1. INTRODUCTION AND SCOPE

La Sambara Estate is a wine brand produced and owned by Seven Mavericks Limited (“Seven Mavericks”, “we”, “us”, or “our”), a company incorporated under the laws of the Republic of Kenya. We operate the e-commerce website at www.lasambara.com (the “Site”), through which we sell La Sambara wine products including our Chenin Blanc and Shiraz, organically grown and crafted in Meru, Kenya.

We are deeply committed to protecting the privacy and personal data of every visitor, customer, and subscriber who interacts with our Site. This Privacy Policy (“Policy”) explains how we collect, use, store, share, and protect your personal data when you:

• Visit or browse our Site;
• Create an account or register on the Site;
• Place an order for La Sambara wine products;
• Subscribe to our newsletter or marketing communications;
• Complete an age verification check;
• Contact us through any online form, email, or telephone;
• Interact with us through social media platforms.

This Policy is issued in compliance with the Kenya Data Protection Act, 2019 (“DPA”), the Kenya Information and Communications Act (Cap. 411A), and any applicable subsidiary legislation. We encourage you to read this Policy carefully before using the Site. By using our Site or providing us with your personal data, you consent to the practices described in this Policy.

This Policy applies to all personal data processed by Seven Mavericks Limited acting as the Data Controller in relation to La Sambara Estate. Our Site is built on WordPress and powered by WooCommerce for e-commerce functionality.

2. WHO CONTROLS YOUR DATA

Seven Mavericks Limited is the Data Controller responsible for the personal data collected through the La Sambara Estate website. As Data Controller, we determine the purposes for which, and the manner in which, your personal data is processed.

If you have any questions, concerns, or requests relating to your personal data or this Policy, please contact our designated Data Protection contact:

Name:  Seven Mavericks Limited — Data Protection Contact

Email:  info@lasambara.com

Address:  P.O. Box 28, 60200, Meru, Kenya

Website:  www.lasambara.com

Telephone:  +254 722 561 219

3. PERSONAL DATA WE COLLECT

We collect various categories of personal data depending on how you interact with our Site. The categories are as follows:

3.1  Account and Registration Data

When you create an account on our WooCommerce-powered Site, we collect:

• Full name
• Email address
• Password (stored in encrypted form)
• Date of birth (used for age verification- see Section 3.6 below)
• Customer ID (automatically assigned)

3.2  Order and Transaction Data

When you place an order, WooCommerce collects information necessary to fulfil and deliver your order, including:

• Billing name, address, and contact number
• Shipping name and delivery address
• Product(s) ordered, quantities, and order history
• Order reference number and date of purchase
• Special delivery instructions

3.3  Payment Data

Payment information is collected and processed securely by our third-party payment gateway provider. We do not store your complete card details on our servers. The following data may be recorded for order management purposes:

• Payment method (e.g., card type, mobile money)
• Transaction reference number
• Payment status (approved, failed, refunded)
• Partial payment identifiers as provided by the payment gateway

3.4  Contact and Enquiry Data

When you contact us via the Site’s contact form, email, or telephone, we collect:

• Your name and contact details
• The content of your message, feedback, or complaint
• Correspondence records

3.5  Marketing and Communication Preferences

If you choose to subscribe to our mailing list or opt in to marketing communications, we collect:

• Email address
• Name
• Product preferences (if provided)
• Opt-in/opt-out consent records and timestamps

3.6  Age Verification Data

As La Sambara products are alcoholic beverages, we are required under the Alcoholic Drinks Control Act (Cap. 121) to ensure that our products are not sold to persons under 18 years of age. To comply with this legal obligation, we collect:

• Date of birth (entered during account registration or checkout)
• Age confirmation declarations made during the checkout process
• Records of age verification consent for compliance purposes

This data is used solely for the purpose of verifying that you are of legal drinking age and complying with Kenyan law. We do not use age verification data for marketing or profiling purposes.

3.7  Technical and Browsing Data

When you visit our Site, we automatically collect certain technical information through WordPress and WooCommerce platform tools:

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited, time spent on Site, and click patterns
• Referral source (how you found our Site)
• Search queries submitted on the Site
• Cookie identifiers and session data (see Section 8)

3.8  Social Media Data

If you interact with us via social media platforms or choose to connect your social media account to our Site, we may receive:

• Your public profile information (name, profile picture)
• Social media handle or username
• Comments, messages, or content you post on our social media pages

4. HOW AND WHY WE USE YOUR PERSONAL DATA

We will only process your personal data where we have a lawful basis to do so under the Kenya Data Protection Act, 2019. The following table explains the purposes for which we use your data and the legal basis we rely upon:

Where we rely on legitimate interests as our legal basis, we have assessed those interests and determined that they are not overridden by your rights and freedoms. You may object to processing based on legitimate interests — please see Section 10 (Your Rights).

