INEND’s DATA PROTECTION AND PRIVACY POLICY
Initiative for Equality and Non-Discrimination (INEND) is a local non-profit organization established in response to the need for new, expanded, and diversified organizing, on issues affecting sexual and gender minorities in Kenya. INEND is committed to protecting your privacy online and offline. This Privacy Policy describes our practices in connection with information that we collect through the website, virtual events and physical events when you interact with us, including emails that you receive from us.
In accordance with the Data Protection Act 2019, INEND has implemented this privacy policy to inform you of the types of data we process about you. Under the Data Protection Act 2019, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- Processing is in accordance with your right to privacy.
- Processing is lawful, fair and done in a transparent manner.
- Data is collected for explicit, specified and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Data is collected only where a valid explanation is provided whenever information relating to family or private affairs is required.
- Data is accurate and, where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data is erased or rectified without delay.
- Data is kept in a form that identifies the data subjects for no longer than is necessary for the purposes for which it was collected.
- Data is not transferred outside Kenya unless there is proof of adequate data protection safeguards or consent from the data subject.
We collect personal information in the following ways:
● When you attend any of our events
● When you sign up and participate in any online action
● When you donate to us
● When you sign up for our human rights education courses
● When you participate in other online campaigns or activities that INEND is part of.
● When you apply for a job or a consultancy opportunity with us.
If you choose to provide it, we can collect the following types of personal information from you:
● Name
● Age
● Address
● Email address
● Phone number
● Mobile money and credit card details
● Information provided for the purpose of applying for a job or volunteering opportunity, including gender, ethnicity, sexual orientation, disability and criminal convictions.
We may use Personal Information for our legitimate business interests, including the following:
● Providing the Site’s functionality and fulfilling your requests.
– To allow you to start and/or sign petitions, complete surveys, and send messages through the Site.
– To respond to your inquiries and fulfill your requests, such as sending you updates by email.
– To send you important information regarding the Site, changes to our terms, conditions, policies, and/or other administrative information.
– To process your donation or payment, communicate with you regarding your donation, and provide you with related services.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
To communicate with you:
● To communicate with you about INEND’s campaigns, including by telephone, text message, or partners’ websites (e.g., Facebook), if you have voluntarily provided your telephone number to us.
Accomplishing our organizational purposes:
● For our organizational purposes, such as data analysis, for example, to improve the efficiency of our services.
● For enhancing, improving, or modifying the website or our Services and developing new products and services.
● For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, contractual or donor requirements.
● For identifying usage trends, for example, understanding which parts of our Site interest users most.
● For determining the effectiveness of our programs, so that we can adapt our programs to the needs and interests of our users; and
● For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks.
How You May Access or Change Your Personal Information
If you would like to request to review, correct, update, restrict, or delete Personal Information that you have provided to us, object to the processing of Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another organization (to the extent this right to data portability is provided to you by the Data Protection Act), you may contact us using the email address provided at the end of this policy.
For your data safety, we will only implement requests with respect to the personal information associated with the email address that you use when sending us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for legal and operational purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
Retention Period for Data
We only hold your personal information on our systems for as long as is necessary for the purposes outlined above. We remove personal data from our systems once it is no longer required, in line with our guidelines on how long important information must remain accessible for future use or reference, as well as when and how data can be destroyed when it is no longer needed.
The length of time each category of data will be retained will vary depending on how long we need to process it for, the reason it was collected and in line with any statutory requirements. After this time the data will either be deleted, or we may retain a secure anonymized record for research and analytical purposes.
Minors – Persons under the age of 18
We require that all people under 18 years of age and who would like to get involved in INEND’s work ensure that they obtain parent/guardian’s permission before giving us their personal information.
Access to and your rights over your personal information
The personal data we hold about you is yours. You have the following rights over your information:
● To be informed of the use to which your personal data is to be put.
● To access your personal data in our custody.
● To object to the processing of all or part of your personal data. This includes contacting you via email. All our email communications to you will contain an unsubscribe link.
● To correct false or misleading data.
