When you join our services from our online platforms, as part of the registration process, we collect the personal information you give us such as your name, national identity number, physical address, email address and mobile number.

When you browse our online platforms, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email, SMS marketing (if applicable): We may send you emails or SMS about our services, new products and other updates.

How do you get my consent? When you provide us with personal information to complete a transaction, we use this information to verify your credit history, eligibility, process data validations with third-party databases and arrange for a delivery or returns. We imply that, by your acceptance of the terms and conditions on our digital platforms you consent to us collecting this information and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent? If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at inquiry@kollektaafrica.com or mailing us at: Kollekta Africa Limited, 172 Chwaku Street, Mikocheni, Dar es Salaam, Tanzania.

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

1. Purpose

Kollekta (“Platform”, “we”, “us”, “our”) is committed to protecting personal data in accordance with globally recognised privacy and security principles, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

This policy defines how personal data is collected, processed, secured, and governed across all Kollekta services.

2. Roles & Responsibilities

For purposes of data protection laws:

• Subscribers act as Data Controllers in respect of all debtor, customer, or third-party data they upload to the Platform.

• Kollekta acts as a Data Processor / Service Provider and processes data only in accordance with Subscriber instructions and contractual obligations.

Subscribers determine the purpose and lawful basis for processing.

3. Lawful Basis for Processing

Kollekta processes data when a subscriber creates an account, uploads the data into our patforms, and on documented instructions from Subscribers and in accordance with:

• Applicable contracts

• Legal obligations

• Legitimate business interests of the Subscriber

• Explicit consent where required by applicable laws

Kollekta does not independently decide the legal basis for processing Subscriber data.

4. Subscriber Responsibility for Personal Data

Subscribers acknowledge and agree that they are solely responsible for ensuring that any personal or sensitive information uploaded, entered, or otherwise processed through the Kollekta Platform is accurate, collected, handled, and transmitted in full compliance with all applicable data protection and privacy laws in their respective jurisdictions. This includes, but is not limited to, applying all required masking, redaction, minimisation, and lawful-processing checks before uploading personal data into the Platform.

Kollekta provides a wide range of data fields to support debt collection activities across regulated and non-regulated sectors; however, Subscribers remain the Data Controllers for all debtor information they submit and must ensure that only data permitted under their local laws and internal policies is shared.

While Kollekta will use commercially reasonable efforts to implement industry-standard security, masking, encryption and privacy-by-design features to protect data and support global compliance, the Platform does not interpret, enforce, or guarantee compliance with country-specific regulatory requirements on behalf of Subscribers.

Each Subscriber is solely responsible for validating that their use of the Platform — including the type, scope, and volume of data uploaded — complies with all legal, regulatory, and contractual obligations applicable in their country, industry, or sector.

5. Data Security Measures

Kollekta implements appropriate technical and organisational safeguards, including:

• Encryption in transit and at rest

• Secure authentication and role-based access controls

• Activity logging and audit trails

• Multi-tenant data isolation

• Data masking features

• Regular vulnerability testing and monitoring

Subscribers acknowledge that no system can be guaranteed as 100% secure.

6. Data Storage & Retention

Data is stored only for as long as required by the Subscriber’s instructions, contractual obligations, or legal requirements. Subscribers are responsible for setting legally compliant retention periods.

Upon subscription termination, data will be deleted or returned in accordance with Subscriber instructions, unless retention is required by law.

7. Cross-Border Data Transfers

Kollekta may process data in multiple jurisdictions in order to provide the services. Subscribers are responsible for ensuring that international data transfers are legally permitted under their local laws, including the use of Standard Contractual Clauses (SCCs) or other approved mechanisms where required.

8. Data Subject Rights

Kollekta assists Subscribers, where technically possible, in responding to:

• Access requests

• Correction requests

• Deletion requests

• Restriction or objection requests

• Data portability requests

Subscribers remain fully responsible for legal compliance with such obligations.

9. Breach Management

Kollekta maintains security incident response procedures and will notify Subscribers of confirmed data breaches without undue delay. Subscribers are responsible for regulatory and data subject notifications as required by their local laws.

10. Enterprise / On-Premise Deployment Clause

For organisations operating in regulated environments or jurisdictions requiring data localisation, Kollekta offers an Enterprise Deployment Model that allows Subscribers to deploy and operate the Platform entirely within their own infrastructure or private cloud environment.

