TECMOCSY COMPANY LIMITED is the sole data controller for this platform. We collect only what we need to operate the business. We do not sell your personal data to third parties, and we do not share it for third-party marketing purposes. This policy is issued in compliance with Tanzania's Personal Data Protection Act 2022 (PDPA 2022).
Contents
1. Information We Collect
For all registered users:
- First name and last name, email address, and phone number
- Country of residence (for currency and shipping routing)
- Order history and transaction records
When you place an order, we collect your delivery address. For buyers in Tanzania this includes Region (Mkoa), District (Wilaya), Ward (Kata), Village or Street (Kijiji/Mtaa), and house or building number. For individual buyers we collect first name and last name. For company buyers we also collect company name, and optionally TIN and VAT registration number. For government entities we collect organisation name and optionally TIN. For buyers in areas where we have no physical presence, we collect standard free-text address fields: street, city, postal code, and country.
Collected automatically:
- IP address and approximate location — used for routing, security, and fraud prevention only; not included in analytics reports
- Browser type, device, and session data (pseudonymized usage analytics — not linked to your identity in any report)
2. How We Use Your Data
- To verify your identity and prevent fraud
- To process payments for products sold by TECMOCSY COMPANY LIMITED
- To send transactional notifications (order updates, account activity)
- To facilitate secure communication via in-platform chat for B2B enquiries
- To analyze platform usage trends and purchasing patterns to improve our product catalogue, pricing, and user experience
- To deliver personalized product recommendations and relevant content based on your browsing and order history on tecmocsy.com
- To improve the platform using aggregated analytics — individual usage data is not linked to your identity in any published report
- As our platform grows, we may use commerce data in aggregate or de-identified form to support interest-based features and relevant promotions within the platform. We will update this policy and notify you before implementing any material change to how your data is used
3. Our Role as Data Controller
TECMOCSY COMPANY LIMITED is the seller, Merchant of Record, and sole data controller on this platform. All purchases, payments, and fulfilment are handled exclusively by TECMOCSY COMPANY LIMITED. When you pay on tecmocsy.com, your money goes directly to us — we handle your payment, manage the taxes on the sale, and deal with any refunds or disputes. All personal data collected through purchases, enquiries, or account registration is processed solely by TECMOCSY COMPANY LIMITED in accordance with Tanzania's Personal Data Protection Act 2022.
4. Data Security
We apply the following technical and organisational measures to protect your data:
- SSL/TLS encryption on all platform connections
- PCI DSS compliance for payment processing
- Access controls and role-based permissions for internal staff
We do not store raw card numbers or full payment credentials.
5. Who We Share Data With
- Payment processors — for order payment processing (tokenized data only)
- Law enforcement or regulators — when required by applicable law
We do not sell your personal data to third parties. We do not share your identifiable personal information for third-party marketing purposes.
6. Your Rights
Under Tanzania's Personal Data Protection Act 2022, you have the right to:
- Access a copy of the personal data we hold about you
- Correct inaccurate or incomplete information
- Request deletion of your account and associated personal data. We respond to all deletion requests within 30 days. For buyers in countries where TECMOCSY has no physical presence, personal account data is deleted immediately upon identity verification. For Tanzania-based account holders, personal data is deleted within 30 calendar days of a verified request. In both cases, order records and transaction history are retained for 7 years as required by Tanzanian law — see Section 9. Verification requires your first name, last name, email address, phone number, and country of residence — no further documents are required.
- Opt out of non-essential marketing communications
Data breach notification: If a data breach occurs that is likely to result in a risk to your rights or freedoms, TECMOCSY COMPANY LIMITED will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, where technically feasible. The notification will describe what happened, what data was affected, and the steps we are taking to address it.
Account recovery after a security incident: If your account is affected by a security incident or data breach, you can recover access by providing your original registration details: your registered email address, phone number, first name, last name, and country of residence. No additional documentation is required.
To exercise any of these rights, contact our Data Officer at [email protected]. We respond within 30 days.
7. International Data Transfers
TECMOCSY COMPANY LIMITED is incorporated in Tanzania and may process data on servers outside your country of residence. We apply safeguards equivalent to Tanzania's Personal Data Protection Act 2022 to all cross-border data transfers.
8. Policy Updates
Material changes will be communicated by email and in-platform notification at least 14 days in advance. The date at the top of this page reflects the current version.
9. Cookies
TECMOCSY currently uses only essential cookies — the minimum required to operate the platform securely. We do not currently use third-party advertising cookies or cross-site tracking cookies. As our platform develops, we may introduce first-party analytics or preference cookies to improve your experience and deliver relevant recommendations. Any such change will be communicated in advance and reflected in an updated version of this policy.
- Session cookies: Keep you logged in during your browsing session. These expire when you close your browser.
- Security cookies: Protect against cross-site request forgery (CSRF) and other security threats.
- Preference cookies: Remember your selected language (English or Swahili) and currency preference across sessions.
You will see a cookie notice when you first visit the platform. Clicking "Got it" acknowledges that we use these essential cookies. Because these cookies are required for the platform to function, they cannot be disabled without preventing you from using the service.
10. Data Retention
We retain your personal data only for as long as necessary for the purposes set out in this policy, subject to legal obligations:
- Account data (name, email, phone, country): retained while your account is active. After deletion, basic identifying data is removed within 30 days (or immediately for international users upon verified request).
- Order and transaction records: Retained for 7 years from the date of the transaction in compliance with Tanzania's Income Tax Act and commercial record-keeping requirements. These records cannot be deleted on request because we are legally required to keep them.
- Delivery addresses: Retained with the associated order record for 7 years.
- Payment data: We do not store raw card numbers or full payment credentials. Tokenized payment references are retained for 7 years with the order record.
- Platform session and analytics data: Pseudonymized usage data is retained for up to 12 months then permanently deleted or further anonymized.
- Support and communication records: Retained for 2 years from the date of last interaction for dispute resolution purposes.
When a retention period expires, data is deleted or anonymized so it can no longer be linked to you. Contact [email protected] with any questions about specific retention periods.
For privacy enquiries, contact [email protected] — we respond within 30 days.
WhatsApp / Phone: +255 754 455 602