Last Updated: 01/11/2025

At Wondernut International EPZ Ltd, we are committed to protecting the privacy, confidentiality, and security of all personal and business data entrusted to us.
This policy outlines how we collect, process, store, and safeguard personal information in compliance with national and international data protection regulations.

1. Purpose

The purpose of this policy is to ensure that Wondernut manages personal data responsibly, transparently, and lawfully, while maintaining the trust of our employees, clients, suppliers, and partners.

2. Scope

This policy applies to all personal data processed by Wondernut International EPZ Ltd, including:

• Employee, client, and supplier information.

• Business partner and stakeholder records.

• Any other personal data collected through our websites, systems, or business operations.

It applies to all employees, contractors, and third parties acting on behalf of the company.

3. Principles of Data Protection

Wondernut adheres to the following principles:

a. Lawfulness, Fairness & Transparency
Data is collected and processed legally, fairly, and openly, with clear communication about its purpose.

b. Purpose Limitation
Data is used solely for the purpose for which it was collected and not for unrelated activities.

c. Data Minimization
Only data that is relevant and necessary is collected and retained.

d. Accuracy
All personal data must be accurate and kept up to date. Inaccurate information is corrected promptly.

e. Storage Limitation
Data is stored only for as long as required by law or business necessity, after which it is securely deleted or anonymized.

f. Integrity & Confidentiality
All data is handled using secure systems and processes to prevent unauthorized access, alteration, loss, or disclosure.

g. Accountability
Wondernut is responsible for demonstrating compliance with all data protection principles and applicable laws.

4. Data Collection & Use

We collect personal data only when necessary for:

• Business communications, quotations, and contracts.

• Employment and human resource management.

• Supplier management and regulatory compliance.

• Customer service, order fulfillment, and marketing (where consent is given).

We do not sell, rent, or trade personal data to third parties.

5. Data Security

Wondernut employs physical, digital, and organizational safeguards to protect data, including:

• Secure servers and encrypted databases.

• Restricted system access and password protection.

• Staff training on data privacy and handling protocols.

• Secure document storage and disposal procedures.

6. Data Sharing & Third Parties

Personal data may be shared only with authorized third parties who assist in business operations (e.g., logistics, certification bodies, payment processors).
All third parties are bound by confidentiality agreements and must comply with equivalent data protection standards.

7. Data Subject Rights

Individuals have the right to:

• Access their personal data held by Wondernut.

• Request correction or deletion of their information.

• Withdraw consent to data processing (where applicable).

• Lodge complaints regarding misuse or breaches of their data.

Requests can be made by contacting our Data Protection Officer (DPO).

8. International Data Transfers

Where data is transferred across borders, Wondernut ensures it is protected under lawful safeguards consistent with international data protection frameworks.

9. Breach Management

Any data breach or suspected compromise is reported immediately to the Data Protection Officer, investigated thoroughly, and managed in accordance with legal requirements — including notification to affected individuals and authorities where applicable.

10. Roles & Responsibilities

• Data Protection Officer (DPO): Oversees policy compliance, training, and breach management.

• Employees: Must handle all personal data responsibly and report potential breaches.

• Management: Ensures systems, contracts, and vendors align with this policy.

11. Policy Review

This policy is reviewed annually or as required by changes in data protection legislation.

12. Contact Information

For questions or data-related requests, please contact:

Wondernut International EPZ Ltd
Athi River EPZ, Machakos County, Kenya
📧 Email: [Insert DPO or compliance email]
🌐 Website: www.wondernutint.com

At Wondernut, protecting your data is protecting your trust.
We handle every piece of information with the same care and integrity that defines our business.