Lotus Auto Tanzania ("Lotus Auto", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect the personal data of visitors and users of our website located at www.lotus.co.tz (the "Platform").
This policy applies to all personal data we collect through the Platform, including when you browse vehicle listings, create an account, make a purchase, submit a "Sell My Car" enquiry, place an auction bid, or contact us.
We operate in accordance with applicable Tanzanian data protection laws and principles of fair, lawful, and transparent data processing.
The data controller responsible for your personal data is:
| Business Name | Lotus Auto Tanzania |
| Website | www.lotus.co.tz |
| Address | Dar es Salaam, Tanzania |
| info@lotus.co.tz | |
| Phone | +255 795 601 666 |
| Country | United Republic of Tanzania |
As the data controller, we are responsible for deciding how and why personal data is processed. If you have any questions about this policy or how we handle your data, please contact us using the details above or visit our Contact Page.
We collect personal data through different interactions with the Platform. Here is a complete breakdown of what we collect and when:
| Category | Data Collected | When Collected |
|---|---|---|
| Account Data | Full name, email address, phone number, password (hashed, never stored in plain text), account type | When you register an account |
| Transaction Data | Purchase history, vehicle IDs purchased, order numbers, payment method used, payment reference numbers | When you complete a purchase or bid |
| Enquiry Data | Name, phone, email, message content, vehicle of interest | When you submit a contact form or vehicle enquiry |
| Sell My Car Data | Name, phone, email, vehicle make/model/year, damage description, photos, location, asking price | When you submit a Sell My Car request |
| Wishlist Data | Vehicle IDs and parts IDs saved to your wishlist | When you save a listing |
| Auction Data | Bid amounts, bid timestamps, winning/losing status | When you place an auction bid |
| Insurance Partner Data | Company name, registration number, contact person, bank details, commission rates, vehicle listings | When an insurance company registers as a partner |
| Technical Data | IP address, browser type and version, device type, pages visited, session duration, referral source | Automatically on each visit via cookies and server logs |
| Communications | Content of emails, WhatsApp messages, and phone calls with our team | When you contact us directly |
We use personal data only for the purposes for which it was collected or for compatible purposes you would reasonably expect. Here is exactly how we use each type of data:
| Purpose | Data Used |
|---|---|
| Creating and managing your account | Name, email, phone, password |
| Processing vehicle purchases and payments | Account data, transaction data, payment reference |
| Running live auctions and recording bids | Account data, bid amounts, timestamps |
| Responding to enquiries and Sell My Car requests | Enquiry data, Sell My Car data, contact details |
| Sending order confirmations and transaction notifications | Email address, order details |
| Sending marketing communications (only with consent) | Email address, browsing preferences |
| Improving Platform performance and user experience | Technical data, page visit patterns |
| Detecting and preventing fraud | IP address, account activity, bid history |
| Complying with legal obligations | Any data required by Tanzanian law or court order |
| Insurance partner reporting | Sales data, commission calculations (anonymised where possible) |
We process personal data only when we have a lawful basis to do so. The legal basis varies depending on the type of processing:
- Contract performance — Processing necessary to fulfil a purchase, process a bid, or provide the services you have requested
- Legitimate interests — Processing for fraud prevention, Platform security, improving our services, and business analytics, where these interests do not override your rights
- Consent — Where you have explicitly opted in, such as for marketing communications or non-essential cookies
- Legal obligation — Where Tanzanian law requires us to collect or retain certain data, such as transaction records for tax purposes
Where we rely on legitimate interests, we have assessed that our interests do not unfairly override your privacy rights. You may object to this processing — see Section 9 for your rights.
