Privacy Policy

Introduction

Basicom is committed to international compliance with data protection laws. This Data Protection Policy applies to Basicom and is based on accepted, basic principles on data protection ensuring data protection is the foundation of trustworthy relationships and the reputation of Basicom as a credible organisation.

Basicom data protection policy is meant to be a practical and easy to understand document to which all Basicom departments, stakeholders and partners can refer to.

Purpose

Basicom obtains, uses, stores, and otherwise processes personal data relating to including but not limited to staff, member institutions’ staff, current and former workers, contractors, website users and contacts, collectively referred to in this policy as data subjects. When processing personal data, Basicom is obligated to fulfill individuals’ reasonable expectations of privacy by complying with the Article 31 of the constitution, Kenya’s Data Protection Act (2019), Kenya Information and Communications Act (1998), Kenya’s Access to Information Act (2016), Kenya’s Government ICT Standards (2019)and other relevant data protection legislation (data protection law)

We recognise data protection as a fundamental right and embrace the principles of data protection by design and by default, thus:

This policy applies to all personal data processed by Basicom.

  • The appointed Data Protection Officer is responsible for Basicom’s ongoing compliance with this policy.
  • Implementation is immediate, and this Policy shall stay in force until any alterations are formally agreed.

Scope

This policy refers to all parties (employees, job candidates, customers, suppliers, partners, suppliers, stakeholders and other associated entities. etc.) who provide any amount of identifiable information, meaning any information relating to an identified or identifiable individual to Basicom.

This policy therefore seeks to ensure that Basicom:

  • Is clear about how personal data must be processed and the expectations of all those who process personal data on behalf of Basicom.
  • Will comply with the data protection laws and good practice thus protect Basicom’s reputation by ensuring the personal data entrusted to us is processed in accordance with data subjects’ rights
  • Is protected from risks of personal data breaches and is compliant with the relevant data protection laws

Principles

Basicom is committed to processing data in accordance with the Data Protection Act 2019.As the data controller, Basicom is required to comply with the principles of good information handling.

These principles require Basicom to:

  • Process personal data fairly, lawfully and in a transparent manner.
  • Ensure the data subject is informed of how his/her data is being handled. the data subject must either be made aware of, or informed of: the purpose of data processing;  Categories of third parties to whom the data might be transmitted
  • Ensure the right to privacy of the data subject when processing and handling personal data.
  • Obtain personal data only for one or more specified and lawful purposes and to ensure that such data is not processed in a manner that is incompatible with the purpose or purposes for which it was obtained. However, further data processing for statistical, scientific and historical purposes shall be considered compatible with the initial purposes of the data collection, if it is not used to take decisions with respect to the data subjects.
  • Ensure that personal data is adequate, relevant and not excessive for the purpose or purposes for which it is held.
  • Ensure that personal data is accurate and, where necessary, kept up to date.
  • Ensure that personal data is not kept for any longer than is necessary for the purpose for which it was obtained.
  • Ensure that personal data is kept secure.
  • Ensure that personal data is not transferred to a country outside Kenya unless there is proof of adequate data protection safeguards or consent from the data subject.
  • Adhere to registration requirements by the Office of the Data Protection Commissioner of Kenya.
  • Where consent is required for the processing of personal data we will ensure that informed and explicit consent will be obtained and documented in clear, accessible language and in an appropriate format. The individual can withdraw consent at any time through processes which have been explained to them and which are outlined in our policies. We ensure that it is as easy to withdraw as to give consent.
  • We uphold the personal data rights outlined in the Data Protection Act 2019:
  1. The right to be informed;
  2. The right of access;
  3. The right to rectification;
  4. The right to erasure;
  5. The right to restrict processing;
  6. The right to data portability;
  7. The right to object;
  8. Rights in relation to automated decision making and profiling.

