Privacy Policy for GDDC Kenya
Last updated: December 5, 2025
Definitions
GDPR: General Data Protection Regulation Act.
Data Controller: Natural or legal person who determines the purposes and means of processing personal information.
Data Processor: Natural or legal person processing the data on behalf of the Data Controller.
Data Subject: Any living individual using our Service and is the subject of Personal Data.
1. Principles for Processing Personal Data
Our principles for processing personal data include:
- Fairness and lawfulness: All personal data is collected and processed legally and fairly, protecting Data Subjects’ rights.
- Specific purpose: Data processing is restricted to defined purposes.
- Transparency: Data Subjects are informed about data collection, processing, and usage.
2. What Personal Data We Collect and Process
We collect various types of personal data, including but not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, ZIP, City
3. How We Use the Personal Data
GDDC Kenya uses the collected personal data for:
- Providing services
- Notifying about changes to our services and/or products
- Providing customer support
- Improving our services
- Detecting and addressing technical issues
4. Legal Basis for Collecting and Processing Personal Data
GDDC Kenya collects and processes personal data under the following bases:
- Performance of a contract
- Consent provided by the Data Subject
- Legitimate interests pursued by GDDC Kenya
- Legal compliance
5. Retention of Personal Data
GDDC Kenya retains personal information only as long as necessary, complying with legal obligations, resolving disputes, and enforcing policies.
6. Data Protection Rights
Residents of the EEA have data protection rights, including:
- The right to access, update, or delete information
- The right of rectification
- The right to object
- The right of restriction
- The right to data portability
- The right to withdraw consent
