📖 1. Introduction & Scope

Welcome to OneTribe Cat Cafe (trading as "The Cat Cafe"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (https://thecatcafe.ug), visit our physical premises, make reservations, or interact with us through social media platforms.

Scope of This Policy

This Privacy Policy applies to:

• Our website at https://thecatcafe.ug and any associated subdomains
• Reservations and bookings made through our website, phone, WhatsApp, or in person
• Purchases and payments processed at our cafe or online
• Interactions with our social media pages on Facebook, Instagram, and TikTok
• Email communications and newsletter subscriptions
• Visits to our physical premises at One Bukoto Street, Kampala, Uganda

📊 2. Information We Collect

We collect different types of information to provide and improve our services to you.

2.1 Personal Identification Information

When you make a reservation, place an order, or contact us, we may collect:

• Name: First and last name for reservation and identification purposes
• Contact Information: Email address, phone number, and/or WhatsApp number
• Communication Preferences: Your preferred method of contact
• Special Requests: Any dietary requirements, accessibility needs, or special occasion information you provide

2.2 Payment Information

When you make purchases or payments, the following information may be collected through our payment processor, PesaPal:

• Credit/debit card details (processed securely by PesaPal)
• Mobile money account information (for M-Pesa, Airtel Money, MTN Mobile Money)
• Billing address
• Transaction history and amounts

2.3 Usage Data & Analytics

When you visit our website, we automatically collect certain information, including:

• Device Information: Browser type, operating system, device type (mobile, desktop, tablet)
• Log Data: IP address, access times, pages viewed, time spent on pages
• Referral Information: The website that referred you to us
• Location Data: General geographic location based on IP address
• Interaction Data: Clicks, scrolling behavior, and navigation patterns

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience. Please see our Cookies Policy section for detailed information.

2.5 Social Media Information

When you interact with us on social media platforms (Facebook, Instagram, TikTok), we may have access to:

• Your public profile information
• Comments, likes, and messages you send us
• User-generated content you tag us in or share on our pages

📥 3. How We Collect Information

We collect information through various means:

3.1 Direct Collection

• Website Forms: When you fill out reservation forms, contact forms, or newsletter signup forms
• Reservations: When you book a table via phone, WhatsApp, or our online booking system
• In-Person Visits: When you provide information during your visit to our cafe
• Email Communication: When you send us emails or respond to our communications
• WhatsApp Messages: When you contact us via WhatsApp for inquiries or bookings

3.2 Automated Collection

• Website Analytics: Through Google Analytics tracking when you browse our website
• Cookies: Through first-party and third-party cookies placed on your device
• Server Logs: Automatically recorded by our web servers

3.3 Third-Party Sources

• Payment Processors: Transaction confirmation data from PesaPal
• Social Media Platforms: When you interact with our profiles on Facebook, Instagram, or TikTok
• Review Platforms: If you leave reviews on Google, TripAdvisor, or similar platforms

⚙️ 4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery

• Process and confirm reservations and bookings
• Communicate important information about your visit (confirmation, reminders, changes)
• Process payments and issue receipts
• Accommodate special requests and dietary requirements
• Provide customer support and respond to inquiries

4.2 Business Operations

• Manage our day-to-day cafe operations
• Maintain accurate business records
• Analyze visitor patterns and preferences to improve our services
• Train staff to better serve our customers

4.3 Marketing & Communications

• Send promotional offers, newsletters, and updates (with your consent)
• Notify you about special events, menu changes, or new cat arrivals
• Personalize your experience based on your preferences
• Conduct surveys and gather feedback

4.4 Analytics & Improvement

• Understand how visitors use our website
• Identify trends and areas for improvement
• Optimize our website performance and user experience
• Measure the effectiveness of our marketing campaigns

4.5 Legal & Safety

• Comply with applicable laws and regulations
• Protect our rights, property, and safety
• Prevent fraud and unauthorized access
• Respond to legal requests and enforce our policies

🔗 5. Third-Party Services

We work with trusted third-party service providers to operate our business effectively. These providers may have access to your personal information only to perform specific tasks on our behalf.

Third-Party Privacy Policies

Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review their policies:

• Google Analytics: Google Privacy Policy
• PesaPal: PesaPal Privacy Policy
• Meta (Facebook/Instagram): Meta Privacy Policy
• TikTok: TikTok Privacy Policy

🛡️ 6. Data Security & Protection

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it.

