Privacy Policy

Introduction

Trust is the cornerstone of any thriving community. As we pursue our mission to decentralize connectivity and create meaningful opportunities, we prioritize safeguarding your personal data. This Privacy Policy outlines how we handle your information with transparency and care.

Our practices comply with the Kenya Data Protection Act, 2019, and reflect international standards like the GDPR and CCPA to meet the expectations of our global audience. This policy provides a clear and comprehensive explanation of how we collect, use, and protect your data, ensuring you can make informed choices when engaging with our platform.

Protecting your privacy and upholding your rights are at the heart of our operations. We remain committed to maintaining the integrity of your information and fostering trust in every interaction.

Information we collect

To meet the needs of our community and provide tailored services, we collect only the data necessary for effective communication and engagement. Our approach prioritizes transparency and ensures your consent is central to our data collection practices. You have the right to know what information is gathered and to decline sharing certain details unless they are required to fulfill your requests or meet legal obligations. The types of information we may collect include:

• Personal Information: Your name, email address, and other contact details provided voluntarily, such as when filling out forms or subscribing to updates.
• Participation Preferences: Details about your involvement in our ecosystem, whether as a user, investor, or community member.
• Interest Areas: Information on topics that matter to you, such as governance, connectivity, or technological advancements, to help us deliver relevant updates and services.
• Feedback and Inquiries: Any additional details you choose to share when contacting us allow us to address your questions and enhance our offerings.
• Technical Information: Non-personal data, including browser type, device details, and usage patterns, collected via cookies or analytics tools to improve platform functionality and user experience.

We are committed to using this information responsibly and transparently to foster meaningful engagement and support within our community.

How we use your information

We use your personal data solely for purposes that align with our commitment to transparency and responsible data handling. The information collected enables us to engage effectively with our community, improve our services, and meet legal and operational requirements.

Your contact details are used to provide updates on project developments, community initiatives, and opportunities relevant to your interests. When you reach out with questions or feedback, we use your information to respond promptly and address your concerns comprehensively.

To refine our services and ensure an optimal user experience, we analyze preferences and interaction patterns. This allows us to tailor communications and initiatives, aligning them with your specific areas of interest, such as governance, connectivity, or economic opportunities.

In certain circumstances, we process your data to fulfill legal obligations or protect our legitimate business interests, as permitted by applicable laws. We do not sell your personal information or use it for purposes outside those outlined here.

Our approach ensures that your data is handled securely and ethically at all times, reflecting our commitment to safeguarding your trust.

Legal basis for processing data

The processing of your personal data is governed by the Kenya Data Protection Act, 2019 and other applicable legal frameworks. These laws provide the foundation for all data handling practices, ensuring they are lawful, transparent, and necessary. Each instance of data processing is carefully evaluated to respect your rights and uphold principles of necessity, fairness, and proportionality. We rely on the following legal bases for processing your information:

• Consent: When you voluntarily provide your information—such as by filling out a form, subscribing to updates, or sharing your preferences—you permit us to process your data for the specified purposes. You retain the right to withdraw your consent at any time.
• Legitimate Interests: Sometimes, we process your data to further our legitimate interests, including improving services, fostering community engagement, and advancing AriaLink’s objectives. This processing is conducted with careful consideration to ensure it does not infringe on your rights or freedoms.
• Compliance with Legal Obligations: Certain circumstances require us to process your data to fulfil regulatory or legal requirements, such as responding to official inquiries or maintaining records for statutory compliance.
• Performance of a Contract: If you enter into a contractual relationship with AriaLink, we process your data as necessary to meet our obligations under that agreement.

These legal bases ensure that your personal data is handled responsibly and transparently, with full respect for your rights and privacy.

Data sharing and third parties

Your personal data is shared only when necessary and with appropriate safeguards to ensure its protection. We carefully evaluate each instance of data sharing to align with legal requirements and our commitment to privacy.

To support the delivery of our services, we may engage trusted third-party providers for tasks such as managing communication platforms or processing form submissions. These providers are contractually bound to use your data exclusively for the purposes we specify and to adhere to strict data protection standards.

In certain situations, we may be required to disclose your information to comply with legal obligations. This includes responding to court orders, regulatory requirements, or lawful requests from public authorities. Such disclosures are made in accordance with applicable laws to ensure your rights are respected.

