Privacy Notice

Privacy Notice

Our Commitment 

KICTANet (Kenya ICT Action Network Trust) is dedicated to safeguarding your privacy and ensuring that your personal data is protected. This Privacy Policy outlines how we collect, use, and protect your personal information in compliance with the Data Protection Act, 2019 (Kenya). By interacting with us, whether online, in person, or through any of our services, you agree to the terms outlined in this policy.

 About us

KICTANet is a multi-stakeholder Think Tank for ICT policy and regulation which is a catalyst for reform in the Information and Communication Technology sector. KICTANet, is a trust registered in Kenya, is the entity that determines how and why your data is processed. As part of our work, we engage in research, events, training, advocacy, and collaboration with various stakeholders. This means that KICTANet is the ‘controller’ of your data. Therefore, this policy applies to all the personal data we collect through these activities.

  • Personal Data Collected

Personal data means any information that can be used to identify an individual. We collect and process personal data necessary for the operation of our services, including:

  • Personal Identification Information: Name, gender, disability status, age, financial and payment information, postal and physical addresses, email address, phone number, and other contact details.
  • Professional Information: Job title, organisation, stakeholder groups, and areas of interest or expertise.
  • Event Participation Data: Information related to your registration, attendance, and feedback at our events, workshops, and training sessions.
  • Research Data: Information you provide through surveys, interviews, or other research activities.
  • Communication Data: Emails, phone calls, and other communication records between you and KICTANet.
  • Social Media Information: Data collected through interactions with our social media platforms.
  • Financial Data: Payment information for services or donations, including billing address and transaction details.
  • Technical Data: IP address, browser type, and other data automatically collected when you visit our website.
  • How We Use Your Personal Data

The personal data we collect is used for the following purposes:

  • Service Delivery: To provide you with information, services, or products that you request from us.
  • Communication: To respond to queries, send you updates, newsletters, and other relevant communications.
  • Event Management: To manage your participation in our events, workshops, and training sessions.
  • Research and Advocacy: To conduct research and analysis for policy development and advocacy purposes.
  • Payment Processing: To process payments, monitor transactions and donations.
  • Security: To protect our IT systems and data against unauthorised access and breaches.
  • Compliance: To comply with legal obligations and regulatory requirements.
  • Online Performance: To monitor website performance and implement updates.

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • You have given us your consent to process your data for specific purposes.
  • Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which we are subject.
  • Processing is necessary for the legitimate interests of KICTANet, provided those interests are not overridden by your rights and interests.

4. Data Sharing and Disclosure

KICTANet treats all personal data as strictly confidential. Your data will be collected and processed primarily by our staff.  Access to your personal data is limited to staff who have a legitimate need to see it for the purpose of carrying out their job at KICTANet. We do not sell, rent or trade your data for any purposes to third parties. 

We may share your personal data with third parties in the following circumstances:

  • We may share your data with third-party service providers who assist us with IT services, payment processing, logistics, event management, and other operational needs.
  • We may share your data with our partners and collaborators for joint events, research, and advocacy projects.
  • We may disclose your data to comply with legal obligations or to protect our rights and interests.
  • We may share your data with third parties when you have provided explicit consent for such sharing.

We require all third parties to respect the security of your personal data and to treat it by the law. We do not allow our third-party service providers to use your personal data for their own purposes – we only permit them to process your personal data for specified purposes and in accordance with our instructions.

  1. Security of Personal Data 

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or disclosure. These measures include encryption, access controls, and regular security audits. 

  1. Your Rights

You have the following rights concerning your personal data:

  • The right to request access to the personal data we hold about you.
  • The right to be informed about what your personal data will be used for.
  • The right to request the correction of inaccurate or incomplete data.
  • The right to request the deletion of your personal data under certain conditions.
  • The right to request the restriction of data processing under certain conditions.
  • The right to receive your data in a structured, commonly used, and machine-readable format.
  • The right to object to the processing of your data based on legitimate interests.
  • The right to withdraw your consent at any time for processing based on consent.

To exercise any of these rights, please contact us using the details provided in the “Contact Us” section below.

7. Children’s Privacy

Our services are generally not intended for children under the age of 18, and we do not knowingly collect personal data from children without parental consent. However, if we need to collect personal data from a child under the age of 18, the parental consent of the parent or guardian shall be obtained.

  1. International transfers

Where we transfer your personal data outside Kenya, we ensure that appropriate safeguards are in place to protect your data, such as using Standard Contractual Clauses or equivalent mechanisms.

  1. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. When your data is no longer needed, we will securely delete or anonymize it. We will keep your personal data according to the Records Retention Schedule.

  1. Complaints

If you wish to exercise any of these rights, please contact our Data Protection Officer through info(at) kictanet.or.ke.

  1. Privacy Policy Updates

We may update this External Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you through our website or other communication channels.

This notice was last updated on 28.04.2024.