Privacy Policy

Effective date: 30/5/2025

Who we are

Crystal Shea Kenya is committed to protecting your privacy. This Online Privacy Notice (the “Notice”) applies to personal data we collect on crystalshea.co.ke (the “Site”) and in relation to providing natural skin products and other accessories to our customers. The Notice describes the types of personal data we obtain, how we use the personal data, with whom we share it and the choices available to you regarding our use of the information. We also describe measures we take to protect the security of the information, the rights you may have and how you can contact us about our privacy practices.

1. Information we collect

We may collect the following types of personal data:

  • Full name
  • Email address
  • Phone number
  • Billing and shipping address
  • Payment details (processed securely via third-party providers)
  • IP address and browser information (via cookies)

Cookies – We use cookies to enhance your browsing experience. You can manage your cookie preferences through your browser settings or our cookie banner. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Comments – When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media – If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites – Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

 

2. How we use your information

We use your data to:

  • Process and deliver your orders
  • Communicate order updates, promotions and inquiries           
  • Improve our website and services
  • Comply with legal obligations

FOR EEA (European Economic Area) ONLY

We use the personal data for these purposes because we have a legitimate business interest in providing services to our customers and other interested individuals. In accordance with applicable law, we take reasonable measures to ensure that the interests we pursue are balanced with your interests, rights and freedoms, which we are happy to explain upon request. Where required by applicable law, we will obtain your consent to send you marketing communications about products and services launches, offers and promotions, and invite you to events and surveys. Where we have a contract with you, we process your personal data as necessary to perform our contractual relationship with you, provide our products and professional services and manage our customer relationship, including:  i) ii) iii)

  • To manage and administer your relationship with us, including accounting and payment, marketing and support services, and taking other steps linked to the performance of our business relationship
  • To process and fulfill any transaction or order you make with us
  • Offering support and managing contracts, orders and deliveries.

 We may also use the information in other ways for which we provide specific notice at the time of collection. To the extent required by law, such notice will also describe our legal basis.

 

3. Legal basis for processing

We process your data based on:

  • Your consent
  • Contractual necessity (e.g., fulfilling orders)
  • Legal obligations

 

4. Sharing your information

We may share your data with:

  • Payment processors – Pesapal, Card services
  • Delivery partners
  • IT and analytics service providers

In addition, we may disclose personal data about you:

  1. a) if we are required or permitted to do so by law or legal process, for example due to a court order or a request from a law enforcement agency
  2. b) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss
  3. c) in connection with an investigation of suspected or actual fraudulent or other illegal activity
  4. d) in the event we sell or transfer all or a portion of our business or assets, including in the event of a merger, reorganisation, dissolution, or liquidation.

With your consent, we also may share information with third parties whose products and services we think may interest you or in connection with copromotions, sweepstakes or contests in the Site.

FOR EEA ONLY

Many of our service providers are based outside of the EEA, such as in the U.S. We require service providers by contract to process personal data only on our behalf and to implement measures to protect the security and confidentiality of personal data.

 

5. Data Security

We implement appropriate technical and organizational measures to protect your data from unauthorized access, disclosure, destruction, alteration or loss. 

 

6. Your Rights

Under the Kenya Data Protection Act, you have the right to:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent at any time
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC)

Children’s Privacy

Our Site is designed for a general audience and is not directed to children. In connection with the Site, we do not knowingly solicit or collect personal data from children under the age of 16. If we learn that we have collected personal data from a child under age 16 without parental consent, we will either seek parental consent or promptly delete that information. If you believe that a child under age 16 may have provided us with personal data without parental consent, please contact us as specified in the Contact Us section. 

 

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Order processing and delivery
  • Customer service and support
  • Legal and regulatory compliance

To the extent required by applicable law, we keep the personal data you provide for the duration of our relationship, plus a reasonable period to comply with the applicable statute of limitations or if otherwise required under applicable law, unless a shorter retention period is required by applicable law.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Updates To Our Online Privacy Notice

We may update this Online Privacy Notice from time to time and without prior notice to you to reflect changes in our personal data practices. We will indicate at the top of the policy when it was most recently updated

 

Contact Us


If you have any questions or requests regarding your personal data, please contact us at:
📧 info@crystalshea.co.ke
📞 +254 114 797 473

 

 

Trending now

About us @Crystal Shea
A baby is born – Part 1 (How it all started)