Terms & Conditions
This policy is current as of the effective date set forth above. The company may, in its sole and absolute discretion and taking into account any change in the DPA or any other written law, change this Policy at any time. Where RAG makes changes to the Policy, RAG shall notify the employee of the changes through electronic mail or such other means of communication which may be available to RAG. All changes to this Policy will be posted on the website.
- DEFINITIONS AND INTERPRETATION
1.1 In this Policy, unless the context otherwise requires:
1.1.1. “Consent” means any manifestation of express, unequivocal, free, specific and informed indication of the data subject's wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to the data subject;
1.1.2. “Data” means any proprietary and confidential information or Personal Data of the parties and those of their customers and clients, whether commercial, financial, technical or otherwise (whether oral, written, machine readable or in any other form) and material (whether electronically recorded, written or otherwise);
1.1.3. “Data Controller” determines the purpose and means of processing of personal data;
1.1.4. “Data Processor” Processes personal data on behalf of the data controller ;
1.1.5. “Data Subject” means an identified or identifiable natural person who is the subject of personal data;
1.1.6. “DPA” means the Data Protection Act, 2019 (No. 24 of 2019);
1.1.7. “Personal Data” shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For the avoidance of doubt, Personal Data has the meaning as set forth in the applicable Data Protection Laws (and any regulations issued thereunder) that is processed by RAG under these Policy;
1.1.8. “Processing” any operation, or set of operations, which is performed on Personal Data, or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; the meaning of Process or Processing will include: collecting,recording,storing,retrieving, consulting, use, erase and altering of data;;
1.1.9. “Sensitive Personal Data” means data revealing the natural person's race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person's children, parents, spouse or spouses, sex or the sexual orientation of the data subject
2. COLLECTION OF YOUR INFORMATION
We may collect information about you in a variety of ways. The information we may collect includes:
Personally identifiable information, such as your Name, date and place of birth, national identification number, postal address, physical and residential address, Email address, Telephone Number title, the Kenya Revenue Authority personal identification number, nationality, passport photo, employment details, specimen signature, sex and next of kin details, marital status, race, religious beliefs, other business information, such as job title and the company you work for that you voluntarily give to us when you choose to participate in various activities related to company electronic services, or for purposes of fulfilling your contractual obligation with the company (RAG). You are under no obligation to provide us with personal information of any kind, however, where we request you to provide certain information to us and you fail to do so, you understand RAGs ability to effectively administer its services to you will be greatly hampered if not unable to provide the same.
Information our servers automatically collect as logs when you access the Email Service, ERP, such as your IP address, your browser type, your operating system, your access times and mode of authentication.
You agree with us that we may hold and process, by computer or otherwise, any information obtained about you and that we may include personal data in our systems which may be accessed by other companies in our group for statistical analysis including behaviour and scoring and to identify products and services (including those supplied by third parties) which may be relevant to you; and permit other companies within our group to use personal data and any other information we hold about you to bring to your attention products and services which may be of interest to you.
3. USE OF YOUR INFORMATION
We collect and use personal information to enable us to perform the Services, respond to your requests and deliver our Services for which you have engaged us, verify your identity, and carry out requests made by you in relation to our Services.
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you to:
- Create and manage your account.
- Enable user-to-user communications.
- Increase the efficiency and operation of the Site.
- Perform other business activities as needed.
- Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
- Resolve disputes and troubleshoot problems.
- Legal requirement; We may disclose your information when required by law or when such disclosure is necessary to: (a) comply with court order(s), or other legal process we receive; (b) establish or exercise our legal rights including enforcement of securities and agreements with you; or (c) defend ourselves against legal claims.
Please note that RAGs computer and telephone systems and other equipment are the property of the employer (RAG) and employees should not maintain any expectation of privacy while using the said devices and/or equipment or personal property to conduct company business, this includes use of personal devices with the company network resources.
The information stored on any of the devices will be deemed to be company property at all times. The organization's computers, telephones and other equipment generally are intended for business- related use with a limited amount of personal use being acceptable.
The following is prohibited when using any of the company devices, network and equipment:-
- The transmittal or downloading of material that is offensive, pornographic, obscene,profane, discriminatory, harassing, insulting, derogatory or otherwise unlawful;
- The transmittal or dissemination of the company's confidential information or trade secrets to any outside source;
All communications and files are subject to employer monitoring and that the employer has access to all such files, even those files that the employee has deleted from the system. Staff are requested to store and save all information in the various shared links in line with their respective departments. At the point of on boarding, all staff in liaison with the ICT department will be mapped to their respective folders. Any unauthorized use of the company's information systems can result in discipline, up to and including termination.
4. DISCLOSURE OF YOUR INFORMATION
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
Third-Party Service Providers
We may share information with third parties that perform services for us or on our behalf, data analysis, email delivery and hosting services.
5. SALE OR BANKRUPTCY
We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.
6. RETENTION OF PERSONAL DATA
We shall retain your Personal Data only as long as may be reasonably necessary to satisfy the purpose for which it is Processed unless the retention is:-
a) required or authorised by law;
b) reasonably necessary for a lawful purpose;
c) authorised or consented by you as the Data Subject; or
d) for historical, statistical, journalistic literature and art or research purposes.
We shall delete, erase, anonymise or pseudonymise Personal Data not necessary to be retained above in a manner as may be specified at the expiry of the applicable retention period which shall not be less than seven (7) years.
7. RETURN OF COMPANY PROPERTY
All records, designs, patents, business plans, financial statements, manuals, memoranda, lists and other property delivered to or compiled by Employee by or on behalf of the Company or its representatives, vendors or customers which pertain to the business of the Company shall be and remain the property of the Company and be subject at all times to its discretion and control. Likewise, all correspondence, reports, records, charts, advertising materials and other similar data pertaining to the business, activities or future plans of the Company which is collected by Employee shall be delivered promptly to the Company without request by it upon termination of Employee's employment and/or resignation of the Employee.