Your privacy is important to us. This policy explains what personal data Nevin Solutions Limited collects, how we use it, who we share it with, and the rights you have over your information.
1. Who We Are
Nevin Solutions Limited is a company incorporated in the United Republic of Tanzania, providing fleet management, vehicle rental, HR services, procurement, logistics, business consultancy, and investment support services across East Africa.
For the purpose of this Privacy Policy, Nevin Solutions Limited is the data controller — the entity responsible for deciding how and why your personal data is processed.
2. Data We Collect
2.1 Data you provide through our website forms
When you submit an enquiry, quote request, or registration through our website, we collect:
- Full name and company name
- Email address and phone number
- Country or location
- Service interest, industry or sector
- Details you provide in message or notes fields
- Meeting preferences (date, time, agenda) for meeting requests
2.2 Data we collect when you use the Fleet Portal
Registered portal users (clients, suppliers, agents, drivers, and partners) may additionally provide:
- Login credentials (email address; passwords are stored as encrypted hashes and never in plain text)
- Business registration documents and identification
- Vehicle and fleet-related information
- Timesheet and usage records
- Financial and invoicing information relevant to service delivery
- Profile photographs (drivers)
2.3 Technical data collected automatically
When you visit our website, we may collect:
- IP address and browser type (for security and fraud prevention)
- Pages visited and time spent on site (via Google Analytics 4, only if you have consented)
- Device type and operating system
3. How We Use Your Data
We use your personal data for the following purposes:
- Responding to enquiries: To reply to contact messages, quote requests, meeting requests, and callback requests.
- Service delivery: To manage contracts, fleet operations, driver assignments, and billing for contracted clients.
- Onboarding: To register and verify new clients, suppliers, agents, and strategic partners.
- Communications: To send confirmation emails, service updates, and important account notifications.
- Legal and financial compliance: To maintain accurate records for tax, audit, and regulatory purposes as required under Tanzanian law.
- Security: To detect and prevent fraud, unauthorised access, and other harmful activities.
- Website improvement: To understand how visitors use our website and improve our services (only with your consent to analytics).
We do not use your data for automated profiling or decision-making that produces legal or significant effects on you.
4. Legal Basis for Processing
We process your personal data on one or more of the following legal bases:
- Consent: When you tick the consent checkbox on our forms, or when you accept our cookie notice for analytics.
- Contract: When processing is necessary to fulfil a contract with you or to take steps at your request before entering a contract.
- Legal obligation: When we are required to process data under Tanzanian law (e.g., tax records, employment records).
- Legitimate interests: For security monitoring, fraud prevention, and improving our services, where these interests are not overridden by your rights.
5. Who We Share Your Data With
We do not sell your personal data. We share data only in the following circumstances:
- Service providers: Cloud hosting (Railway Inc., USA), email delivery (SMTP providers), and business software tools necessary to operate our services. All providers are bound by data processing agreements.
- Within our business group: Nevin Solutions Limited is part of the Helmic Group. Data may be shared with group companies only where operationally necessary and with appropriate safeguards.
- Legal and regulatory bodies: When required by law, court order, or regulatory authority in Tanzania or elsewhere.
- Professional advisors: Lawyers, accountants, and auditors under duties of confidentiality.
When working on a client project, relevant information (such as driver and vehicle details) may be shared with the client as part of the contracted service.
6. International Transfers
Our website is hosted on Railway's infrastructure, which may involve servers located outside Tanzania. By using our website, you acknowledge that your data may be transferred to and processed in countries with different data protection laws.
We take reasonable steps to ensure that any international transfer is subject to appropriate safeguards, including contractual protections with our service providers.
7. How Long We Keep Your Data
- Website enquiries (contact, quote, meeting, callback forms): Up to 2 years from submission, or until the matter is resolved, whichever is longer.
- Client, supplier, agent, and partner accounts: For the duration of the business relationship and for 7 years thereafter, as required for financial and audit records under Tanzanian law.
- Driver records: For the duration of the driver's engagement and for 3 years thereafter.
- Job applications: Up to 12 months from the date of application, unless a longer retention period is required.
- Analytics data: As configured in Google Analytics 4 (typically 14 months).
After these periods, data is securely deleted or anonymised.
8. Cookies and Analytics
Our website uses the following technologies:
- Essential cookies: Required for the website and Fleet Portal to function (session management, security). These cannot be disabled.
- Analytics (Google Analytics 4): We use GA4 to understand how visitors use our website. This is only activated if you click "Accept" on our cookie consent banner. You may withdraw consent at any time by clearing your browser's local storage or declining in the cookie banner.
- Search Console verification: A meta tag for Google Search Console or Bing Webmaster Tools may be injected to verify site ownership. This does not track individual users.
We do not use advertising or social media tracking cookies.
9. Security
We implement industry-standard security measures including:
- HTTPS encryption for all data in transit
- Bcrypt hashing for all passwords — plain text passwords are never stored
- JWT-based authentication with role-based access control for the Fleet Portal
- Content Security Policy headers to prevent cross-site scripting
- Rate limiting on all public form endpoints to prevent abuse
- Regular access reviews and audit logging within the portal
No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your data where there is no lawful basis for continued processing.
- Objection: Object to processing based on legitimate interests.
- Restriction: Request that processing be restricted in certain circumstances.
- Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect processing carried out before withdrawal.
- Data portability: Request your data in a structured, machine-readable format where technically feasible.
To exercise any of these rights, contact us at info@nevinsolutions.com. We will respond within 30 days. We may need to verify your identity before processing your request.
11. Children's Privacy
Our website and Fleet Portal are not intended for use by children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us immediately and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the revised policy.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or have a complaint about how we handle your data, please contact us:
This Privacy Policy was last updated on 10 July 2026.