6.1 Security Measures

• Encryption: Our website uses SSL/TLS encryption to protect data transmitted between your browser and our servers
• Secure Payment Processing: All payments are processed through PesaPal's PCI-DSS compliant infrastructure
• Access Controls: Personal data access is restricted to authorized personnel only
• Regular Updates: We keep our systems and software up to date with security patches
• Data Minimization: We only collect data that is necessary for our stated purposes
• Secure Storage: Data is stored on secure servers with appropriate safeguards

6.2 Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

• Reservation Data: Retained for 2 years after your last visit
• Transaction Records: Retained for 7 years for tax and legal compliance
• Marketing Preferences: Until you unsubscribe or request deletion
• Website Analytics: Anonymized after 26 months

6.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Investigate the breach promptly and take steps to mitigate any harm
• Notify affected individuals within 72 hours where required by law
• Report the breach to relevant authorities as required
• Document the breach and our response measures

✋ 7. Your Rights

You have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights.

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information within 30 days of receiving your request.

7.2 Right to Rectification

If you believe any personal information we hold about you is inaccurate or incomplete, you have the right to request correction. We will update the information promptly upon verification.

7.3 Right to Erasure (Right to be Forgotten)

You may request that we delete your personal information. We will comply with such requests unless we are legally required to retain the data, or it is necessary for legitimate business purposes.

7.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transfer it to another service provider.

7.5 Right to Object

You may object to the processing of your personal information for:

• Direct marketing purposes
• Processing based on legitimate interests
• Profiling related to direct marketing

7.6 Right to Withdraw Consent

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before the withdrawal.

7.7 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section below. We may need to verify your identity before processing your request.

🍪 8. Cookies Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic.

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help the website remember your preferences and understand how you interact with the site.

8.2 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly. These cannot be disabled.
  Examples: Session management, security features
• Analytics Cookies: Help us understand how visitors interact with our website.
  Provider: Google Analytics
• Functional Cookies: Remember your preferences and settings.
  Examples: Language preference, reservation form data
• Marketing Cookies: Track your activity across websites to deliver relevant advertisements.
  Providers: Facebook Pixel, TikTok Pixel (if applicable)

8.3 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Options → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Privacy, Search, and Services → Cookies

8.4 Google Analytics Opt-Out

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

🌍 9. International Data Transfers

As a business operating in Uganda that serves international visitors, some of your data may be transferred to and processed in countries outside Uganda.

9.1 Data Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place, including:

• Using service providers that comply with recognized data protection standards
• Implementing standard contractual clauses where applicable
• Ensuring data is transferred to countries with adequate data protection laws

9.2 GDPR Compliance (For EU/EEA Visitors)

If you are visiting from the European Union or European Economic Area, we process your data in compliance with the General Data Protection Regulation (GDPR). You have additional rights under GDPR, including:

• The right to lodge a complaint with your local data protection authority
• The right to object to automated decision-making and profiling
• Enhanced rights to data portability

9.3 Uganda Data Protection Compliance

We comply with the Uganda Data Protection and Privacy Act, 2019, which governs the collection, processing, and storage of personal data in Uganda. This includes:

• Processing data lawfully, fairly, and transparently
• Collecting data only for specified, explicit, and legitimate purposes
• Ensuring data accuracy and keeping it up to date
• Implementing appropriate security measures

👶 10. Children's Privacy

Our services are intended for a general audience and are not specifically directed at children under the age of 13.

• We do not knowingly collect personal information from children under 13 without parental consent
• If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately
• Upon verification, we will promptly delete such information from our records

For families visiting our cafe with children, any necessary data collection will be from the parent or guardian accompanying the child.

📝 11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You of Changes

• The "Last Updated" date at the top of this policy will be revised
• For significant changes, we will provide notice through our website or via email (if you have provided one)
• Your continued use of our services after changes are posted constitutes acceptance of the updated policy

📞 12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please don't hesitate to contact us.

For Privacy-Specific Inquiries

For requests regarding access, correction, or deletion of your personal data, please email us at info@thecatcafe.ug with the subject line "Privacy Request" and include:

• Your full name
• The nature of your request
• Any relevant details that will help us process your request

We will respond to your inquiry within 30 days.