We do not sell your personal data to any third party. We only share your data in the following limited circumstances:
| Recipient | What Is Shared | Why |
|---|---|---|
| Insurance Partner Companies | Buyer name, phone, and order details relating to their vehicle | To facilitate vehicle handover and ownership transfer |
| Payment Processors | Transaction reference, amount, and account identifiers | To verify and confirm M-Pesa or bank payments |
| Web Hosting Provider | All data stored on our servers (encrypted) | Infrastructure necessary to operate the Platform |
| Analytics Tools | Anonymised usage data (no personally identifiable information) | To understand how the Platform is used and improve it |
| Legal Authorities | Any data required by valid court order, warrant, or legal obligation | Compliance with Tanzanian law |
| Business Successors | All user data in the event of a merger, acquisition, or sale | Business continuity — you will be notified in advance |
All third parties who receive your data are required to handle it securely and in accordance with applicable law. We do not permit third parties to use your data for their own marketing purposes.
Cookies are small text files stored on your device when you visit a website. We use the following types of cookies on lotus.co.tz:
You can control most cookies through your browser settings. Note that disabling essential cookies will impair Platform functionality. For more information on managing cookies, visit allaboutcookies.org.
We retain personal data only for as long as necessary for the purpose it was collected, or as required by law. Our retention schedule is as follows:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 2 years after deletion request | Legal disputes and account recovery |
| Transaction & order records | 7 years from transaction date | TRA tax compliance requirements |
| Enquiries and messages | 3 years from last interaction | Business records and dispute resolution |
| Auction bid history | 5 years from auction date | Dispute resolution and compliance |
| Sell My Car submissions | 2 years from submission date | Business records |
| Server and access logs | 90 days | Security monitoring and fraud detection |
| Marketing consent records | Until consent is withdrawn + 1 year | Proof of consent |
After the applicable retention period, personal data is securely deleted or anonymised so it can no longer be linked to you.
You have the following rights regarding your personal data held by Lotus Auto. You can exercise any of these rights by contacting us at info@lotus.co.tz:
To verify your identity before fulfilling a request, we may ask for confirmation of your account email address or other identifying information.
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Our security measures include:
- HTTPS encryption (SSL/TLS) for all data transmitted between your browser and our servers
- Passwords hashed using bcrypt with a strong cost factor — plain text passwords are never stored
- CSRF (Cross-Site Request Forgery) token protection on all forms
- Prepared SQL statements to prevent injection attacks
- Role-based access control — staff see only the data necessary for their role
- Regular database backups stored on encrypted volumes
- Server access restricted by IP allowlist and SSH key authentication
- Upload validation to prevent malicious file uploads
While we take all reasonable precautions, no internet transmission is 100% secure. You are also responsible for keeping your account password confidential.
The Lotus Auto Platform is intended for users aged 18 and over. We do not knowingly collect, process, or store personal data from children under the age of 18.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at info@lotus.co.tz. We will promptly delete any data collected from a minor upon verification.
Our Platform may contain links to third-party websites including insurance company websites, Google Maps, WhatsApp, and social media platforms. These sites have their own privacy policies, and we are not responsible for their content or data practices.
We recommend reviewing the privacy policy of any third-party site you visit through a link on our Platform. The inclusion of a link does not imply endorsement of that site or its privacy practices.
Our servers are located in Tanzania and we aim to keep all personal data within Tanzania wherever possible. However, some of our third-party service providers (such as font providers, analytics tools, or cloud infrastructure) may process data outside Tanzania.
Where data is transferred internationally, we ensure that appropriate safeguards are in place, including relying on service providers that offer equivalent data protection standards.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Display a notice on the Platform homepage for at least 14 days after the change
- Send an email notification to registered users where practical
We encourage you to review this policy periodically. Your continued use of the Platform after any update constitutes acceptance of the revised policy.
For any questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, please contact us through any of the following channels:
| Channel | Details | Best For |
|---|---|---|
| info@lotus.co.tz | Data access, deletion, or formal complaints | |
| Phone | +255 795 601 666 | General privacy questions |
| Contact Form | www.lotus.co.tz/contact.php | All privacy enquiries |
| Post | Dar es Salaam, Tanzania | Formal written requests |
We will acknowledge all privacy requests within 5 business days and fully respond within 30 calendar days.