INEND’s DATA PROTECTION AND PRIVACY POLICY

Initiative for Equality and  Non-Discrimination  (INEND)  is  a local non-pro  t organization established in response to the need for new, expanded, and diversi  ed organizing, on issues a  ecting sexual and gender minorities in Kenya.

INEND is committed to protecting your privacy online and o   ine. This Privacy Policy describes our practices in connection with information that we collect through the website, virtual events and physical events when you interact with us, including emails that you receive from us.

In accordance with the Data Protection Act 2019, INEND has implemented this privacy policy to inform you of the types of data we process about you.

Under the Data Protection Act 2019, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

1.  Processing is in accordance with your right to privacy.

2.  Processing is lawful, fair and done in a transparent manner.

3.  Data is  collected for explicit, speci  ed and legitimate purposes and not further processed in a manner incompatible with those purposes.

4.  Data is  adequate, relevant, and limited to what is necessary  in relation to the purposes for which it is processed.

5.  Data is collected only where a valid explanation is provided whenever information relating to family or private a  airs is required.

6.  Data is accurate and, where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data is erased or recti ed without delay.

7.  Data is kept in a form that identi es the data subjects for no longer than is necessary for the purposes for which it was collected.

8.  Data  is  not  transferred  outside  Kenya unless  there is  proof of adequate data protection safeguards or consent from the data subject.

We collect personal information in the following ways:

●  When you attend any of our events

●  When you sign up and participate in any online action

●  When you donate to us

●  When you sign up for our human rights education courses

●  When you participate in other online campaigns or activities that INEND is part of.

●  When you apply for a job or a consultancy opportunity with us.

If you choose to provide it, we can collect the following types of personal information from you:

●  Name

●  Age

●  Address

●  Email address

●  Phone number

●  Mobile money and credit card details

●   Information  provided for  the  purpose  of  applying for a job  or volunteering opportunity, including gender, ethnicity, sexual orientation, disability and criminal convictions.

How we use your personal information

We may use  Personal  Information for our legitimate business interests,  including the following:

●  Providing the Site’s functionality and ful lling your requests.

o   To allow you to start and/or  sign petitions,  complete surveys, and send messages through the Site.

o   To respond to your inquiries and ful ll your requests, such as sending you updates by email.

o   To send you important information regarding the Site, changes to our terms, conditions, policies, and/or other administrative information.

o   To process your donation or payment, communicate with you regarding your donation, and provide you with related services.

We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.

To communicate with you;

●   To communicate with you about INEND’s campaigns, including by telephone, text message, or partners’ websites (e.g., Facebook), if you have voluntarily provided your telephone number to us.

Accomplishing our organizational purposes;

●   For our organizational  purposes, such as data analysis, for example, to improve the e    ciency of our services.

●   For enhancing, improving, or modifying the website or our Services and developing new products and services;

●   For audits,  to  verify that  our  internal processes  function  as  intended and are compliant with legal, regulatory, contractual or donor requirements.

●   For identifying usage trends, for example, understanding  which parts of our Site interest users most.

●   For determining the e ectiveness  of our  programs,  so  that  we can adapt our programs to the needs and interests of our users; and

●   For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks.

How You May Access or Change Your Personal Information

If  you  would like to  request  to  review, correct, update, restrict,  or delete Personal Information that you have provided to us, object to the processing of Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another organization (to the extent this right to data portability is provided to you by the Data Protection Act), you may contact us using the email address provided at the end of this policy.

For your  data safety,  we will only implement requests  with respect  to  the personal information associated with the email address that you use when sending us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please  note that  we may need to retain certain information for legal and operational purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

Retention Period for Data

We only hold your personal information on our systems for as long as is necessary for the purposes outlined above. We remove personal data from our systems once it is no longer required, in line with our guidelines on how long important information must remain accessible for future use or reference, as well as when and how data can be destroyed when it is no longer needed.

The length of time each category of data will be retained will vary depending on how long we need to  process  it for, the reason it was collected and in line with any statutory requirements. After this time the data will either be deleted, or we may retain a secure anonymized record for research and analytical purposes.

Minors – Persons under the age of 18

We require that all people under 18 years of age and who would like to get involved in INEND’s work, ensure that they obtain parent/guardian’s permission before giving us their personal information.

Access to and your rights over your personal information

The personal data we hold about you is yours.  You have the following rights over your information:

●  To be informed of the use to which their personal data is to be put.

●  To access their personal data in our custody.

●   To object to the processing of all or part of their personal data. This includes contacting you via email. All our email communications to you will contain an unsubscribe link.

●  To correct ,false or misleading data.

