This Privacy Statement applies to personal data collected, used, and stored by the Deaf Football Federation of Kenya Website, hereinafter “DFFK”. Our website address is: https://kenyadeaffootball.org.
DFFK takes your privacy very seriously and we do everything we can to convey that on our website and during a DFFK event. This Privacy Statement explains the types of personal data we collect from and about you and how we use, disclose, and protect that data as well as your ability to control certain uses of it.
What is personal data?
Personal data means any information relating to an identified or identifiable natural person. This includes, for example, your name, telephone number, address, and email address.
Consent to collection and use of your Information
If you give us or we hold your personal information, this indicates that you consent to our using it, and we will treat it, in accordance with this policy. We respect your privacy and the choices you make about how you want us to contact you.
We collect the following types of information
Personally, Identifying Information. We may collect personal contact information such as your name, address, company name and address, contact details including your e-mail address, employer details, and position.
Account Information. This includes shipping and billing information. We may also record any preferences you have, such as products regularly ordered and terms of payment. With this information, we can fulfil your orders and better provide you with personalized services.
Transactions. We maintain records which show the products and services you have requested and/or been supplied. Information about particular transactions is maintained in our databases in the same or similar manner as such information is maintained for transactions which are done by telephone, fax, etc.
Email Correspondence. Your e-mail address is used to raise and respond to issues and inquiries of all types and to keep in contact with you generally. It is also used to distribute information about us and market our products and services as mentioned below.
Uses of your personal information
We will use your personal information for normal business purposes such as fulfilling purchase orders, to communicate with you about orders, the uses set out below and other uses reasonably contemplated at the time we collected the information.
We will also use it to provide you with marketing and promotional materials of, including, without limitation; our services, products, training seminars, newsletter, price promotions, events we think are useful to you. We may also use personal information to establish a profile for you or your company, or collectively for some or all of our customers, to help us make business decisions like: product development, improve quality of customer service.
DFFK uses customer contact information to personalize the types of information you receive from us, to determine customer satisfaction with products and/or services we have provided and to improve the operation of our business delivery to you.
We will also use it for internal business purposes including: aggregating information, data warehousing and mining, cross-matching databases, and pooling data for, effective data management, to understand your needs, improving security of data, for statistical analysis, devising, deploying and measuring marketing campaigns; including but not limited to advertising, off-site advertising and targeting, email marketing and remarketing; and other reasonable business purposes and operational efficiency improvement.
In the event of any prospective or actual merger, business sale or reorganization we may share personal information with the other party or parties involved in the course of such merger, business sale or reorganization negotiations or processes and transfer such personal information to the merged entity or any member(s) of it, the business acquirer or the relevant party(ies) following reorganization.
By giving your personal information to us you unambiguously, freely and with full knowledge of what we may use your personal and other information for, agree that we may collect and use such personal information and other information in accordance with the terms and conditions of this policy. Where the law requires you to opt-in before we can use your personal information for any particular purpose we will not use your personal information for such purpose unless you give opt-in consent for it.
Protection of your information
Third parties and your Information
Except as specifically described in this Privacy Notice Policy, we will not, without your specific prior consent, sell, trade or transfer your information to third parties other than authorized third parties (such, for example, contractors operating our IT services) and others involved in the supply and distribution chain (e.g., vendors, suppliers), which may need access to some of your personal information.
Disclosures required by law
Occasionally, we may be required by law enforcement, government contract administrators, and/or judicial authorities to provide personally identifiable information to the appropriate governmental or regulatory authorities under applicable law or regulation. We will disclose personally identifiable information upon receipt of a court order, subpoena, or if required to cooperate with law enforcement investigations. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful to the extent permitted by law.
We do not knowingly collect personal information from individuals under the age of 18.
Accessing, rectifying, blocking and Updating Information
Please notify us of any changes in your name, address, title, telephone number or e-mail address. You can correct your personally identifiable information yourself by contacting us with a request for your change. You may ask to have the information on your account deleted or removed; however, because we keep track of certain transaction information, such as past purchases, and other similar information, for legal compliance purposes (including company bookkeeping), we may not be able to delete certain information.
If information we hold appears to be inaccurate we will block its use until the position is verified to our satisfaction. You may also ask for a copy of the personal information we hold about you/your company, at no additional cost.
If you have any questions relating to this Privacy Notice Policy or relating to the transfer of your personal data, please contact us using the details below. If you do not agree to this Privacy Notice Policy, please do not provide us with your information. We reserve the right to change the Policy intermittently at our absolute discretion. We will notify all of our website visitors of the policy change.
How can you contact us?
If you have any questions regarding this Privacy Statement or your privacy, you can contact us
Kenya Data Protection Act
The Data Protection Bill that has been a subject of discussion for years, was passed into law on 8 November 2019 when the president assented to it. The Data protection Bill 2019, follows the path taken by the European Union in enacting the General Data Protection Regulation (GDPR) in May 2018 and makes Kenya the third country in East Africa to have legislation dedicated to data protection.
This law was expedited following concerns raised over the Huduma Namba registration exercise, with those opposed to the process raising concern about the safety of citizen’s personal data collected by the Government.
Purpose of the Act
The Act seeks to: give effect to Article 31(c) and (d) of the Constitution that contain the right to privacy;
Data Protection Principles
The Act requires Data Controllers and Processors to process data lawfully; minimise collection of data; restricts further processing of data; requires data controllers and processors to ensure data quality; and that they establish and maintain security safeguards to protect personal data.
Registration of Data Controllers and Processors
The Act requires that any person who acts as a data controller or data processor must be registered with the Data Commissioner. Therefore, once the office of the Data Commissioner is established, organisations meeting the definition of a controller or processor will need to register as such, and renew their registration every 3 years.
Transfer of Personal Data Outside Kenya
The processing of personal data is exempt from the provisions of the Data protection Act if—