Privacy Policy
Welcome to Inkomoko, where your privacy is our priority. We are dedicated to upholding the confidentiality and protection of personal data, in compliance with various regulations including the European Union General Data Protection Regulation (GDPR), Kenya Data Protection Act 2019 (KDPA), Rwanda Law No 058/2021 of 13/10/2021, and other relevant data protection laws.
We encourage you to carefully review this Privacy Notice to gain a comprehensive understanding of how we handle your personal data.
Our Commitment
Inkomoko holds your trust in high regard and is steadfast in safeguarding your privacy. This Privacy Notice outlines our practices regarding the collection, use, and protection of your personal data.
Personal Data Collection
The kind of information/Personal data we collect depends on why we’re collecting it. We only gather what we really need for that reason.
Here’s how we collect your information/Personal data:
- When you take part in surveys, training, or research with us.
- If you give us your details when applying for a job, partnering with us, or working together.
- When you sign up for newsletters or other messages on our website.
- By using tools like cookies or analytics to track what happens on our website and other online places.
CATEGORIES OF PERSONAL DATA
DETAILS
Contact details
First name, surname, personal email address, phone number, office number, telephone number, physical address, geolocation, and alternate person’s contact details, billing address, mobile device ID, contact details of your referees
Educational and professional background
CV/ resumé, academic and professional qualifications, employment history (including information on your previous position held and the name and title of your previous supervisor), reference letters, interview notes
Identification details
Identification numbers issued by government bodies or agencies such as your passport number or identity card number, passport.
Individual details
Gender, education level, age, marital status
Employment details
Occupation
Financial information
Bank details, Income level, commission received, credit score, payment card number
IT information
IP addresses, browser type and version, access time and length of access, page views, user activity and website usage in log files, time zone. For personal data collected via Cookies, please refer to our Cookie Policy
CCTV Footage
CCTV Footage
For personal data processed via CCTV, kindly request for our CCTV Policy
Sensitive personal data
Sex, social class, religious belonging, age of children, criminal records
Other
Number of children, call records, recording of calls on Inkomoko’s communication channels and interactions
Additional types of personal information may be collected based on our collaboration. Rest assured; any such data will only be handled as outlined in this notice.
Purpose(s) for processing your personal data:
Inkomoko ensures that your personal data is only used for the purposes it was collected or agreed upon with you. Here are the specific purposes for processing your personal data:
1. Clients:
- Investment purposes
- Record keeping.
- Communication with clients
- Identity verification for data subject’s rights
- Impact measurement
- Facilitating market linkages
- Conducting surveys, research, and advocacy
- Providing rewards
- Resolving clients’ complaints
2. Partners/Suppliers/Service Providers:
- Managing relationships and communication with suppliers/Partners
- Processing payments
- Identity verification for data subject’s rights
- Record keeping.
3. Job Candidates:
- Communication throughout the recruitment process
- Analyzing qualifications and assessing job suitability
- Candidate screening and credibility assessment
- Setting job conditions
- Contacting referees and previous employers for authentication
- Storing CV and contact details for future job opportunities.
4. Directors and Shareholders
- Conducting due diligence on directors
- Record keeping.
- Benefits calculation
5. Website Users:
- Newsletter signup
- Analyzing website usage
- Monitoring compliance with policies and standards
- Ensuring platform security and database backups
- Troubleshooting and customer support
- Identity confirmation for data access, rectification, restriction, or deletion requests
- Responding to requests, complaints, comments, or inquiries regarding services and notifying about service changes
- Record keeping.
Furthermore, beyond the aforementioned specific purposes for processing your personal data, we may also process any of your personal data as required to comply with applicable legal and regulatory requirements, or when permitted by law, or when related to legal proceedings.
Legal basis for processing your personal data:
We handle your personal information based on one or more of these reasons:
- Contractual Necessity: We need to process your data to fulfill a contract between you and us, or to take steps before making such a contract, as you’ve asked.
- Legal Obligations: Sometimes, we must process your data to follow the law.
- Legitimate Interests: We might process your data because it’s necessary for our interests or someone else’s interests, as long as your rights and interests are respected.
- Consent: If you agree, we’ll process your data based on your clear permission, which you can withdraw anytime.
Disclosure of personal data
As a general rule, we don’t disclose your personal information to third parties unless we have a lawful reason to do so, excluding service providers acting on our behalf.
However, there are circumstances where Inkomoko may share your personal data with its Affiliates. These Affiliates could be companies within the same group, our parent company, subsidiaries, joint venture partners, or other entities under common control with us. We may also share your information with trusted third-party service providers. This sharing is done to help us fulfill our obligations in managing our relationship with you and for the purposes outlined earlier.
