Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your personal information when you use Mercreations World.
Last Updated: July 2025 | Effective Date: July 1, 2025
Personal Information: Name, email address, phone number, shipping and billing addresses when you create an account or place an order.
Payment Information: Credit card details, M-Pesa transaction information, and other payment data (processed securely through encrypted payment processors).
Order Information: Products purchased, customization details, delivery preferences, and order history.
Technical Information: IP address, browser type, device information, and website usage data through cookies and analytics tools.
Communication Data: Messages sent through our contact forms, customer service interactions, and feedback submissions.
Order Processing: To fulfill your orders, process payments, arrange delivery, and provide customer service.
Account Management: To create and maintain your account, track order history, and manage your preferences.
Communication: To send order confirmations, shipping updates, promotional offers (with your consent), and respond to inquiries.
Personalization: To customize your shopping experience, recommend products, and improve our services.
Legal Compliance: To comply with applicable laws, resolve disputes, and enforce our terms of service.
Business Operations: To analyze website usage, improve our products and services, and conduct market research.
Service Providers: We share information with trusted third-party service providers who help us operate our business (payment processors, shipping companies, email services).
Legal Requirements: We may disclose information when required by law, court order, or to protect our rights and safety.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.
Consent: We may share information with your explicit consent for specific purposes.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
Encryption: We use SSL/TLS encryption to protect data transmission between your browser and our servers.
Secure Storage: Personal information is stored on secure servers with restricted access and regular security updates.
Payment Security: Payment information is processed through PCI DSS compliant payment processors and is not stored on our servers.
Access Controls: We implement strict access controls and authentication measures for our staff and systems.
Regular Monitoring: We continuously monitor our systems for security vulnerabilities and potential threats.
While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your information.
Access: You have the right to request access to the personal information we hold about you.
Correction: You can request correction of inaccurate or incomplete personal information.
Deletion: You may request deletion of your personal information, subject to legal and business requirements.
Portability: You can request a copy of your personal information in a structured, machine-readable format.
Objection: You may object to certain processing of your personal information, including marketing communications.
Withdrawal of Consent: You can withdraw consent for processing that is based on your consent.
To exercise these rights, please contact us at privacy@mercreations.co.ke or through our contact page.
Essential Cookies: Required for basic website functionality, shopping cart, and security features.
Analytics Cookies: Help us understand how visitors use our website to improve user experience.
Marketing Cookies: Used to deliver relevant advertisements and track marketing campaign effectiveness.
Preference Cookies: Remember your settings and preferences for a personalized experience.
You can control cookie settings through your browser preferences. Disabling certain cookies may affect website functionality.
We use Google Analytics and similar services to analyze website traffic and user behavior.
Data Retention Periods
How long we keep different types of information.
| Data Type | Retention Period |
|---|---|
| Account Information | Until account deletion or 3 years of inactivity |
| Order History | 7 years for tax and legal compliance |
| Payment Information | Not stored (processed by payment providers) |
| Marketing Communications | Until you unsubscribe or opt-out |
| Website Analytics | 26 months (Google Analytics default) |
| Customer Service Records | 3 years for quality assurance |
Third-Party Services
External services we use and how they handle your data.
Payment Processing
Secure payment processing
Stripe, M-Pesa (Safaricom)
Shipping & Delivery
Order fulfillment and delivery
Posta Kenya, Local Couriers
Email Services
Transactional and marketing emails
Mailchimp
Analytics
Website performance and user behavior analysis
Google Analytics, Hotjar
Cloud Storage
Secure data storage and backup
Vercel Blob Storage, Google Cloud
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete such information.
For users between 13-18 years old, we recommend parental guidance when using our services and making purchases.
Some of our service providers may be located outside Kenya. When we transfer your personal information internationally, we ensure appropriate safeguards are in place.
We only work with service providers who provide adequate protection for your personal information and comply with applicable data protection laws.
If you have concerns about international data transfers, please contact our privacy team for more information about the safeguards we have in place.
Questions About Your Privacy?
Our privacy team is here to help you understand and exercise your privacy rights.