Privacy Policy

Last Updated: December 19, 2025

1. Introduction

Welcome to MMM Cosmetics. This Privacy Policy explains how we collect, use, store, and protect your personal information when you shop for premium lip glosses on our e-commerce platform. By using our website and services, you consent to the data practices described in this policy.

MMM Cosmetics is committed to protecting your privacy and complying with applicable data protection laws, including the Kenya Data Protection Act (2019).

Business Name: MMM Cosmetics (Partnership)
Location: Nairobi, Kenya
Data Protection Contact: [email protected]

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when placing an order on our platform:

  • Contact Information: Email address for order confirmation and communication
  • Shipping Information: Full name, phone number, delivery address, and any special delivery instructions
  • Order Information: Products purchased, quantities, and order preferences

2.2 Information We Collect Automatically

  • Shopping Cart Data: Products added to your cart (stored locally in a functional cookie)
  • Usage Analytics: How you interact with our website, pages visited, and browsing patterns (collected via PostHog analytics)
  • Device Information: Browser type, IP address, and device identifiers

2.3 Payment Information

We use Paystack as our payment processor. We do not store or have access to your credit card, debit card, or mobile money payment details. All payment information is securely handled by Paystack and subject to their privacy policy and security standards.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Order Processing: To process and fulfill your lip gloss orders, including packaging and shipping
  • Order Communication: To send order confirmations, shipping updates, and delivery notifications via email
  • Customer Support: To respond to your inquiries, questions, and concerns about products or orders
  • Service Improvement: To analyze shopping patterns and improve our website, product offerings, and customer experience
  • Fraud Prevention: To detect and prevent fraudulent transactions and protect our business
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations in Kenya

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored on secure cloud infrastructure provided by Netcup in Nuremberg, Germany (European Union). We maintain encrypted backups in secure cloud storage to ensure data durability and disaster recovery.

4.2 Data Retention

We retain your order and personal information for 4 years from the date of your last order, which is the legal maximum retention period under Kenyan law. This allows us to:

  • Handle returns, exchanges, or warranty claims
  • Resolve disputes or legal claims
  • Comply with tax and accounting requirements
  • Maintain business records as required by law

After 4 years, your data will be securely deleted from our systems. If you wish to have your data deleted sooner, you may request deletion by contacting us at [email protected], subject to legal retention requirements.

4.3 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure server infrastructure with access controls
  • Regular security monitoring and updates
  • Payment security handled by PCI-DSS compliant Paystack

In the event of a data breach that affects your personal information, we will notify you as soon as possible and take immediate action to mitigate any harm.

5. Data Sharing and Third-Party Services

5.1 Payment Processing

We use Paystack as our payment processor to handle all payment transactions securely. When you make a purchase, your payment information is transmitted directly to Paystack and is subject to their privacy policy and security standards. We only receive confirmation of successful payments and transaction references.

Paystack is PCI-DSS compliant and implements advanced security measures to protect your payment information.

5.2 Shipping Partners

We share your shipping information (name, phone number, and delivery address) with our trusted delivery partners to fulfill your orders. These partners are contractually obligated to use your information only for delivery purposes.

5.3 Analytics

We use PostHog for website analytics to understand how customers interact with our e-commerce platform and improve user experience. PostHog collects anonymized usage data and browsing patterns.

5.4 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is only shared with service providers necessary to fulfill your orders and operate our business.

6. Your Data Rights

Under the Kenya Data Protection Act (2019), you have the following rights regarding your personal information:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data, subject to legal retention requirements
  • Right to Data Portability: Receive your order and personal data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for specific purposes
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 21 days as required by Kenyan law.

Please note that some data retention may be required by law (such as for tax and accounting purposes), and we may not be able to delete all data immediately.

7. Cookies and Tracking

We use minimal cookies on our website to provide essential functionality:

  • Shopping Cart Cookie: A functional cookie that stores your cart items locally in your browser, allowing you to add products and complete your purchase. This cookie is essential for our e-commerce functionality.

We also use PostHog analytics, which may use cookies to track website usage and improve user experience. This data is anonymized and helps us understand how customers navigate our website.

You can control cookies through your browser settings. However, disabling the shopping cart cookie will prevent you from adding items to your cart and making purchases.

8. International Data Transfers

MMM Cosmetics operates in Kenya and serves customers within Kenya. However, your data is stored on secure servers located in the European Union (Nuremberg, Germany) through our hosting provider Netcup. By using our website and services, you consent to the transfer and storage of your data in the EU.

Our payment processor, Paystack, may process payment data in various jurisdictions as part of their secure payment infrastructure. We ensure that all third-party service providers maintain appropriate data protection and security measures.

9. Children's Privacy

Our services are intended for adults aged 18 and above. We do not knowingly collect personal information from individuals under the age of 18. If you are under 18, please do not place orders or provide personal information on our website.

If you believe a minor has provided us with personal information, please contact us at [email protected] and we will take appropriate steps to remove such information from our systems.

10. Email Communications

We will send you transactional emails related to your orders, including:

  • Order confirmation
  • Shipping and delivery updates
  • Order status changes
  • Responses to customer support inquiries

These transactional emails are essential for order fulfillment and cannot be opted out of while you are an active customer.

We do not currently send marketing or promotional emails. If we introduce marketing communications in the future, you will be able to opt in or opt out at any time.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or service offerings. When we make significant changes, we will notify you by posting the updated policy on our website with a new "Last Updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of MMM Cosmetics after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Business Name: MMM Cosmetics
Location: Nairobi, Kenya

We will respond to your inquiries within 21 days as required by the Kenya Data Protection Act.

13. Complaints and Regulatory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya.

Office of the Data Protection Commissioner (ODPC)
Website: www.odpc.go.ke

However, we encourage you to contact us first at [email protected] so we can address your concerns directly.

Country/region:
SiteProducts
SocialInstagramTikTok
LegalPrivacyRefunds & ReturnsShippingContact
© MMM Cosmetics 2025
MpesaVisaMastercard