[ Legal ]

Privacy Policy

Last updated: 14 June 2026

This Privacy Policy explains how DreyVisionMarketing Limited collects, uses, shares, and protects your personal data when you visit our website or apply to work with us, and the rights you have over your information.

1. Who we are

DreyVisionMarketing Limited ("DreyVisionMarketing", "DVM", "we", "us", or "our") is a company incorporated in the Republic of Kenya under company registration number PVT-3B156YZZ. We are a performance-marketing and growth agency, and we operate the website at dreyvisionmarketing.com (the "Website").

For the purposes of applicable data protection law, including the Kenya Data Protection Act, 2019 and its regulations (the "DPA"), the EU General Data Protection Regulation ("GDPR"), and the UK GDPR, DreyVisionMarketing Limited is the "data controller" responsible for your personal data.

Questions about this policy or your personal data may be sent to info@dreyvisionmarketing.com, marked for the attention of our Data Protection contact.

2. Scope of this policy

This policy applies to the personal data we process about:

  • visitors to, and users of, the Website;
  • prospective clients who submit an application or enquiry, or who otherwise contact us;
  • clients, and the representatives, employees, and contractors of our clients; and
  • suppliers, partners, and other business contacts.

It does not apply to personal data we process on behalf of our clients as a "data processor" when delivering our services (for example, data inside a client's advertising accounts or customer lists). That processing is governed by the separate written agreement between us and the relevant client. This policy also does not apply to third-party websites we link to, which have their own privacy policies.

3. Personal data we collect

We collect and process the following categories of personal data.

A. Information you provide to us

When you complete our application form, request a discovery call, or otherwise communicate with us, we collect:

  • Identity and contact details, your full name, business or brand name, email address, telephone number (including country code), and your preferred method of contact (WhatsApp, email, or phone call);
  • Business information, your industry or niche, website address, and social-media handles (such as Instagram, Facebook, TikTok, and LinkedIn);
  • Engagement information, the services you are exploring, your indicative monthly marketing budget range (in KES or USD), and any marketing challenges or goals you choose to share; and
  • Correspondence, the contents of, and metadata relating to, any messages, emails, calls, or other communications between you and us.

B. Information we collect automatically

When you use the Website, we and our service providers may automatically collect:

  • Device and technical data, your IP address, browser type and version, operating system, device type, language settings, and time-zone;
  • Usage data, the pages you view, links you click, the date and time of your visit, how you arrived at the Website (referring URLs and campaign parameters), and how you interact with content; and
  • Cookie and tracking data, information collected through cookies, pixels, and similar technologies, as described in section 4.

C. Information from third parties

We may receive personal data about you from:

  • advertising and analytics platforms (such as Meta, Google, and TikTok) and their pixels and tags;
  • social-media platforms, where you interact with our profiles or advertisements;
  • referrals from existing clients or partners; and
  • publicly available sources, where permitted by law.

We do not intentionally collect "special categories" of personal data (such as data revealing health, race, religion, or political opinions) through the Website, and we ask that you do not submit such information unless we specifically request it.

4. Cookies and similar technologies

Cookies are small text files placed on your device. We also use related technologies such as pixels, tags, web beacons, and local storage (together, "cookies"). We use the following categories:

CategoryPurposeExamples
Strictly necessaryRequired to operate the Website securely and to remember your cookie preferences. These cannot be switched off.Session, security, and consent-preference cookies.
Analytics / performanceHelp us understand how visitors use the Website so we can improve it.Google Analytics (GA4).
Advertising / targetingUsed to measure and deliver advertising, including retargeting you on third-party platforms.Meta Pixel, Google Ads tags, TikTok Pixel.

Your consent. Where required by law, we set analytics and advertising cookies only after you give consent through our cookie banner. You can withdraw or change your consent at any time via the "Cookie settings" control or through your browser settings. Strictly necessary cookies do not require consent.

Managing cookies. Most browsers let you refuse or delete cookies through their settings. You can also opt out of certain advertising cookies through the privacy settings of Meta, Google, and TikTok, and through industry tools such as Your Online Choices and the Digital Advertising Alliance. Blocking some cookies may affect how the Website functions.

Do Not Track. Because there is no common industry standard for "Do Not Track" browser signals, the Website does not currently respond to them, except where we are required to honour a recognised opt-out preference signal under applicable law.

5. How we use your data, and our lawful bases

We use your personal data for the purposes set out below. Where the GDPR or UK GDPR applies, we rely on the lawful bases indicated; where the Kenya DPA applies, we rely on the equivalent grounds in the DPA (consent, performance of a contract, compliance with a legal obligation, legitimate interests, or protection of vital or public interests).

PurposeData usedLawful basis
Respond to your application or enquiry and assess fitIdentity, contact, business, engagement, correspondenceSteps taken at your request before a contract; legitimate interests; consent
Provide, manage, and deliver our servicesIdentity, contact, business, engagement, correspondencePerformance of a contract; legitimate interests
Communicate with you (e.g., schedule a discovery call)Identity, contact, preferred contact methodPerformance of a contract; legitimate interests
Send marketing communicationsIdentity, contactConsent; legitimate interests (existing clients, similar services)
Operate, secure, and improve the WebsiteDevice, usage, cookie dataLegitimate interests; consent (non-essential cookies)
Measure and deliver advertising, including retargetingDevice, usage, cookie dataConsent
Comply with legal, tax, and regulatory obligationsAs requiredLegal obligation
Establish, exercise, or defend legal claimsAs relevantLegitimate interests; legal obligation

Where we rely on legitimate interests, we have weighed those interests against your rights and freedoms. You can ask us for more detail about this balancing using the contact details below.

