Rowland Africa, Privacy Policy

This Privacy Policy explains how Rowland Africa collects, uses, stores, shares and protects personal information when you interact with our business whether you are a customer, supplier, trainee, website visitor or job applicant. We aim to be clear and practical: this document describes the kinds of personal data we process, why we process it, who we share it with, how long we keep it, and the rights you have over your information.

1. Scope & acceptance

By using our services, visiting our website, registering as a supplier, enrolling in our training or otherwise providing us with personal information, you accept the terms of this Privacy Policy. If you do not agree with this policy, please do not provide personal data to Rowland Africa and contact us using the details above.

This policy applies to personal data processed by Rowland Africa in Kenya in connection with:

Provision of cleaning, pest control, mosquito net installation, sanitary-bin services and related products;
Supplier and procurement processes;
Training and certification programs;
Recruitment and human resources;
Website use, online forms and customer support interactions.

2. Personal data we collect

We collect only the personal data necessary to deliver services, manage relationships and meet legal and safety obligations. Typical categories include:

A. Identity & contact information

Full name, title, company name (if applicable)
Postal address, service address (job/site address), city, county
Email address and phone number (mobile and landline)
Emergency contact details (where required for on-site safety)

B. Transaction & service information

Booking details and service history (dates, scope, site notes)
Invoices, payment records and billing details (amounts, payment method, receipts)
Product orders (types, quantities, delivery addresses)

C. Technical & usage data

IP address, device identifiers, browser and operating system, pages visited and time on page (collected via website logs and cookies)
Analytics and performance data (to improve the website and services)

D. Employment & training data

CVs, application details, employment history, certificates and qualifications
Training attendance, course results, exam scores and issued certifications
Next-of-kin and bank details for payroll (where Rowland Africa employs you)

E. Health & safety data (limited)

Site health and safety information relevant to service delivery (allergies, medical conditions affecting safe work, vaccination status where required for health or regulatory reasons)
Incident reports (injuries, accidents) kept for legal and safety compliance

F. Supplier & partner information

Company registration and tax details, bank account details for payments, product specs, compliance certificates

G. Communications & support records

Call, chat and email transcripts and notes when you contact our customer support, make complaints or request service

H. Sensitive personal data

We do not intentionally collect sensitive personal data (racial or ethnic origin, religious beliefs, political opinions, health data beyond what is necessary for safety on site, sexual orientation, criminal records) except where:

you voluntarily provide it and give explicit consent; or
limited health/safety information is required to deliver safe on-site services (e.g., a severe allergy that could endanger a technician).
Where we process sensitive information we will always rely on lawful grounds and seek explicit consent where required.

3. How we collect personal data

We obtain personal data in several ways:

Directly from you when you contact, book or register with us (phone, WhatsApp, email, web forms).
From your organisation or representative (for corporate bookings, supplier registration).
From public sources or business directories (company contact details).
From third-party service providers (payment processors, background-check providers, analytics services).
From site inspections and our field staff during service delivery (notes, photographs of damage for quotes).
Automatically from your use of our website (cookies, server logs, analytics).

4. Purposes of processing and legal bases

We process personal data for the following purposes and legal justifications:

A. To provide and manage our services

Bookings, scheduling, delivery, installations, follow-up visits and warranties.
Legal basis: performance of a contract with you (or with your employer/organisation).

B. Payments, billing and accounting

Invoicing, processing payments, refunds and tax compliance.
Legal basis: performance of a contract and legal obligations.

C. Customer support and communications

Responding to queries, complaints, appointment reminders and service updates.
Legal basis: legitimate interests (effective service delivery) and contractual performance.

D. Health & safety and incident management

Ensuring the safety of staff and customers on site, reporting incidents if they occur.
Legal basis: compliance with legal obligations and legitimate interests in safety.

E. Recruitment and HR

Hiring decisions, payroll and compliance with labour laws.
Legal basis: performance of an employment contract and legal compliance.

