Privacy Policy

Last updated: October 17, 2025
Who we are: Sarrai Group (“Sarrai”, “we”, “our”, “us”)
Website: https://www.sarraigroup.com (the “Site”)
Privacy contact (all requests): privacy@sarraigroup.com

This policy explains what data we collect on the Site, how we use and share it, how long we keep it, and your choices and rights. If you have any question at all, email privacy@sarraigroup.com.

1) Information We Collect

1.1 Information you provide directly

  • Contact forms & inquiries: name, email, phone, company, location, message, and attachments.

  • Procurement & vendor forms: company details, tax/regulatory identifiers, references, categories, and tender submissions.

  • Careers: CV/resume, cover letter, work history, education, certifications, references, assessments/interviews.

  • Newsletter & alerts: name and email preferences.

  • Events & visits: ID details for site access, emergency contact, and PPE sizes (where relevant).

1.2 Information collected automatically

  • Device/usage data: IP address, device/browser, pages visited, timestamps, referral/UTM, and approximate location derived from IP.

  • Cookies & similar tech: cookies, pixels, and local storage (see Section 7).

1.3 Information from third parties

  • Analytics & communications tools (aggregated engagement metrics).

  • Recruitment portals/referees (if you apply via third-party systems or supply references).

  • Public sources (company registers, sanction lists, media) for vendor vetting and due diligence.

2) How We Use Your Information

We process personal data to:

  • Operate and improve the Site (diagnostics, analytics, security).

  • Respond to inquiries (sales, media, community, sustainability).

  • Manage procurement/vendor processes (registration, prequalification, tendering, evaluation, contracting, compliance).

  • Run careers & HR processes (applications, assessments, interviews, onboarding).

  • Send communications (transactional notices and, with consent where required, newsletters/updates).

  • Protect the business (fraud prevention, security monitoring, legal compliance, dispute resolution).

Legal bases (examples): consent (newsletters/certain cookies), contract (responding to requests you initiate), legitimate interests (improving and securing the Site, B2B communications), and legal obligation (regulatory/tax retention).

3) How We Share Information

We do not sell personal information. We may share with:

  • Service providers/processors (hosting, security/CDN, analytics, email delivery, recruitment/tender systems, cloud storage) under contracts requiring confidentiality and lawful processing.

  • Professional advisers (legal, audit, risk).

  • Affiliates/Group companies (Uganda, Kenya, Malawi) for the uses described here.

  • Authorities where required by law or to protect rights, safety, or property.

  • Corporate transactions (merger, acquisition, restructuring), with appropriate safeguards.

4) International Transfers

We operate across Uganda, Kenya, and Malawi, and may process data in other countries. Where law requires, we implement appropriate safeguards (e.g., Standard Contractual Clauses, inter-company agreements, technical and organizational measures) for international transfers.

5) Security

We apply administrative, technical, and physical measures—least-privilege access, TLS encryption in transit, vendor security reviews, logging/monitoring, and staff training. No system is perfectly secure; if you suspect unauthorized access, contact privacy@sarraigroup.com.

6) Data Retention

We keep personal data only as long as needed for the purposes above and to meet legal, accounting, or reporting requirements. Examples:

  • Contact & sales inquiries: up to 24 months after last interaction.

  • Vendor & tender records: duration of the relationship + 7 years (or as required by law).

  • Careers (unsuccessful): up to 24 months (with consent where required).

  • Cookie/analytics data: per cookie type (see Section 7).

7) Cookies & Similar Technologies

We use cookies/pixels for functionality, performance, and measurement.

Categories

  • Strictly necessary (security, load balancing, form submission).

  • Performance/analytics (aggregated usage).

  • Functional (preferences like language).

  • Advertising/retargeting (only if enabled; see banner).

Your choices

  • Manage preferences via our Cookie Settings link/banner.

  • You can also block or delete cookies in your browser (may affect functionality).

  • In certain regions, we request opt-in for non-essential cookies.

8) Your Rights

Depending on your location (e.g., Uganda DPPA 2019, Kenya DPA 2019, Malawi law, GDPR/UK GDPR, CPRA), you may have the right to access, rectify, erase, restrict, or object to processing; data portability; and to withdraw consent (where processing relies on consent). You may also have the right to lodge a complaint with a data protection authority.

How to exercise your rights: email privacy@sarraigroup.com with your name, the right(s) you wish to exercise, and enough information to verify your identity. We will respond within applicable legal timeframes.

9) Marketing Communications

We send transactional/service messages when needed (e.g., responses to inquiries, tender communications). For newsletters/promotions, we seek consent where required. You can unsubscribe at any time via the email link or by writing to privacy@sarraigroup.com.

10) Children’s Privacy

The Site is not intended for children under 16 (or the age defined by local law). We do not knowingly collect data from children. If you believe a child provided data to us, email privacy@sarraigroup.com and we will take appropriate steps.

11) Third-Party Links

Our Site may contain links to third-party websites or services. Their privacy practices are not covered by this policy. Review their policies before submitting data.

12) Country/Region Notes (Summary)

  • Uganda (DPPA 2019): We follow principles of fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality, and accountability.

  • Kenya (DPA 2019): We observe data protection principles and maintain appropriate technical/organizational measures.

  • EU/UK (GDPR/UK GDPR): Where applicable, we rely on the legal bases in Section 2 and provide the rights in Section 8.

  • California (CPRA): We do not “sell” or “share” personal information as defined for cross-context behavioral advertising. For CPRA-style requests, email privacy@sarraigroup.com.

13) Changes to This Policy

We may update this policy from time to time. We will post the revised version with a new “Last updated” date and, where required, provide additional notice.

14) How to Contact Us

All privacy inquiries, rights requests, incident reports, and questions should be sent to:
privacy@sarraigroup.com

Plain-Language Summary

  • We collect contact, vendor, and careers data you submit; and basic analytics via cookies.

  • We use your data to operate the Site, answer requests, manage procurement and hiring, improve services, and comply with law.

  • We don’t sell your data; we share it with service providers and group companies under safeguards.

  • You can exercise your data rights or ask questions anytime at privacy@sarraigroup.com.

Privacy Policy

Copyright © 2025 Sarrai group. All Rights Reserved.

Powered by Toptecvalley