SIFANET SYSTEMS Ltd ("we", "us", "our") is committed to protecting the privacy and personal data of our clients, prospective clients, employees, and website visitors. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the Kenya Data Protection Act, 2019.
1. Data We Collect
We collect personal data in the following categories:
**Client and prospective client data:** Name, email address, phone number, physical and postal address, company name (if applicable), and details of the services you request or purchase.
**Payment information:** Bank or mobile money details necessary to process payments. We do not store full card numbers on our systems.
**Technical and installation data:** Floor plans, site photographs, device identifiers, network configuration details, and user account information required to deliver our services.
**CCTV and access control data:** Where we operate monitoring services, we may process video footage, access logs, and biometric data in accordance with our service agreements.
**Website data:** IP address, browser type, pages visited, and cookies, collected through standard web analytics.
**Job applicant data:** CVs, cover letters, references, and interview notes submitted as part of recruitment processes.
2. How We Use Your Data
We use your personal data to:
•Provide quotations, contracts, and the services you have engaged us for
•Process payments and maintain financial records
•Communicate with you about your projects, account, or support requests
•Send service updates, warranty notifications, and — with your consent — marketing communications
•Respond to security alerts and incidents where we provide monitoring services
•Comply with legal obligations, including anti-money-laundering and tax requirements
•Improve our services, website, and internal operations
•Process employment applications
3. Legal Basis for Processing
We process personal data on the following lawful bases:
•**Performance of a contract:** to deliver the services you have engaged us for
•**Legal obligation:** to comply with tax, accounting, and regulatory requirements
•**Legitimate interests:** to manage our business, prevent fraud, and improve our services, balanced against your rights
•**Consent:** where you have provided explicit consent, such as for marketing communications
4. Data Sharing
We do not sell your personal data. We share data only with:
•**Trusted service providers:** cloud hosting, payment processors, SMS gateways, and similar vendors who support our operations and who are bound by confidentiality obligations
•**Manufacturer partners:** where warranty registration or support requires it
•**Regulatory and law enforcement authorities:** where legally required, for example in response to a valid court order or regulatory request
•**Response and monitoring partners:** for clients who have contracted emergency response services, we share relevant incident data with our response partners
All third parties are required to protect your data to a standard no less rigorous than our own.
5. Data Retention
We retain personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods:
•Active client data: retained for the duration of the business relationship plus 7 years for accounting records
•Prospective client data: retained for 24 months from last contact
•CCTV footage (monitored services): retained for the period specified in the service agreement (typically 30-90 days)
•Website analytics: anonymised after 26 months
•Job applicant data: retained for 12 months after the recruitment decision unless you request deletion
6. Your Rights
Under the Kenya Data Protection Act, 2019, you have the right to:
•Access the personal data we hold about you
•Request correction of inaccurate or incomplete data
•Request deletion of data no longer needed for the purposes it was collected
•Object to processing based on legitimate interests or direct marketing
•Request restriction of processing in certain circumstances
•Request a copy of your data in a portable format
•Withdraw consent where processing is based on consent
•Lodge a complaint with the Office of the Data Protection Commissioner (www.odpc.go.ke)
To exercise any of these rights, contact us using the details below. We respond to valid requests within 30 days.
7. Data Security
We maintain appropriate technical and organisational measures to protect personal data, including:
•Encrypted data transmission (TLS) and encrypted storage of sensitive data
•Role-based access controls and strong authentication requirements for staff
•Regular security audits and vulnerability assessments
•Staff training on data protection and information security
•Incident response procedures for suspected data breaches
In the event of a data breach affecting your rights and freedoms, we will notify you and the Office of the Data Protection Commissioner within 72 hours in line with legal requirements.
8. Cookies
Our website uses cookies to provide core functionality, analyse site usage, and — where you have consented — personalise content. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect site functionality.
9. International Transfers
Our primary data processing occurs within Kenya. Where personal data is transferred to service providers outside Kenya (for example, cloud hosting providers), we ensure appropriate safeguards are in place, including contractual protections and adherence to recognised data protection frameworks.
10. Children's Privacy
Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data about a child, please contact us for immediate removal.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page will reflect the most recent revision. Material changes will be notified via our website or directly where appropriate.
12. Contact Us
For questions about this Privacy Policy, or to exercise your data protection rights, please contact:
**Data Protection Officer**
SIFANET SYSTEMS Ltd
Email: info@sifanetsystems.co.ke
Phone: +254 702 076952
Address: Jogoo Rd, Hamza, Nairobi, Kenya
You also have the right to lodge a complaint with the Office of the Data Protection Commissioner at www.odpc.go.ke.