Privacy Policy

Last Updated: [Date]

1. Introduction

Welcome to the 2027 Kenya Elections Platform ("Platform", "we", "us", or "our"). We are committed to protecting your privacy and personal data in accordance with the Constitution of Kenya, 2010, and the Data Protection Act, 2019.

This Privacy Policy explains how we collect, use, process, store, and protect your personal data when you use our Platform. Please read this policy carefully to understand our practices regarding your personal data.

2. Data Controller Information

Data Controller: [Platform Name/Company Name]

  • Registration Number: [Company Registration Number]
  • Physical Address: [Physical Address in Kenya]
  • Email: [privacy@platform-email.com]
  • Phone: [Contact Number]

Data Protection Officer (DPO)

  • Name: [DPO Name]
  • Email: [dpo@platform-email.com]
  • Phone: [DPO Contact Number]

3. Legal Basis for Processing

We process your personal data based on the following legal bases under the Data Protection Act, 2019:

  1. Consent: You have given explicit consent for specific processing activities
  2. Contract Performance: Processing is necessary for the performance of a contract with you
  3. Legal Obligation: Processing is necessary for compliance with legal obligations
  4. Legitimate Interests: Processing is necessary for our legitimate interests (balanced against your rights)
  5. Public Interest: Processing is necessary for the performance of a task carried out in the public interest

4. Types of Personal Data We Collect

4.1 Data You Provide Directly

For All Users:

  • Name and contact information (email, phone number)
  • Account credentials (username, password)
  • Profile information (biography, photo, location)
  • Communication preferences
  • Payment information (processed through secure third-party processors)

For Aspirants (Subscribers):

  • Office level (Ward, Constituency, County)
  • Political affiliation (if disclosed)
  • Manifesto and vision statements
  • Campaign materials (videos, documents, images)
  • Social media links
  • Website URL

For Constituents:

  • Location preferences (county, constituency, ward)
  • Questions and comments posted to aspirants
  • Follow preferences (aspirants you follow)
  • Event registrations

4.2 Data Collected Automatically

Technical Data:

  • IP address
  • Device information (type, model, operating system)
  • Browser type and version
  • Unique device identifiers
  • Cookies and similar tracking technologies

Usage Data:

  • Pages visited and time spent
  • Features used and interactions
  • Search queries
  • Click patterns and navigation paths
  • Date and time of access

Location Data:

  • Approximate location based on IP address
  • Precise location (if you grant permission)

4.3 Data from Third Parties

  • Payment processors (transaction data)
  • Social media platforms (if you connect your account)
  • Analytics providers (aggregated usage statistics)
  • Electoral authorities (public electoral data, if applicable)

5. How We Use Your Personal Data

5.1 Platform Services

  • Create and manage your account
  • Provide access to Platform features
  • Process subscription payments (for aspirants)
  • Deliver content and services you request
  • Send service-related communications

5.2 Communication

  • Respond to your inquiries and support requests
  • Send notifications about Platform updates
  • Send email notifications (if enabled)
  • Facilitate communication between users (Q&A forum)

5.3 Personalization

  • Customize content based on your location preferences
  • Show relevant aspirants and content
  • Personalize your user experience
  • Recommend features and content

5.4 Analytics and Improvement

  • Analyze Platform usage and performance
  • Improve Platform features and functionality
  • Conduct research and development
  • Detect and prevent fraud and abuse

5.5 Legal Compliance

  • Comply with legal obligations
  • Respond to lawful requests from authorities
  • Enforce our Terms of Use
  • Protect our rights and the rights of users

5.6 Marketing (with Consent)

  • Send promotional communications (only with your consent)
  • Provide information about new features
  • Conduct surveys and research

6. Data Sharing and Disclosure

6.1 Public Information

The following information may be publicly visible on the Platform:

  • Aspirant profiles (name, biography, manifesto, location)
  • Public questions and answers in the Q&A forum
  • Public posts and updates
  • Event information (if made public)

6.2 Service Providers

We may share data with trusted third-party service providers who assist us in:

  • Payment processing (Stripe, M-Pesa)
  • Cloud hosting and infrastructure
  • Email delivery services
  • Analytics and monitoring
  • Customer support

All service providers are contractually obligated to protect your data and use it only for specified purposes.

6.3 Legal Requirements

We may disclose your data if required by:

  • Court orders or legal processes
  • Government authorities (including IEBC, ODPC, law enforcement)
  • Regulatory requirements
  • Protection of rights, property, or safety

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

6.5 With Your Consent

We may share your data with third parties when you have given explicit consent.

7. Data Security

7.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

Technical Measures:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication and access controls
  • Regular security assessments and penetration testing
  • Firewall and intrusion detection systems
  • Regular backups and disaster recovery procedures

Organizational Measures:

  • Staff training on data protection
  • Access controls and role-based permissions
  • Confidentiality agreements with staff
  • Regular security audits
  • Incident response procedures

7.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Office of the Data Protection Commissioner (ODPC) within 72 hours
  • Notify affected users without undue delay
  • Provide information about the nature of the breach and mitigation measures

8. Data Retention

8.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Account Data: Retained while your account is active and for 7 years after account closure (for legal and tax compliance)

Transaction Data: Retained for 7 years (for tax and financial record-keeping)

Content Data: Retained while your account is active. Public content may be retained longer for historical purposes.

Analytics Data: Aggregated and anonymized data may be retained indefinitely.

Legal Holds: Data may be retained longer if subject to legal holds or ongoing investigations.

