Effective Date: Friday, 8th November 2024.

At harakaCRM, we value the privacy and confidentiality of our customers and end users. This Data Privacy Policy outlines our commitment to protecting your personal data in compliance with the Data Protection Act, 2019 (DPA) of Kenya, as well as international standards of data privacy. Our policy reflects our dedication to transparency, accountability, and user control over personal information.

1. Scope of Policy

This Data Privacy Policy applies to all personal data collected, processed, stored, and shared by harakaCRM. It covers data collected from clients, employees, partners, and any third parties associated with harakaCRM’s services.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Data Controller: harakaCRM, which determines the purposes and means of processing personal data.
  • Data Processor: Any entity that processes data on behalf of harakaCRM.

3. Data Collection and Use

harakaCRM collects and processes personal data in compliance with the lawful grounds outlined in the DPA, 2019, which include consent, contractual necessity, legal obligation, and legitimate interest.

We collect personal data only for specified, explicit, and legitimate purposes, including:

  • Providing CRM services and features
  • Enhancing user experience through tailored communication
  • Conducting analytics to improve service quality
  • Complying with legal obligations

Types of Data Collected:

  • User Information: Names, contact information, and job titles for account management.
  • Interaction Data: Logs and records of customer interactions across communication channels for service provision and support.
  • Technical Data: IP addresses, device information, and cookies for security and analytical purposes.

4. Data Subject Rights

In accordance with the DPA, 2019, data subjects have the following rights:

  • Access: The right to request access to your personal data.
  • Correction: The right to correct any inaccurate or incomplete personal data.
  • Erasure: The right to request deletion of your personal data in certain circumstances.
  • Restriction of Processing: The right to restrict or object to the processing of personal data.
  • Data Portability: The right to receive a copy of your data in a structured, commonly used, and machine-readable format.

Requests regarding these rights can be submitted to our Data Protection Officer (DPO) at [email protected].

5. Data Security

harakaCRM employs robust technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. Measures include:

  • Encryption: Data in transit and at rest is encrypted to protect its confidentiality and integrity.
  • Access Controls: Role-based access and two-factor authentication to restrict data access to authorized personnel.
  • Data Anonymization and Pseudonymization: Where feasible, we anonymize or pseudonymize data to limit identifiable information.

6. Data Retention

harakaCRM retains personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Retention periods are defined per data type, following the “storage limitation” principle.

7. Data Sharing and Disclosure

We do not sell or share personal data with third parties unless required for service provision or by legal obligation. Data may be shared with:

  • Service Providers: Third parties that provide services on our behalf (e.g., analytics, cloud storage), bound by confidentiality and data protection agreements.
  • Legal Authorities: In cases where disclosure is required by law or in response to a lawful request by public authorities.

We ensure all data transfers comply with the DPA, 2019, and take appropriate safeguards for cross-border data transfers as per Kenyan and international privacy laws.

8. Third-Party Links

harakaCRM may include links to third-party websites, plug-ins, or applications that have their own privacy policies. We do not control and are not responsible for these third parties’ privacy practices, and we encourage users to read the privacy policies of any linked third-party services.

9. Cookies and Tracking

harakaCRM uses cookies and similar tracking technologies to enhance user experience, analyze site usage, and provide personalized content. Users may manage cookies through their browser settings, but disabling cookies may affect certain features of our platform.

10. Data Protection Officer

For inquiries, concerns, or complaints about our data privacy practices or to exercise your rights, please contact our Data Protection Officer at:

Data Protection Officer
harakaCRM
Email: [email protected]

11. Changes to this Policy

harakaCRM reserves the right to update or change this policy to reflect changes in our practices or legal obligations. All updates will be posted on our website, and material changes will be communicated to affected individuals.

Last Updated: Friday, 8th November 2024.