City Search is committed to the protection of privacy and personal data. This Privacy Policy is formulated in accordance with the Data Protection Act, No. 24 of 2019 of the Laws of Kenya. It serves as a formal disclosure of our data processing activities, the purposes for which we collect data, and the legal safeguards implemented to protect Data Subjects. By accessing the City Search or Merchant Terminal, you hereby grant express consent to the processing of your personal information as outlined herein.
The Company collects and processes several categories of data to provide its services. This includes: (a) Personal Identifiers: MSISDN (mobile phone numbers) and email addresses provided during registration; (b) Business Data: Business names, physical locations, and operational descriptions; (c) Transactional Data: M-Pesa transaction codes and payment history for subscription verification; (d) Technical Data: Internet Protocol (IP) addresses and session logs recorded through automated cookies.
Pursuant to Section 28 of the Data Protection Act, the Company processes data under the following lawful bases: (i) Contractual Necessity: To facilitate the creation and maintenance of your digital business listing; (ii) Legitimate Interest: To improve our search algorithms and ensure platform security against fraudulent registrations.
As illustrated in established industry standards, your data may be processed on secure cloud servers located outside the Republic of Kenya. The Company ensures that such transfers are conducted under the 'Standard Contractual Clauses' approved by the Office of the Data Protection Commissioner (ODPC), ensuring a level of protection equivalent to Kenyan law.
Personal data shall be stored only for as long as is reasonably necessary for achieving the purposes set forth in this Policy. Merchant account data is retained for the duration of the active subscription and for a further period of seven (7) years following account deactivation to comply with statutory financial record-keeping obligations in Kenya.
The Company has implemented robust technical and organizational measures to prevent unauthorized access, accidental loss, or destruction of personal data. This includes the use of SSL encryption, 'HttpOnly' authentication cookies, and restricted database access protocols for authorized personnel only.
Under Section 26 of the Data Protection Act, you have the right to access, rectify, or request erasure of your data.
Contact Compliance Officer