Data Processing

When processing personal identifiable data Basicom applies at least one of the following lawful bases:

  • Consent: the individual has given clear consent for Basicom to process their personal data for a specific purpose. Consent may be obtained in several ways and will be recorded on or maintained with the case records. Basicom will obtain consent from data subjects through:
  • Face-to-face
  • Written
  • Telephone
  • Email
  • Online messaging and/or SMS
  • Video and/or audio recording
  • Filled and signed form
  • Disclaimer notices on webpage
    • Contract: the processing is necessary for a contract Basicom has with the individual, or because they have asked Basicom to take specific steps before entering into a contract.
    • Legal obligation: the processing is necessary for Basicom to comply with the law (not including contractual obligations).
    • Vital interests: the processing is necessary to protect someone’s life.
    • Legitimate interests: the processing is necessary for Basicom’s legitimate interests or the legitimate interests of a third party
      • Any individual subject access request received by Basicom will be duly verified before being handled, with the verification of the identity of anyone making a subject access request, before handing over any information.
      • Basicom will ensure to respond to individual requests in a timely manner.
      • Basicom will ensure that any data subject has the means to contact them to verify the data Basicom holds about them, and will have authorized Basicom personnel update and correct personal information. Such an obligation entails the following:
      • Data protection by design and by default
    • Basicom shall implement appropriate organizational and technical measures to uphold the principles outlined above. We will integrate necessary safeguards to any data processing to meet regulatory requirements and to protect individual’s data rights. This implementation will consider the nature, scope, purpose and context of any processing and the risks to the rights and freedoms of individuals caused by the processing.
    • Basicom shall uphold the principles of data protection by design and by default from the beginning of any data processing and during the planning and implementation of any new data process.
    • Prior to starting any new data processing, Basicom will assess whether we should complete a Data Protection Impact Assessment (DPIA) using the Office of the Data Protection Commissioners’ screening checklist.
    • All new systems used for data processing will have data protection built in from the beginning of the system change.
    • All existing data processing has been recorded on our Record of Processing Activities. Each process has been risk assessed and is reviewed annually.
    • Basicom will ensure that, by default, personal data is only processed when necessary for specific purposes and that individuals are therefore protected against privacy risks.
    • Where possible, Basicom will use pseudonymized data to protect the privacy and confidentiality of our staff and those we support.

Security 

      • Basicom shall ensure that personal data is stored securely using appropriate ICT infrastructure that is kept-up to date.
      • Access to personal data shall be limited to personnel who need access and appropriate security shall be in place to avoid unauthorized sharing of information. Destruction or deletion of personal data/records, either print or electronic should be that the records are rendered irrecoverable even using forensic data recovery techniques, for the electronic data. Appropriate back-up and disaster recovery solutions shall be in place.
      • Basicom staff is bound by a Non-Disclosure Agreement, and it is an offence to disclose personal information ‘knowingly and recklessly’ to third parties.
      • Personal information shall only be communicated within Basicom staff on a strict need to know basis. Care shall be taken that conversations containing personal or special categories of personal information may not be overheard by people who should not have access to such information.
      • Where Basicom needs to use the services of an external data processor (such as suppliers and service providers), Basicom shall opt for a data processor who provides sufficient guarantee of data protection; and Basicom and the data processor shall enter into a formal agreement which shall provide that the data processor shall act only on instructions received from Basicom and shall be bound by Basicom’s obligations.
      • Additional information Security Awareness Training may be required by all employees, at other intervals when the IT infrastructure environment changes.
      • Newly hired employees are required to sign an acceptable use policy (AUP) stipulating constraints and practices’ that the employee will agree to for access the institutional network, Internet or other resource
      • Telephone equipment, e-mail addresses, intranet and internet along with internal social networks are provided by Basicom primarily for work-related assignments. They are a tool and an organisational resource. They can be used within the applicable legal regulations and internal Basicom policies. In the event of authorised use for private purposes, There will be no monitoring
  1.  
  • Suppliers and contractors can use the confidential email address info@basicomgroup.net
    • All reports will be treated as confidential in line with Basicom’s Code of Conduct and Basicom’s Human Resources guidelines.

Get expert tips
and business insights

By clicking, you agree to our Terms & Conditions, Privacy and Data Protection Policy
© Basicom Consulting Group LLP | All Rights Reserved

UI/UX DESIGN

Zeti Creative &#8599

SITE DEVELOPMENT

Zuricode &#8599