PRIVACY NOTICE FOR WEBSITE
What is personal information?
“Personal information” means any information relating to an identified or identifiable natural person;
In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly.
What personal data do we collect?
We currently collect and process the following information:
• Any identifying name, number, mark, email address, street name, phone number, online identity, postal address, or other specific designation given to the person.
• Details regarding the race, information about a person’s age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and place of birth. It may also include information about their gender, marital status, national, ethnic, or social origin, color.
• The individual’s personal beliefs, viewpoints, or preferences.
• Emails that the sender directly or implicitly designates as private or confidential, as well as follow-up messages that would divulge the original email’s contents.
• The ideas or viewpoints of another person regarding the person.
Why do we collect your personal information?
We collect your Personal Information for the purpose of providing our services to you. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
If we collect your sensitive information, we will do so only with your consent, if it is necessary or authorized by law, and we take appropriate measures to protect the security of this information.
How do we collect your personal data?
Most of the personal information we process is provided to us directly by you.
How will we use your personal data?
· As an organization that provides data subjects with a service or with data interaction for a lawful reason, we need to gather certain information to be able to do so and in a certain manner.
• The information we collect will depend on the reasons for which it is collected and used. This might differ in our various interactions. We will only collect information that we need for that particular purpose as agreed upon and no more than necessary. We’ll also tell you what information you need to provide to us and what information is optional.
How do we keep your personal data safe?
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for eight years.
Whether we share your personal data with third parties
We may disclose your personal information to third parties in accordance with the Data Protection Policy, other government institutions in the execution of their statutory or constitutional mandates, our external auditors, contractual service providers when necessary and where you would reasonably expect us to disclose your information.
What are your data protection rights?
When you provide personal data to us you have certain rights available to you in relation to that data. These rights are outlined below and can be exercised by contacting the Data Protection Officer, indicating which right you wish to exercise:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request in writing, we shall respond to you within fourteen days upon receipt.
In case of any enquiries or complaints contact:
Data Protection Officer
Email: dpo@oagkenya.go.ke
Office of the Auditor General
Anniversary Towers, University Way
P. O. Box 30084-00100
Nairobi
In case of complaints you can contact the Office of the Data Protection Commissioner
Office of the Data Protection Commissioner
Communications Authority Centre
P.O Box 30920-00100
Nairobi