Privacy Policy

Last updated: 25 April 2022


Bee N Bee Kenya Limited (a wholly-owned subsidiary of Bee N Bee UK Ltd,  trading as CryptoSasa), a company registered in Nairobi, Kenya, is the data controller and data processor for personal information collected in connection with provision of CryptoSasa services.

This Privacy Notice (Policy) describes how CryptoSasa collects and processes your personal information through the CryptoSasa websites and applications that reference this Privacy Notice. CryptoSasa refers to an ecosystem comprising CryptoSasa websites (whose domain names include but are not limited to, mobile applications, clients, applets and other applications that are developed to offer CryptoSasa Services, and includes independently-operated platforms, websites and clients within the ecosystem. “CryptoSasa Operators” refer to all parties that run CryptoSasa, including but not limited to legal persons, unincorporated organizations and teams that provide CryptoSasa Services and are responsible for such services. “CryptoSasa” as used in this Policy includes CryptoSasa Operators.

This Privacy Policy applies to all platforms, websites, and departments of CryptoSasa and CryptoSasa Operators. By using CryptoSasa Services, you are consenting to the collection, storage, processing and transfer of your personal information as described in this Privacy Policy.

We reserve the right to change this policy at any given time, of which you will be promptly updated. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.

1. What Personal Information does CryptoSasa collect and process?

The Personal Information we collect and process includes:

  • Email address;
  • Full Name;
  • Phone number;
  • Gender;
  • Date of birth;
  • Address;
  • Nation ID number;
  • electronic/digital signature
  • Photograph and/or video recording;
  • Transactional information;
  • Support logs and transcripts;
  • Survey responses;
  • Device IDs and Internet Protocol (IP) addresses used to access our services;
  • Account login, username and password, or pin and location of devices used to access our services;
  • Version and time zone settings;
  • Transaction history;
  • Service metrics including errors, settings preferences, password resets;
  • Information from other sources: we may receive information about you from other sources such as credit history information from credit bureaus;

Information about your behaviour: we may process information about you on your behaviour and your activity for marketing and advertising purposes. 

2. Why does CryptoSasa process my personal information?

  • Transaction services. We use your personal information to process your orders, and to communicate with you about orders and services;
  • Communicate with you. We use your personal information to communicate with you in relation to CryptoSasa Services;
  • KYC and AML Regulations. We collect and process identity information and Sensitive Personal Data (as detailed in section 1) to comply with our Know Your Customer (“KYC”) obligations under applicable laws and regulations, and Anti-Money Laundering laws and regulations;
  • Provide, troubleshoot, and improve CryptoSasa Services. We use your personal information to provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of CryptoSasa Services.
  • Fraud prevention and credit risks. We process personal information to prevent and detect fraud and abuse in order to protect the security of our users, CryptoSasa Services and others. We may also use scoring methods to assess and manage credit risks.
  • Improve our services. We process personal information to improve our services and for you to have a better user experience;
  • Recommendations and personalisation. We use your personal information to recommend features and services that might be of interest to you, identify your preferences, and personalise your experience with CryptoSasa Services;

3. What is the legal basis for our use of personal information?

  • Our legitimate interest to improve our services;
  • Performance of a contract when we provide you with products or services, or communicate with you about them. This includes when we use your personal information to take and handle orders, and process payments.
  • Your consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose. However certain information may be required in in order to offer services.
  • Performance of a contract when we provide you with products or services, or communicate with you about them. This includes when we use your personal information to take and handle orders, and process payments.
  • Our legitimate interests and the interests of our users when, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others.

4. What About Cookies and Other Identifiers?

We use cookies and similar tools to enhance your user experience, provide our services, and understand how customers use our services so we can make improvements.

The cookie banner on your browser will tell you how to accept or refuse cookies.

In addition to information, you provide to us, we automatically collect certain information about how you access and interact with the CryptoSasa Services (“Usage Information”). This Usage Information is a key part of how we improve your experience on our Website and Mobile Application and provide you with more personalized services. We may use various technologies to collect and store such Usage Information in connection with the CryptoSasa Services. These may include things like cookies, browser web storage (e.g., HTML5), web beacons and similar technologies. There are various types of Usage Information we may collect, including:

  • Device Information. This is information about how you access CryptoSasa Services, such as the operating system, hardware model, application or browser type and version, and unique identifiers associated with your device.
  • Log Information. There are certain pieces of information we automatically collect in system logs or similar files about how you interact with CryptoSasa Services, such as which features you visit or click on. This Log Information may also include things like your IP address, browser or device configuration, date and time of access and cookie information.
  • Location Information. We may use certain information like your IP address or other Device Information or Log Information to estimate your location (e.g., your town, city, county or state). We may also request to use location-enabled services on your device (which typically provide GPS or Wi-Fi access point details) to enhance our services. We will only use these location-enabled services on your device with your consent.

5. Does CryptoSasa Share My Personal Information?

Information about our users is an important part of our business and we are not in the business of selling our users’ personal information to others. CryptoSasa shares users’ personal information only as described below and with the subsidiaries or affiliates of CryptoSasa that are either subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.

