PS KENYA Data Privacy Statement

PSKENYA operates in a complex, data-oriented environment that requires use of personal data to fulfil its core mandate in serving various stakeholders. This policy is our statement of commitment to handle your personal data with the privacy it requires and in accordance with the provisions of various laws and regulations.

The policy also spells out your rights and indicates the controls the organization has established to safeguard your data.


This Data Privacy statement applies to all employees, interns, and contracted staff who’ve been seconded to PSKENYA by their employers.

Individual Statements

  1. Acknowledgement and consent.
  2.  When is personal data collected from you?
  3.  What personal data is collected from you?
  4.  Why do we need to collect and use your personal data?
  5.  Do we retain any of your personal data?
  6.  With whom will we share/disclose your personal data?
  7.  Transfer of your information
  8.  Direct marketing
  9.  Access to or updating your personal data.
  10.  Safeguarding and protecting your personal data.
  11.  Handling your sensitive personal data
  12.  Your rights

1. Acknowledgement and Consent

By choosing to interact with us in any of the ways outlined in section 2, you will be doing so with the full knowledge and consent that we will collect and process your personal data.

By consenting, you allow us to collect, process, store, disclose, and transfer your data as guided in the provisions of the data protection laws.

By withholding or withdrawing your consent PSKENYA shall terminate any agreement with you and reject any further application.

Please note that withholding or withdrawing your consent shall not apply to any processing done on your personal data prior to you exercising this right.

2. When is personal data collected fromyou?

We will collect your personal information when: (This list is not exhaustive):

  • You apply for a job at PSKENYA through our online portal or via email.
  •  You are being onboarded onto PSKENYA as an employee.
  • In the course of your employment, you provide us with additional personal details for various purposes e.g., updating our records.
  • Visit any of our offices, including where you may be required to fill in your details at the entrance or are captured by our CCTV cameras strategically placed at our premises for security purposes.

3. What personal data is collected fromyou?

Whenever you interact with us, we will collect the following information from you. (please note that this list is not exhaustive):

a. Data that is necessary to process your job applicationincluding:

  • Your personal details including: full names, identification document type and number (i.e. National ID, Passport, Alien ID), phone number or contact details, email address, location, postal address, date of birth, age, gender,driving license number, citizenship, marital status.
  •  Information collected from third parties e.g. former employers, referees, credit reference bureaus, government entities (e.g. DCI – Certificate of good conduct, Mtihani house to verify academic documents) and also from various academic institutions to validate the professional certifications) for purposes of background checks and vetting.

b. Data necessary to onboard you as an employee including:

  • Personal data as (a) above including passport photographs, NSSF number, NHIF number, KRA PIN and ID Number.
  •  Bank account details.
  •  Next of kin details, emergency contact(s) and dependents (including children) details including their: full names, relationship, contact details for emergency purposes.
  •  Your medical or health information details to onboard you onto relevant medical schemes.

4. Why do we need to collect and use your personal data?

The Data Protection Act provides the lawful basis for which we may collect and process your information including consent provided by you to collect and process the information, to aid in the performance of a product or service contract we have with you, to comply to a legal or regulatory obligation or requirement, for public and data subject interests and for various legitimate business interests of PSKENYA.

We will use and process this information for various purposes including: (please note that this list is not exhaustive):

  1.  To facilitate the hiring processes.
  2.  To facilitate enrollment into various schemes e.g., insurance, pension, medical etc.
  3.  To enable the organization to conduct background checks with previous employers, relevant government bodies or academic institutions or referees.
  4. To facilitate other human resource and business administration activities including, performance appraisals, leave management, workforce management etc.
  5. To facilitate any legal procedures or recourse.

5. Do we retain any of your personal data?

PSKENYA shall not retain your data any longer than is necessary and as shall be determined by the purpose for which the data was collected and whether that purpose has been fulfilled unless as circumstances may dictate including applicable legal and regulatory requirements, consent by you, for legitimate lawful purposes or for historical and reporting purposes.

