Data Protection

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information in compliance with Kenya's Data Protection Act, 2019.

GDPR Compliant
Data Encrypted
Privacy by Design

This Privacy Policy describes how Kodi Technologies ("we," "us," or "our") collects, uses, and protects personal identifiable information (PII) and payment-related data in connection with our property management software ("Software") in Kenya. We are committed to protecting your privacy and ensuring compliance with applicable data protection laws and regulations.

Last Updated: December 1, 2024

Important: Your Data Rights

Under Kenya's Data Protection Act, 2019, you have rights including access to your data, correction of inaccurate data, objection to processing, and data portability. Contact us to exercise these rights.

1.1 Personal Identifiable Information (PII)

We may collect and process the following PII from you:

  • Identity Information: Full name, identification documents (ID card, passport), date of birth
  • Contact Information: Email address, phone number, physical address
  • Financial Information: Bank account details, M-Pesa numbers, transaction history
  • Property Information: Property details, tenancy agreements, rent amounts
  • Technical Information: IP address, browser type, device information, usage data
  • Communication Data: Emails, messages, support requests
1.2 Payment Information

We collect and process payment-related information necessary to facilitate transactions:

  • Credit card details (processed securely by certified payment processors)
  • Bank account information for transfers
  • M-Pesa transaction details
  • Payment history and receipts

Note: We do not store full credit card numbers. We use third-party payment processors that comply with Payment Card Industry Data Security Standards (PCI DSS).

1.3 Data from Third Parties

We may receive information about you from:

  • Credit reference agencies
  • Identity verification services
  • Publicly available sources
  • Other users (e.g., property managers providing tenant information)

2.1 Primary Purposes

We use your information for the following purposes:

  • Software Operation: Providing and maintaining the Software's functionality and features
  • Payment Processing: Facilitating rental payments and funds settlement
  • Identity Verification: Verifying your identity for security and compliance purposes
  • Customer Support: Communicating with you and providing customer support
  • User Experience: Personalizing and improving your experience with our Software
  • Legal Compliance: Complying with legal and regulatory requirements in Kenya
  • Communication: Sending important updates, security alerts, and service notifications
2.2 Analytics and Improvement

We use anonymized and aggregated data for:

  • Analyzing Software performance and usage patterns
  • Developing new features and improvements
  • Conducting market research and trend analysis
  • Measuring the effectiveness of our services
2.3 Legal Basis for Processing

We process your data based on:

  • Contractual Necessity: To provide the services you requested
  • Legal Obligation: To comply with Kenyan laws and regulations
  • Legitimate Interests: For business operations and improvements
  • Consent: When you explicitly agree to specific processing

3.1 Third-Party Service Providers

We may share your information with:

  • Payment Processors: Certified providers like Pesapal, DPO Group
  • Cloud Hosting: Secure data centers with ISO 27001 certification
  • Communication Services: SMS and email service providers
  • Support Services: Customer support and maintenance providers
3.2 Legal and Regulatory Disclosure

We may disclose your information:

  • To comply with Kenyan laws, regulations, or legal processes
  • To respond to lawful requests from public authorities
  • To protect our rights, privacy, safety, or property
  • In connection with business transfers or mergers
3.3 Business Partners

With your consent, we may share information with:

  • Property management companies you engage with
  • Financial institutions for verification purposes
  • Legal or professional advisors
3.4 Marketing

We do not sell, rent, or lease your PII to third parties for marketing purposes. We only send marketing communications with your explicit consent.

4.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: AES-256 encryption for data at rest and in transit
  • Access Controls: Role-based access and multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Regular Audits: Security audits and vulnerability assessments
  • Employee Training: Data protection and security awareness training
4.2 Payment Security

For payment processing, we use:

  • PCI DSS compliant payment processors
  • Tokenization for sensitive payment data
  • Secure sockets layer (SSL) technology
  • Regular security certifications and audits
4.3 Data Breach Response

In the event of a data breach, we will:

  • Notify affected individuals within 72 hours of discovery
  • Report to the Office of the Data Protection Commissioner as required
  • Take immediate steps to contain and remediate the breach
  • Implement measures to prevent future breaches

5.1 Retention Periods

We retain your information for as long as necessary:

  • Active Accounts: For the duration of your account activity
  • Financial Records: 7 years as required by Kenyan tax laws
  • Contract Information: 6 years after contract termination
  • Marketing Consent: Until you withdraw consent
5.2 Data Disposal

When data is no longer needed:

  • Secure deletion using industry-standard methods
  • Physical destruction of backup media
  • Anonymization for statistical purposes
5.3 Account Deletion

You can request account deletion, subject to:

  • Legal requirements to retain certain data
  • Completion of any ongoing transactions
  • Resolution of any disputes or claims

6.1 Data Subject Rights

Under the Data Protection Act, 2019, you have the right to:

  • Access: Request copies of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (right to be forgotten)
  • Restriction: Request restriction of processing
  • Objection: Object to processing of your data
  • Portability: Request transfer of your data to another provider
  • Withdraw Consent: Withdraw consent at any time
6.2 How to Exercise Your Rights

To exercise your rights:

  • Contact our Data Protection Officer at info@kodi.ke
  • Use the privacy settings in your account dashboard
  • Submit a written request with proof of identity
6.3 Response Time

We will respond to your request within 30 days, as required by law. We may extend this period for complex requests, but will notify you of the extension.

7.1 Data Location

Your data is primarily stored in Kenya. However, some service providers may process data in other countries. In such cases:

  • We ensure adequate data protection safeguards are in place
  • We use Standard Contractual Clauses approved by regulators
  • We conduct due diligence on international partners
7.2 Cross-Border Processing

We may transfer data to:

  • Countries with adequate data protection laws
  • Service providers with appropriate safeguards
  • As required by legal processes

8.1 Types of Cookies

We use cookies for:

  • Essential Cookies: Necessary for Software operation
  • Functional Cookies: Remember preferences and settings
  • Analytics Cookies: Understand usage patterns
  • Marketing Cookies: With your consent only
8.2 Cookie Management

You can:

  • Adjust browser settings to block cookies
  • Use our cookie consent manager
  • Clear cookies through your browser

For detailed information, please see our separate Cookie Policy.

Our Software is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10.1 Policy Updates

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices
  • New legal requirements
  • Software updates and new features
10.2 Notification of Changes

We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications
  • Displaying in-software notices
10.3 Continued Use

Your continued use of the Software after changes constitutes acceptance of the updated policy. We encourage you to review this policy regularly.

Contact Our Data Protection Officer

For privacy-related questions, concerns, or to exercise your data rights, contact our Data Protection Officer.

Email DPO Contact Support

This Privacy Policy was last updated on December 1, 2024