F. Training & certification

Administering courses, exams, issuing certificates, maintaining training records.
Legal basis: performance of contract and legitimate interests.

G. Supplier management & procurement

Vetting suppliers, placing orders, managing deliveries and payments.
Legal basis: performance of contract and legitimate interests.

H. Marketing & promotions (optional)

Sending newsletters, offers, service updates and satisfaction surveys where you have consented or where we have a legitimate interest and you have not objected.
Legal basis: consent (for direct marketing where required) or legitimate interests.

I. Website operation & analytics

Improving our website, preventing fraud and ensuring security.
Legal basis: legitimate interests.

J. Legal compliance & dispute resolution

Complying with legal, regulatory or tax obligations, defending legal claims.
Legal basis: legal obligations and legitimate interests.

5. Cookies and similar technologies

Our website uses cookies, server logs and analytics tools to deliver and improve online services. Cookies help with session management, usability, analytics and security.

You can control cookies through your browser settings and may opt-out of tracking/analytics through available mechanisms (e.g., browser privacy settings or the cookie controls on our site). Disabling certain cookies may affect your user experience.

6. Third-party sharing and transfers

We may share personal data with third parties only when necessary and under contractually binding confidentiality and data protection terms. Typical recipients include:

Service providers & processors: payment processors, analytics providers, cloud hosting, email and messaging services, payroll and accounting platforms.
Suppliers and subcontractors: suppliers of products you ordered, partner installers, waste disposal contractors (for sanitary bins).
Professional advisors: lawyers, auditors and insurers when necessary.
Regulators and law enforcement: when required by law (court order, regulatory request or to prevent imminent harm).
Buyers: in the event Rowland Africa is sold, merged or restructured, personal data may be transferred as part of that transaction (subject to protective measures).

Cross-border transfers: Some third-party services may be located outside Kenya. Where personal data is transferred abroad, we will take reasonable steps to ensure it is protected (standard contractual terms, equivalent safeguards or other appropriate measures). If you would like details of the safeguards used for specific transfers, contact us.

7. Data retention

We keep personal data only for as long as necessary for the purpose it was collected and to comply with legal, tax and operational requirements. Typical retention periods:

Service and booking records: retained for at least 5 years for warranty, accounting and tax purposes.
Invoices & payment records: retained for tax and audit compliance – normally 7 years where local tax law requires.
Recruitment records: unsuccessful applicant data is kept for up to 1 year, unless retention is required for legal claims; successful applicant records kept for the duration of employment plus legally required retention.
Training records & certificates: retained for at least 10 years to support professional qualifications and audits.
Supplier records & contracts: retained for the duration of the supplier relationship plus 7 years for tax and audit requirements.
Website logs & analytics: aggregated analytics retained as needed to improve services; raw logs typically retained for a shorter window (e.g., 6–24 months).

If you request deletion where legal obligations require retention (e.g., tax records), we will explain what data cannot be deleted and why.

8. Security measures

We implement appropriate technical and organisational measures to protect personal data against unauthorized access, loss, alteration or disclosure. Measures include:

Access controls and role-based permissions for staff.
Encrypted storage and secure backups for sensitive information.
Network security (firewalls, intrusion detection) and secure protocols (HTTPS).
Regular staff training on data protection and confidentiality.
Physical security for offices and storage of paper records.
Data minimisation and internal audit procedures.

While we strive to safeguard personal data, no system is absolutely secure. If a data breach affecting your personal data occurs that presents a real risk to your rights, we will notify you and the relevant supervisory authority as required by law.

9. Your rights

You have rights regarding your personal data. Where applicable and subject to verification, you may:

Access: request a copy of personal data we hold about you.
Rectification: ask us to correct inaccurate or incomplete data.
Erasure ("right to be forgotten"): request deletion where data is no longer needed or processing is unlawful. (Legal/tax obligations may prevent complete erasure.)
Restriction: ask us to restrict processing while a dispute is resolved.
Portability: request a machine-readable copy of data you provided to us.
Object: object to processing based on legitimate interests (including profiling for direct marketing).
Withdraw consent: where processing is based on consent, you can withdraw it (this does not affect processing prior to withdrawal).
Complain: lodge a complaint with a supervisory authority (e.g., Kenya’s Office of the Data Protection Commissioner) if you believe your rights are violated.

