Privacy Policy Page

                                                           VaaKenya Data Protection Policy

Our VaaKenya Data Protection Policy refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.

With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.

A.     Scope

This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.

B.     Definition of Key Terms

Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the processing of personal data relating to them.

Data Controller: the person or organization that determines when, why and how to process personal data. It is responsible for establishing practices and policies in accordance with the Law. VaaKenya is the Data Controller of all personal data relating to it and used in facilitating market systems development, conducting research and all other purposes connected with its business purposes.

Data Processing: any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties. In brief, it is anything that can be done to personal data from its creation to its destruction, including both creation and destruction.

Data Protection Officer (DPO): the person appointed as such under the GDPR and in accordance with its requirements. A DPO is responsible for advising the organization (including its employees) on their obligations under various data protection laws, for monitoring compliance with data protection law, as well as with VaaKenya’s polices, and providing advice.

Data Subject: a living, identified or identifiable individual about whom we hold personal data.

Personal Data: any information identifying a data subject or information relating to a data subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal data includes sensitive personal data and pseudonymised personal data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Personal Data Breach: any breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data, where that breach results in a risk to the data subject. It can be an act or omission.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of automated processing.

C.     Terms of the .Privacy Policy

        I.            Who is covered under the Data Protection Policy?

Employees of our Company and its subsidiaries must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.

      II.            Policy elements

As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc.

Our Company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.

Our data will be:

       Accurate and kept up-to-date

       Collected fairly and for lawful purposes only

       Processed by VaaKenya within its legal and moral boundaries

       Protected against any unauthorized or illegal access by internal or external parties

Our data will not be:

Communicated informally

       Stored for more than a specified amount of time

       Transferred to organizations, states or countries that do not have adequate data protection policies

       Distributed to any party other than the ones agreed upon by the data's owner (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling the data the VaaKenya has direct obligations towards people to whom the data belongs. Specifically we must:

       Let people know which of their data is collected

       Inform people about how we'll process their data

       Inform people about who has access to their information

       Have provisions in cases of lost, corrupted or compromised data

       Allow people to request that we modify, erase, reduce or correct data contained in our databases

    III.            Actions

To exercise data protection we're committed to:

        Restrict and monitor access to sensitive data

        Develop transparent data collection procedures

        Train employees in online privacy and security measures

        Build secure networks to protect online data from  Cyber Attacks

        Establish clear procedures for reporting privacy breaches or data misuse

       Include contract clauses or communicate statements on how we handle data

       Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)

Our data protection provisions will appear on our website.

    IV.            Disciplinary Consequences

All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.

D.     Rights of the Data Subject - Every data subject has the following rights. Their assertion is to be handled immediately by the responsible unit and cannot pose any disadvantage to the data subject.

  1. The data subject may request information on which personal data relating to him/her has been stored, how the data was collected, and for what purpose. If there are further rights to view the employer’s documents (e.g. personnel file) for the employment relationship under the relevant employment laws, these will remain unaffected.
  2. If personal data is transmitted to third parties, information must be given about the identity of the recipient or the categories of recipients.
  3. If personal data is incorrect or incomplete, the data subject can demand that it be corrected or supplemented.
  4. The data subject can object to the processing of his or her data for purposes of advertising or market/opinion research. The data must be blocked from these types of use.
  5. The data subject may request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be observed.
  6. The data subject generally has a right to object to his/her data being processed, and this must be taken into account if the protection of his/her interests takes precedence over the interest of the data controller owing to a particular personal situation. This does not apply if a legal provision requires the data to be processed.

E.      How we use personal information

We will only use your personal information for the purpose which it was provided to us for and in ways that you would reasonably expect.

F.      Partnership agreements with organizations and individuals

We collect and use personal information from organizations and individuals who:

·         Are interested in applying for a partnership opportunity with us

·         Apply for a partnership opportunity

·         Enter into a partnership agreement with us

·         We process this personal information to pursue our legitimate interests (and your interests as an applicant) and fulfil our strategic aims.

·         The prime use of the personal information is to conduct research, and to process and manage partnership opportunities between us. We also use it for monitoring, evaluation and reporting purposes so that we can consider important factors such as trends in funding areas, the impact and reach of our funding, and the demographic make-up of funding areas.

·         When legally obliged, we may share our partners’ personal information with relevant statutory bodies as required.

·         We may need to share it with external reviewers and advisors (e.g. funding partners, program monitors, evaluation specialists) to review, monitor or evaluate these partnership opportunities.

·         We may need to share your contact details with suppliers.


G.     Raising awareness of our work

We will collect personal information from our existing partners and the public domain to research and identify potential new funders and partners. Our legal basis for using your personal information in this way is legitimate interest.

We will use the contact details of new and existing supporters to inform you about our work. We will send you relevant information by email. Our legal basis for using your personal information in this way is legitimate interest. You can opt out or unsubscribe from receiving these communications at any time.

If you opt in to our mailing list we will use the information that you provide to email you information about our work, events, campaigns and other items of interest. You can opt out or unsubscribe from receiving this information at any time if you wish. Our legal basis for using your personal information in this way is your consent

H.     For how long do we keep your personal information?

We will hold your personal information for as long as is necessary. We will not retain your personal information if it is no longer required. In some circumstances, we may legally be required to retain your personal information, for example for finance, employment or audit purposes.

I.        Changes to this policy

This Data Protection and Privacy Policy may change from time to time. Please visit this web page periodically to keep up- to-date with the changes in this policy.

SEALED by                                                                          )

VAAKENYA LIMITED                                                        )

                                                                                                )………………vaakenya ltd……………….          

                                                                                                )  PVT27B6DK

In the presence of: -                                                            )