Table of Contents
- 1. Introduction & Scope
- 2. Definitions
- 3. Data We Collect
- 4. Legal Basis for Processing
- 5. How We Use Your Data
- 6. Data Sharing & Disclosure
- 7. Data Security
- 8. Data Retention
- 9. Your Rights (GDPR & Kenyan Law)
- 10. Cookies & Tracking
- 11. Children's Privacy
- 12. International Transfers
- 13. Changes to This Policy
- 14. Contact Information
1. Introduction & Scope
This Privacy Policy ("Policy") describes how Hon. Mwangi Nyagah - Member of County Assembly for Kaimbaga Ward ("we", "our", "us") collects, uses, shares, and protects personal information of users ("you", "your") of our website hon-mwanginyagah.or.ke and related services.
We are committed to protecting your privacy and complying with:
- The General Data Protection Regulation (GDPR) (EU) 2016/679
- Kenya's Data Protection Act, 2019
- The Constitution of Kenya, Article 31(c) - Right to Privacy
- Office of the Data Protection Commissioner (ODPC) Guidelines
Important Note
This website serves as a civic information platform and is not an official County Government website. All personal data is processed with your consent and in accordance with data protection laws.
2. Data Controller
Data Controller Information
- Data Controller: Hon. Mwangi Nyagah, MCA Kaimbaga Ward
- Address: Hon. Mwangi Nyagah Office, Kaimbaga Ward, Olkalou, Nyandarua County
- Email: info@hon-mwanginyagah.or.ke
- Phone: +254 000 000 000
- Data Protection Officer: [Name of DPO]
- ODPC Registration: [DPO/XXXX/XX]
3. Data We Collect
3.1 Personal Data You Provide
- Identity Data: Full name, ID/Passport number, date of birth
- Contact Data: Email address, phone number, postal address
- Application Data: Bursary applications, program registrations
- Demographic Data: Ward location, educational background
- Financial Data: Bank details (only for approved bursaries)
- Special Category Data: Disability status (optional, with explicit consent)
3.2 Automatically Collected Data
- Technical Data: IP address, browser type, device information
- Usage Data: Pages visited, time spent, referral sources
- Cookie Data: Session identifiers, preferences
3.3 Data from Third Parties
We may receive data from:
- County Government departments (with your consent)
- Educational institutions (for bursary verification)
- Social media platforms (when you interact with our content)
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: When you register, apply for programs, or subscribe to updates
- Contractual Necessity: To process your applications and provide services
- Legal Obligation: To comply with Kenyan laws and regulations
- Legitimate Interests: To improve our services and prevent fraud
- Public Interest: For community development and welfare programs
Kenyan Law Compliance
Under Kenya's Data Protection Act, we ensure data processing is:
- Lawful, fair, and transparent
- For explicit, specified, and legitimate purposes
- Adequate, relevant, and limited to what's necessary
- Accurate and, where necessary, kept up to date
- Kept no longer than necessary
- Processed with integrity and confidentiality
5. How We Use Your Data
5.1 Primary Purposes
- Process and evaluate bursary applications
- Register you for community programs and training
- Communicate important updates and opportunities
- Verify eligibility for ward-based programs
- Generate reports for accountability and transparency
5.2 Secondary Purposes
- Improve website functionality and user experience
- Analyze program participation and effectiveness
- Conduct community needs assessments
- Prevent fraudulent activities and misuse
5.3 Marketing Communications
We will only send you marketing communications if you have explicitly opted in. You can opt-out at any time by:
- Clicking "unsubscribe" in any email
- Updating preferences in your account
- Contacting our Data Protection Officer
6. Data Sharing & Disclosure
We may share your data with:
6.1 Service Providers
- Hosting Providers: Secure data storage
- Email Services: Communication management
- Analytics Providers: Google Analytics (anonymized data)
6.2 Government Entities (When Required)
- Nyandarua County Government (for program coordination)
- Ministry of Education (bursary verification)
- Office of the Data Protection Commissioner (compliance)
