Any transfer of personal data collected by our app will only occur for the stated purposes outlined in our privacy policy and in accordance with applicable data protection laws.
Personal data will only be transferred to individuals or organizations that have adequate data protection controls in place,
ensuring your information is safeguarded and treated with the utmost confidentiality. We maintain strict contractual agreements and conduct due diligence to ensure that any recipients of personal data adhere to
the same level of data protection standards as required by applicable laws
Retention of personal data
PostaPay will retain your personal data only for as long as is necessary to achieve the purpose for which they were collected. We may retain your personal data and/or information for a period of up to seven (7) years
or as may be required by law and maintains specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:
- Where we have an ongoing relationship with you.
- To comply with a legal obligation to which it is subject.
- Where retention is advisable to safeguard or improve the PostaPay legal position.
Marketing
PostaPay will only contact you for marketing purposes where you have provided us with your consent to do so. Consent will be sought before any such marketing applications commence.
How do we protect your information?
We use vulnerability scanning and/or scanning to PCI standards. We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of people who have special access rights to such systems and are required to keep the information confidential.
In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits or accesses their information to maintain the safety of your personal information.
For your convenience, we may store your personal and crucial information kept for more than 60 days in order to automate the process.
We aim to collect only what we need, keep it up-to-date and remove it when we no longer need it.
We take reasonable steps to ensure that the personal information we process is limited to what we require in connection with the purposes set out in this Policy;
it is accurate and, where necessary, kept up to date; and it is erased or rectified without delay if it is inaccurate. From time to time we may ask you to confirm the accuracy of your personal information.
For some of our online services, you can review or update certain account information by logging in and accessing the “Client Center” or a similar user profile section. If you cannot change the incorrect information online,
or you prefer to request changes offline, please contact your PostaPay age using the contact information listed on your account statements, records, or other account materials.
Do we use ‘cookies’?
We may store some information (using "cookies") on your computer when you visit our websites. This enables us to recognize you during subsequent visits.
We use cookies for storing and honoring your preferences and settings, enabling you to sign in, providing interest-based advertising, combating fraud, analyzing how our products perform, and fulfilling other legitimate purposes.
We may also use this data in aggregate form to develop customized services - tailored to your individual interests and needs. Should you choose to do so, it is possible (depending on the browser you are using),
to be prompted before accepting any cookies, or to prevent your browser from accepting any cookies at all. This will however cause certain features of the web site not to be accessible.
Third-party disclosure
We do not sell, trade or otherwise transfer to outside parties your Personally Identifiable Information.
Third-party links
Occasionally, at our discretion, we may include or offer third-party services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these
linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from persons under the age of 18 years old, the Children's Online Privacy Protection Act (COPPA) puts parents
in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not onboard minors (any person under 18 years of age) except where you additionally register on their behalf as their parent and/ or legal guardian. If you allow a child to use our services, you should be aware that
their personal information could be collected as described in this statement.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information
Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we
will take the following responsive action, should a data breach occur:
We will notify you via email within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors
who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute
non-compliance by data processors.
International Data Transfers
From time to time we may need to transfer your personal information outside the Republic of Kenya.
Where we send your information outside Kenya, we will make sure that your information is properly protected in accordance
with the applicable Data Protection Laws.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to send information, respond to inquiries or other requests or questions.
To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party
email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us by following the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Your rights
You have the right in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law to:
- Be informed that we are collecting personal data about you.
- Request access to your personal information that we have on record. This right entitles you to know whether PostaPay holds personal data of you and, if so, obtain information on and a copy of those personal data.
- Request PostaPay to rectify any of your personal data that is incorrect or incomplete.
- Object to and withdraw your consent to processing of your personal data. This right entitles you to request that PostaPay no longer processes your personal data. The withdrawal of your consent shall not affect the lawfulness of processing based on prior consent before its withdrawal. We may also continue to process your personal information if we have a legitimate or legal reason to do so.
- Request the erasure of your personal data. This right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of your personal data: This right entitles you to request that PostaPay only processes your personal data in limited circumstances, including with your consent.
- Request portability of your personal data. This right entitles you to receive a copy (in a structured, commonly used, and machine-readable format) of personal data that you have provided to PostaPay, or request PostaPay to transmit such personal data to another data controller in an electronic format.
Non-Compliance with this Statement
We shall have the right to terminate any agreement with you for failure to comply with the provisions of this statement and reject any application for information contrary to this statement.
Amendments to this Statement
PostaPay reserves the right to amend or modify this privacy statement from time to time and your continued use of our products and services constitutes your agreement to be bound by the terms of any such amendment or variation.