TrailMyCar Solutions Limited Data Protection Policy

Policy Statement

Personal data is playing an increasingly important role in our economies, societies and everyday lives. New and innovative technologies are generating significant volumes of personal data, and modern communications networks and processing systems are enabling organizations to collect, analyze, use, share and store data on a global scale.

TrailMyCar Solutions Limited (TMC) is committed to complying with all relevant Kenyan legislation and applicable global legislations. TrailMyCar Solutions Limited recognizes that the protection of individuals through lawful, legitimate, and responsible processing and use of their personal data is a fundamental human right. TrailMyCar Solutions Limited will ensure that it protects the rights of data subjects and that the data it collects, and processes is done in line with the Kenya Data Protection Act 2019.

Executive management is continuously assessing the need to develop and implement or amend further policies, procedures and terms and conditions, including those with regard to data protection; consent policies and forms; data access; security breaches and employee privacy requirements.

1.0. Purpose

This Policy governs the manner in which TrailMyCar Solutions Limited and its affiliates treat your personal information collected:

• a. telephonically;
• b. when you make use of our website or a Products we provide;
• c. when you apply for and use certain services and Products;
• d. and by using the TrailMyCar Solutions Limited website and by you accepting the terms and conditions of this Policy and explicitly consent to the collection, use and disclosure of your Personal Information in the manner set out below.

The Privacy Policy must be read together with TrailMyCar Solutions Limited terms and conditions of service and website and app terms and conditions of use. Unless defined elsewhere, terms in this Privacy Policy shall bear the meaning ascribed to them in our terms and conditions of service and website and app terms and conditions of use.

We respect your privacy and your personal information and for this reason, we take all reasonable measures in accordance with this Privacy Policy, The Data Protection Act, 2019 and other relevant Legislations and other relevant legislation, to protect your personal information and to keep it confidential, even when you are no longer our customer.

This Privacy Policy complies with the principles outlined in The Data Protection Act 2019 and describes how we handle Personal Information, as defined therein, that we collect from you, from your use of our products and services.

When there are reasonable grounds to believe that your Personal Information has been accessed or acquired by an unauthorized person, we will notify you. When we notify you that your Personal Information has been accessed or acquired by an unauthorized person, we will provide you with sufficient information to allow you to take protective measures against the potential consequences of the compromise.

Definitions

• Data controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data.
• Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
• Data subject means an identified or identifiable natural person who is the subject of personal data.
• Personal data means any information relating to an identified or identifiable natural person.
• A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
• Sensitive personal data means data that reveals the natural person’s race, health status, ethnic, social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person’s children, parents, spouse or spouses’ sex, or the sexual orientation of the data subject.
• Processing data means any operation or sets of operations performed on personal data whether or not by automated means, such as (a) collection, recording, organization, structuring; (b) storage, adaptation or alteration; (c) retrieval, consultation or use; (d) disclosure by transmission, dissemination, or otherwise making available; or (e) alignment or combination, restriction, erasure or destruction.

Principles

TrailMyCar Solutions Limited will ensure that data is:

• a. Processed lawfully, fairly and in a transparent manner and in line with the right to privacy.
• b. Collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with that purpose.
• c. Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is to be processed.
• d. Accurate and where necessary kept up to date.
• e. Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed.
• f. Processed in a manner that ensures its security using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.
• g. Not transferred out of Kenya unless there is proof of adequate data safeguards/ measures or consent from the data subject.

2.0. What is Personal Data

“Personal data” means information relating to an identifiable, living, natural person and where it is applicable, an identifiable juristic person, including but not limited to –

• 1. Information relating to the race, gender, sex, marital status, national, ethnic or social origin, color, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of a person;
• 2. Any information relating to an identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to a person; information relating to the education or the medical, financial, criminal or employment history of a person;
• 3. The blood type or any other biometric information of a person; personal opinions, views or preferences of a person;
• 4. The views or opinions of another individual about the person; the name of a person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person;
• 5. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; and
• 6. The name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.

3.0. Why We Collect Your Personal Data

We collect your personal data for one of the following purposes:

• 1. To manage communications between you and us.
• 2. Where we need to perform the contract, we have entered into with your business. (If you are a business, and providing us with your data, you will need to ensure that your clients are aware that we are processing their personal data. You can also provide the link of this privacy notice.)
• 3. To provide services related to our products including but not limited to, TMCs Assist, TMC Job Assist and TMC Live.
• 4. To provide you with information you have requested or which we may feel may be of interest to you.
• 5. Where you provided the information on the ‘Contact Us’ form.
• 6. Where you requested a quote.
• 7. send marketing offers.

