The aim of this policy is to clarify how we gather, utilize, and/or handle the personal information you've entrusted to us, empowering you to make informed decisions regarding granting us access to your personal data.
This statement pertains to all customers, suppliers, staff members, other stakeholders, and clients engaged in business with our company. It aligns with our Terms and Conditions for products and services.
Unless the context otherwise requires:
Such information includes, but is not limited to:
We collect personal data only for specified, explicit, and legitimate purposes. Data subjects are informed of the purposes for which their data is being collected and processed.
Personal data collected shall be adequate, relevant, and limited to what is necessary for the purposes for which it is processed. Data processing activities shall be conducted lawfully, fairly, and transparently, with appropriate consent obtained where required. Processing refers to any activities carried out on the Personal Data. These activities encompass, but are not restricted to: gathering, recording, organizing, altering, consolidating, managing, transferring, retaining, and deleting.
The company will only handle Personal Data for the purpose or a reasonably related purpose for which the data was initially collected. Personal Data will not be processed in a manner that is incompatible with these purposes unless explicit consent is obtained from the relevant Data Subject. Moreover, the company will strive to ensure that the Personal Data being processed is accurate and kept up-to-date.
Records of processing will be meticulously documented by the company and securely stored in its database. Access to these records will be restricted and granted on a need-to-know basis.
Personal Data will not be retained beyond the necessary period for the purpose for which it was collected unless its retention is required to fulfill statutory or regulatory obligations.
The company will ensure that consent is obtained from Data Subjects in a suitable manner before any information processing is carried out by its employees. We recognize that Data Subjects have the right to be informed about the activities conducted on their Personal Information.
To minimize the likelihood of disputes, consent from Data Subjects must be obtained verbally and in writing, or electronically. The company will not interpret any actions of Data Subjects as implied consent.
Personal data transfers will only occur with the informed and explicit consent of the data subject. Data subjects will be provided clear information about the purpose, destination, and safeguards of the transfer. Consent will be documented and retained for accountability.
The company will retain personal data only for the duration necessary to fulfill the purposes for which it was collected, as outlined in this policy or as required by applicable laws and regulations. Personal data will be retained solely for the purposes specified at the time of collection or for compatible purposes consistent with those objectives.
Upon reaching the end of the retention period or when personal data is no longer necessary for the intended purposes, the company will securely dispose of the data in a manner that ensures its confidentiality and prevents unauthorized access, disclosure, alteration, or destruction. Data disposal methods may include permanent deletion from electronic systems, shredding of physical documents, or other secure means appropriate to the nature of the data and the risks associated with its disposal.
The company will periodically review its data retention practices to ensure compliance with legal requirements and to adjust retention periods as necessary based on changes in business needs or regulatory obligations.
Cross-border data transfers will comply with KDPA requirements. Transfers will only be made to countries with adequate data protection laws or under agreements ensuring equivalent protection standards.
Aleza Credit Limited acknowledges the sensitive nature of data related to children and vulnerable groups. Data processing for children will require explicit consent from a parent or guardian unless otherwise mandated by law. For vulnerable groups, data will be processed transparently, ensuring their understanding and consent.
On our website or app, we might employ cookies and similar technologies to aid users in navigating between web pages seamlessly and to remember their preferences, thereby enhancing their online experience. Additionally, cookies assist in filtering advertisements to ensure that users receive only relevant ads tailored to their interests. For further details on our cookie usage and how users can manage them, please refer to the terms and conditions provided on our website and apps.
The company will make every effort to safeguard the confidentiality and security of Personal Data, extending this responsibility to all interactions with third parties, including employees and clients. All provisions outlined in the Confidentiality Agreement signed by employees upon their employment remain applicable.
The company regards any breaches of this policy with utmost seriousness and commits to thoroughly investigating all allegations of breach through the Human Resource Department, ensuring confidentiality and fairness throughout the process.
Data Subjects possess the following rights, which can be exercised by providing legal and reasonable notice to the Company:
Aleza Credit Limited will appoint a Data Protection Officer to oversee compliance with KDPA. Responsibilities include monitoring data protection practices, conducting training, managing Data Protection Impact Assessment, and serving as the contact point for data subjects and the ODPC.
All employees will receive training on data protection and handling practices at least once every quarter or any other shorter period as deemed necessary. They are responsible for ensuring the confidentiality, integrity, and availability of data they manage. Non-compliance will result in disciplinary action.
This Privacy Policy is applicable to all employees, and compliance is obligatory. Upon commencement of their employment, all employees are mandated to meticulously read and comprehend the Policy. The Company treats all breaches of this policy with utmost seriousness and pledges that all allegations of breach will be thoroughly investigated by the Human Resource Department in a confidential and impartial manner.
Should employees wish to report an alleged breach under this policy, they are encouraged to promptly contact the Human Resource Department. Any allegations made in good faith will receive full support from the Company, with appropriate measures and investigations undertaken, irrespective of the outcome of the allegation or the subjective perspective of any senior management. The Company guarantees there will be no reprisals against employees who report breaches under the policy. However, any allegations or attempts made in bad faith, for any reason, will be considered misconduct and may result in disciplinary action by the Company.
Individuals found to be in violation of this policy will be subject to disciplinary action commensurate with the severity of the breach.
Data subjects can direct inquiries and complaints to:
Data Protection Officer
Email: Complaints.alezalimited@gmail.com
Phone: +254 757 911 741
Postal Address: P.O BOX 2382 KISUMU
Office Address: Aleza Credit Limited, ALPHA HSE Kisumu
Unresolved complaints can be escalated to the Office of the Data Protection Commissioner.
Last updated: 2nd December 2024. Management is committed to keep this policy updated.