Legal
Privacy Policy
Last updated · 1 July 2026
Lifely Kenya Ltd (“Lifely”, “we”, “us”) respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what information we collect through lifely.co.ke and our WhatsApp storefront, how we use it, and the rights you have under the Data Protection Act, 2019 of Kenya (the “DPA”) and, where applicable, the EU / UK GDPR.
By using our services, you consent to the practices described here. If you do not agree, please stop using the site and contact us at privacy@lifely.co.ke.
Who we are
Lifely Kenya Ltd is a private company operating a retail wellness storefront in Nairobi, Kenya. We are the data controller of the personal data described in this policy. Our postal address is Nairobi, Kenya and our data protection contact is privacy@lifely.co.ke.
Information we collect
We only collect the minimum data needed to fulfil your order and improve the service:
- Identity & contact: full name, email, Kenyan phone number, delivery address, county and town.
- Order data: products purchased, quantity, price, payment method, delivery method, order notes.
- Account data: a locally-stored profile with your preferences, wishlist and order history.
- Technical data: device type, browser, IP address, pages viewed, referring URL, timestamps.
- Communications: messages you send us via WhatsApp, email, contact form or social channels.
We do not knowingly collect data from children under 18. We do not collect national ID numbers, biometric data or health records.
How we use your data
- To process, dispatch and deliver your order and provide after-sales support.
- To operate your account, order history and wishlist across sessions.
- To respond to enquiries and confirm orders (email, SMS, WhatsApp).
- To send transactional messages (order confirmations, dispatch, delivery).
- To send marketing communications, only where you have opted in — with a clear unsubscribe in every message.
- To detect fraud, prevent abuse and secure the site.
- To comply with our legal obligations under Kenyan tax, consumer-protection and data-protection law.
Legal basis for processing
- Contract: to fulfil the sale of goods you order.
- Consent: for optional marketing and non-essential cookies.
- Legal obligation: to meet tax, accounting and regulatory duties.
- Legitimate interests: to secure the site, prevent fraud and improve the customer experience, balanced against your rights.
Sharing your data
We never sell your data. We only share it with vetted service providers who help us run the business:
- Payment processors (M-Pesa, card acquirers) for the specific transaction.
- Courier partners (G4S, Sendy, Pickup Mtaani) to deliver your order.
- Email, SMS and WhatsApp Business providers to send transactional messages.
- Cloud hosting, analytics and error-monitoring providers under strict processor agreements.
- Regulators, courts or law-enforcement where legally required.
Where a provider is located outside Kenya, we transfer data only under safeguards permitted by the DPA (adequacy, contractual clauses or your explicit consent).
How long we keep your data
- Order and tax records: 7 years, as required by the Kenya Revenue Authority.
- Account data: for as long as your account is active, plus 12 months.
- Marketing consent: until you unsubscribe.
- Support tickets and WhatsApp conversations: 24 months.
- Anonymised analytics: retained indefinitely as it no longer identifies you.
Your rights under the Data Protection Act
You have the right to:
- Be informed of how your data is used.
- Access a copy of the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion (“right to be forgotten”), subject to legal retention.
- Object to or restrict processing, including for direct marketing.
- Withdraw consent at any time.
- Data portability where technically feasible.
- Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.
To exercise any right, email privacy@lifely.co.ke. We will respond within 7 working days.
Security
We apply industry-standard technical and organisational measures — encryption in transit, hashed passwords, access controls, least-privilege infrastructure and routine security review — to protect your data. No system is perfectly secure; if we discover a breach that materially affects you, we will notify you and the ODPC within 72 hours as required by law.
Cookies & similar technologies
We use a small number of essential cookies to run the site (session, cart, security) and, only with your consent, analytics cookies to understand aggregate usage. See our Cookies Policy for the full list and how to manage them.
Changes to this policy
We may update this policy from time to time. Material changes will be notified on the site and, where appropriate, by email. The “Last updated” date above always reflects the most recent version.
Contact
Data protection queries: privacy@lifely.co.ke
WhatsApp: +254 748 173 823
Postal: Lifely Kenya Ltd, Nairobi, Kenya.
