Data Protection Policy

Our commitment to protecting your personal data in compliance with the Kenya Data Protection Act, 2019

Data Protection Policy

Voices254 ("the Platform," "we," "us," or "our") is committed to protecting the privacy and personal data of our users, contributors, and community members. This Data Protection Policy outlines our practices in accordance with the Kenya Data Protection Act, 2019 (Act No. 24 of 2019) and any other applicable data protection laws.

This policy applies to all personal data processed by Voices254, whether collected through our website, mobile applications, events, or other interactions.

Effective Date: March 1, 2026 | Last Reviewed: March 29, 2026

1. Definitions

In this policy, the following terms shall have the meanings ascribed to them:

  • "Data Controller" – Voices254, which determines the purpose and means of processing personal data.
  • "Data Processor" – Any third party that processes personal data on behalf of Voices254.
  • "Personal Data" – Any information relating to an identified or identifiable natural person.
  • "Processing" – Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
  • "Data Subject" – An identified or identifiable natural person to whom personal data relates.
  • "Consent" – Any freely given, specific, informed and unambiguous indication of the data subject's wishes.

2. Data Protection Principles

We adhere to the following principles as outlined in Section 25 of the Kenya Data Protection Act:

a) Lawfulness, Fairness, and Transparency – Processing is done lawfully, fairly, and in a transparent manner.
b) Purpose Limitation – Data is collected for specified, explicit, and legitimate purposes.
c) Data Minimization – Only data that is adequate, relevant, and limited to what is necessary is collected.
d) Accuracy – Reasonable steps are taken to ensure personal data is accurate and up-to-date.
e) Storage Limitation – Data is kept for no longer than necessary for the purposes for which it was processed.
f) Integrity and Confidentiality – Appropriate security measures are implemented against unauthorized processing.
g) Accountability – The Data Controller is responsible for demonstrating compliance with these principles.

3. Personal Data We Collect

Voices254 may collect the following categories of personal data:

  • Identity Data: Full name, username, date of birth, gender, and profile photo.
  • Contact Data: Email address, phone number, and physical address (if provided).
  • Technical Data: IP address, browser type, device information, and cookies.
  • Content Data: Stories, comments, posts, and other content you share on the platform.
  • Usage Data: Information about how you interact with our platform and services.
  • Sensitive Data: We do not intentionally collect sensitive personal data (e.g., biometric data, health data) unless voluntarily provided with explicit consent.

4. Legal Basis for Processing

We process personal data only when we have a valid legal basis, including:

Consent
Where you have given explicit consent for processing.
Contractual Necessity
Processing necessary for the performance of a contract.
Legal Obligation
Compliance with a legal obligation.
Legitimate Interests
For our legitimate business interests, provided your rights do not override them.

5. Data Subject Rights

Under the Kenya Data Protection Act, you have the following rights:

Right Description
Right to be Informed To know how your data is being processed.
Right to Access To request a copy of your personal data.
Right to Rectification To correct inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten) To request deletion of your personal data under certain circumstances.
Right to Restriction of Processing To limit how your data is used.
Right to Data Portability To receive your data in a structured format.
Right to Object To object to processing based on legitimate interests or direct marketing.
Right to Lodge a Complaint To lodge a complaint with the Office of the Data Protection Commissioner (ODPC).
To exercise these rights, contact: dpo@voices254.co.ke or +254 700 123 456

6. Data Security Measures

We implement appropriate technical and organizational measures to ensure the security of personal data, including:

  • Encryption of data in transit (SSL/TLS) and at rest.
  • Access controls and authentication mechanisms.
  • Regular security audits and vulnerability assessments.
  • Staff training on data protection and confidentiality.
  • Incident response plan for data breaches.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: Retained until account deletion, plus a limited period for legal compliance.
  • Content data: Retained as long as the account exists, or until content is deleted by the user.
  • Technical data: Retained for up to 24 months for analytics and security purposes.
  • Marketing data: Retained until consent is withdrawn.

After the retention period, data is securely anonymized or deleted.

8. Data Sharing & Third Parties

We do not sell your personal data. We may share data with:

  • Service Providers: Hosting, analytics, and technical support partners who process data on our behalf under strict confidentiality agreements.
  • Legal Authorities: When required by law or to protect our legal rights.
  • Community Partners: Only with your explicit consent for specific initiatives.

All third-party processors are vetted for compliance with the Kenya Data Protection Act.

9. International Data Transfers

Any transfer of personal data outside Kenya is done in compliance with Section 48 of the Data Protection Act, ensuring adequate levels of protection or appropriate safeguards such as Standard Contractual Clauses.

10. Data Protection Officer (DPO)

Voices254 has appointed a Data Protection Officer to oversee compliance with this policy and the Data Protection Act. You may contact the DPO at:

Data Protection Officer
Voices254 Limited
P.O. Box 12345-00100, Nairobi, Kenya
Email: dpo@voices254.co.ke
Phone: +254 700 123 456

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Office of the Data Protection Commissioner within 72 hours of becoming aware of the breach, and inform affected data subjects as required by law.

12. Updates to This Policy

We may update this policy from time to time. Material changes will be communicated via email or platform notification. The "Last Reviewed" date at the top of this policy indicates when it was last updated.

13. Contact Information

If you have any questions about this Data Protection Policy or wish to exercise your rights, please contact us:

Address:
Voices254 Limited
P.O. Box 12345-00100
Nairobi, Kenya
Email:
privacy@voices254.co.ke
dpo@voices254.co.ke
Phone:
+254 700 123 456

Committed to Your Privacy

Voices254 is fully committed to upholding the Kenya Data Protection Act, 2019 and ensuring your data is handled with the highest standards of care and security.

View Community Guidelines