Tender Asili Logo

Privacy Policy

Effective date: 12 July 2026  ·  Version 2.0

This Privacy Policy explains how TenderAsili Limited ("TenderAsili", "we", "us") collects, uses, stores, shares, and protects your personal data when you use the TenderAsili procurement and supplier-sourcing platform. We are the data controller for the personal data described here and we handle it in accordance with the Kenya Data Protection Act, 2019, the Data Protection (General) Regulations, 2021, and the guidance of the Office of the Data Protection Commissioner (ODPC).

1. Who We Are and How to Reach Us

TenderAsili Limited operates the TenderAsili website and platform. For the purposes of the Kenya Data Protection Act, 2019 (the "DPA"), TenderAsili is the data controller of the personal data you provide through the platform, and a data processor in respect of data we handle on behalf of buyers running their own sourcing activities.

We are registered with the Office of the Data Protection Commissioner (ODPC) as a data controller and data processor. You can contact us about any privacy matter at contact@tenderasili.com, or by writing to TenderAsili Limited, Kunde Road, Nairobi, Kenya, +254 714 555 554.

2. Scope of This Policy

This policy covers personal data processed through the TenderAsili website and platform for buyers, suppliers, their authorized representatives, and website visitors. "Personal data" means any information relating to an identified or identifiable natural person, as defined under the DPA. "Sensitive personal data" carries the special meaning given to it under the DPA.

This policy should be read together with our Cookie Policy and our Security & Data Protection statement, which are incorporated by reference.

3. Information We Collect

Depending on how you use the platform, we may collect the following categories of personal data:

  • Contact and account data — name, email address, phone number, job title, company name, and role (buyer, supplier, or admin).
  • Business and qualification data — company registration details, KRA/tax identification and compliance status, professional certifications, bank/payment details you submit for verification, and documents required for registration, prequalification, or sourcing.
  • Sourcing and transaction data — RFQs, quotes, bids, purchase orders, invoices, evaluation records, and communications exchanged through the platform.
  • Payment data — records of fees paid. Card payments are handled by our PCI-DSS-compliant payment partner; we do not store full card numbers.
  • Technical and usage data — IP address, device and browser information, log data, and cookies used to operate, secure, and improve the platform.

We do not knowingly collect personal data from persons under the age of 18. The platform is intended for businesses and their authorized representatives.

4. How We Use Your Information and Our Lawful Basis

Under the DPA we must have a lawful basis for each processing activity. We rely on the following:

  • Performance of a contract — to create and authenticate your account, run sourcing events (RFQ, quote, purchase order, invoice), and provide the services you request.
  • Legal obligation — to verify tax and registration status, keep records required by law, and respond to lawful requests from regulators or courts.
  • Legitimate interests — to secure the platform, prevent fraud and abuse, and improve our services, balanced against your rights and freedoms.
  • Consent — to send marketing communications, make your supplier profile discoverable to buyers, and set non-essential cookies. You may withdraw consent at any time.

5. How We Share Your Information

We share personal data only as necessary to provide the services:

  • With buyers — when you participate in their sourcing events or, with your consent, make your supplier profile discoverable to them.
  • With service providers (data processors) — cloud hosting and object storage, email and SMS delivery, analytics, and payment processing. Each is bound by written data-processing agreements requiring confidentiality and DPA-equivalent protection.
  • For legal reasons — where required by law, regulation, or a valid court order, or to protect our rights, users, or the public.
  • On a business transfer — in connection with a merger, acquisition, or reorganization, subject to this policy and reasonable notice to you.

We do not sell your personal data, and we do not share it with third parties for their own independent marketing without your consent.

6. Where and How We Store Your Data

Your data is stored on reputable cloud infrastructure, with documents held in secure object storage. We apply technical and organizational measures including role-based access control, encryption of data in transit and encryption of sensitive data at rest, protection against common web attacks (such as cross-site scripting, cross-site request forgery, and SQL injection), rate limiting, and audit logging. Our full approach is described in our Security & Data Protection statement.

7. International Data Transfers

Some of our service providers may process data outside Kenya. Where we transfer personal data across borders, we do so in accordance with the DPA — either where the destination provides adequate protection, where appropriate safeguards (such as contractual data-protection clauses) are in place, or on another lawful basis permitted by the Act.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy and to meet our legal and regulatory obligations. As a general rule, supplier and sourcing records are retained for seven (7) years to satisfy tax, audit, and procurement record-keeping requirements, after which the data is securely deleted or anonymized unless a longer period is required by law. Contact-only records (for example, website enquiries) are held for a shorter period and deleted after prolonged inactivity.

9. Your Rights Under the Data Protection Act

Subject to the DPA, you have the right to:

  • be informed of the use to which your personal data is put;
  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion or erasure of your data where the law allows;
  • object to, or request restriction of, certain processing;
  • data portability, where applicable;
  • withdraw consent at any time, without affecting processing already carried out;
  • not be subject to a decision based solely on automated processing that significantly affects you; and
  • lodge a complaint with the Office of the Data Protection Commissioner.

To exercise any of these rights, contact us at contact@tenderasili.com. We will respond within the timeframe required by the DPA. You may also complain to the ODPC via www.odpc.go.ke.

10. Data Breach Notification

We maintain procedures to detect, report, and investigate personal-data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the ODPC and, where required by the DPA, affected data subjects, without undue delay.

11. Cookies and Tracking

We use strictly necessary cookies to keep you logged in and secure the platform, and — with your consent — functional and analytics cookies to remember preferences and understand usage. You can manage non-essential cookies through the consent banner or your browser settings. Full details are in our Cookie Policy.

12. Third-Party Links

The platform may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites, and we encourage you to review their privacy policies.

13. Changes to This Policy

We review this Privacy Policy at least annually and may update it from time to time. When we make material changes, we will post a prominent notice and update the effective date and version above. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your data-protection rights, contact us at contact@tenderasili.com, by phone on +254 714 555 554, or by post to TenderAsili Limited, Kunde Road, Nairobi, Kenya.

Questions about this document? Contact us at contact@tenderasili.com or +254 714 555 554.