Privacy Statement 

This Privacy Statement applies to personal data collected, used, and stored by the Deaf Football Federation of Kenya  Website, hereinafter “DFFK”. Our website address is: https://kenyadeaffootball.org.

You are furthermore invited to read, if you have not already done so, the Terms of Use of the Website as they also contain important indications about the security systems adopted by the Website.

DFFK takes your privacy very seriously and we do everything we can to convey that on our website and during a DFFK event. This Privacy Statement explains the types of personal data we collect from and about you and how we use, disclose, and protect that data as well as your ability to control certain uses of it.

What is personal data?

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, your name, telephone number, address, and email address.

Consent to collection and use of your Information

If you give us or we hold your personal information, this indicates that you consent to our using it, and we will treat it, in accordance with this policy. We respect your privacy and the choices you make about how you want us to contact you.

We collect the following types of information

Personally, Identifying Information. We may collect personal contact information such as your name, address, company name and address, contact details including your e-mail address, employer details, and position.

Account Information. This includes shipping and billing information. We may also record any preferences you have, such as products regularly ordered and terms of payment. With this information, we can fulfil your orders and better provide you with personalized services.

Transactions. We maintain records which show the products and services you have requested and/or been supplied. Information about particular transactions is maintained in our databases in the same or similar manner as such information is maintained for transactions which are done by telephone, fax, etc.

Email Correspondence. Your e-mail address is used to raise and respond to issues and inquiries of all types and to keep in contact with you generally. It is also used to distribute information about us and market our products and services as mentioned below.

Uses of your personal information

We will use your personal information for normal business purposes such as fulfilling purchase orders, to communicate with you about orders, the uses set out below and other uses reasonably contemplated at the time we collected the information.

We will also use it to provide you with marketing and promotional materials of, including, without limitation; our services, products, training seminars, newsletter, price promotions, events we think are useful to you. We may also use personal information to establish a profile for you or your company, or collectively for some or all of our customers, to help us make business decisions like: product development, improve quality of customer service.

DFFK uses customer contact information to personalize the types of information you receive from us, to determine customer satisfaction with products and/or services we have provided and to improve the operation of our business delivery to you.

We will also use it for internal business purposes including: aggregating information, data warehousing and mining, cross-matching databases, and pooling data for, effective data management, to understand your needs, improving security of data, for statistical analysis, devising, deploying and measuring marketing campaigns; including but not limited to advertising, off-site advertising and targeting, email marketing and remarketing; and other reasonable business purposes and operational efficiency improvement.

In the event of any prospective or actual merger, business sale or reorganization we may share personal information with the other party or parties involved in the course of such merger, business sale or reorganization negotiations or processes and transfer such personal information to the merged entity or any member(s) of it, the business acquirer or the relevant party(ies) following reorganization.

By giving your personal information to us you unambiguously, freely and with full knowledge of what we may use your personal and other information for, agree that we may collect and use such personal information and other information in accordance with the terms and conditions of this policy. Where the law requires you to opt-in before we can use your personal information for any particular purpose we will not use your personal information for such purpose unless you give opt-in consent for it.

Protection of your information

We protect the personal information you share with us. Access to your personal information is limited only to our employees, and/or authorized third parties who need it for or in relation to the purposes referred to in this Privacy Policy including, without limitation, third-party contractors. To prevent unauthorized access, maintain data accuracy, and ensure proper use of your information, we and our IT contractors and subcontractors have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect.

Third parties and your Information

Except as specifically described in this Privacy Notice Policy, we will not, without your specific prior consent, sell, trade or transfer your information to third parties other than authorized third parties (such, for example, contractors operating our IT services) and others involved in the supply and distribution chain (e.g., vendors, suppliers), which may need access to some of your personal information. 

