Privacy Notice

Last update: 14/06/2025

Our website address is: https://www.nakul.app

Introduction

We are EasyByte LTD, operators of Nakul in the United Republic of Tanzania. This notice describes how we collect, store, transfer and use personal data. It tells Users about their privacy rights and how the law protects them.

In the context of the law and this notice, ‘personal data’ is information that clearly identifies users as an individual or which could be used to identify users if combined with other information. Acting in any way on personal data is referred to as ‘processing’.

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our platform.

Our privacy policy is strong and precise. It complies fully with the The Data Protection.

Data Protection Officer

We have appointed a data protection officer (‘DPO’) who is responsible for ensuring that our privacy policy is followed.

If you have any questions about how we process your personal data, including any requests to exercise your legal rights, please contact our DPO, at dp@nakul.app.

Personal data we process

The information we process about you includes information:

Users have directly provided to us
Users have indirectly provided to us
that we gather from third party databases and service providers
as a result of monitoring how users use our platform or our services

Types of personal data we collect directly

When users use our platform, our services, or buy from us, [for example, when users create an account on our platform,] we ask users to provide personal data. This can be categorised into the following groups:

• Registration Data: the information provided by Users when they create an account on the Nakul Platform: username and e-mail.

• User Profile Information: the information added by Users on the Platform in order to be able to use the Nakul service; i.e. their mobile phone number and delivery address. Users can view and edit the personal data on their profile whenever they wish. Nakul does not store Users’ credit card details, but these are provided to licensed electronic payment service providers, who receive the data included directly and store it in order to facilitate the payment process for Users and to manage it on Nakul’s behalf. This information is under no circumstances stored on Nakul’s servers. Users may delete the details of the credit cards linked to their account at any time. This will trigger the service provider to delete the information, which will have to be re-entered or selected in order to place new orders through the Platform. Users may request such providers’ privacy policies at any time.

• Personal identifiers, such as their first and last names, their gender, and their date of birth.

• Additional information that Users wish to share: any information that a User could supply to Nakul for other purposes. Examples include a photograph of the User or the billing address in the case of Users who have asked to receive invoices from Nakul.

• Account information, including their username and password

• records of communication between us including messages sent through our platform, email messages, and telephone conversations

• Information on accidents involving any of the parties involved in the provision of services through the Platform for the purpose of making insurance claims or carrying out any other actions with the insurance companies contracted by Nakul.

• Transcription and recording of conversations held between the USER and Nakul for the processing of incidents, queries, or any other consultations that may be made.

• Information on Communications between Customers and Partners: Nakul will have access to the communications exchanged between Users and the Partners that collaborate with the Platform by means of the chat system provided on the Platform.

• Marketing preferences that tell us what types of marketing users would like to receive.

Types of personal data we collect indirectly

•  Data arising from the Use of the Platform: Nakul collects the data arising from Users’ Use of the Platform every time they interact with the Platform.

• Data on the application and the device: Nakul stores data on the device and the Application used by Users to access the services. This data is:

• The IP address used by each User to connect to the Internet using his/her computer or mobile phone.

• Information about his/her computer or mobile phone, such as his/her Internet connection, browser type, version and operating system, and type of device.

• The full uniform resource locator (URL) Clickstream, including date and time.

• Data from the User’s account: information on delivery requests by each User, as well as feedback and/or comments made about them by such User.

• Data arising from the User’s origin: if a User arrives at the Nakul Platform through an external source (such as a link from another platform or a social network), Nakul collects data on the source from which the Nakul User arrived. information that confirms their contact information.

• Data resulting from the management of incidents: if a User contacts the Nakul Platform through the Contact Form or on Nakul’s phone number, Nakul will collect the messages received in the format used by the User and may use and store them to manage current or future incidents.unsolicited complaints by other users.

• Data arising from “cookies”: My Nakul uses its own and third-party cookies to facilitate browsing by its users and for statistical purposes (see the Cookie Policy).

• Information users contribute to our community, including reviews.

• Their replies to polls and surveys.

• Data resulting from external third parties: Nakul may collect personal data or information from external third parties only if the User authorises such third parties to share that information with Nakul.

