At Infopromo Communications, we are dedicated to maintaining the highest standards of data protection and privacy. This page outlines how we handle your personal data, ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and local regulations such as those set forth by the Office of the Data Protection Commissioner in Kenya.

Introduction to Data Processing

Data processing involves the collection, storage, use, and sharing of personal data. We are committed to processing your data in a lawful, fair, and transparent manner. Our data processing activities adhere to the principles outlined in GDPR, as well as relevant local regulations, ensuring that your data is handled with the utmost care and respect.

Types of Data Collected

• Personal Data: We collect personal data that includes, but is not limited to, your name, email address, phone number, IP address, and any other information you provide directly or through our services.

• Non-Personal Data: We also collect non-personal data such as device information, browser type, operating system, and browsing behavior. This information helps us enhance our services and improve user experience.

Purpose of Data Processing

• Service Provision: We process data to provide, manage, and improve our services. This includes account management, customer support, and personalizing your experience.

• Marketing: With your explicit consent, we may use your data for marketing purposes, including sending promotional materials and offers. We also use data to personalize advertisements and content based on your preferences.

• Compliance: We process data to comply with legal obligations, including responding to lawful requests from authorities, preventing fraud, and ensuring the security of our services.

Data Sharing and Third-Party Processors

• Third-Party Involvement: We may share your data with third-party service providers who assist us in delivering our services. This includes cloud providers, payment processors, and analytics services.

• Data Processing Agreements: We have data processing agreements in place with all third-party processors to ensure they handle your data securely and in accordance with GDPR and other applicable data protection laws.

• International Data Transfers: If we transfer data outside of your country, we ensure these transfers comply with data protection laws. This is achieved through mechanisms such as standard contractual clauses and ensuring adequate protection as required by GDPR.

Data Retention

• Retention Periods: We retain personal data only as long as necessary to fulfill the purposes for which it was collected. This includes compliance with legal obligations, resolving disputes, and enforcing agreements.

• Deletion Policies: Once data is no longer needed, we delete or anonymize it securely. You can request the deletion of your data at any time, and we will process such requests in accordance with GDPR and applicable local laws.

Data Subject Rights

Under GDPR and local data protection laws, you have the following rights:

• Access: You have the right to access the personal data we hold about you and obtain information about how it is processed.

• Correction: You can request that we correct any inaccurate or incomplete personal data.

• Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.

• Objection and Restriction: You have the right to object to or request the restriction of processing of your personal data in certain circumstances.

• Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller if feasible.

• Withdrawal of Consent: If we process data based on your consent, you can withdraw your consent at any time. This withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

GDPR Compliance

• Legal Basis for Processing: We process personal data based on several legal grounds under GDPR, including your consent, the performance of a contract, compliance with legal obligations, and legitimate interests.

• Data Protection Officer: We have appointed a Data Protection Officer (DPO) to oversee our compliance with GDPR. You can contact our DPO at info[at]infopromo.digital for any GDPR-related queries.

• Certification: Infopromo Communications is certified as a data processor with the Office of the Data Protection Commissioner in Kenya and other international bodies. This certifications demonstrate our commitment to adhering to data protection regulations and best practices.

Data Security Measures

• Protection: We implement robust technical and organizational measures to safeguard your data. This includes encryption, access controls, regular security assessments, and secure data storage practices.

• Compliance with Regulations: Our security measures comply with GDPR, the Kenya Data Protection Act, and other relevant regulations, ensuring that your data is protected against unauthorized access and breaches.

Reporting and Breach Notification

• Incident Response: We have a detailed incident response plan to address data breaches. If a breach occurs, we will notify affected individuals and the relevant authorities promptly, as required by GDPR and local laws.

• Contact Information: For concerns about data processing or to report a data breach, please contact our data protection team at info[at]infopromo.digital.

Updates to Data Processing Practices

• Policy Changes: We may update this Data Processing page to reflect changes in our practices or legal requirements. Significant changes will be communicated, and we encourage you to review this page periodically.