATION COLLECTED
5.1. We collect information about you only if (a) you have provided the information yourself, (b)we have
automatically collected the information, or (c) we have obtained the information from a third party.
5.2. Information that you provide us:
5.2.1. Account signup - The app collects customer information when a user fills in a lead form. A user fills
in several information field that include; Name; Location/ nearest branch to them; Product they
are interested in; Phone number; Email address; Whether they are a new customer or existing
customer of Optimus’s client; Cookies will collect DMP ID; and Referrer information i.e the origin of
the lead where the customer filled the lead for e.g website url. We may also collect such
additional information required for our Know Your Customer (KYC) purposes.
5.2.2. Interactions with Optimus or Optimus clients – We record analyse and use your interactions with
us including value of the product sold to the customer; the customer ID or Passport number; and
chat conversations with our sales and customer support professionals, for improving our
interactions with you and other customers.
.3. Information that we collect automatically:
5.3.1. Precise geolocation data, and identification through device scanning;
5.3.2. Information from browsers, devices and servers: When you visit our clients websites or the Optimus
app, we collect information that web browsers, mobile devices and servers make available. We
include these in our log files to understand more about visitors to the Optimus platform;
5.3.3. Information from first party cookies and tracking technologies: We use temporary and permanent
cookies to identify users of the Services and to enhance user experience; and
5.3.4. Information from application logs and mobile analytics: We collect information about you use of
the Services and mobile applications from application logs and in-house usage analytics tools
and use it to understand your needs. This information includes clicks, scrolls, features accessed,
access time and frequency, errors generated, performance data, user settings and configurations
and devices used to access and their locations.
5.4. Information that we collect from third parties:
5.4.1. Signups using authentication service providers: You can only log in to Optimus using the log in
credentials assigned by admin during account registration
5.4.2. Referrals: If someone has referred any of our products or services to you through any of our referral
programs, that personal have provided us your name, email address and other personal
information;
5.5. It is important that the personal information we hold about you is accurate and current. Please keep us
informed if your personal information changes during your relationship with us.
6. PURPOSES FOR USING INFORMATION
6.1. In addition to the purposes mentioned above, we may use your information for the following purposes:
6.1.1. To provide you with the Services, confirm identities, provide support such as debugging,
troubleshooting, automated decision making such as the detection of fraudulent account
creation when signing up for our service, for advertising and marketing, invoicing, to resolve
incidents related to the use of the Services, to improve and personalize our Services, such as push
notifications regarding your activities, and to comply with legal requirements. We may use this
information in other cases where we have received express permission; and
6.1.2. To update, expand and analyse our records, identify new customers, and provide products and
services that may be of interest to you.
7. SHARING OF INFORMATION WITH THIRD PARTIES
7.1. Optimus works with various third parties including its clients and service providers to facilitate the provision
of our Services and we may share personal information with them to support these efforts.
7.2. We may also share your information in the following circumstances:
7.2.1. to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving
potential threats to the physical safety of any person, violations of our Terms of Service or any other
agreement related to the Services, or as otherwise required by law.
7.2.2. to facilitate our marketing and/or advertising campaign activities.
7.2.3. to comply with legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other
requests by public authorities (including to meet national security or law enforcement requirements).
7.3. Personal information may also be shared with the following, in which case we will post a notice on our
home page:
7.3.1. a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution,
reorganization, or other similar transaction or proceeding; or
7.3.2. any entity that Optimus enters into business relations with Optimus and which has put in place
appropriate security measures to prevent the loss or unauthorised use of data.
8. COOKIES
8.1. “Cookies” are small data files that are stored on the hard drive of your computer by your browser. Each
time you visit our platform, cookies will collect information about your visit (including your browsing patterns)
and about your computer (including your internet protocol (IP) address, mobile device, browser and
operating system).
8.2. Cookies cannot collect personal information about you. They are used purely to allow us to offer you a
better online experience of our app and services.
8.3. Please note that it is possible for you to change your computer’s or mobile device browser settings to
disable the use of cookies. We would advise that you do not do this, however, as this could affect the
manner in which you are able to use the app on your computer or mobile device. Unless you have adjusted
your browser settings to refuse or disable cookies, our system will automatically issue cookies when you
access the Optimus platform.
8.4. Please note that our advertisers, as well as business partners, may also make use of cookies. You understand
and acknowledge that we have no control over cookies used by third parties. For more information about
the cookies we use, please see Cookie Policy under Schedule 1.
9. DATA RETENTION- HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
9.1. We will generally only retain your personal data for as long as reasonably necessary to fulfil the purposes
we collected it for, including but not limited to the purposes of satisfying any legal, regulatory, tax,
accounting or reporting requirements.
9.2. We delete personal information 90 days after receiving a deletion request. If you inform us that you do not
want us to keep your information in order to allow us to contact you in the future, we will respect your
request.
9.3. Optimus acts as a data processor on behalf of our clients.
9.4. We may retain your personal data for a longer period in the event of a complaint or if we reasonably
believe there is a prospect of litigation in respect to our relationship with you.
9.5. We may continue to store anonymous or anonymized information, such as website visits, without identifiers,
in order to improve our Services.
10. DATA SECURITY
10.1. We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit
access to your personal data to those employees, agents, contractors and other third parties who have a
business need to know. They will only process your personal data on our instructions and they are subject
to a duty of confidentiality.
10.2. We comply with industry standards on information security management to safeguard sensitive information,
such as financial information, intellectual property, employee details and any other personal information
entrusted to us. Our information security systems apply to people, processes and information technology
systems on a risk management basis.