4.0. How We Process, Use and Disclose Your Personal Information (“Purpose”)

You agree that we may process, use or disclose the information, including the Personal Information we hold about you, in the following ways:

• 1. To identify you; in order for us to process your instructions or requests; in order for us to ensure that we provide you with the best possible service at all times;
• 2. To collect and analyze your personal information and combine all the information that we have about you to compile a profile of you in order for us to personalize and tailor our services to meet your specific needs;
• 3. In aggregate form for purposes of generating statistics and developing strategic and marketing plans; to allow you to participate in interactive features of our services;
• 4. When you choose to do so; to carry out any contracts that may exist between us; to carry out any contracts that may exist between you and a third party, with your express consent; to notify you about changes to our services or introduce you to new services provided by us; once we have collected and analyze your Personal Information, inform you thereof telephonically or send you promotional material or information which we think may be of interest to you. If any of this promotional information relates to products, promotions, news or services of a third party business partner, and only if you indicate that you would like more information, we may inform them to contact you directly. You have the option to opt out of receiving any marketing or other material from us or a business partner at any stage; and
• 5. to share certain of your personal information (and non-personal information such as make and model of your vehicle, frequently travelled areas, traffic information, theft and hi-jacking statistics) within Tracker, as well as with our business partners, service providers and sub-contractors for purposes of providing the services to you.

We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:

• The data subject (you) has given consent to the processing activity taking place.
• If the processing is necessary for the performance of a contract.
• If the processing is necessary for compliance with a legal obligation to which the controller is subject.
• If the processing in necessary for the purpose of the legitimate interest pursued by us or our partners.

Where legitimate interest is identified as a lawful basis, we will undertake a legitimate interest assessment which is a three-part test covering:

• The purpose test – to identify the legitimate interest.
• Necessity test – to consider if the processing is necessary for the purpose identified.
• Balancing test – considering the individual’s interests, rights, or freedoms and whether these override the legitimate interests identified.

4.1: Marketing Communications and Consent

TrailMyCar Solutions Limited will only send marketing or promotional communications to data subjects where explicit opt-in consent has been obtained. All such communications will include a clear and accessible opt-out mechanism, in accordance with Regulation 17 of the Data Protection (General) Regulations, 2021. Data subjects may withdraw their consent to receive promotional messages at any time, and such withdrawal will be processed without delay. Proof of opt-in consent shall be securely retained in a consent audit trail.

TrailMyCar does not engage in unsolicited marketing. Promotional messages relating to third-party services will only be shared where the data subject has provided explicit prior consent and will include the option to opt out of future messages.

5.0. Disclosures of Your Personal Information

We will not sell, rent, or disclose your Personal Information to unauthorized third parties for independent use without your consent. Where third parties (including agents, service providers, installers, or subcontractors) process personal data on our behalf, they will do so under a formal, written agreement that includes binding data protection obligations in accordance with Section 42 of the Data Protection Act and Regulation 24 of the General Regulations. These third parties will only process data in line with instructions issued by TrailMyCar and are subject to regular compliance checks. your Personal Information may also be shared under the following circumstances:

• 1. When required by the laws of the Republic of Kenya and in the public interest. In such instances, we reserve the right to disclose your Personal Information as required in order to comply with our legal obligations or duty, including but not limited to complying with court orders, warrants, service of process requirements, discovery requests or lawful criminal investigations; under special circumstances
• 2. where we have reason to believe that such disclosure is necessary to identify, contact or bring legal action against a party who may be breaching our website and app terms and conditions of use or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users, or anyone else that could be harmed by such activities.

TrailMyCar requires all third-party processors to complete mandatory data protection training and reserves the right to terminate data access if such parties fail to comply with applicable legal and contractual obligations.

6.0. From Whom We Collect Personal Information

Personal information will be collected directly from you, or our business partners, service providers or sub-contractors, except if:

• 1. the information is contained in a public record or has deliberately been made public by you; you have consented to the collection of the information by us from another source or in accordance with the terms and conditions of service;
• 2. Collection of the information from another source would not prejudice a legitimate interest you may have;
• 3. Collection of the information from another source is necessary;
• to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences;
• to enforce a law imposing a pecuniary penalty;
• to enforce legislation concerning the collection of revenue as defined in relevant local legislation;
• for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated; or
• in the legitimate interests of national security.

7.0. Personal Information That We Collect

Personal Information collected about you and your dependents or our employees may include:

7.1. General Identification and Contact Information

Your name, address, e-mail address, telephone number, gender, marital status, family status, date of birth, passwords and activity records (such as driving behavior and location of your vehicle).

7.2. Identification Numbers Issued by Government Bodies or Agencies

Identity or passport number, ID number and Registration number of your vehicle.

