Data Protection Policy

1.1. Kaluari Limited("the Company") is committed to protecting the privacy and data of it’s users and complying with the Data Protection Act 2019 of Kenya and other applicable data protection regulations.

1.2. This Data Protection Policy outlines the Company's commitment to data protection and its approach to collecting, processing, storing, and securing personal data.

2.1. The Company has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with data protection laws and regulations.

2.2. The DPO can be reached at dpo@kaluari.com.

3.1. The Company collects and processes personal data for legitimate business purposes only.

3.2. Personal data will be collected and processed fairly and lawfully, and data subjects will be informed about the purposes of processing through the data protection consent.

3.3. The Company will only collect and process personal data that is necessary for the specified purposes.

4.1. The Company will implement appropriate technical and organizational security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.

4.2. Data security measures may include encryption, access controls, and regular security assessments.

5.1. The Company will retain personal data only for as long as necessary to fulfil the purposes for which it was collected. 

5.2. Personal data will be securely disposed of when it is no longer needed, following established data disposal procedures.

6.1. Data subjects have the right to access, rectify, and delete their personal data held by the Company.

6.2. The Company will respond to data subject requests promptly and in accordance with applicable laws.

7.1. The Company will obtain explicit consent from data subjects for data processing activities as required by law.

7.2. Privacy notices will be provided to data subjects, informing them of their rights and how their data is processed.

8.1. The Company has established procedures for detecting, reporting, and responding to data breaches. 

8.2. In the event of a data breach, the Company will notify the Data Protection Authority (DPA) and affected data subjects as required by law.

9.1. The Company will ensure that cross-border data transfers comply with the Data Protection Act 2019.

9.2. Adequate safeguards will be in place for international data transfers.

10.1. Third-party vendors and service providers that process personal data on behalf of the Company will be selected with due diligence.

10.2. Contracts with third parties will include data protection provisions and requirements.

11.1. The Company will provide training and awareness programs to employees to ensure they understand their data protection responsibilities.

11.2. Employees will be encouraged to report any data protection concerns to the DPO.

12.1. The Company will maintain records of data processing activities as required by law.

12.2. Regular compliance audits will be conducted to ensure ongoing adherence to data protection policies and procedures.

13.1. This Data Protection Policy will be reviewed and updated regularly to reflect changes in data protection laws and regulations.

14.1. The Company is committed to complying with all applicable data protection laws and regulations.