PRIVACY POLICY

KROOT ENTERPRISES LIMITED

PRIVACY POLICY

Last Updated: January 2026

---

1. INTRODUCTION

KROOT Enterprises Limited ("KROOT," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.krootenterprises.com) or engage our services.

By using our website or services, you agree to the collection and use of information in accordance with this policy.

---

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information that you provide to us directly, including:

- Personal Identification Information: Name, email address, phone number, company name, job title

- Project Information: Technical specifications, site location, energy requirements, project scope

- Communication Preferences: Preferred contact method, language preference

- Business Information: Company size, industry, budget range

2.2 Information We Collect Automatically

When you visit our website, we automatically collect certain information, including:

- Technical Data: IP address, browser type, operating system, device information

- Usage Data: Pages visited, time spent on pages, navigation paths, referral sources

- Location Data: City and country level location (derived from IP address)

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

- Enable website functionality

- Analyze site usage and performance

- Improve user experience

You can control cookies through your browser settings, though some website features may not function properly if cookies are disabled.

---

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

3.1 Service Delivery

- Responding to inquiries and service requests

- Providing project proposals and technical assessments

- Delivering contracted services (installation, maintenance, consulting)

- Managing project schedules and communications

3.2 Business Operations

- Processing payments and maintaining financial records

- Improving our website and services

- Conducting internal research and analysis

- Complying with legal and regulatory obligations

3.3 Marketing Communications

- Sending service updates and technical bulletins

- Sharing industry insights and energy efficiency tips

- Announcing new services and capabilities

You may opt out of marketing communications at any time by:

- Clicking the "unsubscribe" link in emails

- Contacting us at ephiri@krootenterprises.com

- Updating your communication preferences

---

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do NOT:

- Sell or rent your personal information to third parties

- Share your information for third-party advertising purposes

- Disclose your project details to competitors

4.2 We May Share Information With:

- Service Providers: Third-party vendors who assist with business operations (e.g., Google Workspace for email, cloud storage)

- Legal Authorities: When required by law, court order, or government regulation

- Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to affected parties)

- Professional Advisors: Lawyers, accountants, and consultants bound by confidentiality obligations

4.3 Project-Specific Sharing

With your explicit consent, we may share:

- Technical specifications with equipment suppliers

- Site information with subcontractors

- Project details with financing partners

---

5. DATA SECURITY

5.1 Security Measures

We implement industry-standard security measures to protect your information:

- Encryption: SSL/TLS encryption for data transmission

- Access Controls: Limited employee access to personal data (role-based permissions)

- Secure Storage: Cloud storage with encryption at rest (Google Workspace)

- Regular Audits: Periodic security assessments and vulnerability testing

- Password Protection: Strong password policies and multi-factor authentication

5.2 Project Data Protection

Technical specifications and project documentation are:

- Stored in access-controlled cloud systems

- Never shared with competitors or unauthorized parties

- Retained only for the duration necessary for project delivery and legal compliance

5.3 Data Breach Protocol

In the unlikely event of a data breach, we will:

- Notify affected individuals within 72 hours

- Report to relevant regulatory authorities as required

- Take immediate steps to contain and remediate the breach

- Provide guidance on protective measures you can take

---

6. DATA RETENTION

We retain your information for the following periods:

- Contact Inquiries: 2 years from last contact

- Project Data: Duration of project + 7 years (for warranty and legal purposes)

- Billing Records: 7 years (as required by Zambian tax law)

- Marketing Data: Until you opt out or request deletion

After retention periods expire, data is securely deleted or anonymized.

---

7. YOUR RIGHTS AND CHOICES

You have the right to:

7.1 Access and Portability

- Request a copy of your personal data we hold

- Receive your data in a structured, machine-readable format

7.2 Correction and Updates

- Request correction of inaccurate or incomplete information

- Update your contact details and preferences

7.3 Deletion (Right to be Forgotten)

- Request deletion of your personal data

- Note: We may retain certain information for legal compliance or legitimate business purposes

7.4 Restriction and Objection

- Restrict processing of your personal data

- Object to marketing communications

- Withdraw consent for data processing

7.5 Complaint

- Lodge a complaint with us about our data handling practices

- Contact relevant data protection authorities if unsatisfied with our response

To exercise these rights, contact us at: ephiri@krootenterprises.com

---

8. THIRD-PARTY SERVICES

8.1 Services We Use

Our website and operations utilize the following third-party services:

- Google Workspace: Email, forms, document storage, calendar

- Google Analytics: Website traffic and usage analysis

- Google Sites: Website hosting

- Buffer: Social media management

Each service has its own privacy policy. We ensure all third-party processors meet our data protection standards.

8.2 External Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review their privacy policies.

---

9. CHILDREN'S PRIVACY

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

---

10. INTERNATIONAL DATA TRANSFERS

KROOT operates primarily in Zambia and South Africa. If you are accessing our services from outside these countries, please be aware that:

- Your information may be transferred to and processed in Zambia or South Africa

- We will ensure appropriate safeguards are in place for international transfers

- Data protection standards may differ from those in your country

---

11. DATA SOVEREIGNTY

We recognize the importance of data sovereignty for African businesses. Unless otherwise specified:

- Your data is stored on servers within Africa or with providers committed to African data residency

- We do not transfer sensitive business or project data outside Africa without explicit consent

- You may request specific data residency requirements for your project

---

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

- Changes in our practices

- Legal or regulatory requirements

- New services or features

Changes will be posted on this page with an updated "Last Updated" date. We will notify you of material changes via:

- Email (to your registered address)

- Prominent notice on our website

Continued use of our services after changes constitutes acceptance of the updated policy.

---

13. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

KROOT Enterprises Limited

Email: info@krootenterprises.com

Phone: (ZM):+260 967 44 7637 | (ZA):+27 81 090 8113

Regional Office:

Johannesburg, South Africa

Response Time: We aim to respond to privacy inquiries within 5 business days.

---

14. LEGAL BASIS FOR PROCESSING (GDPR/POPIA COMPLIANCE)

For users in jurisdictions with comprehensive data protection laws (e.g., South Africa's POPIA), we process your information based on:

- Consent: You have given clear consent for specific processing activities

- Contract: Processing is necessary to fulfill our contractual obligations

- Legal Obligation: Processing is required to comply with legal requirements

- Legitimate Interests: Processing is necessary for our legitimate business interests (balanced against your rights)

---

15. AUTOMATED DECISION-MAKING

We use automated systems (AI) for:

- Lead scoring and prioritization

- Service recommendations based on project requirements

- Content personalization

These systems do not make decisions that significantly affect you without human review. You have the right to:

- Request human review of automated decisions

- Challenge or appeal automated outcomes

- Opt out of automated processing where feasible

---

END OF PRIVACY POLICY

---

For the most current version of this policy, visit:

www.krootenterprises.com/privacy-policy

© 2026 KROOT Enterprises Limited. All rights reserved.