palm palm

Privacy Policy

Lemaiyan Suites (‘Lemaiyansuites’) understands that your privacy is important to you and that we care about how your personal data is used. We respect and value the privacy of all our customers and users and we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the Data Protection legislation (as defined hereinbelow).

This is Lemaiyan Suites Privacy Notice (“Privacy Notice”) which may be accessed from the webpage https://lemaiyansuites.com/content/privacy-policy where you submit personal data to access the service or may be obtained as a hard copy when you submit personal data at our retail stores. Lemaiyan Suites is a retailer with stores across various towns and cities in the Republic of Kenya and a website for the online sale of our products and services.

We are referred to in this Privacy Notice as “Lemaiyan Suites”, “We” or “Our” or “Us”. An individual who is the subject of the personal data is referred to as “Customer”, “User” or “You”.

This Privacy Notice only covers users of our website and the retail stores. Lemaiyans Suite’s employees’ or third-party vendors’ personal details are handled in line with the terms of employment agreement or contractual relationships, or our separate policies that we provide, as relevant, independent of this Privacy Notice.

1. Information about us

LEMAIYANSUITES a limited company registered in the Republic of Kenya.

Registered address: South Lake Road, Naivasha.

Postal Address: P.O. Box 61600 -00200, Nairobi, Kenya

Email address: [email protected]

Telephone number: +254 (020) 6536305-9/ 3506112/3

Website: www.lemaiyansuites.com (“Our website”)

2. What does this Privacy Notice cover?
2.1 This Privacy Notice explains how we use your personal data: how it is collected, how it is held and how it is processed. It also explains your rights under the law relating to your personal data.

2.2. We will process any personal data we collect from you in accordance with this Privacy Notice and our Terms and Conditions of Service (together with any other documents referred to in it). Kindly carefully read this Notice carefully so that you can understand how we handle your personal data.

3. What is personal data?
3.1. Processing of personal data is governed by the Data Protection Act, 2019(‘the Act’), The Data Protection General Regulations 2021, The Data Protection (Registration of Data Controllers and Data Processors) 2021, The Data Protection (Complaints Handling and Enforcement Procedures) Regulations 2021 as may be amended from time to time, and any other regulations made thereunder (collectively, “the Data Protection Legislation”).

3.2. Personal data refers to any information about you that enables you to be identified as individual such as your name, contact details, identification numbers but it also covers less obvious information such as, electronic location data, and other online identifiers.

The personal data that we collect and use is set out in Part 4, below.

4. How do we collect your personal data?
Details of Personal Data Collected.

Data Collected

How We Collect the Data

Personal Information

– For individuals –Names, gender, dependents, date of birth, referee details, next of kin, marital status, criminal record, , photographs.

– For companies – company name and company contact person’s name.

Relevant Application forms (For example, corporate application forms, loyalty application forms, employee recruitment forms, vendor application forms and any other application forms we may use from time to time)

Contact information

– For individuals –Address, Email, phone number.

– For companies –company contact person’s name, email and phone number.

Relevant Application forms (For example, corporate application forms, loyalty application forms, employee recruitment forms, vendor application forms and any other application forms we may use from time to time)

Identification details and documents

– For individuals – copy of national identification card or passport, driving licence, vehicle registration certificate.

For companies –Company CR-12, Vehicle registration number.

Relevant Application forms (For example, corporate application forms, loyalty application forms, employee recruitment forms, vendor application forms and any other application forms we may use from time to time)

Financial Information

– For individuals – Bank account numbers Kenya Revenue Authority PIN numbers, debit or credit cards.

For companies –Company CR-12, Vehicle registration number

Relevant Application forms (For example, corporate application forms, loyalty application forms, employee recruitment forms, vendor application forms and any other application forms we may use from time to time)

Tracking Information

– For individuals – CCTV Images and footages.

CCTV Cameras at various Lemaiyan Suites branches

5. How we use personal data?
5.1 We process your personal data for one of the lawful bases of processing (“Lawful Basis”) depending on the specific purpose or purposes for which we are using your data (see table below).

To provide our product and services

We may use your personal information and financial information to:

• Make our products and services available to you.