7.3. Financial Information and Account Details

Bank account number and account details, credit history, credit score and other financial information.

7.4. Medical Condition and Health Status (Employees Only)

Current or former physical or mental or medical condition, health status, injury or disability information, medical procedures performed, personal habits (for example, smoking or consumption of alcohol, prescription information and medical history).

7.5. Other Sensitive Information

We may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud or in the employment process. We may also obtain sensitive information if you voluntarily provide it to us (for example, if as an employee you express preferences regarding medical treatment based on your religious beliefs).

7.6. Telephone Recordings

Recordings of telephone calls to and from our representatives, affiliates and call centers.

7.7. Information to Investigate Crime, Including Fraud and Money Laundering

We will share information with insurers who are investigating an insurance claim or with the SAPS who are investigating a criminal matter, for example.

7.8. Information Enabling Us to Provide Products and Services

Location and identification of your vehicle, (for example, vehicle coordinates, vehicle registration or ID number), the behavioral information and any associated risk score which we derive using our intellectual property. Driving License number, drivers name, Vehicle registration Number, Business address contact, Website activity including tracking cookies, IP Address, Business Address, GPS Coordinates or Location speed data.

7.9. Special Category Data

We collect the following special category data from you:

• 1. Real time Speed data
• 2. Accident Data

We will only process special category data where we have an exception allowing us to do so, in this case, this processing is necessary for the purposes of carrying out our Regulatory and Compliance obligations with the National Safety Transport Authority (NTSA).

8.0. Protection of Your Personal Information

We value the information that you choose to provide us with, and we will take reasonable steps to protect your Personal Information from loss, misuse or unauthorized alteration or access. The information we maintain concerning our customers is stored in databases that have built-in safeguards to ensure the privacy and confidentiality of that information.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. When you use the services provided by us, you may be given a username and password. You are responsible for maintaining the secrecy and confidentiality of your username and password. Please do not share your password with anyone.

9.0. Update of Your Personal Information

It is your responsibility to ensure that we have your correct Personal Information on our system. If you ever need to update or correct any of your Personal Information held by us, you can update us through the official Communication channels with the subject head “INFORMATION UPDATE” compliance@trailmycar.com or

CONTACT US
REHEMA PLACE, ALONG NGONG ROAD
BLOC C, OPPOSITE NAIVAS PRESTIGE PLAZA,
P.O BOIX 57522-00200,
NAIROBI

10.0. How Long We Keep Information For

We pride ourselves on ensuring that your personal data is only retained for the period that we need it for, or in accordance with laws, regulations, and professional obligations that we are subject to. All personal information collect has a defined retention period, which is in-line with our retention policy. If you would like to find out how long your information is being retained.

11.0. Security of Personal Information

We take the responsibility for protecting your privacy very seriously and we will ensure your data is secured in accordance with our obligations under the Data Protection Act, 2019. We have in place technical and organizational measures to ensure personal information is secured and to prevent your personal data from being accessed in an unauthorized way, altered, or disclosed. We have in place a robust access control policy which limits access to your personal data to those employees, contractors and other third parties who only have a business need to know. The processing of your personal data will only take place subject to our instruction.

We have policies and procedures to handle any potential data security breaches and data subjects, third parties and any applicable regulators will be notified where we are legally required to do so. We have ensured that all employees have had information security and data protection training.

12.0. Changes to This Policy

We reserve the right, in our sole discretion, to amend this Privacy Policy from time to time (including without limitation by the addition of new terms and conditions). Any changes to this Privacy Policy will be drawn to your attention on our website. You agree to review the Privacy Policy whenever you visit the Tracker website for any such amendments. Save as expressly provided to the contrary in this Privacy Policy, the amended version of the Privacy Policy shall supersede and replace all previous versions thereof.

13.0. Your Consent

You consent that we may process and disclose your Personal Information as set out herein.

You consent that your Personal Information may be processed and disclosed under the following circumstances:

• 1. To provide you with services and to analyze data: between ourselves, our advisers, service providers and sub-contractors, third party business partners, insurance companies and credit bureaus;
• 2. To an insurer who has confirmed that you have an insurance policy or that you have requested a quote (which information may include your insurance claim information and any behavioral information and associated risk scores) or where you have provided explicit consent for us to do so;
• 3. To monitor web and app traffic: web and app servers serving the website and applications automatically collect information about pages you visit. This information is used for internal review, to tailor information to individual visitors and for traffic audits;
• 4. For statistical purposes: we may perform statistical analyses in order to measure interest in the various areas of the website or the app (for product development purposes); and
• 5. To government and law enforcement agencies, where the law requires that we disclose your Personal Information to a party, and where we have reason to believe that a disclosure of Personal Information is necessary to identify, contact or bring legal action against a party who may be in breach of the Privacy Policy or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users, or anyone else that could be harmed by such activities.

