Privacy Policy Bluelabs Hygiene

Bluelabs Hygiene respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our services, visit our website, or otherwise interact with us. It also explains your rights and how to exercise them.

Please read this policy carefully. If you have any questions or wish to make a request concerning your personal data, contact our Data Protection Officer (DPO) at:

Email: service@bluelabshygiene.com

Phone: +254 717 819 204

Postal: [Company postal address]

1. Scope and applicability

This Privacy Policy applies to:

Visitors to our website and users of our online tools;
Clients who request or purchase our services (cleaning, pest control, sanitary bin collections, mosquito net installations, training, supplier interactions);
Job applicants, trainees, suppliers, and contractors who interact with us;
Any other individuals whose personal data we process in the course of our operations in Kenya and other jurisdictions where we operate.

Where we process personal data on behalf of another organization, that organization may have its own privacy policy which governs that processing.

2. Legal basis and governing law

We process personal data in accordance with applicable law. In Kenya, this includes the Data Protection Act, 2019. Where relevant, we also consider requirements of other applicable privacy laws. The lawful bases for processing include: performance of a contract, compliance with legal obligations, consent where required, legitimate business interests (balanced against your rights), and protection of vital interests.

3. Types of personal data we collect

We collect different categories of personal information depending on the interaction:

a. Identity and contact data

Full name, date of birth (where required), postal address, email address, phone numbers.
Business or organization name, business address, registration details for corporate clients or suppliers.

b. Transactional and service data

Service requests, service dates, invoices, payment and billing information (payment method, transaction references), order history, delivery details.
Client preferences, service instructions, site access details.

c. Technical and usage data

IP address, browser and device type, operating system, pages visited, referring/exit pages, clickstream data, cookies and similar tracking technologies.

d. Recruitment and training data

CVs, employment history, qualifications, references, copies of identity documents, training progress and exam results.

e. Sensitive data (special categories)

Health information only when necessary for safe service delivery (e.g., allergy details, medical conditions affecting access or treatment) and only with explicit consent or where required to protect vital interests.

f. Supplier and contractor data

Company bank details for payments, contact persons, delivery schedules, tax or compliance documentation.

g. Visual and audio records

Photos or CCTV footage of our premises, or images taken for identification, training, or quality assurance; call recordings for quality monitoring and dispute resolution.

4. How we collect personal data

We collect information:

Directly from you (forms, emails, phone calls, service agreements, job applications, supplier registration).
Automatically when you use our website (cookies and analytics).
From third parties with your consent or where permitted by law (e.g., payment processors, background check providers, references, third-party booking platforms, delivery partners).
From public sources where permitted (company registers, public directories).

5. Purposes of processing and use of personal data

We use your personal data for purposes including:

Delivering and managing the services you request (scheduling, service delivery, invoicing, collection).
Processing payments and preventing fraud.
Communicating with you about bookings, service updates, offers (where you consent or it is in our legitimate interests).
Managing supplier relationships and payments.
Recruitment, training administration, certification, and assessment.
Quality assurance, dispute resolution, and complaint handling.
Regulatory compliance (tax, health and safety, legal obligations).
Improving our services, analytics, marketing (subject to your preferences), and internal record-keeping.
Ensuring safety of personnel and clients (e.g., sharing relevant health/allergy info with on-site technicians where necessary).

We will not use your personal data for purposes incompatible with the above without informing you and, where required, obtaining your consent.

6. Sharing and disclosure of personal data

We may disclose personal data to:

Service providers and partners who support our operations: payment processors, scheduling and CRM providers, couriers, training platforms, IT and hosting providers, analytics providers. These processors are contractually required to protect your data.
Third parties in connection with legal obligations, regulatory requests, or lawful government requests.
Acquirers or potential acquirers in the event of a business sale, merger, or reorganization, in such cases we will require the buyer to respect this Privacy Policy.
Emergency responders or medical professionals where necessary to protect health and safety.
Where we have your explicit consent.

We do not sell personal data to third parties.

7. International data transfers

Some third-party service providers may be located outside Kenya. When personal data is transferred internationally, we ensure appropriate safeguards are in place (such as data processing agreements, standard contractual clauses, or transfers to countries with adequate protections) to protect your rights and privacy. If you require details of the specific safeguards used for a transfer, contact our DPO.

8. Cookies and tracking technologies

Our website uses cookies and similar technologies to provide functionality, remember preferences, analyze usage, and deliver marketing where permitted. Cookies may be: strictly necessary, performance/analytics, or marketing. You can manage cookie preferences through your browser settings or through any cookie-control banner on our site. Disabling non-essential cookies may affect website functionality.