For example, if we ship an order to you, we must share your name and address with a shipping company. We oblige such third parties to comply with our privacy policy and limit their access and use of your personal information. If you have any questions relating to the transfer of your personal data to the third parties described in this Privacy Notice Policy, please contact us at the contact page

Disclosures required by law

Occasionally, we may be required by law enforcement, government contract administrators, and/or judicial authorities to provide personally identifiable information to the appropriate governmental or regulatory authorities under applicable law or regulation. We will disclose personally identifiable information upon receipt of a court order, subpoena, or if required to cooperate with law enforcement investigations. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful to the extent permitted by law.

Children’s Privacy

We do not knowingly collect personal information from individuals under the age of 18.

Accessing, rectifying, blocking and Updating Information

Please notify us of any changes in your name, address, title, telephone number or e-mail address. You can correct your personally identifiable information yourself by contacting us with a request for your change. You may ask to have the information on your account deleted or removed; however, because we keep track of certain transaction information, such as past purchases, and other similar information, for legal compliance purposes (including company bookkeeping), we may not be able to delete certain information.

If information we hold appears to be inaccurate we will block its use until the position is verified to our satisfaction. You may also ask for a copy of the personal information we hold about you/your company, at no additional cost.

If you have any questions relating to this Privacy Notice Policy or relating to the transfer of your personal data, please contact us using the details below. If you do not agree to this Privacy Notice Policy, please do not provide us with your information. We reserve the right to change the Policy intermittently at our absolute discretion. We will notify all of our website visitors of the policy change.

How can you contact us?

If you have any questions regarding this Privacy Statement or your privacy, you can contact us 

Kenya Data Protection Act

The Data Protection Bill that has been a subject of discussion for years, was passed into law on 8 November 2019 when the president assented to it. The Data protection Bill 2019, follows the path taken by the European Union in enacting the General Data Protection Regulation (GDPR) in May 2018 and makes Kenya the third country in East Africa to have legislation dedicated to data protection.

This law was expedited following concerns raised over the Huduma Namba registration exercise, with those opposed to the process raising concern about the safety of citizen’s personal data collected by the Government.

Purpose of the Act

The Act seeks to: give effect to Article 31(c) and (d) of the Constitution that contain the right to privacy;

• establishment of the Office of the Data Commissioner;
• regulate the processing of personal data,
• provide for the rights of data ‘subjects’; and
• obligations of data ‘controllers’ (Person who determines the purpose and means of processing of personal data) and ‘processors’ (Person who processes personal data on behalf of the data controller).

Data Protection Principles

The Act requires Data Controllers and Processors to process data lawfully; minimise collection of data; restricts further processing of data; requires data controllers and processors to ensure data quality; and that they establish and maintain security safeguards to protect personal data.

Registration of Data Controllers and Processors

The Act requires that any person who acts as a data controller or data processor must be registered with the Data Commissioner. Therefore, once the office of the Data Commissioner is established, organisations meeting the definition of a controller or processor will need to register as such, and renew their registration every 3 years.

Transfer of Personal Data Outside Kenya

• Every data controller or data processor is required to ensure the storage, on a server or data centre located in Kenya, of at least one serving copy of personal data to which the Act applies.
• Cross-border processing of sensitive personal data is prohibited and only allowed when certain conditions are met or under certain circumstances specified in the Act (Part IV – 48 – 50)
• A data controller or data processor may transfer personal data to another country where—
  • the data controller or data processor has given proof to the Data Commissioner on the appropriate safeguards with respect to the security and protection of the personal data;
  • the data subject has given explicit consent to the proposed transfer, after having been informed of the possible risks of the transfer such as the absence of appropriate security safeguards;
  • The transfer is necessary for performance of a contract.

Exemptions

The processing of personal data is exempt from the provisions of the Data protection Act if—

1. exemption is necessary for national security or public order;
2. disclosure is required by or under any a written law or by an order of the court e.g. Anti Money Laundering (AML) Laws;
3. the prevention or detection of crime e.g. AML/CFT laws;
4. the apprehension or prosecution of an offender; or
5. the assessment or collection of a tax or duty or an imposition of a similar nature