• Similarly, if a user accesses Nakul through products and services offered by Google, Google may send the User’s browsing data to Nakul, with access to the platform through the links created by Google.

• The information provided by the external third party may be controlled by the User in accordance with the third party’s own privacy policy.

• Geolocation Data: provided that this has been authorised by Users, Nakul will collect data relating to their location, including the real-time geographic location of their computer or mobile device.

Types of personal data we collect from third parties

We confirm some of the information users provide to us directly using data from other sources. We also add to the information we hold about users, sometimes to remove the need for users to provide it to us and sometimes in order to be able to assess the quality of the services users offer.

The additional information we collect can be categorised as follows:

•  Information that confirms their identity

• business information, including their business trading name and address, their company number (if incorporated), and their VAT number (if registered)

• Information that confirms their contact information

• Reviews and feedback about their business on other platforms through which users sell their services

• Unsolicited complaints by other users

Our use of aggregated information

We may aggregate anonymous information such as statistical or demographic data for any purpose. Anonymous information is that which does not identify users as an individual. Aggregated information may be derived from their personal data but is not considered as such in law because it does not reveal their identity.

For example, we may aggregate usage information to assess whether a feature of our platform is useful.

However, if we combine or connect aggregated information with their personal data so that it can identify users in any way, we treat the combined information as personal data, and it will be used in accordance with this privacy notice.

If users do not provide personal data we need

Where we need to collect personal data by law, or under the terms of a contract we have with users, and users fail to provide that data when requested, we may not be able to perform that contract.

In that case, we may have to stop providing a service to users. If so, we will notify users of this at the time.

The bases on which we process information about users

The law requires us to determine under which of six defined bases we process different categories of their personal data, and to notify users of the basis for each category.

If a basis on which we process their personal data is no longer relevant then we shall immediately stop processing their data.

If the basis changes then if required by law we shall notify users of the change and of any new basis under which we have determined that we can continue to process their information.

Information we process because we have a contractual obligation with users

When users create an account on our platform, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between users and us.

In order to carry out our obligations under that contract we must process the information users give us. Some of this information may be personal data.

We may use it in order to:

•  Verify their identity for security purposes when users use our services

• Sell products to users

• Provide users with our services

• Provide users with suggestions and advice on products, services and how to obtain the most from using our platform

We process this information on the basis there is a contract between us, or that users have requested we use the information before we enter into a legal contract.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.

Information we process with users consent

Through certain actions when otherwise there is no contractual relationship between us, such as when users browse our platform or ask us to provide users more information about our business, including our products and services, users provide their consent to us to process information that may be personal data.

Wherever possible, we aim to obtain their explicit consent to process this information, for example, we ask users to agree to our use of non-essential cookies when users access our platform.

If users have given us explicit permission to do so, we may from time to time pass their name and contact information to selected associates whom we consider may provide services or products users would find useful.

We continue to process their information on this basis until users withdraw their consent or it can be reasonably assumed that their consent no longer exists.

Users may withdraw their consent at any time by instructing us at d p @ na kul. a  pp However, if users do so, users may not be able to use our platform or our services further.

We aim to obtain and keep their consent to process their information. However, while we take their consent into account in decisions about whether or not to process their personal data, the withdrawal of their consent does not necessarily prevent us from continuing to process it. The law may allow us to continue to process their personal data, provided that there is another basis on which we may do so. For example, we may have a legal obligation to do so.

Information we process for the purposes of legitimate interests

We may process information on the basis there is a legitimate interest, either to users or to us, of doing so.

Where we process their information on this basis, we do after having given careful consideration to:

•  Whether the same objective could be achieved through other means

• Whether processing (or not processing) might cause users harm

• Whether users would expect us to process their data, and whether users would, in the round, consider it reasonable to do so

For example, we may process their data on this basis for the purposes of:

•  Improving our services

• Record-keeping for the proper and necessary administration of our organisational

• Responding to unsolicited communication from users to which we believe users would expect a response

• Preventing fraudulent use of our services

• Exercising our legal rights, including to detect and prevent fraud and to protect our intellectual property

• Insuring against or obtaining professional advice that is required to manage organisational risk

• Protecting their interests where we believe we have a duty to do so

• To comply with the legislation and bring and defend legal actions

• To ensure security and an appropriate environment for the safe supply of services

Information we process because we have a legal obligation

Sometimes, we must process users information in order to comply with a statutory obligation.