6.3 Legal Requirements
We may disclose data if required by:
- Court orders or legal processes
- Government investigations
- To protect our rights or safety
7. Data Security
We implement technical and organizational measures to protect your data:
7.1 Technical Measures
- SSL/TLS encryption for data transmission
- Regular security updates and patches
- Firewall protection and intrusion detection
- Secure password hashing (bcrypt)
- Regular backups and disaster recovery
7.2 Organizational Measures
- Data protection training for staff
- Access controls and role-based permissions
- Data protection impact assessments
- Incident response procedures
Security Incident Response
In case of a data breach, we will:
- Notify the Office of the Data Protection Commissioner within 72 hours
- Inform affected individuals without undue delay
- Take immediate steps to mitigate the breach
- Document all incidents and remedial actions
8. Data Retention
We retain personal data only as long as necessary:
8.1 Retention Periods
- Account Data: 5 years after last activity
- Application Data: 7 years (for audit purposes)
- Financial Records: 10 years (as per Kenyan law)
- Communication Records: 3 years
8.2 Deletion Procedures
When retention periods expire, we:
- Permanently delete electronic records
- Securely shred physical documents
- Confirm deletion with technical teams
- Maintain deletion logs for accountability
9. Your Rights (GDPR & Kenyan Law)
9.1 Data Subject Rights
You have the following rights:
- Right to Access: Request copies of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restriction: Limit processing of your data
- Right to Object: Object to certain processing
- Right to Portability: Receive your data in machine-readable format
- Right to Withdraw Consent: Withdraw consent at any time
9.2 How to Exercise Your Rights
To exercise your rights:
- Submit a written request to our Data Protection Officer
- Provide proof of identity (ID copy)
- Specify the right(s) you wish to exercise
- We will respond within 30 days (Kenyan law requirement)
9.3 Complaints
If you believe we have violated your rights:
- First, contact our Data Protection Officer
- If unsatisfied, contact the Office of the Data Protection Commissioner Kenya:
Email: complaints@odpc.go.ke
Phone: +254 202 231 049 - GDPR-related complaints: Contact your local supervisory authority
11. Children's Privacy
Our services are not directed to children under 13 (or 16 in some jurisdictions).
11.1 Parental Consent
- For applicants under 18, we require parental consent
- Consent forms must be signed by parent/guardian
- We verify parental relationship through documentation
11.2 Age Verification
We implement reasonable measures to verify age, including:
- ID document verification
- Parental contact confirmation
- School enrollment verification
12. International Data Transfers
As a Kenya-based service, we primarily process data within Kenya.
12.1 When Transfers Occur
Data may be transferred outside Kenya only when:
- Using international cloud services (with adequate safeguards)
- Required for technical support (with NDA agreements)
- Necessary for legal compliance
12.2 Safeguards
For international transfers, we ensure:
- Adequacy decisions (GDPR Article 45)
- Standard Contractual Clauses (GDPR Article 46)
- Data Protection Impact Assessments
- ODPC approval for substantial transfers
13. Changes to This Policy
We may update this Policy periodically:
13.1 Notification of Changes
- We will post changes on this page with updated "Last Updated" date
- For significant changes, we will notify you via email
- We will obtain fresh consent if legal basis changes
13.2 Historical Versions
Previous versions of this Policy are archived and available upon request.
14. Contact Information
Data Protection Contacts
- Data Protection Officer: [Name of DPO]
- Email: info@hon-mwanginyagah.or.ke
- Phone: +254 000 000 000
- Address: Hon. Mwangi Nyagah Office, Kaimbaga Ward, Olkalou, Nyandarua County
Regulatory Authorities
- Kenya - Office of the Data Protection Commissioner:
Email: info@odpc.go.ke
Phone: +254 202 231 049
Address: P.O. Box 30920-00100, Nairobi
This Privacy Policy was last updated on January 29, 2026
Version: 1.0 | Effective Date: January 29, 2026