6. Marketing communications

With your consent, or where otherwise permitted by law, we may send you marketing about our services by email, SMS, WhatsApp, or telephone, using the contact method you indicate.

You can opt out at any time by using the unsubscribe link in our emails, replying STOP to a message, or contacting info@dreyvisionmarketing.com. Opting out of marketing does not stop service-related or transactional messages we need to send you in connection with an active engagement.

7. How we share your data

We share personal data only as described below. We do not sell your personal data, and we do not "share" it for cross-context behavioural advertising in exchange for money within the meaning of the California Consumer Privacy Act.

  • Service providers (processors) who process data on our behalf under contract, including: website hosting and infrastructure providers (such as Vercel or Netlify); customer-relationship-management, email, and form providers; scheduling tools (such as Calendly); communication tools (including WhatsApp); and analytics and advertising platforms.
  • Advertising and analytics platforms (such as Meta, Google, and TikTok), where you have consented to advertising or analytics cookies.
  • Partner agencies to whom we sub-contract specialist services, for example, AEO and GEO services, and UGC (user-generated content) marketing, strictly as needed to deliver work you have engaged us for.
  • Professional advisers such as our lawyers, accountants, auditors, and insurers.
  • Authorities and regulators where we are required to disclose data by law, court order, or lawful request, or to protect the rights, property, or safety of any person.
  • Successors in a business transaction such as a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

We require all service providers to keep your data secure and to use it only for the purposes we specify.

8. International data transfers

We are based in Kenya, and some of our service providers are located outside Kenya, the European Economic Area (the "EEA"), and the United Kingdom, including in the United States. Your personal data may therefore be transferred to, stored in, or accessed from countries whose data protection laws differ from those of your own country.

When we transfer personal data internationally, we put appropriate safeguards in place, which may include:

  • transferring to a country recognised as providing an adequate level of protection;
  • using the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Agreement or Addendum) with the recipient; and
  • for transfers from Kenya, complying with the conditions for transfer in sections 48 and 49 of the DPA.

You can request a copy of the relevant safeguards by contacting us.

9. How long we keep your data

We keep your personal data only for as long as necessary for the purposes set out in this policy, including to satisfy any legal, accounting, tax, or reporting requirements.

  • Prospect and application data, where you apply or enquire but do not become a client, we generally retain your data for up to 24 months from your last contact with us, after which it is deleted or anonymised.
  • Client and engagement records, retained for the duration of the engagement and for up to 7 years afterwards, to comply with Kenyan tax and limitation requirements.
  • Cookie and analytics data, retained for the lifespan set by each cookie, typically up to 24 months.

Where data is no longer needed, we securely delete or anonymise it.

10. How we protect your data

We implement appropriate technical and organisational measures designed to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These include access controls, encryption in transit (HTTPS), use of reputable infrastructure providers, and limiting access to those who need it.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a personal data breach likely to result in a risk to your rights, we will notify the relevant supervisory authority (and, where required, you) in accordance with applicable law (including within 72 hours where the GDPR applies, and as required by the DPA).

11. Your data protection rights

Subject to applicable law, you have rights over your personal data. Depending on where you are located, these include the following.

Under the Kenya DPA, the GDPR, and the UK GDPR

  • Access, to be told whether we process your data, and to obtain a copy of it;
  • Rectification, to have inaccurate or incomplete data corrected;
  • Erasure, to have your data deleted in certain circumstances;
  • Restriction, to restrict our processing in certain circumstances;
  • Objection, to object to processing based on legitimate interests, and to direct marketing at any time;
  • Portability, to receive certain data in a structured, commonly used, machine-readable format;
  • Withdraw consent, where we rely on consent, to withdraw it at any time (this does not affect processing already carried out); and
  • Not to be subject to solely automated decisions with legal or similarly significant effects, as described in section 12.

Under the California CCPA / CPRA

If you are a California resident, you have the right to: know what personal information we collect and how we use and disclose it; access, delete, and correct your personal information; opt out of any "sale" or "sharing" of personal information (we do not sell or share personal information for money); limit the use of sensitive personal information; and not be discriminated against for exercising your rights. You may use an authorised agent to submit a request on your behalf.

How to exercise your rights

To exercise any of these rights, contact info@dreyvisionmarketing.com. We may need to verify your identity before responding. We will respond within the period required by law (generally one month under the GDPR/UK GDPR, and within the statutory period under the DPA and CCPA). Exercising your rights is free, although we may charge a reasonable fee or decline a request that is manifestly unfounded or excessive, as permitted by law.

12. Automated decision-making and profiling

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. We may use limited profiling for analytics and advertising (for example, to show our advertisements to audiences likely to be interested in our services), but this does not have a legal or similarly significant effect on you, and you can object to it by withdrawing cookie consent and opting out of marketing.

13. Children's privacy

The Website and our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of the Website after changes take effect constitutes acceptance of the updated policy.

16. How to contact us, and how to complain

If you have any questions, requests, or complaints about this policy or our handling of your personal data, please contact us first:

You also have the right to lodge a complaint with a data protection authority:

  • Kenya, the Office of the Data Protection Commissioner (ODPC), odpc.go.ke;
  • EEA, your local data protection supervisory authority;
  • United Kingdom, the Information Commissioner's Office (ICO), ico.org.uk.

We would appreciate the chance to address your concerns before you approach a regulator, so please contact us first.