10.3. We perform annual audits to ensure our handling of your information aligns with industry guidelines.
10.4. Since no method of transmission over the Internet, or method of electronic storage is 100% secure, we
cannot guarantee the absolute security of your personal information.
11. MARKETING
11.1. We may use your identity, contact, technical, usage and profile data to form a view on what we think you
may want or need, or what may be of interest to you. This is how we decide which products, services and
offers may be relevant for you.
11.2. You may receive marketing communications from us if you have requested information from us or used our
Services and you have not opted out of receiving that marketing.
11.3. We share your personal data with any third party for marketing purposes. You can ask us or third parties to
stop sending you marketing messages at any time by following the opt-out links on any marketing message
sent to you or by contacting us at any time.
12. CHANGE OF PURPOSE
12.1. We will only use your personal data for the purposes for which we collected it, unless we reasonably
consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you wish to get an explanation as to how the processing for the new purpose is compatible with the
original purpose, please contact us set out in Clause 14
12.2. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the
legal basis which allows us to do so.
12.3. Please note that we may process your personal data without your knowledge or consent, in compliance
with the above rules, where this is required or permitted by law.
13. INTERNATIONAL TRANSFERS
13.1. While WPP Scangroup Plc is a Kenyan company and primarily stores data in Germany and India we provide
services to individuals and our technology processes data from users around the world. As such, Optimus
may transmit your personal information outside of the country, state, or province in which you are located.
13.2. Transferred data may be subject to the laws Kenya and the laws of those countries. Optimus does not
transfer or store data in countries that do not have a robust regime of data protection.
14. YOUR LEGAL RIGHTS
14.1. You have the right to:
14.1.1. Request access to your personal data (commonly known as a “data subject access request”). This
enables you to receive a copy of the personal data we hold about you and to check that we are
lawfully processing it.
14.1.2. Request correction of the personal data that we hold about you. This enables you to have any
incomplete or inaccurate data we hold about you corrected, though we may need to verify the
accuracy of the new data you provide to us.
14.1.3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data
where there is no good reason for us continuing to process it. You also have the right to ask us to delete
or remove your personal data where you have successfully exercised your right to object to processing
(see below), where we may have processed your information unlawfully or where we are required to
erase your personal data to comply with local law. Note, however, that we may not always be able
to comply with your request of erasure for specific legal reasons which will be notified to you, if
applicable, at the time of your request.
14.1.4. Object to processing of your personal data where we are relying on a legitimate interest (or those of
a third party) and there is something about your particular situation which makes you want to object
to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also
have the right to object where we are processing your personal data for direct marketing purposes. In
some cases, we may demonstrate that we have compelling legitimate grounds to process your
information which override your rights and freedoms.
14.1.5. Request restriction of processing of your personal data. This enables you to ask us to suspend the
processing of your personal data in the following scenarios:
14.1.5.1.If you want us to establish the data’s accuracy.
14.1.5.2.Where our use of the data is unlawful but you do not want us to erase it.
14.1.5.3.Where you need us to hold the data even if we no longer require it as you need it to establish,
exercise or defend legal claims.
14.1.5.4. You have objected to our use of your data but we need to verify whether we have overriding
legitimate grounds to use it.
14.1.6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third
party you have chosen, your personal data in a structured, commonly used, machine-readable
format. Note that this right only applies to automated information which you initially provided consent
for us to use or where we used the information to perform a contract with you.
14.1.7. Withdraw consent at any time where we are relying on consent to process your personal data.
However, this will not affect the lawfulness of any processing carried out before you withdraw your
consent. If you withdraw your consent, we may not be able to provide certain products or services to
you. We will advise you if this is the case at the time you withdraw your consent.
14.2. You will not have to pay a fee to access your personal data or to exercise any of the other rights set out
above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or
excessive. Alternatively, we could refuse to comply with your request in these circumstances.
14.3. We may need to request specific information from you to help us confirm your identity and ensure your
right to access your personal data (or to exercise any of your other rights). This is a security measure to
-5-ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact
you to ask you for further information in relation to your request to speed up our response.
14.4. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a
month if your request is particularly complex or you have made a number of requests. In this case, we will
notify you and keep you updated.
14.5. Under 18-year olds – The Optimus App or Platform is not intended or designed to attract children under the
age of 18. We do not knowingly collect personal information from or about any person under the age of
18. If you are under 18 years old and wish to ask a question or use this site in any way which requires you to
submit your personal information, please get your parent or guardian to do so on your behalf.
15. LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EEA VISITORS ONLY)
15.1. If you are a visitor/customer located in the European Economic Area ("EEA"), Optimus's Data Protection
Officer can be contacted at
[email protected]
15.2. Our legal basis for collecting and using the personal information described above will depend on the
personal information concerned and the specific context in which we collect it. However, we will normally
collect personal information from you only where we have your consent to do so, where we need the
personal information to perform a contract with you, or where the processing is in our legitimate interests
and not overridden by your data protection interests or fundamental rights and freedoms. In some cases,
we may also have a legal obligation to collect personal information from you.
15.3. If we ask you to provide personal information to comply with a legal requirement or to perform a contract
with you, we will make this clear at the relevant time and advise you whether the provision of your personal
information is mandatory or not (as well as of the possible consequences if you do not provide your personal
information). Similarly, if we collect and use your personal information in reliance on our legitimate interests
(or those of any third party), we will make clear to you at the relevant time what those legitimate interests
are.
16. HOW TO CONTACT OPTIMUS
16.1. If you have any questions about your personal information or this policy, or if you would like to make a
complaint about how Optimus processes your personal data, please contact Optimus by email at
[email protected] or by using the contact details below:
WPP Scangroup Plc
6th Floor Chancery, Valley Road
Nairobi, Kenya
SCHEDULE 1
