Data Protection Policy
Our commitment to protecting your personal data and respecting your privacy rights in accordance with applicable data protection laws.
Data Protection Principles
We adhere to fundamental data protection principles that guide all our data processing activities.
Lawfulness, Fairness & Transparency
We process personal data lawfully, fairly, and transparently
- Clear legal basis for all data processing activities
- Transparent communication about data use
- Fair processing that respects individual rights
- Regular review of processing activities
Purpose Limitation
Data collected for specific, explicit, and legitimate purposes
- Clear definition of processing purposes
- No processing beyond stated purposes
- Regular review of data use alignment
- Documentation of purpose changes
Data Minimization
We collect only data that is necessary for our purposes
- Minimal data collection practices
- Regular review of data requirements
- Deletion of unnecessary data
- Purpose-driven data requests
Accuracy
Personal data is kept accurate and up to date
- Regular data accuracy reviews
- Correction mechanisms for users
- Verification of data sources
- Prompt correction of inaccuracies
Storage Limitation
Data retained only as long as necessary
- Defined retention periods for different data types
- Automatic deletion procedures
- Regular review of stored data
- Secure disposal of expired data
Integrity & Confidentiality
Appropriate security measures protect personal data
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Incident response procedures
Your Data Protection Rights
You have specific rights regarding your personal data. Here's how to exercise them.
Right of Access
Request a copy of your personal data we hold
How to Exercise
Email us with your request and identity verification
Response Time
Within 30 days
Right to Rectification
Correct inaccurate or incomplete personal data
How to Exercise
Contact us with the correct information
Response Time
Within 30 days
Right to Erasure
Request deletion of your personal data
How to Exercise
Submit a deletion request with valid reasons
Response Time
Within 30 days
Right to Restrict Processing
Limit how we process your personal data
How to Exercise
Request processing restrictions with justification
Response Time
Within 30 days
Right to Data Portability
Receive your data in a structured, machine-readable format
How to Exercise
Request data export in your preferred format
Response Time
Within 30 days
Right to Object
Object to processing based on legitimate interests
How to Exercise
Submit objection with your specific concerns
Response Time
Immediate review
Security Measures
We implement comprehensive security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.
Technical Safeguards
- End-to-end encryption for all data transmission
- AES-256 encryption for data at rest
- Multi-factor authentication for system access
- Regular security patches and updates
- Automated backup and disaster recovery
- Network security monitoring and intrusion detection
Organizational Safeguards
- Staff training on data protection principles
- Background checks for employees with data access
- Confidentiality agreements for all team members
- Regular security awareness training
- Incident response and breach notification procedures
- Third-party vendor security assessments
Physical Safeguards
- Secure data centers with 24/7 monitoring
- Biometric access controls for server rooms
- Environmental controls and fire suppression
- Secure disposal of physical storage media
- Clean desk policy for sensitive information
- Visitor access controls and logging
Data Breach Response
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we have established procedures to respond quickly and effectively.
Our Response Process
- Immediate containment and assessment
- Notification to authorities within 72 hours
- Direct notification to affected individuals
- Implementation of remedial measures
What We'll Tell You
- Nature of the breach and data involved
- Likely consequences and risks
- Measures taken to address the breach
- Recommended actions for you to take
Data Protection Contact
For any questions about data protection, to exercise your rights, or to report concerns, please contact our Data Protection Officer.
Contact Information
Response Times
Regulatory Authority: If you're not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya or your local data protection authority.