Privacy Policy

Welcome to Happy Wishy online shop (happywishy.co.ke). This is our updated privacy policy.

What personal data we collect and why we collect it

Personal data during checkout

We collect email, names, phone number and location precisely for shipping purposes.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Contact forms

Contact us form data will only be used for communication and the data will not be stored.

Cookies

If you leave a review on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Third party website cookies. We have a partnership with Trustpilot website which will store cookies on this site and also send you email reviews notifications.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

We do not share your data with any third parties apart from data which google analytics collects. The purpose of Google analytics data is because of marketing reasons and nothing more. That is personalized ads on AdWords.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Your contact information will only be used for communication purposes during the process of using our services only. Your email address may be used for notifications of new products available.

Additional information

How we protect your data

Your data is safe with us. We have a well-functioning security mechanism to secure your data throughout the use of our website. Your browsing information is also encrypted using a secure sockets layer(SSL) to prevent attackers who may be wanting to steal your data.

[Happy Wishy]

Anti-Money Laundering (AML) Program:

Compliance and Supervisory Procedures

UPDATED AS OF MONTH JANUARY,04 2025

1.                 Firm Policy

 

It is the policy of the firm to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the Anti-Money Laundering and Combating of Terrorism Laws (Amendment) Act, and its implementing regulations.

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the “placement” stage, where the cash generated from criminal activities is converted into monetary instruments, such as gift cards which can be used for checkout at websites, or deposited into digital wallet accounts for future use.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations

Our AML policies, procedures and internal controls are designed to ensure compliance with all applicable regulations and rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.

 

2.       AML Compliance Person Designation and Duties

The firm has designated an officer as its Anti-Money Laundering Program Compliance Person (AML Compliance Person), with full responsibility for the firm’s AML program. The officer has a working knowledge of AML laws and its implementing regulations and is qualified by experience, knowledge and training in banking, accounting, and finance. The duties of the AML Compliance Person will include monitoring the firm’s compliance with AML obligations, and overseeing communication and training for employees. The AML Compliance Person will also ensure that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports (SARs) are filed with the payment providers when appropriate. The AML Compliance Person is vested with full responsibility and authority to enforce the firm’s AML program.

The firm will use its official email and phone number as a communication tool with the relevant bodies in implementing this policy.

3.       Giving AML Information to Federal Law Enforcement Agencies and Other Financial Institutions

 

We will respond to any request concerning accounts and transactions by being given a court order requiring any purchase history of an individual or entity by immediately searching our records to determine whether we maintain or have maintained any account for, or have engaged in any transaction with, each individual, entity or organization within 7 days.

We will not disclose the fact that any authority body has requested or obtained information from us, except to the extent necessary to comply with the information request. Our AML officer will review, maintain, and implement procedures to protect the security and confidentiality of requests from law authorities and comply with the Data Processing Act (DPA0 of 2019 with regard to the protection of customers’ nonpublic information.

Unless otherwise stated in the court order Request, we will not be required to treat the information request as continuing in nature, and we will not be required to treat the periodic Requests as a government provided list of suspected terrorists for purposes of the customer identification and verification requirements.

           

  1. Grand Jury Subpoenas

 

 

We understand that the receipt of a grand jury subpoena concerning a customer does not in itself require that we file a Suspicious Activity Report (SAR). When we receive a grand jury subpoena, we will conduct a risk assessment of the customer subject to the subpoena as well as review the customer’s account activity. If we uncover suspicious activity during our risk assessment and review, we will elevate that customer’s risk assessment and file a SAR in accordance with the SAR filing requirements. We understand that none of our officers, employees or agents may directly or indirectly disclose to the person who is the subject of the subpoena its existence, its contents or the information we used to respond to it. To maintain the confidentiality of any grand jury subpoena we receive, we will process and maintain the subpoena by [assessing, reviewing and storing it on our records]. If we file a SAR after receiving a grand jury subpoena, the SAR will not contain any reference to the receipt or existence of the subpoena. The SAR will only contain detailed information about the facts and circumstances of the detected suspicious activity.

 

d.         Voluntary Information Sharing With Other Financial Institutions Under USA PATRIOT Act Section 314(b)

We will share information with other financial institutions regarding individuals, entities, organizations and countries for purposes of identifying and, where appropriate, reporting activities that we suspect may involve possible terrorist activity or money laundering. Our AML officer will ensure that the firm files with payment provider or customers paying bank an initial notice before any sharing occurs and annual notices thereafter.. Before we share information with another financial institution, we will take reasonable steps to verify that the other financial institution has submitted the requisite notice to a court of law, either by obtaining confirmation from the financial institution or by consulting a list of such financial institutions that the court will make available. We understand that this requirement applies even to financial institutions with which we are affiliated, and that we will obtain the requisite notices from affiliates and follow all required procedures.

We will employ strict procedures both to ensure that only relevant information is shared and to protect the security and confidentiality of this information, for example, by segregating it from the firm’s other books and records or customers.

We also will employ procedures to ensure that any information received from another financial institution shall not be used for any purpose other than:

  • identifying and, where appropriate, reporting on money laundering or terrorist activities;
  • determining whether to establish or maintain an account, or to engage in a transaction; or
  • assisting the financial institution in complying with performing such activities.

 

5.       Customer Identification Program

From time to time we may have wholesale customers and also sellers using our platform to sell their products. For this kind of customers we do collect and verify information they provide on account sign up.

