Communicate | Collaborate | Secure Data

Data Protection Policy

1. Introduction

1.1. Kaluari Limited("the Company") is committed to protecting the privacy and data of it’s users and complying with the Data Protection Act 2019 of Kenya and other applicable data protection regulations.

1.2. This Data Protection Policy outlines the Company's commitment to data protection and its approach to collecting, processing, storing, and securing personal data.

2. Data Protection Officer (DPO)

2.1. The Company has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with data protection laws and regulations.

2.2. The DPO can be reached at dpo@kaluari.com.

3. Data Collection and Processing

3.1. The Company collects and processes personal data for legitimate business purposes only.

3.2. Personal data will be collected and processed fairly and lawfully, and data subjects will be informed about the purposes of processing through the data protection consent.

3.3. The Company will only collect and process personal data that is necessary for the specified purposes.

4. Data Security

4.1. The Company will implement appropriate technical and organizational security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.

4.2. Data security measures may include encryption, access controls, and regular security assessments.

5. Data Retention and Disposal

5.1. The Company will retain personal data only for as long as necessary to fulfil the purposes for which it was collected. 

5.2. Personal data will be securely disposed of when it is no longer needed, following established data disposal procedures.

6. Data Subject Rights

6.1. Data subjects have the right to access, rectify, and delete their personal data held by the Company.

6.2. The Company will respond to data subject requests promptly and in accordance with applicable laws.

7. Consent and Notice

7.1. The Company will obtain explicit consent from data subjects for data processing activities as required by law.

7.2. Privacy notices will be provided to data subjects, informing them of their rights and how their data is processed.

8. Data Breach Response

8.1. The Company has established procedures for detecting, reporting, and responding to data breaches. 

8.2. In the event of a data breach, the Company will notify the Data Protection Authority (DPA) and affected data subjects as required by law.

9. Cross-Border Data Transfers

9.1. The Company will ensure that cross-border data transfers comply with the Data Protection Act 2019.

9.2. Adequate safeguards will be in place for international data transfers.

10. Third-Party Data Processors

10.1. Third-party vendors and service providers that process personal data on behalf of the Company will be selected with due diligence.

10.2. Contracts with third parties will include data protection provisions and requirements.

11. Training and Awareness

11.1. The Company will provide training and awareness programs to employees to ensure they understand their data protection responsibilities.

11.2. Employees will be encouraged to report any data protection concerns to the DPO.

12. Accountability and Records Management

12.1. The Company will maintain records of data processing activities as required by law.

12.2. Regular compliance audits will be conducted to ensure ongoing adherence to data protection policies and procedures.

13. Review and Updates

13.1. This Data Protection Policy will be reviewed and updated regularly to reflect changes in data protection laws and regulations.

14. Legal Compliance

14.1. The Company is committed to complying with all applicable data protection laws and regulations.