Kenaf Privacy Policy

Effective Date

Wednesday, 01st of May, 2024

General Information

In accordance with Irish and EU data protection laws, Kenaf ("we", "us", or "our") recognizes the importance of protecting the privacy and security of our users' personal data. This Privacy Policy applies to all platforms through which our receipt management services can be accessed, as well as any data collected using these platforms.

We are the Data Controller and responsible for ensuring that all Personal Data processing complies with Irish and EU data protection laws. Our contact details are:

Kenaf Ltd
15 Camac Park,
Bluebell, Dublin 12,
Dublin, D12 F958,
Ireland

If you have any questions about this policy or our data protection practices, please contact us using customer.service@kenaf.ie or write to us at the above address. This policy may be amended from time to time, particularly in response to changes in relevant legislation or as we expand our services. We encourage users to check this page regularly to stay informed about our privacy practices.

This Privacy Policy outlines how Kenaf handles personal data collected when using our services. It does not apply to external websites or individuals not involved in the management of our website. In accordance with Irish and EU data protection laws, users have the right to a) information about the processing of your personal data; b) obtain access to the personal data held about you; c) ask for incorrect, inaccurate or incomplete personal data to be corrected; d) request that personal data be erased when it’s no longer needed or if processing it is unlawful e) object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation f) request the restriction of the processing of your personal data in specific cases; g) receive your personal data in a machinereadable format and send it to another controller (‘data portability’) h) request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.

Where the processing of your personal data is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form. If you feel that your request is not satisfactorily resolved by us, you may approach the Irish Data Protection Commissioner (DPC) (www.dataprotection.ie) or your local data protection authority. However, we would appreciate the opportunity to address your concerns before you contact the DPC or any supervisory authority.

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will handle such requests in accordance with all applicable data protection laws.

Collection, processing, and use of Personal Data

We may collect data or ask you to provide certain data when you use our website, iOS and Android mobile application and our receipt management services, including capturing, tracking, storing, and uploading receipts through QR code scans. The sources from which we collect Personal Data are:

• Data collected directly from you or your device and may include:
  • Direct identifiers such as name, address, email address, phone number, date of birth, gender.
  • Transaction data which includes details about payments, receipts or invoices between you and participating retailers; details about payments to and from you and us and other details of products and services you have purchased.
  • Financial information; such as data related to your credit cards, debit cards and payment method (Please Note: we have no access to any Payment Data you may submit to a retailer) that we may collect when you scan your receipt, return, exchange, or request information about a transaction and purchase information from or stored within the Service.
  • Aggregated data such as statistical or demographic data for any purpose including improving our website, app and services. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
• Data collected online or through indirect identifiers such as login account name, login password, payment details, IP address, device ID.
• Data collected through third parties such as:
  • Analytics providers based outside the EU (such as Google).
  • Advertising networks.
  • Search information providers.
  • Our suppliers such as payment providers, delivery services, website support and maintenance providers.

We do not request any special categories of personal data, data from minors, or any information about criminal convictions and offences.

We do not intentionally collect data from or market to children under 18 years of age. By using our Services, you confirm that you are at least 18 years old or that you are the parent or legal guardian of a minor, and you consent to the minor’s use of our Services. If you are the parent or legal guardian of a minor, we encourage you to supervise their use of our Services and ensure compliance with applicable laws and regulations.

If we are required by law, or under the terms of a contract we have with you, to collect your personal data and you fail to provide it, we may not be able to enter into or perform the contract with you and, we may have to cancel your access to our services. We will notify you of this at the relevant time.