5. THIRD-PARTY SERVICES AND DATA SHARING

Our Site is built on WordPress and WooCommerce. To operate the Site effectively and provide you with a complete shopping experience, we work with a number of carefully selected third-party service providers. We only share your personal data with third parties to the extent necessary and in accordance with applicable law.

5.1  Third-Party Service Providers

We do not sell your personal data to any third party. We do not share your personal data with third parties for their own marketing purposes without your explicit consent.

5.2  Legal Disclosures

We may disclose your personal data without your consent where required or permitted by law, including:

• In response to a valid court order, warrant, or legal process;
• To comply with any applicable legal or regulatory obligation under Kenyan law;
• To protect the rights, safety, or property of Seven Mavericks Limited, our customers, or the public;
• In connection with the investigation or prevention of fraud or criminal activity;
• In the event of a merger, acquisition, or sale of business assets, subject to appropriate confidentiality obligations.

5.3  International Data Transfers

Some third-party service providers (such as Google Analytics, email marketing platforms, and cloud hosting services) may process your data outside the Republic of Kenya. Where such transfers occur, we take steps to ensure that your data is protected to a standard equivalent to that required by the Kenya Data Protection Act, 2019, including by relying on contractual safeguards, standard contractual clauses, or ensuring the recipient country offers adequate protection.

6. ALCOHOL SALES, AGE RESTRICTION, AND REGULATORY COMPLIANCE

La Sambara wines are alcoholic beverages. By law, we are prohibited from selling or supplying alcohol to any person under 18 years of age. In compliance with the Alcoholic Drinks Control Act (Cap. 121) of Kenya and the Kenya Bureau of Standards (KEBS) requirements, we process certain personal data specifically to verify that all customers are of legal drinking age.

The following mandatory regulatory warnings apply to all La Sambara products and interactions on this Site:

EXCESSIVE CONSUMPTION OF ALCOHOL IS HARMFUL TO YOUR HEALTH

EXCESSIVE CONSUMPTION OF ALCOHOL IMPAIRS JUDGMENT

DO NOT OPERATE MACHINERY

NOT FOR SALE TO PERSONS UNDER THE AGE OF 18

Age verification data (including date of birth and age declarations) collected through the Site will be retained for the minimum period required to demonstrate regulatory compliance. This data will not be used for any other purpose.

7. HOW LONG WE RETAIN YOUR DATA

We retain your personal data only for as long as is necessary to fulfil the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

When your personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention procedures.

8. COOKIES AND TRACKING TECHNOLOGIES

Our Site uses cookies and similar tracking technologies to enhance your browsing experience, enable core shopping functionality, and gather analytics data. Cookies are small text files stored on your device when you visit a website.

8.1  Types of Cookies We Use

• Strictly Necessary Cookies — These are essential for the Site to function and cannot be disabled. They include WooCommerce session cookies (shopping cart contents, checkout state), WordPress authentication cookies, and security tokens.
• wp_woocommerce_session — Stores your shopping cart and session data
• wordpress_logged_in — Identifies logged-in users
• wordpress_sec / wordpress_test_cookie — Security and functionality
• Functional / Preference Cookies — These remember your choices and preferences, such as language settings and whether you have confirmed your age.
• Analytics Cookies — We use Google Analytics (or equivalent tools) to understand how visitors use the Site. These cookies collect anonymous, aggregated data about page views, session duration, and traffic sources. This data is used solely to improve the Site experience.
• Marketing / Targeting Cookies — Where you have provided consent, we may use third-party pixels (such as Facebook Pixel) to serve relevant advertisements about La Sambara products. These cookies track your browsing behaviour across websites for targeted advertising.

8.2  Managing Your Cookie Preferences

When you first visit the Site, you will be presented with a cookie consent banner allowing you to accept, reject, or customise your cookie preferences (except for strictly necessary cookies, which cannot be declined). You may update your preferences at any time via the cookie settings link in the Site footer.

You may also manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Site, including your ability to place orders. For detailed instructions on managing cookies, visit your browser’s help documentation.

8.3  Third-Party Tracking

Some third-party services integrated into our Site (such as Google Analytics, social media platforms, and payment processors) may place their own cookies on your device. These are governed by the respective third party’s privacy and cookie policies, which we encourage you to review.

9. DATA SECURITY

Seven Mavericks Limited takes the security of your personal data seriously and employs a range of technical and organisational measures to protect it from unauthorised access, loss, misuse, alteration, or disclosure.