If AriaLink undergoes a merger, acquisition, or other organizational restructuring, your personal data may be transferred to the new entity. In such cases, we will notify you and provide details of any significant changes to how your data is handled.

We do not sell, rent, or share your data for independent marketing purposes. Any sharing of personal information is carried out with your explicit consent or as required by law.

For cross-border data transfers, we comply with international data protection standards. When your data is processed outside Kenya, we implement safeguards such as Standard Contractual Clauses to ensure it receives the same level of protection as it does under Kenyan law.

Data retention

We retain your personal data only as long as necessary to achieve the purposes described in this Privacy Policy. Our retention practices balance the need to fulfill operational and legal obligations while respecting your privacy.

Data collected for communication purposes is retained until you unsubscribe or withdraw your consent. Information related to specific initiatives is kept for the duration of the initiative or as required by legal and reporting obligations. Feedback and inquiries are stored only for as long as needed to address your concerns and improve our services.

When data is no longer required for its original purpose, we securely delete or anonymize it to protect your privacy. However, certain circumstances may require extended retention, such as compliance with legal or regulatory requirements, maintaining audit records, or resolving disputes.

You have the right to request the deletion of your data at any time. Upon receiving your request, we will act promptly unless retention is necessary to comply with legal obligations or to protect legitimate interests, such as ensuring security or preventing fraud.

Our retention policies are designed to safeguard your information responsibly while adhering to applicable laws.

Data security measures

Safeguarding your personal data is a top priority at AriaLink. We have implemented robust security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. Our commitment to maintaining a secure environment drives continuous investment in advanced technologies and best practices to protect your data.

To protect your data, we use state-of-the-art technical safeguards. Sensitive information is encrypted both during transmission and when stored, ensuring that it remains secure even in the event of unauthorized access attempts. Your data is stored on secure servers with restricted access, and advanced firewall systems coupled with continuous monitoring help us detect and prevent cyber threats effectively.

Our organizational measures are equally stringent. Only authorized personnel with a legitimate need can access your personal data, and our team undergoes regular training to stay informed about the latest data protection practices. In the rare event of a security breach, we have robust protocols to respond swiftly and mitigate any potential harm.

We regularly review and update security measures to address emerging threats and technological advancements. This includes conducting audits of third-party tools and platforms to ensure they meet our strict data protection standards.

While we do everything we can to secure your data, we also encourage you to play an active role in its protection. Using strong, unique passwords for your accounts and notifying us immediately if you suspect any unauthorized activity can significantly enhance the security of your personal information.

User rights

Under the Kenya Data Protection Act, 2019 and international standards such as the GDPR, you are granted specific rights concerning your personal data. These rights ensure that you remain in control of how your information is used:

• Right to Access: You may request a copy of the personal data we hold about you and details on how it is processed, ensuring transparency in our practices.
• Right to Correction: If your information is inaccurate, incomplete, or outdated, you may request that it be corrected or updated promptly.
• Right to Erasure: In certain circumstances, such as when the data is no longer necessary for the purposes it was collected or if you withdraw your consent, you may request the deletion of your personal data.
• Right to Object: You may object to the processing of your data for specific purposes, including direct marketing or activities based solely on legitimate interests.
• Right to Data Portability: Where applicable, you may request that your data be provided to you or a third party in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: If you have previously provided consent for data processing, you may revoke it at any time. This will not affect the lawfulness of processing conducted prior to the withdrawal.
• Right to Lodge Complaints: If you believe your rights have been violated, you may file a complaint with Kenya’s Office of the Data Protection Commissioner (ODPC) or, for international users, with the relevant authority in your jurisdiction.

To exercise any of these rights, please contact us using the details provided in the “Contact Information” section of this policy. We are committed to addressing your requests transparently and promptly, typically responding within 30 days as required by law.

International data transfers

AriaLink operates in a connected global environment, and there may be occasions when your personal data is transferred to and processed in countries outside Kenya. We are committed to ensuring these transfers are conducted securely and compliant with applicable data protection laws. Your trust is our priority, and we work diligently to uphold the highest data protection standards, regardless of location.

