Privacy Policy

1. Data Collection
We collect:

• Personal Data: Name, email, phone, address (provided via bookings, purchases, or contact forms).

• Health Data: Treatment preferences/medical history (optional, for service safety).

• Technical Data: IP address, browser type, cookies (via Google Analytics).

2. Legal Basis & Use

• Consent: For newsletters, marketing (opt-in required).

• Contract Fulfillment: Processing orders/appointments.

• Legitimate Interest: Site optimization, fraud prevention.

3. Data Sharing

• Third Parties: Payment gateways (e.g., M-Pesa), medical practitioners (for treatments), and couriers (for deliveries).

• Legal Compliance: Disclosed only if required by Kenyan authorities.

4. Data Security & Retention

• Encrypted storage (SSL), access restricted to authorized staff.

• Retained for 3 years post-last interaction or as mandated by Kenyan medical laws.

5. Your Rights
Under Kenya’s Data Protection Act (2019), you may:

• Access, correct, or delete your data.

• Withdraw consent (email: website@zelaasthetics.co.ke).

• Lodge complaints with Kenya’s Office of the Data Protection Commissioner (ODPC).

6. Cookies
We use essential (session) and analytics cookies. Manage preferences via browser settings.