• Onboard you as a customer, supplier or vendor

• To provide products and services available to you, process your payment and sometimes award you Lemaiyan Suites Loyalty points.

• Responding and engaging with to your inquiries, delivery and service updates or feedback, including contacting you where necessary.

• Onboarding you for the Lemaiyan Suites Loyalty card.

Performance of our contract with you.

To identify you

We may use your personal information, including identification information and contact information, to:

• Identity verification, establishing and administering customer care services.

• Processing payments for our e-commerce services.

Performance of our contract with you.

For Marketing

We may use your personal information, including contact information, to:

• Keeping you informed about our services and any promotions we may be running at the store, including commercial activities and direct marketing.

• Processing payments for our e-commerce services.


(you can withdraw your consent at any time)

Improving Shopping experience
We may use your personal information, including identification information, to:

• Understand you so we can provide you with a great shopping experience, personalised offers, shopping ideas and online advertising.

• Understand how you use our Website, where and when you shop, the products and services you buy from Lemaiyan Suites and how you use and browse our websites helps us to do this.

Legitimate Interest of the Data Controller

For safety and security

We may use your personal information, including contact information, to:

• Help provide safe and secure shopping and online environments for you to shop in, our employees to work in and for our businesses to be conducted.

We use CCTV footages and carry out checks to help us ensure that our customers are genuine, to prevent fraud and to help customers use our in-store and online services safely. Please see our CCTV policy in Part 8.

Legitimate Interest of the Data Controller

Government requirements

We may use your personal information, including financial information personal information, to:

• Submit the relevant statutorily required information to various institutions of the Government of Kenya, for example, KRA, NHIF, NSSF.

Legal Obligation

5.2 ‘Vital Interests’ can be used as a lawful basis where we need to share your personal data in emergency circumstances or where it is a matter of life and death.

5.3 We will not use your personal data for any other purpose other than the purpose(s) for which it was originally collected, unless we reasonably believe that another purpose is compatible with that or those original purpose(s). If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us.

5.4 If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so or seek your consent.

5.5 In some circumstances, where permitted or required by law, we may disclose your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

6. What are your rights under the Data Protection Legislation?
Under the Data Protection Legislation, you have the following rights, which we will always work to respect and uphold:

a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.

b) The right to access the personal data we hold about you.

c) The right to have your personal data corrected if any of your personal data held by us is false, erroneous or misleading.

d) The right to ask us to delete or otherwise dispose of any of your personal data that we hold.

e) The right to restrict (i.e. prevent) the processing of your personal data.

f) The right to object to us to our use of your personal data for a particular purpose or purposes.

g) The right to withdraw consent. This means that, if we are relying on your consent as the lawful basis for using your personal data, you are free to withdraw that consent at any time.

h) The right to data portability. You have a right to request your personal data, which you have provided to us in a structured and commonly used format for your own use across different services.

i) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us by email as set out in Part 13. Note that the above rights are subject to exceptions and conditions set out under the Data Protection Legislation, and your positive identification as an individual for whom we process personal data.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Office of the Data Protection Commissioner. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.

7.What sensitive personal data do we collect and how?
7.1 We may collect any ‘sensitive’ personal data like data relating to your race, ethnic social origin, conscience, belief, genetic data, property details, marital status, family details including names of your children, parents, spouse or spouses, sex or the sexual orientation. We will only collect sensitive data about you if we have your explicit consent, or if authorised under the Data Protection Legislation.

8. Closed Circuit Television (C.C.T.V.)
8.1 We use C.C.T.V. system to capture an overview of our retail centre and for purposes of security of our retail stores.

8.2 Why do we collect C.C.T.V. data?

The C.C.T.V. data we collect is for the purposes of security in the interest of the public and visitors of our retail centre.

8.3 What is the lawful basis allowing us to collect and process C.C.T.V. information?

The lawful basis for processing personal data collected by the system our legitimate interest as set out in Section 30(1)(b)(vii) of The Data Protection Act 2019 for purposes of security of our premises, products, customers and visitors.

8.4 How long do we keep C.C.T.V. information for?

The C.C.T.V. data is retained for 14 days, except where an incident has been reported in which case it will be stored for a reasonable period for purposes of evaluating and concluding any incident and then deleted.

