Effective Date: [Insert Date]
Company Name: Rissatickets
Business Location: Kenya
We act as a Data Controller under the DPA, meaning we determine the purpose and means of processing personal data collected through our Platform. We are registered with the Office of the Data Protection Commissioner (ODPC), the Kenyan government authority responsible for enforcing data protection laws.
We may collect the following categories of personal data:
Full name
Email address
Mobile phone number
Postal address (if applicable)
Payment method details (e.g., card number, M-Pesa number)
Billing address
Transaction records
Note: We do not store your full payment credentials. Payments are securely processed via third-party payment gateways.
Username and password
Event purchase history and preferences
IP address
Device identifiers
Browser type and version
Access times and location (via IP)
Platform usage, clickstream activity, and interaction data
QR code generation and scanning for event access
We may collect various types of information from or about you depending on how you interact with our services:
We collect your data in the following ways:
Directly from you: When you register, purchase tickets, contact support, or subscribe to updates.
Automatically: Through cookies, log files, and other tracking technologies.
From third parties: Including payment gateways and analytics services.
Your personal data is used for the following lawful purposes:
Account Management: Creating and managing your account on the platform.
Ticket Processing: Enabling ticket purchases and generating QR codes for access.
Payment Handling: Facilitating secure transactions through authorized payment providers.
Customer Support: Responding to your requests, questions, or complaints.
Platform Improvement: Understanding user behavior to enhance user experience.
Legal Compliance: Meeting regulatory and law enforcement obligations.
Marketing: Sending promotional messages (only with your consent).
Under the Kenya Data Protection Act, we process your personal data based on the following lawful grounds:
Consent: For marketing communications and optional services where consent is required.
Performance of a Contract: For ticket sales, event access, and fulfilling your requests.
Legal Obligation: To comply with financial, legal, or regulatory obligations.
Legitimate Interest: To improve services, enhance security, and prevent fraud, provided your rights are not infringed.
We may share your personal data with:
Payment providers such as M-Pesa and licensed card processors for secure transaction processing.
Service providers for hosting, analytics, communications, and platform infrastructure.
Event organizers solely for the purpose of validating tickets and managing entry.
Regulatory or legal authorities, where required by law, subpoena, or court order.
Successors in business mergers, acquisitions, or restructuring processes.
All third parties are required to comply with applicable data protection laws and handle data securely.
While Rissatickets primarily processes data within Kenya, some service providers or systems may store or process data in other jurisdictions. In such cases, we ensure adequate safeguards are implemented, including data processing agreements that meet the standards of the Kenya DPA.
We use cookies and similar technologies to:
Identify users
Remember user preferences
Improve website performance
Collect analytics on usage
You can manage or disable cookies through your browser settings. However, disabling cookies may impact the functionality of certain features.
Under the Kenya Data Protection Act, 2019, you have the following rights:
Right to be informed: Know how your data is collected and processed.
Right of access: Request a copy of your personal data.
Right to correction: Request correction of inaccurate or outdated information.
Right to deletion: Request deletion of personal data, where legally permissible.
Right to object to processing: Especially where data is used for marketing or profiling.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to withdraw consent: Where processing is based on your consent.
To exercise any of these rights, contact us via the details provided in section 15. We may require you to verify your identity before processing such requests.
We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Once the retention period expires, your data will be securely deleted or anonymized.
We implement industry-standard measures to ensure your data is secure from unauthorized access, alteration, disclosure, or destruction. These include:
Data encryption
Secure access controls
Regular security audits
Firewalls and intrusion detection systems
While we take every precaution to protect your data, no method of transmission over the internet is completely secure.
We may send you promotional content or event updates with your prior consent. You can opt out of receiving marketing emails at any time by:
Clicking the “unsubscribe” link in our emails
Updating your preferences in your user account
Contacting us directly
We may still send transactional or legal notices related to your account or purchases.
Our services are not intended for individuals under the age of 13. We do not knowingly collect data from minors. If we learn that a minor has provided us with personal data, we will delete it as soon as possible.
We may update this Privacy Policy to reflect changes in our practices, technology, or legal obligations. When we do, we will revise the "Effective Date" and notify users via the Platform or by email where appropriate.
We encourage you to periodically review this policy to remain informed about how we handle your data.
If you have questions, concerns, or would like to exercise your rights under this Policy or the Kenya Data Protection Act, please contact us:
Rissatickets
📧 Email: info.rissatickets@gmail.com
📞 Phone: [Optional]