Under this model, the Subscriber retains full control and responsibility for data hosting, security, processing, and compliance with applicable local regulations.

Subscribers may contact support@kollektaafrica.com to request enterprise and in-country hosting solutions.

1. Subject Matter

This Agreement governs the processing of personal data by Kollekta on behalf of the Subscriber.

2. Instructions

Kollekta shall process personal data upon subscription, account creation and data upload to our platform, and on documented instructions from the Subscriber, unless otherwise required by law.

3. Confidentiality

Kollekta ensures that all personnel authorised to process personal data are subject to confidentiality obligations.

4. Security of Processing

Kollekta will implement appropriate technical and organisational measures to protect personal data, including:

• Encryption
• Access controls
• Data masking and pseudonymisation
• Multi-layer security monitoring
• Secure development practices

5. Sub-Processors

Kollekta may appoint sub-processors to support infrastructure, hosting, analytics, messaging, and any other support services. Kollekta will impose equivalent data protection obligations on such sub-processors.

6. Data Subject Requests

Kollekta shall assist the Subscriber, where reasonably possible, in responding to data subject requests.

7. Data Breach Notification

Kollekta will notify the Subscriber without undue delay after becoming aware of a personal data breach.

8. Audits

Upon reasonable notice, Subscribers may conduct audits of Kollekta’s compliance, subject to security and confidentiality safeguards.

9. Data Deletion or Return

Upon termination of services, Kollekta shall, at the Subscriber’s choice, delete or return personal data, unless retention is required by law.

10. Liability Allocation

To the maximum extent permitted by law:

• Subscribers retain full responsibility for lawful collection and compliance.
• Kollekta’s liability is limited to breaches arising directly from its failure to timely implement technical and organisational safeguards upon becoming aware of such breaches.

11. Legal Disclaimer

Kollekta does not provide legal advice and does not warrant that the Platform will ensure compliance with jurisdiction-specific regulatory requirements. Subscribers are encouraged to obtain independent legal advice regarding their data protection obligations.

Our Platforms are hosted with various service providers. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Kollekta data storage, databases and the general Kollekta application.

They store your data on a secure server behind a firewall.

Payment: If you choose a direct payment gateway to complete your purchase, then Kollekta stores your credit card or other payment method data. It is encrypted. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

For more insight, you may also want to read Kollekta’s Terms of Service or Privacy Statement.

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as Credit Reference Bureau, payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to receive or provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our online platforms or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our online platform’s Terms of Service.

Links

When you click on links on our online platforms, they may direct you away from our sites. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements andimplement additional generally accepted industry standards.

By using this online platform, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on our online platforms.

If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

Questions and contact information

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at inquiry@kollektaafrica.com or by mail at Kollekta Africa Limited,
[Re: Privacy Compliance Officer]Dar es Salaam, Tanzania.

1. Information We Collect

We collect information that helps us provide our services effectively:

• Personal identification details (name, email, contact number, address).
• Transaction and payment information.
• Device and usage data (IP address, session duration, etc.).

2. How We Use Your Information

We use your information to:

• Create and manage your account.
• Facilitate auctions, bids, and transactions.
• Share limited data with logistics partners for delivery purposes only.
• Prevent fraud and ensure secure operations.
• Improve user experience and platform features.

3. Data Sharing and Security

• Data shared with vendors or delivery partners is restricted to fulfillment purposes only.
• Vendors are strictly prohibited from using this data for promotional or external sales.
• All user data is encrypted and stored securely.
• Obidding does not sell or trade user information with third parties.

4. Cookies and Analytics

Obidding uses cookies and analytics tools to enhance functionality, track performance, and personalize experience. You may disable cookies, but some platform features may not function properly.

5. Data Retention

We retain data only for as long as necessary to fulfill operational and legal obligations. You may request data deletion upon account closure, subject to regulatory compliance requirements.

6. User Rights

Users have the right to:

• Access their personal data.
• Request corrections or deletion.
• Withdraw consent for non-essential communications.

7. Breach and Enforcement

Obidding reserves the right to:

• Suspend or terminate accounts for privacy violations or misuse of customer data.
• Impose fines or withhold vendor payments where misconduct is confirmed.

8. Contact Information

For inquiries, privacy concerns, or data requests, contact:
inquiry@kollektaafrica.com
www.kollektaafrica.com