Privacy
Policy

1. Introduction

This Privacy Policy explains how Tinker Digital Limited (Kenya) and Tinker Digital LLC (USA), collectively referred to as "Tinker Digital," "we," "us," or "our," collects, uses, discloses, and safeguards your personal information when you visit our website, use our services, or otherwise interact with us.

We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Kenya Data Protection Act, 2019.

2. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• "Data Subject" means the individual to whom the Personal Data relates.
• "Controller" means the entity that determines the purposes and means of Processing Personal Data.
• "Processor" means an entity that Processes Personal Data on behalf of a Controller.
• "Services" means all products, services, and solutions offered by Tinker Digital.
• "Website" means our website located at tinker.co.ke and withtinkerdigital.com and any subdomains.

3. Information We Collect

3.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, company name, job title, and mailing address.
• Communication Data: Messages, inquiries, and correspondence you send to us through contact forms, email, or other channels.
• Account Information: If you create an account, we collect your login credentials and profile information.
• Project Information: Details about your project requirements, briefs, and specifications when engaging our services.
• Employment Applications: Resume, cover letter, portfolio, and other materials submitted for job applications.

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information, including:

• Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers.
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths.
• Location Data: General geographic location based on IP address.
• Analytics Data: Aggregated statistics about website usage and performance.

3.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. These include:

• Essential Cookies: Necessary for the Website to function properly.
• Analytics Cookies: Help us understand how visitors interact with our Website.
• Functional Cookies: Remember your preferences and settings.
• Marketing Cookies: Used to deliver relevant advertisements (if applicable).

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Website.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

• To provide, maintain, and improve our Services
• To process and fulfill your requests and orders
• To communicate with you about projects, updates, and support
• To create and manage your account

Communication

• To respond to your inquiries and provide customer support
• To send administrative notices and updates
• To send marketing communications (with your consent)
• To notify you about changes to our policies or Services

Analytics and Improvement

• To analyze Website usage and trends
• To improve our Website, Services, and user experience
• To conduct research and development
• To measure the effectiveness of our marketing efforts

Legal and Security

• To comply with legal obligations and regulatory requirements
• To protect our rights, property, and safety
• To detect, prevent, and address fraud, security breaches, or illegal activities
• To enforce our Terms and Conditions

5. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) and United Kingdom, we process your Personal Data based on the following legal grounds:

• Consent: You have given clear consent for us to process your Personal Data for specific purposes.
• Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.

6. Data Sharing and Third Parties

We may share your Personal Data with the following categories of recipients:

6.1 Service Providers

We engage trusted third-party service providers who assist us in operating our business, including:

• Cloud hosting and infrastructure providers
• Analytics and marketing platforms
• Payment processors
• Email service providers
• Customer relationship management (CRM) systems

These providers are contractually obligated to protect your data and may only process it according to our instructions.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or when we believe disclosure is necessary to:

• Comply with applicable laws or legal processes
• Protect the rights, property, or safety of Tinker Digital, our users, or others
• Detect, prevent, or address fraud, security, or technical issues

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your Personal Data may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. International Data Transfers

Tinker Digital operates in Kenya and the United States. Your Personal Data may be transferred to and processed in countries other than your country of residence, which may have different data protection laws.

When we transfer Personal Data from the EEA, UK, or other regions with data protection laws, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable
• Data processing agreements with appropriate security measures

8. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Retention periods depend on:

• The nature of the data and the purposes for which it is processed
• Legal or regulatory requirements
• Potential disputes or claims
• Our legitimate business interests

When Personal Data is no longer needed, we will securely delete or anonymize it in accordance with applicable laws and our data retention policies.

9. Your Rights

9.1 Rights Under GDPR (EEA/UK Residents)

If you are located in the EEA or UK, you have the following rights:

• Right of Access: Request a copy of the Personal Data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your Personal Data in certain circumstances.
• Right to Restriction: Request restriction of processing of your Personal Data.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with a supervisory authority.

9.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected.
• Right to Delete: Request deletion of your Personal Data, subject to certain exceptions.
• Right to Opt-Out: Opt out of the sale of your Personal Data (we do not sell Personal Data).
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights.

To exercise your CCPA rights, you may submit a verifiable consumer request by contacting us at the details provided below.

9.3 Rights Under Kenya Data Protection Act, 2019

If you are a Kenyan resident, you have the following rights:

• Right to be Informed: Be informed of the use to which your Personal Data is to be put.
• Right of Access: Access your Personal Data in custody of a data controller.
• Right to Correction: Object to the processing of your data and have it corrected or deleted.
• Right to Deletion: Request deletion of false or misleading data.
• Right to Data Portability: Receive your data in a commonly used format.
• Right to Complain: Lodge a complaint with the Office of the Data Protection Commissioner.

10. Security Measures

We implement appropriate technical and organizational security measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection and security
• Incident response and breach notification procedures
• Secure data storage and backup systems

While we strive to protect your Personal Data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our Website and Services are not directed to children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect Personal Data from children. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately, and we will take steps to delete such information.

12. Third-Party Links

Our Website may contain links to third-party websites, plugins, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any Personal Data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

• Posting the updated policy on our Website with a new effective date
• Sending you an email notification (if we have your email address)
• Displaying a prominent notice on our Website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Tinker Digital Limited (Kenya)

663 Olenguruone Road, Nairobi, Kenya
Phone: +254 737 113711
Email: [email protected]

Tinker Digital LLC (USA)

30 N Gould St Ste N, Sheridan, WY 82801, USA
Phone: (307) 225-7864
Email: [email protected]

Data Protection Inquiries

For specific data protection inquiries or to exercise your rights, please email:[email protected]