To exercise any right, contact us at support@rowlandafrica.co.ke or +254 717 819204. We will reply within a reasonable period and in accordance with applicable law (normally within one month).

10. Marketing & communications

We may send service-related messages, appointment reminders and operational communications without further consent. For promotional marketing (newsletters, offers) we will only send messages where:

You have opted-in (consented); or
We have a legitimate interest and we have provided a clear opt-out method.

Every marketing email or message includes simple unsubscribe instructions. You may also withdraw marketing consent at any time by contacting support.

11. Children’s privacy

We do not knowingly collect personal data from children for commercial services. If you are under 18, please obtain consent from a parent or guardian before providing personal information. If we become aware that data about a child has been collected without appropriate consent we will take steps to delete it.

12. CCTV, photographs and on-site imagery

On-site service visits may involve photographs or videos (e.g., before/after images, damage documentation). We will:

Use images only to provide services, quotations, evidence of work and for training/quality control.
Seek consent before using identifiable images for marketing.
Store images securely and delete them in line with retention rules, unless legal reasons require longer retention.

If you do not want any on-site photography, please notify the technician or contact support prior to the visit.

13. Background checks

Where legally permitted and necessary (e.g., for safety or regulatory compliance), we may carry out background or reference checks on employees, contractors or suppliers. We will obtain consent where required and handle results confidentially.

14. Supplier & partner data

When you register as a supplier or partner, we collect company and representative contact details necessary to evaluate, onboard and transact. Supplier information is shared internally on a need-to-know basis and with payment processors, logistics partners and auditors under contractual confidentiality terms.

15. Automated decision-making & profiling

We do not normally use automated decision-making that produces legal or similarly significant effects (for example automatic denial of service). We may use automated tools (scheduling algorithms, basic profiling for marketing segmentation or service routing) to improve efficiency. If a decision is solely automated and has significant effects, we will provide meaningful information, and where required by law allow review or human intervention.

16. Changes to this policy

We may update this Privacy Policy to reflect changes in law, our services or business practices. Material changes will be posted on our website with a clear “Last updated” date and, where appropriate, we will notify affected customers by email or other contact methods. Continued use of our services after the changes indicates acceptance of the revised policy.

17. International transfers

Some processors we use operate servers outside Kenya. Where personal data is transferred internationally, we will put in place appropriate safeguards (e.g., contractual clauses, equivalent protections) to protect your data in transit and at rest. Contact us if you would like details of the countries and safeguards used for a specific transfer.

18. Data protection officer / contact point

Rowland Africa is responsible for data processed by our business. For privacy enquiries, data requests, complaints or to exercise your rights, please contact:

Privacy & Data Requests, Rowland Africa

Phone / WhatsApp: +254 717 819204

Email: support@rowlandafrica.co.ke

If you are not satisfied with our handling of a data matter, you may escalate to the relevant supervisory authority, for example, Kenya’s Office of the Data Protection Commissioner, or other legal channels available to you.

19. How to make a privacy request

To help us respond quickly and confirm your identity, please provide:

Your full name and contact details;
Clear description of the information or request (e.g., “Please provide my booking history for 2024” or “Please delete my personal data”);
Any supporting documents to verify identity (we will only ask for minimal proof and keep it secure).

We will acknowledge receipt and aim to respond within legal timeframes. If we need extra time or require clarification, we will explain why.

20. Additional notes and assurance

Rowland Africa is committed to good data stewardship. We train staff on confidentiality, limit access to personal data to those who need it, and monitor compliance. We aim to be transparent: if you have any questions, concerns or requests about your personal data, please contact support@rowlandafrica.co.ke or +254 717 819204.

Privacy Policy, Rowland Africa