Sometimes, your data may be shared with third-party service providers or partners in other jurisdictions. These transfers typically support essential activities, such as email communication, analytics, or community management, and are conducted only when necessary for our services’ operation.

We implement robust protective measures to safeguard your personal information during these international transfers. This includes using Standard Contractual Clauses, legally binding agreements designed to ensure your data receives the same level of protection as it does under Kenyan law. Additionally, we enter into strict Data Processing Agreements with our service providers to reinforce their responsibility to protect your information. When applicable, we also ensure that the countries receiving your data are recognized as having equivalent data protection standards through adequacy decisions.

Transparency is at the core of our practices. Before transferring your data internationally, we will inform you about the purpose of the transfer and the safeguards in place. If your explicit consent is required, we will seek it before proceeding.

To maintain the highest security and compliance standards, we continuously monitor and review our cross-border data transfer practices. This allows us to adapt to changes in data protection regulations and address new risks effectively, ensuring your personal information remains protected.

Cookies and tracking

We use cookies and similar tracking technologies to improve your experience and understand how users interact with our platform. These tools help us recognize your preferences, enhance functionality, and tailor content to meet your needs.

Cookies are small text files stored on your device when you visit a website. They serve various purposes, including enabling essential platform functions, optimizing performance, and personalizing your experience. The types of cookies we may use include:

• Essential Cookies: Necessary for core platform operations, such as navigating the site and accessing secure areas.
• Performance Cookies: Collect insights into how users interact with the platform, helping us improve its functionality and responsiveness.
• Functional Cookies: Remember your preferences, such as language settings, to offer a customized experience.
• Analytics and Tracking Cookies: Analyze user behavior and preferences to deliver relevant content and improve services.

In some cases, third-party services, such as analytics providers, may place their cookies or tracking technologies on your device. These providers are subject to their privacy policies, which govern their use of data.

You have control over how cookies are managed on your device. Most web browsers allow you to adjust settings to block or notify you about cookies. Additionally, some third-party analytics providers offer opt-out mechanisms, and we provide links to these tools where applicable. For cookies that are not strictly necessary, we obtain your explicit consent through a cookie banner displayed upon your first visit.

Information collected through cookies is retained only for as long as necessary to fulfill the purposes outlined above. Any personal data collected is handled in accordance with this Privacy Policy.

Contact information

We are committed to open and transparent communication regarding your privacy. Your trust is central to our mission, and we welcome any questions, concerns, or feedback you may have regarding this Privacy Policy or the handling of your personal data. If you need clarification on any aspect of our data practices or wish to exercise your rights, please don’t hesitate to reach out.

You can contact us via email at privacy [at] arialink [dot] io, and our team will strive to address your inquiries promptly and thoroughly. Whether your concern relates to how your data is shared, the duration for which it is retained, or the safeguards in place for international transfers, we are here to provide clear answers and support.

If you have concerns about specific processing activities or the legal basis for certain data practices, we encourage you to contact us for detailed clarification. Similarly, if you feel unsure about the safety of your information or need assurances about our security measures, our team is available to assist you.

For privacy-related complaints, you may also contact Kenya’s Office of the Data Protection Commissioner (ODPC) or, if you are outside Kenya, the relevant data protection authority in your jurisdiction.

Your feedback is invaluable as we continuously work to improve our data protection practices. Whether you are seeking information, raising a concern, or simply exploring your rights, we are here to support you every step of the way. Please don’t hesitate to get in touch.

Changes to this privacy policy

We are dedicated to maintaining transparency in how we handle your personal data. As our practices evolve to meet new regulatory requirements, technological advancements, or business needs, this Privacy Policy may be updated or modified periodically. We ensure that any significant updates are communicated clearly to maintain your trust.

When changes are made, the updated Privacy Policy will be posted on our platform with a revised “Effective Date.” For substantial changes that may affect your rights or how your data is processed, we will notify you directly through email or other communication channels you have provided. This ensures you are always informed and can make decisions based on the latest version of our policy.

We encourage you to review this Privacy Policy regularly to stay updated on how we protect your personal information. Continuing to use our platform after publishing changes signifies your acceptance of the revised terms.

This Privacy Policy is effective as of 19 April 2024. For transparency, previous versions of this policy are available upon request, allowing you to compare changes over time.