8.2 Deletion

Upon account deletion or expiration of retention periods:

  • Personal data will be securely deleted or anonymized
  • Some data may be retained if required by law or for legitimate business purposes
  • Backups may retain data for a limited period before deletion

9. Your Rights Under the Data Protection Act, 2019

You have the following rights regarding your personal data:

9.1 Right of Access

  • Request access to your personal data
  • Receive a copy of your personal data in a structured format
  • Understand how your data is being processed

9.2 Right to Rectification

  • Request correction of inaccurate or incomplete data
  • Update your personal information through your account settings

9.3 Right to Erasure ("Right to be Forgotten")

  • Request deletion of your personal data
  • Subject to legal retention requirements and legitimate interests

9.4 Right to Object

  • Object to processing based on legitimate interests
  • Object to direct marketing (opt-out at any time)
  • Object to processing for research or statistical purposes

9.5 Right to Restrict Processing

  • Request restriction of processing in certain circumstances
  • While disputes are being resolved

9.6 Right to Data Portability

  • Receive your data in a structured, machine-readable format
  • Transfer your data to another service provider

9.7 Right to Withdraw Consent

  • Withdraw consent at any time (where processing is based on consent)
  • Withdrawal does not affect lawfulness of processing before withdrawal

9.8 Right to Lodge a Complaint

  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC)
  • ODPC Contact: [ODPC Contact Information]

9.9 Exercising Your Rights

To exercise your rights, please contact us at:

  • Email: [privacy@platform-email.com]
  • DPO Email: [dpo@platform-email.com]
  • Address: [Physical Address]

We will respond to your request within 30 days (may be extended to 60 days for complex requests).

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Platform. We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Analyze Platform usage
  • Improve user experience
  • Provide personalized content

10.2 Types of Cookies We Use

Essential Cookies: Required for Platform functionality (cannot be disabled)

Analytics Cookies: Help us understand how users interact with the Platform

Functional Cookies: Remember your preferences and settings

Marketing Cookies: Used for advertising (only with consent)

10.3 Managing Cookies

You can control cookies through:

  • Your browser settings
  • Our cookie consent banner
  • Platform privacy settings

Note: Disabling certain cookies may affect Platform functionality.

11. Children's Privacy

Our Platform is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information promptly.

12. International Data Transfers

12.1 Data Storage

Your personal data is primarily stored and processed in Kenya. However, some data may be transferred to and processed in other countries for:

  • Cloud hosting services
  • Payment processing
  • Analytics services

12.2 Safeguards

When transferring data outside Kenya, we ensure:

  • Adequate safeguards are in place (as required by the Data Protection Act, 2019)
  • Recipients are bound by appropriate data protection agreements
  • Transfers comply with applicable laws and regulations

13. Special Categories of Personal Data

13.1 Political Opinions

The Platform may process data related to political opinions (e.g., aspirant profiles, user preferences). We process such data:

  • With explicit consent
  • For legitimate purposes related to electoral engagement
  • In compliance with electoral laws and regulations

13.2 Sensitive Data

We do not intentionally collect sensitive personal data (as defined in the Data Protection Act, 2019) unless:

  • You provide it voluntarily
  • It is necessary for Platform functionality
  • You have given explicit consent
  • It is required by law

14. Electoral Data and IEBC Compliance

14.1 Electoral Information

  • We may display public electoral data (e.g., voter registration statistics, polling station information)
  • We do not collect or process individual voter registration data
  • We comply with IEBC regulations regarding electoral information

14.2 Candidate Information

  • Aspirant information is provided voluntarily
  • We verify information to the extent possible but cannot guarantee accuracy
  • Users are responsible for ensuring compliance with electoral disclosure requirements

15. Third-Party Links

Our Platform may contain links to third-party websites or services. This Privacy Policy does not apply to third-party sites. We encourage you to review the privacy policies of third-party sites before providing any personal data.

16. Changes to This Privacy Policy

16.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • Platform features and functionality

16.2 Notification

We will notify you of material changes by:

  • Posting the updated policy on the Platform
  • Sending email notifications to registered users
  • Displaying a prominent notice on the Platform

16.3 Effective Date

Changes become effective 30 days after notification, unless immediate changes are required by law.

17. Data Protection Impact Assessment (DPIA)

We conduct Data Protection Impact Assessments for high-risk processing activities, including:

  • Large-scale processing of sensitive data
  • Systematic monitoring of users
  • Processing of electoral data

18. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Data Protection Officer (DPO)

  • Email: [dpo@platform-email.com]
  • Phone: [DPO Contact Number]
  • Address: [Physical Address]

General Privacy Inquiries

  • Email: [privacy@platform-email.com]
  • Phone: [Contact Number]

Office of the Data Protection Commissioner (ODPC)

  • Website: https://www.odpc.go.ke
  • Email: [ODPC Email]
  • Phone: [ODPC Phone]

19. Consent and Acknowledgment

By using the Platform, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection, use, and processing of your personal data as described
  • You understand your rights under the Data Protection Act, 2019
  • You can withdraw consent at any time (subject to legal and contractual obligations)

20. Language

This Privacy Policy is provided in English. If translated into other languages (e.g., Swahili), the English version shall prevail in case of any discrepancies.

Note: This Privacy Policy is designed to comply with the Data Protection Act, 2019, and other applicable Kenyan laws. We are committed to protecting your privacy and handling your personal data responsibly and transparently.

Last updated: 3 February 2026