For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.

This may include their personal data.

Information we process to protect vital interests

In situations where processing personal information is necessary to protect someone’s life, where consent is unable to be given and where other lawful bases are not appropriate, we may process personal information on the basis of vital interests.

Data Recipient

Nakul warrants that all commercial partners, technicians, suppliers or independent third parties are bound by contractually binding promises to process the information shared with them in accordance with Nakul indications, this Privacy Policy and the applicable data protection legislation. We will not disclose your personal data to any third party who does not act under our instructions, and no communication will involve selling, renting, sharing or in any other way revealing customers’ personal information for commercial purposes in breach of the commitments made in this Privacy Policy.

When completing a delivery, data may be shared with:

•  The Partner who carries out the task of collecting and delivering the product.

• The establishment or venue in charge of selling the product, if the User has requested the purchase of a product. If a User contacts the above-mentioned providers directly and gives them his/her data directly, Nakul will not be responsible for the providers’ use of such data.

• The Support team contracted by Nakul for the purpose of warning the User of any possible incidents or asking why negative feedback has been given for the service. Nakul may use the data provided in order to manage any incidents that may occur during the provision of the services.

• The payment Platform and payment service providers so that the amount can be charged to the User’s account.

• Telecommunications service providers, when they are used to send communications regarding orders or incidents relating to orders.

• Providers rendering satisfaction survey services on Nakul behalf.

• Sharing User data with third partiesIn order to continue providing the services offered through the Platform, Nakul may share certain personal data of Users with

•  Service providers: Nakul third-party service providers that send parcels, complete deliveries and/or resolve incidents with deliveries will have access to Users’ personal information as may be necessary to carry out their functions, but they may not use it for any other purposes. They must process the said personal information as provided in this Privacy Policy and in the applicable data protection legislation. The establishment or venue in charge of selling the product, if the User has requested the purchase of a product. If a User contacts the above-mentioned providers directly and gives them his/her data directly, Nakul will not be responsible for the providers’ use of such data.

• The Support team contracted by Nakul for the purpose of warning the User of any possible incidents or asking why negative feedback has been given for the service. Nakul may use the data provided in order to manage any incidents that may occur during the provision of the services.

• The payment Platform and payment service providers so that the amount can be charged to the User’s account.

• Telecommunications service providers, when they are used to send communications regarding orders or incidents relating to orders.

• Providers rendering satisfaction survey services on Nakul behalf.

Job application and employment

If users send us information in connection with a job application, we may keep it for up to two years in case we decide to contact users at a later date.

If we employ users, we collect information about users and their work from time to time throughout the period of their employment. This information will be used only for purposes directly relevant to their employment. After their employment has ended, we will keep their file for six years before destroying or deleting it. 

Information obtained from third parties

Although we do not disclose their personal data to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from their personal data from third parties whose services we use.

No such information is personally identifiable to users.

Third party advertising on our platform

Third parties may advertise on our platform. In doing so, those parties, their agents or other companies working for them may use technology that automatically collects information about users when their advertisement is displayed on our platform.

They may also use other technology such as cookies or JavaScript to personalise the content of, and to measure the performance of their adverts.

We do not have control over these technologies or the data that these parties obtain. Accordingly, this privacy notice does not cover the information practices of these third parties.

Service providers and business partners

We may share your personal data with businesses that provide services to us, or with business partners.

As examples:

•  We may pass their payment information to our payment service provider to take payments from users

• We may use fraud prevention agencies and credit reference agencies to verify their identity and we may pass their information to those agencies if we strongly suspect fraud on our platform

• We may pass their contact information to advertising agencies to use to promote our services to users

Referral partners

This is information given to us by users in their capacity as an affiliate of us or as a referral partner.

It allows us to recognise visitors that users have referred to us, and to credit to users commission due for such referrals. It also includes information that allows us to transfer commission to users.