  1. Required Customer Information

 

Prior to opening an account, We will collect the following information for wholesale and seller accounts, if applicable, for any person, entity or organization that is opening a new account and whose name is on the account:

(1) the name; individual or commercial

(2) Source of product(receipt or proof of purchase)

(3) an address, which will be a residential or business street address

(4)Business registration certificate(for businesses and companies)

(5)Bank details where they will receive their payouts which will be verified to match their provided details on account opening

In the event that a customer has applied for, but has not received, a taxpayer identification number, we will use it for a period of 21 days and also confirm that the application was filed before the customer opens the account and to obtain the taxpayer identification number within a reasonable period of time after the account is opened.

When opening an account for a foreign business or enterprise that does not have an identification number, we will request alternative government-issued documentation certifying the existence of the business or enterprise.

For Normal Individual Customers

  1. a) Purchases less than $50

(1)Email, name, and phone number

i)filled on the checkout form when completing your purchase and you will receive your product instantly when your payment goes through.

  1. ii) Your Order maybe put on hold and refunded if the transaction is marked as suspicious
  1. b) Purchases more than $50

(1)Additional verification by a third party service: Take a pic from your phone, either holding your National ID or a handwritten note with a picture of our website showing the date.

  1. i) If you had a successful payment for the past 30 days with the same payment information the above is not necessary
  2. ii) Unusual large purchases from your normal trend might trigger a verification requirement.

 

 

b.         Customers Who Refuse to Provide Information

If a potential or existing customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, our firm will not open a new account or process the order and, after considering the risks involved, consider closing any existing account. In either case, our AML Compliance Person will be notified so that we can determine whether we should report the situation on a SAR.

c.         Verifying Information

Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers. [Name] will analyze the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).

We will verify customer identity through documentary means, non-documentary means or both. [Tailor the sentence to your actual situation.] We will use documents to verify customer identity when appropriate documents are available. In light of the increased instances of identity fraud, we will supplement the use of documentary evidence by using the non-documentary means described below whenever necessary. We may also use non-documentary means, if we are still uncertain about whether we know the true identity of the customer. In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number (if provided), ip address, will  allow us to determine that we have a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).

Appropriate documents for verifying the identity of customers include the following:

 

  • For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport; and
  • For a person other than an individual, documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument.

We understand that we are not required to take steps to determine whether the document that the customer has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a customer’s identity. If, however, we note that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity.

We will use the following non-documentary methods of verifying identity:

  • Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database or other sources
  • Checking references with other financial institutions; or
  • Obtaining a financial statement.

We will use non-documentary methods of verification when:

(1) the customer is unable to present an unexpired government-issued identification document with a photograph or other similar safeguard;

(2) the firm is unfamiliar with the documents the customer presents for identification verification;

(3) the customer and firm do not have face-to-face contact; and

(4) there are other circumstances that increase the risk that the firm will be unable to verify the true identity of the customer through documentary means.

We will verify the information within a reasonable time before or after the account is opened. Depending on the nature of the account and requested transactions, we may refuse to complete a transaction before we have verified the information, or in some instances when we need more time, we may, pending verification, restrict the types of transactions or dollar amount of transactions. If we find suspicious information that indicates possible money laundering, terrorist financing activity, or other suspicious activity, we will, after internal consultation with the firm’s AML Compliance Person, file a SAR in accordance with applicable laws and regulations.

We recognize that the risk that we may not know the customer’s true identity may be heightened for certain types of accounts, such as an account opened in the name of a corporation, partnership or trust that is created or conducts substantial business in a jurisdiction that has been designated by Kenya, Nigeria, Uganda, Ghana. as a primary money laundering jurisdiction, a terrorist concern, or has been designated as a non-cooperative country or territory. We will identify customers that pose a heightened risk of not being properly identified. We will also take the following additional measures that may be used to obtain information about the identity of the individuals associated with the customer when standard documentary methods prove to be insufficient:

  1. Lack of Verification

When we cannot form a reasonable belief that we know the true identity of a customer, we will do the following: (1) not open an account; (2) impose terms under which a customer may conduct transactions while we attempt to verify the customer’s identity; (3) close an account after attempts to verify a customer’s identity fail; and (4) determine whether it is necessary to file a SAR in accordance with applicable laws and regulations.

 

 

 

  1. Recordkeeping

 

We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date. With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer. We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for one year after the account has been closed; we will retain records made about verification of the customer’s identity for five years after the record is made.

 

f.          Comparison with Government-Provided Lists of Terrorists

At such time as we receive notice that a federal government agency has issued a list of known or suspected terrorists and identified the list as a list for CIP purposes, we will, within a reasonable period of time after an account is opened (or earlier, if required by another federal law or regulation or federal directive issued in connection with an applicable list), determine whether a customer appears on any such list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by Treasury in consultation with the federal functional regulators. We will follow all federal directives issued in connection with such lists.

 

g.         Notice to Customers

We will provide notice to customers that the firm is requesting information from them to verify their identities, as required by federal law. We will use the following method to provide notice to customers: email communication.

 

  1. Customer Due Diligence Rule

 

  1. Conducting Ongoing Monitoring to Identify and Report Suspicious Transactions

 

We will conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information, using the customer risk profile as a baseline against which customer activity is assessed for suspicious transaction reporting