Capwell Industries Limited, (hereinafter referred to as “CIL”) in the course of its operation, collects, stores, uses and otherwise processes certain types of information (such as name, telephone numbers, address, images, Identity card details, fingerprint, photographs, etc.) of individuals that makes them identifiable (“personal data”). These individuals may include customers, current, past and prospective employees, suppliers/vendors, and other individuals whom CIL interacts or deals with, jointly and/or severally (“Data Subjects”).
CIL is committed to processing all personal data in accordance with the provisions of the Data Protection Act and the attendant Regulations which seek to safeguard the privacy rights of individuals, and any other relevant data protection laws (herein collectively referred to as “data protection laws”) CIL also fully respects individual’s right to privacy and is committed to preserving the rights of data subjects and entities who share their personal data with the Company.
This Policy applies to all employees of CIL, customers, as well as any external business partners (such as, suppliers, contractors, vendors and other service provider) who receive, send, collect, access, or process Personal Data in any way, on behalf of CIL, including processing wholly or partly, by automated means. This Policy also applies to third party Data Processors who process Personal Data under the instructions of CIL.
CIL will ensure that Personal data shall be:
All individuals who are the subject of Personal Data processed by CIL are entitled to the following rights:
CIL may engage the services of third parties in processing the Personal Data it collects. The processing by such third parties shall be governed by an express written contract, to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Data in accordance with the terms of this Policy and Data Protection laws. CIL may also share your personal data with law enforcement agencies as and when required by law to do so.
CIL will only process data where the data subject has given their explicit consent or where there is lawful basis to do so for one or more specific purposes or where the processing is deemed necessary:
CIL will only collect and process data that is adequate, relevant, and limited to what is necessary. CIL staff must not access data which they are not authorised to access nor have a reason to access.
Data shall only be collected for the performance of the stated duties and tasks. Moreover, staff shall not ask data subjects to provide personal data unless that is strictly necessary for the intended purpose and shall ensure that data that is no longer needed for the specific purpose for which they were collected is deleted, erasedd, anonymised or pseudonymised
CIL will ensure that the personal data it collects, and processes is accurate, kept up to date, corrected or deleted without delay.
CIL have put in place data security measures and safeguards to ensure that by default, only personal data which is necessary for each specific purpose and that appropriate measures are employed against unauthorized access, accidental loss, damage and destruction to data. This includes the use of password encrypted databases for digital storage and locked cabinets for those physical files.
Where necessary, CIL will maintain adequate records to show that explicit consent was obtained before processing of personal data. Data will not be processed after the withdrawal of consent by a data subject.
CIL will process sensitive personal data only when:
CIL will transfer personal data out of Kenya only when they have:
CIL will process sensitive personal data out of Kenya only after obtaining the consent of a data subject and on receiving confirmation of appropriate safeguards.
The Data retention period in CIL is determined by legitimate needs. Adequate records of decision making will be maintained accordingly.
The adequacy and effectiveness of this policy is subject to the regular i reviews. Where this policy is amended, an updated version shall be provided.