GDPR Compliance

Last updated: 10/14/2025

1. Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union (EU). Tuwash is committed to complying with GDPR requirements and protecting the privacy rights of all our users, including those in the EU.

This page outlines our GDPR compliance measures and your rights as a data subject under the regulation.

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

Consent (Article 6(1)(a))

When you explicitly consent to data processing, such as receiving marketing communications or using optional features.

Contract Performance (Article 6(1)(b))

To provide our laundry management services, process bookings, and facilitate payments as agreed in our Terms of Service.

Legitimate Interests (Article 6(1)(f))

For platform security, fraud prevention, analytics, and service improvement, where our interests do not override your fundamental rights.

Legal Obligation (Article 6(1)(c))

To comply with applicable laws, such as tax regulations, financial reporting, and law enforcement requests.

3. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and access to that data, including information about the purposes and recipients.

How to exercise: Contact us at privacy@tuwash.com or use our data export feature in account settings.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

How to exercise: Update your profile information directly in your account settings.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as when data is no longer necessary or consent is withdrawn.

How to exercise: Use the account deletion feature or contact us at hello@bytenuru.com.

Request Deletion

Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

How to exercise: Contact us at privacy@tuwash.com with your request.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

How to exercise: Use our data export feature in account settings or contact us at privacy@tuwash.com.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

How to exercise: Update your communication preferences in account settings or contact us at privacy@tuwash.com.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or similarly significant effects.

How to exercise: Contact us at privacy@tuwash.com if you believe automated decisions are affecting you.

4. Data Protection Measures

We implement comprehensive data protection measures to ensure GDPR compliance:

4.1 Technical Safeguards

  • End-to-end encryption for data transmission
  • Encryption at rest for stored personal data
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Secure development practices and code reviews

4.2 Organizational Safeguards

  • Data protection impact assessments (DPIAs)
  • Privacy by design and default principles
  • Staff training on data protection
  • Data processing agreements with third parties
  • Regular compliance audits and reviews

4.3 Data Minimization

  • Collect only necessary personal data
  • Limit data processing to specified purposes
  • Implement data retention policies
  • Regular data purging and anonymization

5. Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

Adequacy Decisions

We transfer data to countries that have been deemed adequate by the European Commission.

Standard Contractual Clauses (SCCs)

We use EU-approved standard contractual clauses for transfers to third countries.

Certification Schemes

We work with certified service providers who maintain appropriate data protection standards.

6. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and its consequences
  • Explain measures taken to address the breach
  • Offer guidance on protective steps you can take

7. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance:

Email: dpo@tuwash.com

Address: Data Protection Officer
Tuwash Privacy Team
ByteNuru Technologies
Nairobi, Kenya

Phone: +254 XXX XXX XXX

8. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. The relevant authority depends on your location:

  • Your country of residence
  • Your place of work
  • The place where the alleged infringement occurred

You can find a list of supervisory authorities at:https://edpb.europa.eu/about-edpb/board/members_en

9. Exercising Your Rights

To exercise your GDPR rights, you can:

  • Use our self-service features in your account settings
  • Contact us at privacy@tuwash.com
  • Write to our Data Protection Officer at dpo@tuwash.com
  • Use our online request forms (when available)

We will respond to your request within one month of receipt. If we need more time, we will inform you of the reasons and the expected timeframe.

10. Updates to This Policy

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. We will notify you of significant changes and update the "Last updated" date accordingly.

11. Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us:

General Privacy Inquiries: hello@bytenuru.com

Data Protection Officer: hello@bytenuru.com

Address: Tuwash Privacy Team
ByteNuru
Nairobi, Kenya

Phone: available on request