Privacy Policy.
This Privacy Policy describes how Kangaroo (“we”, “us”, “our”) collects, uses, stores, and discloses personal data when you use our websites, portals, APIs, tracking tools, and related services (collectively, the “Services”) offered under or linked from kangaroo.pk.
1. Data controller
The data controller responsible for your personal data is:
KangarooHouse No. 38, Street No. 15
Opp. Phase 7 Ext. DHA
Karachi, Pakistan
Contact (privacy & data requests): [email protected]
2. Personal data we collect
Depending on how you use the Services, we may process:
- Account and business data: identifiers you provide when registering or using the Services (e.g. name, business name, email address, phone number, credentials or authentication tokens, and similar contact or account details).
- Transaction and operations data: information required to provide logistics, order handling, delivery, and customer support (e.g. shipment and order references, delivery addresses, recipient contact details, status updates, and communications about a shipment).
- Technical and usage data: data collected automatically when you interact with our websites or APIs, such as IP address, approximate location derived from IP, browser type and version, device type, operating system, referring URL, pages or endpoints accessed, timestamps, and diagnostic identifiers (e.g. request/correlation IDs).
- Communications: content of emails, tickets, or chat messages you send to us, including attachments where applicable.
- Cookies and similar technologies: data collected through cookies, local storage, or similar technologies where we use them (see Section 5).
3. Purposes and legal bases (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:
- Contract: to provide the Services you request, manage your account, and perform our agreement with you.
- Legitimate interests: to secure our systems, prevent fraud and abuse, troubleshoot and improve the Services, analyse aggregated usage, and communicate operational notices, balanced against your rights.
- Legal obligation: to comply with applicable law, regulatory requests, or court orders.
- Consent: where required for optional cookies or marketing communications (where we offer them).
4. How we use personal data
We use personal data to:
- provide, operate, maintain, and improve the Services;
- authenticate users, enforce access controls, and protect accounts;
- process shipments, tracking, notifications, and related logistics operations;
- detect, prevent, and investigate security incidents, fraud, and misuse;
- generate aggregated or de-identified analytics that do not identify individuals;
- comply with law and respond to lawful requests;
- communicate with you about the Services, support, and (where permitted) relevant updates.
We do not sell your personal data.
5. Cookies and tracking pages
We may use strictly necessary cookies and similar technologies required for security, load balancing, session management, or basic functionality. Where we use non-essential cookies (for example analytics or marketing), we will obtain consent where required by law before activating them.
For public pages such as order tracking, we typically process limited technical data (including IP address, browser type, device characteristics, and timestamps) to deliver the page, maintain security, prevent abuse, diagnose errors, and produce aggregated usage statistics. Unless a longer period is needed for security or legal reasons, we retain such logs only for as long as reasonably necessary for these purposes (often on the order of days to a few months, subject to backup and legal hold practices).
6. Sharing and subprocessors
We may share personal data with:
- Hosting and infrastructure providers that process data on our instructions. Our primary processing infrastructure for the Services is located in the European Union, as described in Section 8.
- Professional advisers (e.g. lawyers, auditors) where bound by confidentiality.
- Authorities when required by law or to protect rights, safety, and security.
- Business transfers: a successor entity in a merger, acquisition, or asset sale, subject to applicable law.
We require service providers to implement appropriate confidentiality and security measures. A current list of key categories of subprocessors may be provided on request via [email protected].
7. International transfers
We are established in Pakistan. Personal data may be processed in the EU (hosting region) and accessed from Pakistan or other locations where we operate support. If we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate, we use appropriate safeguards (such as Standard Contractual Clauses or other mechanisms recognised under applicable law) where required.
8. Retention
We retain personal data only as long as necessary for the purposes described in this Policy, unless a longer period is required by law, dispute resolution, or legitimate security needs. Criteria include the nature of the data, operational needs, and statutory limitation periods. Technical logs are kept for a limited period consistent with Section 5 unless a longer retention is justified (e.g. active security investigation).
9. Security
We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where applicable, monitoring, and staff training. No method of transmission or storage is completely secure.
10. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict processing, object to certain processing, data portability, and withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority. To exercise rights, contact [email protected]. We may need to verify your identity before responding.
11. Children
The Services are not directed at children. We do not knowingly collect personal data from children below the age at which parental consent is required in their jurisdiction.
12. Changes
We may update this Policy from time to time. We will post the revised version on this page and update the effective date. Where changes are material and required by law, we will provide additional notice.
This document is provided for operational use and does not constitute legal advice. Have qualified counsel review it for your jurisdictions and data flows.