The information is not used for any other purpose.

We undertake to preserve the confidentiality of the information and of the terms of our relationship.

We expect any affiliate or partner to agree to reciprocate this policy.

Personal identifiers from your browsing activity

Requests by their web browser to our servers for web pages and other content on our platform are recorded.

We record information such as their geographical location, their Internet service provider and their IP address. We also record information about the software users are using to browse our platform, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our platform and how we perform in providing content to users.

If combined with other information we know about users from previous visits, the data possibly could be used to identify users personally, even if users are not signed in to our platform.

Re-marketing

Re-marketing involves placing a ‘tracking technology’ such as a cookie, a ‘web beacon’ (also known as an ‘action tag’ or a ‘single-pixel GIF’) to track which pages users visit and to serve users relevant adverts for our services when users visit some other platform.

The benefit of re-marketing technology is that we can provide users with more useful and relevant adverts, and not show users ones repeatedly that users may have already seen.

We may use a third-party advertising service to provide us with re-marketing services from time to time. If users have consented to our use of such tracking technologies, users may see advertisements for our products and services on other platforms.

We do not provide their personal data to advertisers or to third-party re-marketing service providers. However, if users are already a member of a platform whose affiliated business provides such services, that affiliated business may learn of their preferences in relation to their use of our platform.

Use of our services by children

We do not sell products or provide services for purchase by children, nor do we market to children.

If users are under 18, users may use our platform only with consent from a parent or guardian.

We collect data about all users and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children.

Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

Whenever information is transferred between us, users can check that it is done so using SSL by looking for a closed padlock symbol or other trust marks in your browser’s URL bar or toolbar.

Delivery of services using third-party communication software

With their consent, we may communicate using software provided by a third party such as Facebook (WhatsApp), Apple (Facetime), Microsoft (Skype) or Zoom Video Communications (Zoom).

Such methods of communication should secure their personal data using encryption and other technologies. The providers of such software should comply with all applicable privacy laws, rules, and regulations, including the The Data Protection Act of 2022.

If users have any concerns about using a particular software for communication, please tell us.

Data may be processing

We may also use outsourced services from time to time in other aspects of our business.

We use the following safeguards with respect to data transfer:

•  The processor is within the same corporate group as our business or organisation and abides by the same binding corporate rules regarding data processing.

• The data protection clauses in our contracts with data processors include transfer clauses written by or approved by a supervisory authority.

Control over their own information

It is important that the personal data we hold about users is accurate and up to date. Please inform us if their personal data changes.

When we receive any request to access, edit or delete personal data we first take reasonable steps to verify their identity before granting users access or otherwise taking any action. This is important to safeguard their information.

Please be aware that we are not obliged by law to provide users with all personal data we hold about users, and that if we do provide users with information, the law allows us to charge for such provision if doing so incurs costs for us. After receiving their request, we will tell users when we expect to provide users with the information, and whether we require any fee for providing it to users.

If users wish us to remove personally identifiable information from our platform, users should contact us to make their request.

This may limit the service we can provide to users.

Communicating with us

When users contact us, whether by telephone, through our platform or by email, we collect the data users have given to us in order to reply with the information users need.

We record their request and our reply in order to increase the efficiency of our organisation.

We may keep personally identifiable information associated with their message, such as their name and email address so as to be able to track our communications with users to provide a high quality service.

Complaining

If users are not happy with our privacy policy, or if users have any complaint, then users should tell us.

When we receive a complaint, we record the information users have given to us on the basis of consent. We use that information to resolve their complaint.

We aim to investigate all complaints relating to user generated content. However, we may not be able to do so as soon as a complaint is made. If we feel that it is justified or if we believe that the law requires us to do so, we shall remove the content while do so.

If we think their complaint is vexatious or without any basis, we shall not correspond with users about it.

If their complaint reasonably requires us to notify some other person, we may decide to give to that other person some of the information contained in their complaint. We do this as infrequently as possible, but it is a matter for our sole discretion whether we do give information, and if we do, what that information is.

We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify users or any other person.

If a dispute is not settled then we hope users will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.