9. Retention of personal data

We retain personal data only as long as necessary for the purposes for which it was collected, for legal, tax, and accounting obligations, or as required by applicable laws. Typical retention periods include:

Financial and transactional records: as required by tax law (commonly 5 - 7 years).
Service records and warranties: for the life of the contract plus a reasonable period for claims.
Recruitment records: for the duration necessary to manage recruitment processes and for legal compliance.
Marketing opt-ins: until you withdraw consent or opt-out.
Retention periods are reviewed periodically and recorded in our data retention schedule. If you wish to know the retention period that applies to your data, contact our DPO.

10. Your rights and how to exercise them

Subject to applicable law, you may have the following rights:

Right of access: ask for a copy of the personal data we hold about you.
Right to rectification: request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): request deletion of personal data where lawful grounds exist.
Right to restriction of processing: in certain circumstances you can request that processing be limited.
Right to data portability: receive a copy of your data in a structured, machine-readable format where applicable.
Right to object: object to processing based on legitimate interests or direct marketing.
Right to withdraw consent: where processing is based on consent, you may withdraw at any time without affecting processing before withdrawal.
Right to lodge a complaint with a supervisory authority (in Kenya, the Office of the Data Protection Commissioner).

To exercise your rights or make a request, contact our DPO at privacy@bluelabshygiene.co.ke. We may request proof of identity before fulfilling requests. We will respond within the timelines required by law.

11. Security of personal data

We implement appropriate technical and organizational measures to protect personal data against accidental loss, unauthorized access, disclosure, alteration, or destruction. Measures include access controls, encryption where appropriate, secure hosting, staff training, and contractual controls with processors. While we strive to protect data, no internet or storage system is completely secure; if a data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authority as required by law.

12. Children’s privacy

Our services are not intended for children under 18. We do not knowingly collect personal data from children without parental consent. If you believe we have collected data from a child without appropriate consent, contact us and we will take steps to delete the information.

13. Marketing and communications

We may send marketing communications where you have consented or where we have a legitimate interest (subject to your right to object). You can opt-out of marketing at any time by using the unsubscribe link in emails, contacting us, or adjusting your preferences in your account. Opting out does not prevent transactional messages necessary to provide a service you have requested.

14. Third-party websites, integrations and social media

Our website may contain links to third-party websites, and we may integrate third-party services (for example, payment gateways, maps, or social media plugins). This Privacy Policy does not govern those third parties; you should review their privacy notices. We are not responsible for the privacy practices of third-party sites.

15. Supplier, contractor and recruitment processing

If you are a supplier, contractor or job applicant, we process business contact and transaction details, bank/payment details, tax compliance documents, and application/interview information to evaluate suitability, manage relationships, and make payments. Some of this processing may be necessary to perform contractual obligations or meet legal requirements.

16. Pseudonymisation and anonymisation

Where feasible, we may anonymize or pseudonymize personal data to reduce privacy risk while enabling analytics and service improvements. Anonymized data is not personal data and may be used without restriction.

17. Data protection by design and default

We apply privacy-by-design principles when developing new services or systems by minimizing data collection, implementing access controls, and embedding privacy requirements into projects and vendor relationships.

18. Complaints and supervisory authority

If you are dissatisfied with our handling of your personal data, please contact our DPO so we can address your concerns. You also have the right to lodge a complaint with the Kenyan Office of the Data Protection Commissioner or another relevant supervisory authority in your jurisdiction.

19. Changes to this Privacy Policy

We may update this policy from time to time to reflect business or regulatory changes. Material changes will be published on our website with an updated “Last updated” date. Continued use of our services after updates signifies acceptance of the revised policy.

20. Contact details and DPO

For privacy questions, data access requests, corrections, or complaints, contact:

Data Protection Officer

Email: service@bluelabshygiene.co.ke

Phone: +254 717 819 204

21. Additional notices for specific processing

Payment processing: Payments are processed through secure third-party providers. Please refer to their privacy terms for payment-related data handling.
CCTV and on-site recordings: Signage will be displayed where CCTV is in use. Footage is retained for security and safety purposes and deleted in line with our retention policy unless required for investigation.
Health data for service delivery: Where we collect health-related data (e.g., allergies), we will seek explicit consent and process such data only to the extent necessary for safe service provision.

22. Legal disclaimer

This Privacy Policy provides a summary of our practices and does not constitute a contractual promise except to the extent explicitly stated in a service agreement. For legal certainty, consult the full policy on our website or contact our DPO. We recommend an independent legal review if you intend to rely on this document for formal compliance needs.