PSKENYA operates in a complex, data-oriented environment that requires use of personal data to fulfil its core mandate in serving various stakeholders. This policy is our statement of commitment to handle your personal data with the privacy it requires and in accordance with the provisions of various laws and regulations.
The policy also spells out your rights and indicates the controls the organization has established to safeguard your data.
This Data Privacy statement applies to all employees, interns, and contracted staff who’ve been seconded to PSKENYA by their employers.
By choosing to interact with us in any of the ways outlined in section 2, you will be doing so with the full knowledge and consent that we will collect and process your personal data.
By consenting, you allow us to collect, process, store, disclose, and transfer your data as guided in the provisions of the data protection laws.
By withholding or withdrawing your consent PSKENYA shall terminate any agreement with you and reject any further application.
Please note that withholding or withdrawing your consent shall not apply to any processing done on your personal data prior to you exercising this right.
We will collect your personal information when: (This list is not exhaustive):
Whenever you interact with us, we will collect the following information from you. (please note that this list is not exhaustive):
a. Data that is necessary to process your job applicationincluding:
b. Data necessary to onboard you as an employee including:
The Data Protection Act provides the lawful basis for which we may collect and process your information including consent provided by you to collect and process the information, to aid in the performance of a product or service contract we have with you, to comply to a legal or regulatory obligation or requirement, for public and data subject interests and for various legitimate business interests of PSKENYA.
We will use and process this information for various purposes including: (please note that this list is not exhaustive):
PSKENYA shall not retain your data any longer than is necessary and as shall be determined by the purpose for which the data was collected and whether that purpose has been fulfilled unless as circumstances may dictate including applicable legal and regulatory requirements, consent by you, for legitimate lawful purposes or for historical and reporting purposes.
We will not share or disclose any of your information except in accordance with applicable laws and regulations.
However, PSKENYA may share or disclose your information to:
PSKENYA will seek your consent to opt-in to receive commercial updates via our various communication channels. We will also seek your consent before sharing your data with third parties for the purposes of commercial use of your data.
The organization will offer you a platform where you can view your personal details as captured however any updates to the information will require a formal request to be sent to the human resources department following the various stipulated internal processes.
PSKENYA has put in place various operational and technical controls to safeguard your data from unauthorized access or modification. We are also continually enhancing our controls in line with the ever-evolving threat environment.
PSKENYA shall not collect or process your sensitive personal data except as necessary to carry out the activities prescribed in section 4 above.
Every data controller or data processor is required to ensure the storage, on a server or data centre located in Kenya, of at least one serving copy of personal data to which the Act applies.
Cross-border processing of sensitive personal data is prohibited and only allowed when certain conditions are met or under certain circumstances specified in the
Act (Part IV – 48– 50).
A data controller or data processor may transfer personal data to another country where—
PSKENYA may from time to time transfer your personal data outside Kenya as circumstances may allow in fulfilment of its obligations. This shall however be done with the requisite and appropriate approvals and safeguards on the data.
Your rights as spelt out in the data protection laws include the below. Please note that these are subject to legal or regulatory exceptions, and we reserve the right to override the exercise of your rights where there is a legitimate reason, legal or regulatory requirement to do so as may be applicable.
PENALTIES FOR NON-COMPLIANCE:
Infringement of provisions of the Kenya Data Protection Act (DPA) will attract a penalty of not more than KES 5 million or in the case of an undertaking, not more than 1% of its annual turnover of the preceding financial year, whichever is lower. Individuals will be liable to a fine not exceeding three million shillings or to an imprisonment term not exceeding ten years, or to both
Our contact details are:
JUMUIA PLACE, LENANA RD
P.O. Box 222591-00400, Nairobi Telephone:
Email Address: firstname.lastname@example.org