GDPR Policy

At soko.tz, we are committed to protecting your personal data and respecting your privacy. This GDPR Policy explains how we collect, use, disclose, and protect personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Who This Policy Applies To
This Policy applies to users of soko.tz who are located in the European Union (EU) or European Economic Area (EEA), or whose data is processed by us in the context of EU law.

2. Data We Collect
We may collect and process the following categories of personal data:

Identity Information: name, username, date of birth

Contact Information: email address

Account Data: login credentials, profile details, preferences

Transaction Data: purchase history, payment details (processed via secure third parties)

Usage Data: device information, IP address, browser type, log files

Communication Data: messages, support requests, feedback

We do not collect or process sensitive personal data unless legally required and with your explicit consent.

3. Legal Bases for Processing
We process your personal data on the following legal bases:

Consent: when you voluntarily provide information or agree to marketing

Contract: when necessary to fulfill a contract with you (e.g., processing transactions)

Legal Obligation: to comply with legal or regulatory requirements

Legitimate Interests: for platform security, fraud prevention, service improvement

4. How We Use Your Data
We use your personal data to:

Register and manage your account

Enable buying, selling, and communication on the platform

Process transactions securely

Provide customer support

Send important notifications (e.g., account activity, updates)

Improve our services and user experience

Comply with legal obligations

5. Data Sharing
We may share your data with:

Service providers (e.g., payment processors, hosting providers)

Law enforcement or regulatory bodies when required by law

Other users of the platform for transaction-related purposes (limited data only)

We do not sell or rent your personal data.

6. Data Transfers Outside the EU
If personal data is transferred outside the EU/EEA, we ensure it is protected using appropriate safeguards, such as:

Standard Contractual Clauses (SCCs)

Transfers to countries deemed to have adequate protection by the European Commission

7. Data Retention
We retain your data only for as long as necessary to fulfill the purposes it was collected for, including legal, accounting, or reporting obligations. You may request deletion of your data at any time, subject to legal limitations.

8. Your GDPR Rights
Under the GDPR, you have the right to:

Access the personal data we hold about you

Rectify inaccurate or incomplete data

Erase your data (“right to be forgotten”)

Restrict processing in certain circumstances

Object to processing for direct marketing or legitimate interests

Data portability – request transfer of your data to another provider

Withdraw consent at any time, where processing is based on consent

Lodge a complaint with a supervisory authority

To exercise your rights, please use the contact form on our platform or submit a request via your account settings.

9. Data Security
We implement technical and organizational measures to protect your data from loss, misuse, and unauthorized access. These include encryption, access controls, and regular audits.

10. Changes to This Policy
We may update this GDPR Policy from time to time. Any changes will be posted on this page with the updated effective date. Continued use of our platform after changes means you accept the updated Policy.