6. With whom will we share/disclose your personaldata?

We will not share or disclose any of your information except in accordance with applicable laws and regulations.

However, PSKENYA may share or disclose your information to:

  1.  Subsidiaries of PSKENYA who may require your personal data to deliver services to
  2. Third party organizations that provide background checks services for PSKENYA.
  3.  Third-party insurance companies for purposes of enrolling you into various insurance schemes.
  4.  Legal, regulatory, or any other statutory authority for purposes of complying to or responding to a demand by the said authorities. E.g., NSSF, NHIF, HELB, External Auditors etc.
  5. Various government databases to comply with applicable regulatory requirements e.g., Mtihani house, DCI

7. Commercial use of your personal data

PSKENYA will seek your consent to opt-in to receive commercial updates via our various communication channels. We will also seek your consent before sharing your data with third parties for the purposes of commercial use of your data.

8. Access to or updating your personal data.

The organization will offer you a platform where you can view your personal details as captured however any updates to the information will require a formal request to be sent to the human resources department following the various stipulated internal processes.

9. Safeguarding and protecting your personal data.

PSKENYA has put in place various operational and technical controls to safeguard your data from unauthorized access or modification. We are also continually enhancing our controls in line with the ever-evolving threat environment.

10. Handling your sensitive personal data

PSKENYA shall not collect or process your sensitive personal data except as necessary to carry out the activities prescribed in section 4 above.

11. Transfer of your personal data outsideKenya

Every data controller or data processor is required to ensure the storage, on a server or data centre located in Kenya, of at least one serving copy of personal data to which the Act applies.

Cross-border processing of sensitive personal data is prohibited and only allowed when certain conditions are met or under certain circumstances specified in the
Act (Part IV – 48– 50).

A data controller or data processor may transfer personal data to another country where—

  •  The data controller or data processor has given proof to the Data Commissioner on the appropriate safeguards with respect to the security and protection of the personal data;
  • The data subject has given explicit consent to the proposed transfer, after having been informed of the possible risks of the transfer such as the absence of appropriate security safeguards;
  • The transfer is necessary for performance of a contract.

PSKENYA may from time to time transfer your personal data outside Kenya as circumstances may allow in fulfilment of its obligations. This shall however be done with the requisite and appropriate approvals and safeguards on the data.

12. Your rights.

Your rights as spelt out in the data protection laws include the below. Please note that these are subject to legal or regulatory exceptions, and we reserve the right to override the exercise of your rights where there is a legitimate reason, legal or regulatory requirement to do so as may be applicable.

  1. Right to be informed of the use to which your personal data is to be put.
  2.  Right to access your personal data.
  3. Right to object to the processing of all or part of your personal data.
  4. Right to correction of false or misleading data about you.
  5. Right to deletion of false or misleading data about you.
  6.  Right to erase your personal data that we are no longer authorized to retain, irrelevant, excessive, or obtained unlawfully.
  7.  Right to be informed that we are collecting personal data about you.
  8.  Right to withdraw your consent to the processing of your personal data.
  9. Right to request restricted processing of your personal data.
  10. Right to request transfer of your personal data.
  11.  Right to not be subject to a decision based on automated processing; subject to such automated processing producing legal effects that affect you.
  12. Right to decline use of your personal data for commercial purposes.
  13.  Right to be informed about the breach to your personal data unless your identity
    cannot be established in that breach.
  14.  Right to lodge a complaint with the office of the Data Commissioner if you feel aggrieved by a decision made by PSKENYA using the prescribed mechanisms in the protection laws


Infringement of provisions of the Kenya Data Protection Act (DPA) will attract a penalty of not more than KES 5 million or in the case of an undertaking, not more than 1% of its annual turnover of the preceding financial year, whichever is lower. Individuals will be liable to a fine not exceeding three million shillings or to an imprisonment term not exceeding ten years, or to both

Our Contacts
Our contact details are:
P.O. Box 222591-00400, Nairobi Telephone:
0709 975300

13. Data Protection Officer (DPO) Contacts

Email Address:
Telephone: 0709975300