Third party service providers: Except as described in this Policy, we will not disclose User Data to third parties without your consent, and in the manner detailed in this Policy. We may disclose information to third parties if you consent to us doing so. We employ other companies and individuals to perform functions on our behalf.  Examples include analysing data, providing marketing assistance, processing payments, transmitting content, and assessing and managing credit risk.  These third-party service providers only have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with our contractual agreements and only as permitted by applicable data protection laws. We may also disclose User Data if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. There may also be other limited contexts in which we share specific types of User Data with your express consent.

Business transfers: As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, user information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the user consents otherwise). Also, in the unlikely event that CryptoSasa or substantially all of its assets are acquired, user information will be one of the transferred assets.

Protection of CryptoSasa and others: We release account and other personal information when we believe release is appropriate to comply with the law or with our regulatory obligations; enforce or apply our Terms of Use and other agreements; or protect the rights, property or safety of CryptoSasa, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

6. International transfers of personal data

CryptoSasa may transfer your data outside of the Kenyan jurisdiction as per the provisions of the Kenya Data Protection Act or any other applicable laws. CryptoSasa puts in place suitable technical, organizational and contractual safeguards (including Standard Contractual Clauses), to ensure that such transfer is carried out in compliance with applicable data protection rules, except where the country to which the data is transferred has already been determined by the European Commission to provide an adequate level of protection.

7. How Secure is My Information?

CryptoSasa is committed to securing your data and keeping it confidential. We design our systems with your security and privacy in mind.  We work to protect the security of your personal information during transmission by using encryption protocols and software.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal information. Our security procedures mean that we may ask you to verify your identity to protect you against unauthorised access to your account password. We recommend using a unique password for your CryptoSasa account that is not utilized for other online accounts and to sign off when you finish using a shared computer.

8. What About Advertising?

We may use cookies and automatically collected information to: (i) personalize the CryptoSasa Service, such as remembering information about you so that you will not have to re-enter it during your visit or the next time you visit the Website or use the Mobile Application; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of the CryptoSasa Service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total number of Users, features used, and pages viewed; and (v) track your interactions, submissions, status or other activities on the Platform.

In order for us to provide you the best user experience, we may share your personal information with our marketing partners for the purposes of targeting, modelling, and/or analytics as well as marketing and advertising. You may opt-out of sharing personal information with our marketing partners, unless we have a legitimate interest to do so.

9. What Information Can I Access?

You can access your information, including your name, address, payment options, profile information, and transaction history in the “Your Account” section of the website.

10. What Rights Do I Have?

If you have any questions or objection as to how we collect and process your personal information, please contact [email protected].

When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time.

In addition, subject to applicable law, you have the right to request access to, correct, and delete your personal data, and to ask for data portability. You may also object to our processing of your personal data or ask that we restrict the processing of your personal data in certain instances, by contacting [email protected].

  1. Right to access: you have the right to obtain confirmation that your Data are processed and to obtain a copy of it as well as certain information related to its processing;
  2. Right to rectify: you can request the rectification of your Data which are inaccurate, and also add to it. You can also change your personal information in your Account at any time
  3. Right to delete: you can, in some cases, have your Data deleted;
  4. Right to object: you can object, for reasons relating to your particular situation, to the processing of your Data. For instance, you have the right to object to commercial prospection;
  5. Right to limit the processing: in certain circumstances, you have the right to limit the processing of your Data;
  6. Right to portability: in some cases, you can ask to receive your Data which you have provided to us in a structured, commonly used and machine-readable format, or, when this is possible, that we communicate your Data on your behalf directly to another data controller;
  7. Right to withdraw your consent: for processing requiring your consent, you have the right to withdraw your consent at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter;
  8. Right to define the instructions relating to the use of your personal data post mortem: you have the right to define instructions relating to the retention, deletion and communication of your Data after your death;
  9. Right to lodge complaint to the relevant data protection authority.
  10. How Long Does CryptoSasa Keep My Personal Information?

We keep your personal information to enable your continued use of CryptoSasa Services, for as long as it is required in order to fulfil the relevant purposes described in this Privacy Notice, and as may be required by law such as for tax and accounting purposes, compliance with Anti-Money Laundering laws, or as otherwise communicated to you. We will not retain information you provide for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force.

11. Contact Information

Our data protection officer can be contacted at [email protected], and will work to address any questions or issues that you have with respect to the collection and processing of your personal information.

12. Conditions of Use, Notices and Revisions

If you choose to use CryptoSasa Services, your use and any dispute over privacy is subject to this Notice and our Terms of Use. If you have any concerns about privacy at CryptoSasa, please contact us with a thorough description, and we will try to resolve it. You also have the right to contact your local Data Protection Authority.

Our business changes constantly, and our Privacy Notice will change also. We may amend or update our Policy. Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. We may provide you notice of material amendments to this Policy, as appropriate, and update the “Last Modified” date at the top of this Policy. Your continued use of the CryptoSasa Services confirms your acceptance of our Policy, as amended. If you do not agree with the revised content, you shall stop accessing CryptoSasa immediately. When an updated version of the Privacy Policy is released, your continued access to CryptoSasa means that you agree to the updated content and agree to abide by the updated Privacy Notice. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account.