14.0. Children's Information

We do not knowingly collect information on children. If we have collected personal information on a child, please contact us immediately using the details in section 16, so we can remove this information without any undue delay.

15.0. Rights

You have the right to request that we correct, destroy or delete any of your Personal Information that we have processed in accordance with this policy. The Personal Information that you may request us to correct, destroy or delete is Personal Information that has been processed that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully or that we are no longer authorized to retain.

15.1. Right to Withdraw Consent

You have the right to withdraw your consent for us to process your Personal Information at any time. The withdrawal of your consent can only be made by you on the condition that:

• 1. The withdrawal of your consent does not affect the processing of your Personal Information before the withdrawal of your consent; or
• 2. The withdrawal of your consent does not affect the processing of your Personal Information if the processing is in compliance with an obligation imposed on us by law; or
• 3. The withdrawal of your consent does not affect the processing of your Personal Information where such processing is necessary for the proper performance of a public law duty by a public body; or
• 4. The withdrawal of your consent does not affect the processing of your Personal Information as required to finalize the performance of a contract to which you are a party; or
• 5. The withdrawal of your consent does not affect the processing of your Personal Information as required to protect your legitimate interests or our own legitimate interests or the legitimate interests of a third party to whom the information is supplied.

15.2. Right to Object

You have the right to object to the processing of your personal information at any time, on reasonable grounds relating to your particular situation, unless the processing is required by law. You can make the objection if the processing of your Personal Information is not necessary for the proper performance of a public law duty by a public body, or if the processing of your Personal information is not necessary to pursue your legitimate interests, our legitimate interests or the legitimate interests of a third party to which the information is supplied.

15.3. The Right of Access

You or any third party acting on your behalf with your authority may request a copy of the personal data we hold about you without charge.

We will ask to verify your identity or request evidence from the third party that they are acting on your behalf before releasing any personal data we hold about you.

15.4. The Right to Be Informed

We are required, to provide clear and transparent information to you about how we process your personal data. This privacy notice addresses this right.

15.5. The Right of Rectification

If you believe the personal data, we hold about you is incorrect or incomplete you have the right to correct this and you may exercise this right along with the right to restrict processing until these corrections are made.

15.6. The Right to Erasure

If there is no legal basis or legitimate reason for processing your personal data, you may request that we erase it.

15.7. The Right to Restrict Processing

You may ask us to restrict the processing of your personal data. This means we will still hold it but not process it. This is a conditional right which may only be exercised when:

• 1. Processing is unlawful.
• 2. We no longer need the personal data, but it is required for a legal process.
• 3. You have exercised your right to object to processing and require processing to be halted while a decision on the request to object is made.
• 4. You are exercising your right to rectification.

15.8. The Right to Data Portability

You can request that your personal data is transferred to another controller or processor in a machine-readable format if:

• 1. Processing is based on consent.
• 2. Processing is by automated means (i.e., not paper based).
• 3. Processing is necessary for the fulfilment of a contractual obligation.

15.9. Right to Object Automated Decision Making or Profiling

You can request to obtain human intervention.

You can express your point of view.

You can obtain an explanation of the decision reached after an assessment.

You can challenge such decision.

15.10. Data Retention for Inactive Users

In circumstances where a data subject is no longer an active customer, their data will be reviewed periodically and flagged for suppression or deletion in accordance with our data retention policy. Where service continues, such as due to unclosed billing cycles or regulatory compliance (e.g., NTSA reporting requirements), only essential information will be retained, and data subjects will be informed of this status upon request. Requests to remove data must be made through our official communication channels and will be evaluated in line with applicable legal obligations and operational requirements.

15.11. System-Generated Messages and Non-Promotional Reminders

TrailMyCar’s systems may generate operational messages such as payment reminders or service alerts tied to ongoing services. These communications are not classified as marketing and are issued based on legitimate interest and contractual necessity. Data subjects may request to opt out of such messages, but this may impact our ability to provide continued services, in which case the implications will be communicated clearly.

16.0. Failure to Provide Personal Information

Where we need to collect personal data by law or in order to process your instructions or perform a contract, we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.

17.0. Right to Complaint

We take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading, or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance. To make a complaint, please contact us via email on compliance@trailmycar.com by filing and submitting a form that can be Downloaded here.

Or Alternatively reach us by visiting our office:

Contact Us
REHEMA PLACE, ALONG NGONG ROAD
BLOC C, OPPOSITE NAIVAS PRESTIGE PLAZA,
P.O BOIX 57522-00200,
NAIROBI
EMAIL: admin@trailmycar.com/compliance@trailmycar.com