● Deletion of false or misleading data about you
Measures to Protect Your Personal Data
INEND maintains up-to-date antivirus applications on all terminals and routinely trains all staff on emergent areas in cybersecurity. All INEND staff have been trained to avoid cyberattacks, phishing, baiting, password theft and social engineering. Adequate measures have been put in place at our physical premises to ensure appropriate staff has the necessary access to personal data stored within the office. All staff have been trained on organization email use and the organization maintains an email policy.
Third-Party Websites
Our website may have links to third party websites or applications. This policy does not apply to such pages or applications operated by other organisations. This includes the websites or applications of partner organizations or related organisations or third-party sites. These other sites may have their own privacy policies which apply to them.
Hosting and processing arrangements
Our websites are hosted by third-party service providers and therefore personal details you submit through them may be processed by that third-party service provider.
We may also use third parties to process your personal details including in the following ways:
● To action all online expressions of interest to support INEND or take actions and manage all related communications.
● To process online payments.
All third-party services providers process your personal information on our behalf and are bound by contractual terms that are compliant with the Data Protection Act 2019.
Payment Processing and Fraud
When your card details are submitted, they may be shared with banks and other nancial institutions to process your payments. Where fraudulent transactions are suspected, your personal information may be submitted for further checks.
Your personal information may be shared in circumstances where we are legally required to share such information.
Recruitment Privacy Notice
INEND has implemented this privacy notice to inform you, as prospective employees of our organisation, of the types of data we process about you. We keep several categories of personal data on our prospective employees in order to carry out efficient and transparent recruitment processes. Information collected during a recruitment process will only be used for recruitment and selection processes and will not be disclosed to a third party without your consent. Specifically, we hold the following types of data:
1. Personal details such as name, address, phone numbers.
2. Your gender
3. Information collected from your Curriculum Vitae and cover letter.
4. References from your former employers
5. Details on your education and employment history etc
6. Criminal convictions
INEND employees who are involved in recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with the Data Protection Act.
INEND does not share your data with third parties. We may transfer your personal data to other partners, and this is solely done for recruitment purposes.
Sensitive personal information regarding gender, age, sexual orientation, religion and faith, caring responsibilities, disability, ethnic origin and region of origin will be anonymised and will be used for cultural diversity and equal opportunities monitoring purposes only.
Unsuccessful applications will be retained for six months after the conclusion of the selection process. At the end of this period, we will delete or destroy your data from our systems permanently. All applicants will be required to sign a declaration consenting to INEND processing personal information on the privacy terms set herein.
This applies to all suppliers, contractors and service providers of INEND.
Cookies
INEND’s website, like most websites, uses cookies. This statement explains what cookies are, how INEND uses them, and how they can be controlled.
What are cookies?
A cookie is a small file of letters and numbers that we place on your computer or mobile device, if you agree. These cookies allow us to distinguish you from other users of our website. You can set up your computer to refuse cookies by turning them off in your browser. You do not need to have cookies turned on to use INEND’s website. To find out more about cookies or how to delete cookies in your browser, please visit: www.aboutcookies.org.
How INEND uses cookies
● To compile statistical data on the use of our website, in order to monitor and improve it.
● To facilitate our user’s ability to navigate through our website
● To allow us to share our web pages via social media platforms.
Opting out of our newsletters and other mailings
All our digital newsletters are equipped with a link by which recipients can remove themselves from the email list. If you experience difficulties in cancelling your subscription, please send an email via the address provided below. We will respond as soon as possible, but within 14 working days, to your request.
Cross-Border Transfer
Your personal information is stored and processed in Kenya. In certain instances where we engage other organizations and service providers, we may transfer your personal information outside the country as per the guidelines provided by the Data Protection Act and the Data commission. In these instances, we will seek your prior and informed consent before we initiate the transfers.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access, unwanted disclosure or unauthorised modification, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and physically. If you suspect that your data is not secure or that there are indications of a breach, please contact us via the email address at the end of this policy.
Complaints
If you wish to lodge a complaint about our handling of your personal data, please get in touch with us on the details above with the details of your complaint; we aim to respond to all complaints within 14 working days.
If you wish to exercise any of these rights or have any questions about this policy, you may contact us in the following ways:
By post:
Initiative for Equality and Non Discrimination (INEND)
P.O BOX 10315-80101
Mombasa, Kenya
By email: info@inend.org