In principle your personal data shall only be used for the specific purposes for which it was collected and shall not be utilised for any other purposes without the written consent of the user. In particular, we may use your personal data for the following purposes:

• Providing our services and support or carrying out the services you have requested.
• Sending communications to you, including information and the stages of your transactions with us for example when you request support.
• Facilitating your use of our website and app and communication tools and services.
• Help via online chat and communication tools and services to answer your queries.
• Facilitate communication from our business partners and between our retailers and consumer users.
• Customize, analyze and improve our services (including content and our advertising campaigns), technologies, communications and relationship with you.
• Better understanding of our customers and website users, including their interests and interactions with our website, app and services.
• Content personalization and application of your preferences.
• Enforce our terms of service, website and app terms and separate agreements (where applicable) with you.
• Preventing fraud and other prohibited or illegal activities.
• Protecting the security or integrity of our websites, our businesses, and our services.
• Perform other functions or serve other purposes as communicated to you at the point of collection, or as required or permitted by law.

Our legal basis for collecting and using your personal data as described in this privacy policy will depend on the personal data involved and the specific context in which we collect it. In general, we collect and process your personal data based on one or more of the following:

• Your consent.
• To comply with a contractual obligation.
• To comply with our legal obligations.
• In our legitimate interest.

If you have questions or need more information about the legal basis under which we collect your personal data, please contact us.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us. However, we are legally required to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers, for tax purposes.

Personal Data Security

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us. However, we are legally required to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers, for tax purposes.

Sharing Personal Data with Third Parties

We may share your personal data with our business partners for the purposes described in this privacy policy, including (but not limited to) conducting the services you request, or customising our services to better meet your needs.

We share your personal data only with business partners who agree to protect and use your personal data solely for the purposes specified by us.

We may also disclose your personal data for any purpose with your consent or for law enforcement, fraud prevention or other legal actions as required by law or regulation, or if we reasonably believe that we must protect us, our customers or other business interests.

Except as described above of which you will be informed in advance, we will not disclose your personal data.

International transfers

We may transfer your personal data to other companies as necessary for the purposes described in this privacy policy. In order to provide adequate protection for your personal data when it is transferred, we have contractual arrangements (including standard contractual clauses if personal data is transferred to countries not recognized as having adequate privacy protection (including the US)), regarding such transfers. We take all reasonable technical and organisational measures to protect the personal data we transfer.

Do Not Sell

We do not sell, licence, or otherwise make available to a third-party for independent use or any other party your personal data.

Personal Data Security

The host of Kenaf has implemented various information security measures, such as firewalls, antivirus systems, and other necessary security measures, to protect the website, mobile application, and the personal data of users. Strict measures have been adopted to ensure the protection of such data, and access to personal information is restricted to authorised personnel only. Data processing personnel have signed confidentiality agreements, and any breach of such confidentiality obligations shall be punishable under relevant laws. In cases where it is necessary to engage third parties to provide services for business purposes, Kenaf shall also impose strict confidentiality obligations on such parties and take necessary measures to ensure compliance with such obligations.

Links to External Websites

The web pages of Kenaf may contain links to other websites, and it is also possible to access other websites through links provided on this website. However, the privacy protection policy of this website does not extend to linked websites, and users must refer to the privacy protection policies of such linked websites for information on the handling of personal data.

Cookies

To enhance the user experience, Kenaf may place and access cookies on your computer. If you do not wish to accept the writing of cookies, you can adjust the privacy settings in the browser of your choice. Setting the privacy level to high will prevent the writing of cookies, but may result in certain functions of the website not functioning properly.

Updates to Privacy policy

Amendment of privacy protection policy Kenaf reserves the right to revise its privacy protection policy at any time to meet changing needs and requirements. Any updates to the policy will be published on the website.

Please reach out using the provided contact Information

Your rights As an individual, you have the right to review the personal information that Kenaf has collected about you. This information is available in your profile, and you may request access to or deletion of this information, or request that it be corrected, by contacting us. You may also contact us if you believe that Kenaf is no longer entitled to use your personal data, or if you have any other questions regarding the use of your personal information. Please email or write to us using the contact details provided below. Kenaf will handle all requests in accordance with applicable EU and national data protection laws.

Please reach out using the provided contact Information

Contact us at customer.service@kenaf.ie or call us on 1800-785-2918.