Privacy Policy

1. Who We Are

Data Controller: Pandiz Digital Solutions Ltd

Email: info@pandiz.tech

Phone: +353 899 582 662 (IE) · +254 716 923 530 (KE)

Registered offices: Nairobi, Kenya & Cork, Ireland

When you use our website (pandiz.tech) or contact us about our services, Pandiz Digital Solutions Ltd acts as the data controller responsible for your personal data.

2. What Data We Collect

2.1 Data you provide directly

• Contact enquiries: Name, email address, phone number, WhatsApp number, project description and service requirements when you fill in our contact form or message us directly.
• Project communications: Emails, messages, calls and documents exchanged during the delivery of services.
• Billing information: Name and contact details for invoicing purposes. We do not store card or banking details — payments are processed by third-party providers.

2.2 Data collected automatically

• Usage data: IP address, browser type, device type, pages visited, time on site and referral source, collected via analytics tools (e.g. Google Analytics).
• Cookies: See our Cookie Policy for full details on what cookies we use and why.

3. Legal Basis for Processing

Purpose	Legal Basis
Responding to enquiries	Legitimate interests (pre-contractual communication)
Delivering contracted services	Performance of a contract
Sending invoices / receipts	Legal obligation (tax compliance)
Website analytics	Consent (via cookie banner)
Marketing communications	Consent (explicit opt-in) or legitimate interests (existing clients)

4. How We Use Your Data

• To respond to your enquiry and assess your project requirements.
• To deliver, manage and invoice for our services under contract.
• To communicate project updates, revisions and support.
• To improve our website and understand how visitors use it (analytics).
• To send relevant updates or offers where you have given consent or where we have a legitimate interest as an existing client. You can opt out at any time.
• To comply with legal and regulatory obligations (e.g. tax, accounting).

5. Who We Share Your Data With

We do not sell, rent or trade your personal data. We may share it with:

• Service providers: Hosting providers (Hostinger), analytics platforms (Google Analytics), email services and payment processors — only to the extent necessary to deliver our services.
• Legal authorities: If required by law, court order or regulatory obligation in Ireland or Kenya.
• Business transfers: In the event of a merger, acquisition or sale of assets, data may be transferred subject to equivalent privacy protections.

All third-party processors are bound by data processing agreements and are required to maintain appropriate security standards.

6. International Data Transfers

We operate across Ireland and Kenya. Data may be transferred between these locations. For transfers outside the European Economic Area (EEA), we rely on adequacy decisions, Standard Contractual Clauses (SCCs) or other GDPR-compliant mechanisms. Kenya is not currently recognised by the EU as having adequate data protection, so transfers to Kenya are covered by appropriate safeguards.

7. Data Retention

Data Type	Retention Period
Enquiry / contact data	2 years from last contact, unless a project begins
Client project data	7 years (tax / accounting obligation)
Analytics data	26 months (Google Analytics default)
Marketing data	Until consent is withdrawn or you unsubscribe

8. Your Rights

Under GDPR and the Kenya Data Protection Act, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): Request deletion of your data where there is no lawful reason to retain it.
• Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at info@pandiz.tech. We will respond within 30 days. We may need to verify your identity before processing your request.

9. Cookies

We use cookies for essential functionality, analytics and to improve your experience. You can control non-essential cookies via the consent banner displayed when you first visit our site. For full details, see our Cookie Policy.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These include HTTPS encryption, access controls, and regular security reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal data.

13. Complaints

If you are unhappy with how we handle your personal data, please contact us first at info@pandiz.tech and we will do our best to resolve your concern.

If you remain unsatisfied, you have the right to lodge a complaint with:

• Ireland: Data Protection Commission (DPC) — dataprotection.ie
• Kenya: Office of the Data Protection Commissioner (ODPC) — odpc.go.ke

14. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We will notify you of significant changes via email where we hold your contact details.

15. Contact Us