9.1  Technical Safeguards

• SSL/TLS Encryption — Our Site is secured with SSL (Secure Sockets Layer) / TLS encryption. All data transmitted between your browser and our Site is encrypted. Look for the padlock icon and “https://” prefix in your browser’s address bar.
• Payment Security — Payment data is processed by PCI-DSS compliant third-party payment gateways. We do not store full card numbers or CVV details on our servers.
• Access Controls — Access to personal data is strictly limited to authorised personnel who need it to perform their duties. All staff are subject to confidentiality obligations.
• WooCommerce Security — We use up-to-date, security-patched versions of WordPress and WooCommerce, supplemented by security plugins and regular vulnerability scans.
• Firewalls and Intrusion Detection — Our hosting environment is protected by web application firewalls and intrusion detection systems.

9.2  Organisational Safeguards

• Staff training on data protection and security best practices;
• Regular review and audit of data processing activities;
• Data minimisation principles — we only collect what is necessary;
• Incident response procedures for data breaches.

9.3  Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Office of the Data Protection Commissioner of Kenya within seventy-two (72) hours of becoming aware of the breach, as required by the Data Protection Act, 2019. Where the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay.

If you suspect that your personal data has been compromised, please contact us immediately at info@lasambara.com

10. YOUR DATA PROTECTION RIGHTS

Under the Kenya Data Protection Act, 2019, you have the following rights with respect to your personal data. We will respond to all valid requests within thirty (30) days, or such extended period as may be permitted by law.

To exercise any of the above rights, please submit a written request to info@lasambara.com. We will acknowledge your request promptly and respond within thirty (30) days. In some cases, we may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya (“ODPC”) if you believe your data protection rights have been violated. Details of the ODPC are available at www.odpc.go.ke.

11. CHILDREN AND MINORS

La Sambara products are alcoholic beverages. Our Site is strictly not intended for use by persons under the age of 18 years. We do not knowingly collect personal data from minors.

If you are a parent or guardian and believe that a child under 18 has provided us with personal data or accessed our Site, please contact us immediately at info@lasambara.com. We will take prompt steps to delete such data and, where applicable, to cancel any associated order.

12. MARKETING COMMUNICATIONS AND OPT-OUT

12.1  Opt-In Marketing

We will only send you promotional emails, newsletters, and product updates if you have explicitly opted in to receive such communications. Your opt-in consent is recorded with a timestamp and email address at the time of subscription.

12.2  Opting Out

You may unsubscribe from marketing communications at any time by:

• Clicking the ‘unsubscribe’ or ‘manage preferences’ link included at the bottom of every marketing email;
• Logging into your account and updating your communication preferences;
• Contacting us directly at info@lasambara.com with the subject line ‘Unsubscribe’.

Opting out of marketing communications will not affect transactional emails (such as order confirmations, delivery updates, or account notifications), which are necessary to fulfil your order.

12.3  Social Media and Retargeting

Where you have consented via our cookie banner, we may use retargeting pixels (such as Facebook Pixel or Google Ads remarketing) to serve La Sambara advertisements to you on social media platforms. You may withdraw this consent at any time through our cookie settings. You may also manage your preferences directly within social media platform settings (e.g., Facebook Ad Preferences).

13. THIRD-PARTY WEBSITES AND LINKS

Our Site may contain links to third-party websites, social media platforms, or partner services. This Policy does not apply to those external sites. We are not responsible for the privacy practices or content of any third-party website. We encourage you to read the privacy policies of any external site you visit.

14. CHANGES TO THIS PRIVACY POLICY

We may update or revise this Policy from time to time to reflect changes in our data practices, legal obligations, or business operations. The revised Policy will be published on the Site with an updated effective date.

Where changes are material, we will notify you by email (if you have an account with us) or by displaying a prominent notice on the Site prior to the changes taking effect. Your continued use of the Site after such notice constitutes your acceptance of the updated Policy.

We encourage you to review this Policy periodically to stay informed about how we protect your personal data.

15. CONTACT US

If you have any questions, concerns, or requests relating to this Privacy Policy or how your personal data is handled, please contact us using the details below:

Data Controller:  Seven Mavericks Limited

Brand:  La Sambara Estate

Physical Address:  La Sambara Estate, P.O. Box 28, 60200, Meru, Kenya

Email:  info@lasambara.com

Website:  www.lasambara.com

Telephone:  +254 722 561 219

We aim to acknowledge all privacy-related queries within five (5) business days and to resolve them fully within thirty (30) days.

If you are dissatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya:

Office of the Data Protection Commissioner (ODPC) 

Website:  www.odpc.go.ke

Address:  Nairobi, Kenya