When we share your data, we do it based on a “need-to-know” principle, and we establish clear contractual terms and instructions for how your personal data should be handled.
Additionally, we may share certain personal data with third-party companies that provide us with software ,tools and services essential to our business operations.
We’re also obligated to disclose your personal data to other third parties such as lawyers, bankers, consultants, auditors, public, and government authorities under certain circumstances such as :
- When we’re legally required to do so, or for reasons related to national security or law enforcement.
- If it’s necessary to protect our rights.
- To safeguard the rights, property, or personal safety of the public, our partners, or our company.
- When you’ve given us your consent.
We ensure that our service providers and other third parties maintain the confidentiality of your personal data and only use it for the specific purposes for which it was shared. We have written agreements with our processors to ensure they comply with these privacy terms.
Transfer Personal data.
We may need to transfer or store your personal data outside of our respective jurisdictions for the purposes mentioned earlier.
These transfers will always comply with data protection laws. It’s important to note that transferring data doesn’t change our commitment to protecting your privacy. Your personal data remains subject to the confidentiality obligations we’ve agreed upon.
If we transfer your personal data to countries with lower levels of protection, we’ll ensure there are appropriate safeguards in place to protect your data.
If you want more details about how your personal data is transferred outside our jurisdiction, please reach out to our Data Protection Officer (DPO).
Personal Data Security
We give top priority to keeping your personal data safe. To do this, we use a range of technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction of your information. Our approach includes physical, administrative, and technological safeguards to maintain the confidentiality, integrity, and availability of your data.
Here are some of the security measures we’ve put in place:
- Access controls
- Encryption
- Secure storage
- Incident response protocols
- Ongoing employee training, among others.
These measures work together to ensure that your personal data is protected against potential threats and risks.
Data Retention
We collect and process your personal data for the purposes mentioned earlier, but we only keep it for as long as necessary. Generally, we retain your data for a period of seven (7) years after our engagement with you ends.
For data collected through cookies, please refer to our Cookie Policy for information on how long we retain that data.
CCTV images are kept for as long as needed to fulfill their specified purposes, usually for a maximum of one month. After this time, the images are automatically erased.
Personal data processed for payment purposes is retained for ten (10) years after our engagement with you ends.
Voice/Call recordings and personal data related to job candidates are kept for one (1) year.
Once the retention period is over, we delete your personal data to ensure it’s no longer stored unnecessarily.
Your Data Protection Rights:
As outlined below, you have specific rights concerning your personal data. We are dedicated to honoring and supporting you in exercising these rights:
- Right of Access: You can request access to the personal data we hold about you. This includes confirming whether we process your data and receiving a copy of that information.
- Right to Rectification: If you believe your personal data with us is incorrect or incomplete, you can request that we correct or update it.
- Right to Erasure: In certain situations, you can request the deletion of your personal data. This applies when your information is no longer needed for the purposes it was collected, or if you withdraw your consent and there’s no other legal basis for processing.
- Right to Restriction of Processing: Under certain conditions, you can request that we temporarily stop processing your personal data. This might happen if you contest its accuracy or object to the processing.
- Right to Data Portability: If we’re processing your data based on your consent or for contract performance, you can request a copy of your information in a commonly used, machine-readable format. You can also ask us to transfer this data to another data controller.
- Right to Object: You can object to the processing of your personal data for certain reasons, like direct marketing or legitimate interests. If you do, we’ll stop processing your data unless we have compelling legitimate reasons that override your rights.
- Right to Withdraw Consent: If we’re processing your data based on your consent, you can withdraw it at any time. This won’t affect the legality of processing before your withdrawal.
To exercise your rights or if you have any privacy-related questions or complaints, please contact us using the information provided at the end of this notice. We’ll respond to your requests as required by applicable data protection laws.
Changes to This Privacy Notice:
We might update this notice occasionally to reflect the best practices in data management, security, and control. This helps us stay compliant with any changes or amendments to data protection laws and regulations. The latest version will always be accessible on our website.
We recommend that you check this notice periodically to stay informed about how we’re using and protecting your personal data.
Contact Details:
If you have any questions regarding this privacy notice or wish to exercise your legal rights, please reach out to our Data Protection Officer (DPO) at dpo@inkomoko.com.
It’s important to ensure that the personal data we hold about you is accurate and up-to-date. Please inform us if there are any changes to your data during our relationship.
If you feel that we haven’t handled your request properly, you have the right to lodge a complaint with the relevant supervisory authority.