8.5 We may share C.C.T.V. data in limited circumstances as follows:

a) For detection, prevention or resolution of crime on at our retail stores;

b) Where required to share under any statute or a court order of competent jurisdiction; and

c) With authorised third parties.

9.Do we share your personal data?
All data sharing will be undertaken in line with the Data Protection Legislation.

9.1 Transfer of your personal data outside of the Republic of Kenya.

– Subject to one or more appropriate safeguards set out in the Data Protection Legislation, we may from time to time transfer your personal data to our suppliers and service providers based outside of the Republic of Kenya for the purposes described in this Privacy Notice.

– When transferring your personal data we will ensure that it is protected in the same way as if it was being processed in the Republic of Kenya.


– We will ensure that the recipient country of your personal data has equivalent data protection laws in place and we will put in place a written contract with the recipient that means they must protect it to the same standards as the Republic of Kenya.

9.2 Within Lemaiyan Suites
For administrative and operational purposes, we share data internally across our departments in Lemaiyan Suites as the departments need to access data. The sharing across our departments is reasonable, is in line with Data Protection Legislation, and respects your rights.

We hold may your personal data record for you in our service stores as to provide and fulfil our obligations to you and have the most up-to-date contact details for you across services to support your right to accurate data.

9.3 Outside Lemaiya suites
A number of organisations assist us in delivering our products and services to you and will share your information with these organisations. We will provide them reasonable access to your personal data for purposes of facilitating our service to you. For example:

9.3.1 With our delivery companies to deliver your products and services;

9.3.2 With our professional advisors, such as lawyers and consultants;

9.3.3 Security and fraud prevention companies to ensure the safety and security of our customers, employees and business;

9.3.4 Companies who assess faults and repair products on our behalf;

9.3.5 With companies that assist in marketing our products to you.

We are responsible for your personal data and ensure that appropriate safeguards are in place.

Where obliged by law, we will share some personal data with Government, law and enforcement agencies. Where possible, we make this anonymous and only share statistics.

Where your consent is needed to transfer the data, we will make this clear to you in simple and clear language so you may make an informed decision.

We will never share your information if it’s not legal to do so, and will always consider your rights, and whether there is another way of achieving our aim, before doing so.

10. We keep your personal data safe. we share your personal data?
We use a high level of protection, both organisational and technical measures, to ensure we process our customers data safely. Some of the measures are:

– Servers that meet the highest standards for security using firewalls, secure content delivery, network mechanisms and secure architecture.

– Access to data via secure log-in, to which is restricted by our IT teams.

– Buildings and areas that have access only through staff passes, and secure files stored in areas that are further restricted by passes and keys.

– Systems are only available through strictly controlled security processes. We ensure that only the right people have access to systems.

– Encryption of passwords using industry-accepted hashing algorithms such as (SHA 256, PBKDF2)

11. How long do we keep your personal data?
We are required under the Data Protection Legislation to keep your personal data only for specific period as lawfully required. Some of the considerations we take into account when deciding on the retention of your data is:

– Where it is stipulated under the law; and

– The necessary time your data is needed for us to deliver the service to you.

On completion of the purpose for which your data was originally collected, we delete or de-identify your personal data.

12. How we use Cookies
We use cookies to store and collect information about your use of our website. More information is on our Cookie Policy, which may be accessed from webpage https://lemaiyansuites.com/content/cookie-policy.

13. How to Contact us
If you wish to contact us in respect of part of this Privacy Notice or have any questions or would like further information regarding our handling of your personal data, please contact us by email:

Designation: Data Protection Officer

Physical Address: South Lake Road, Naivasha

Postal Address: P.O. Box 975, South Lake Road, Naivasha

Email address: [email protected]

14. Amendments to this Privacy Notice
We may change, modify or adopt a new Privacy Notice from time to time.

If we do so, we will post it on our website and at our retail centres. It’s your responsibility to check the Privacy Notice every time you submit your personal data to us. This version was last updated on 9 May 2023.

15. Changes to your personal data
Please keep us informed of any changes to your personal data by emailing us with full details of the changes at [email protected]

    Your Cart
    Your cart is emptyReturn to Shop