●  To deletion of false or misleading data about you

Measures to Protect Your Personal Data

INEND maintains up-to-date antivirus applications on all terminals and routinely trains all sta    on emergent areas  in cybersecurity. All INEND  sta    have been trained to avoid cyberattacks, phishing, baiting, password theft and social engineering.

Adequate measures have been put in place at our physical premises to ensure appropriate sta   has the necessary access to personal data stored within the o   ce.

All sta    have been trained on organization email use and the organization maintains an email policy.

Third-Party Websites

Our website may have links to third party websites or applications. This policy does not apply to such  pages or applications operated by other organisations. This includes the websites or applications of partner organizations or related organisations or third-party sites. These other sites may have their own privacy policies which apply to them.

Hosting and processing arrangements

Our websites are hosted by third-party  service providers and therefore personal details you submit through them may be processed by that third-party service provider.

We may also use third parties to process your personal details including in the following ways:

●   To action all online expressions of interest to support INEND or take actions and manage all related communications.

●  To process online payments.

All third-party  services providers process your personal information on our behalf and are bound by contractual terms that are compliant with the Data Protection Act 2019.

Payment Processing and Fraud

When your card details are submitted, they may be shared with banks and other   nancial institutions to process your payments. Where fraudulent transactions are suspected, your personal information may be submitted for further checks.

Your personal information may be shared in circumstances where we are legally required  to share such information.

Recruitment Privacy Notice

INEND has implemented this privacy notice to inform you, as prospective  employees of our organisation, of the types of data we process about you. We keep several categories of personal data on our prospective employees in order to carry out e  cient and transparent recruitment processes. Information collected during a recruitment process will only be used for recruitment and selection processes and will not be disclosed to a third party without your consent. Speci  cally, we hold the following types of data:

1.  Personal details such as name, address, phone numbers.

2.  Your gender

3.  Information collected from your Curriculum Vitae and cover letter.

4.  References from your former employers

5.  Details on your education and employment history etc

6.  Criminal convictions

INEND employees who are involved in recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with the Data Protection Act.

INEND does not share your data with third parties. We may transfer your personal data to other partners, and this is solely done for recruitment purposes.

Sensitive personal information regarding gender, age, sexual orientation, religion and faith, caring responsibilities, disability, ethnic origin and region of origin will be anonymised and will be used for cultural diversity and equal opportunities monitoring purposes only.

Unsuccessful  applications  will be retained for six  months after the conclusion of the selection process. At the end of this period, we will delete or destroy your data from our systems permanently. All applicants will be required to sign a declaration consenting to INEND processing personal information on the privacy terms set herein.

This applies to all suppliers, contractors and service providers of INEND.

Cookies

INEND’s website, like most websites, uses cookies. This statement explains what cookies are, how INEND uses them, and how they can be controlled.

What are cookies?

A cookie is a small   le of letters and numbers that we place on your computer or mobile device, if you agree. These  cookies allow us to distinguish you from other users of our website.  You can set up your computer to refuse cookies by turning them o   in your browser. You do not need to have cookies turned on to use INEND’s website.

To    nd  out  more about  cookies  or  how  to  delete cookies  in your browser,  please visit:  www.aboutcookies.org.

How INEND uses cookies

●   To compile statistical data on the use of our website, in order to monitor and improve it.

●  To facilitate our user’s ability to navigate through our website

●  To allow us to share our web pages via social media platforms.

Opting out of our newsletters and other mailings

All our  digital newsletters  are equipped with a link by which recipients can remove themselves from the email list. If you experience di  culties in cancelling your subscription, please send an email via the address provided below. We will respond  as soon as possible, but within 14 working days, to your request.

Cross-Border Transfer

Your personal information is stored and processed in Kenya. In certain instances where we engage other  organizations   and  service  providers,   we  may  transfer  your  personal information outside the country as per the guidelines provided by the Data Protection Act and the Data Commissioner. In these instances, we will seek your prior and informed consent before we initiate the transfers.

Security

We are committed to  ensuring  that  your information is  secure.  In  order to prevent unauthorised  access, unwanted disclosure or unauthorised modi cation, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and physically.

If you suspect that your data is not secure or that there are indications of a breach, please contact us via the email address at the end of this policy.

Complaints

If you wish to lodge a complaint about our handling of your personal data, please get in touch with us on the details above with the details of your complaint; we aim to respond to all complaints within 14 working days.

If you wish to exercise any of these rights or have any questions about this policy, you may contact us in the following ways:

By post:

Initiative for Equality and Non Discrimination (INEND)

P.O BOX 10315-80101

Mombasa, Kenya

By email:  info@inend.org

Skip to content