Back to home

Privacy Policy

Last updated: February 24, 2026

PHPWord

PRIVACY POLICY FOR PANGOLIN PUBLICATIONS LIMITED

Last Updated: 2026

INTRODUCTION

Pangolin Publications Limited ("Pangolin," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal data when you access our website and services, including studying materials, renting books, and other educational resources, in compliance with the Tanzania Data Protection Act, No. 5 of 2022 ("Data Protection Act") and other applicable laws.

We act as a data controller with respect to your personal data. Please read this Privacy Policy carefully to understand our practices. By using our Services, you acknowledge that you have read and understood this policy.

Your use of our website is also governed by our Terms and Conditions.

1. PERSONAL DATA WE COLLECT

1.1 Information You Provide Directly

Identity and Contact Data:

 Your full name, email address, phone number, and password (required for account creation).

Account Details:

 Your username, profile information, and preferences.

Transaction Data:

 Information about products or services you purchase, rent, or subscribe to, including order history and rental periods.

Payment Data:

 Payment method details (processed through our secure payment partners; we do not store full payment card numbers).

Communications:

 Any correspondence you send to us, including customer support inquiries and feedback.

Delivery Information:

 Your physical address and delivery preferences for physical book rentals.

1.2 Information Collected Automatically

Usage Data:

 How you interact with our website and Services, including pages visited, time spent, features used, and content accessed.

Device Data:

 Information about your device, including IP address, browser type, operating system, and device identifiers.

Location Data:

 Approximate geographic location based on your IP address for fraud prevention and service optimization.

1.3 Information from Third Parties

We may receive information from payment processors, delivery services, or analytics providers to support our Services.

1.4 Special Categories of Data

We do not intentionally collect sensitive personal data (such as biometric data, health information, or political opinions). If you provide such information inadvertently, you consent to its processing as described in this policy.

2. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances and based on these lawful bases:

Purpose

Lawful Basis

To register and manage your account

Performance of a contract with you

To process transactions, deliver services, and confirm rentals

Performance of a contract with you

To communicate with you about your account and service updates

Performance of a contract; Legal obligation

To improve our services and develop new products

Legitimate interests (to improve our offerings)

To analyze usage patterns and optimize user experience

Legitimate interests (to enhance our Services)

To send you marketing communications

Consent (which you may withdraw at any time)

To comply with legal obligations (e.g., tax, accounting)

Legal obligation

To prevent fraud and enhance security

Legitimate interests (to protect our business and users)

 

2.1 Marketing Communications

We will only send you direct marketing communications if you have provided your explicit consent (opt-in). You have the right to withdraw your consent at any time by clicking the "unsubscribe" link in our emails or contacting us directly.

2.2 Automated Decision-Making

We do not currently engage in automated decision-making that produces legal effects concerning you. If this changes, we will notify you and provide information about the logic involved.

3. DISCLOSURE OF YOUR PERSONAL DATA

We do not sell, rent, or trade your personal data. We may share your personal data with the following categories of recipients for legitimate business purposes:

3.1 Service Providers and Business Partners

We engage trusted third parties to assist us in operating our business, including:

Payment processors

 (to handle transactions securely)

Delivery and logistics partners

 (for physical book rentals)

IT service providers

 (hosting, maintenance, analytics)

Customer support platforms

Marketing partners

 (only with your consent)

All service providers are contractually bound to process your data only on our instructions, maintain appropriate security measures, and comply with the Data Protection Act.

3.2 Legal and Regulatory Disclosures

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order, law enforcement request).

3.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and outline your choices.

3.4 International Transfers

Your personal data may be transferred to, and processed in, countries outside Tanzania. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

Transferring to countries deemed adequate by Tanzanian law

Using standard contractual clauses approved by relevant authorities

Obtaining your explicit consent where required

4. DATA SECURITY

4.1 Our Security Measures

We have implemented appropriate technical and organizational security measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. These measures include:

Encryption of data in transit (SSL/TLS)

Secure data storage with access controls

Regular security assessments and monitoring

Staff training on data protection

4.2 Your Responsibilities

Your password is your responsibility. You should choose a strong password, keep it confidential, and not share it with anyone. If you believe your account has been compromised, you must change your password immediately and notify us.

4.3 No Guarantee

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we will promptly notify you and relevant authorities (as required by law) in the event of a data breach that affects your rights and freedoms.

4.4 Breach Notification

If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify you and the Tanzania Data Protection Commissioner without undue delay, as required by the Data Protection Act.

 


5. YOUR RIGHTS

Under the Tanzania Data Protection Act, No. 5 of 2022, you have the following rights regarding your personal data:

Right

What It Means

Right to Access

You may request a copy of the personal data we hold about you

Right to Rectification

You may request correction of inaccurate or incomplete data

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data where there is no compelling reason for continued processing

Right to Restrict Processing

You may request that we limit how we use your data in certain circumstances

Right to Data Portability

You may request a copy of your data in a structured, commonly used format

Right to Object

You may object to processing based on legitimate interests or direct marketing

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time

Right to Lodge a Complaint

You have the right to complain to the Tanzania Data Protection Commissioner

5.1 How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in Section 10. We will respond to your request within thirty (30) days (as required by law). We may need to verify your identity before processing your request.

5.2 No Fee Usually Required

You will not usually have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

6. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

6.1 Retention Periods

Account Data:

 Retained for as long as your account is active, plus a reasonable period afterward to allow for account reactivation or as required by law.

Transaction Data:

 Retained for 

seven (7) years

 to comply with tax and accounting laws.

Marketing Data:

 Retained until you withdraw consent or opt-out.

Usage Data:

 Retained for analytics purposes for a period not exceeding 

twenty-four (24) months

.

6.2 Secure Disposal

When personal data is no longer required, we will securely delete or anonymize it so that it can no longer be associated with you.

7. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar tracking technologies to enhance user experience, analyze traffic, and personalize content.

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website.

7.2 Types of Cookies We Use

Essential Cookies:

 Required for the website to function (e.g., login sessions, security). These cannot be disabled.

Functional Cookies:

 Remember your preferences and settings.

Analytics Cookies:

 Help us understand how visitors interact with our website (e.g., Google Analytics).

Marketing Cookies:

 Used to deliver relevant advertisements (with your consent).

7.3 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality. For more details, please contact us.

8. CHILDREN'S PRIVACY

Our Services are intended for users who are at least 18 years of age or the age of majority in their jurisdiction. We do not knowingly collect personal data from children under 18 without verifiable parental consent.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or industry standards.

Minor changes:

 Will be effective upon posting, with the "Last Updated" date revised.

Material changes:

 We will notify you by email (if we have your contact information) or through a prominent notice on our website before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

10. CONTACT INFORMATION

10.1 Our Contact Details

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Pangolin Publications Limited
Physical Address: [Insert Full Street Address], Dar es Salaam, Tanzania
Email: [Insert Privacy Email Address]
Phone: [Insert Phone Number]
Data Protection Officer: [Insert Name/Title, if applicable]

10.2 Regulator Contact

You have the right to lodge a complaint with the supervisory authority:

Tanzania Data Protection Commissioner
Address: [Insert Official Address]
Website: [Insert Official Website]
Email: [Insert Official Email]

ACKNOWLEDGMENT: BY USING THE PANGOLIN PUBLICATIONS SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.

© 2026 Pangolin Publications Limited. All rights reserved.