Aspira attaches great importance to your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with Aspira, your personal data are in good hands. 

ASPIRA protects and respect the privacy of your personal data in accordance with applicable laws, regulations and policies and will treat it confidentially and securely. In addition, ASPIRA maintains the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.

The following sections provide further details as to how we process your personal data:

We collect personal data of our employees, potential employees, clients, suppliers, business contacts, shareholders, consultants, other service providers and website users. If the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.

Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be penalised if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this privacy statement, and you may not be able to use certain tools and systems which require the use of such personal data which may impact on our delivery of services to you

If you provide us with personal data of another person (for instance, a potential employee/guarantor), you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with us. However, it is your responsibility to maintain the secrecy of any user ID and login password you hold.

We use your personal data only where required for specific purposes as required by our current legislations and regulators.

Any personal information provided by you to ASPIRA will be used for the purpose of providing and operating the products and services you have requested and for other related purposes which may include updating and enhancing ASPIRA’s records, understanding your financial needs, conducting credit checks, advising you of other products and services which may be of interest to you, for crime/fraud prevention and debt collection purposes, for purposes required by law or regulation, and to plan, conduct and monitor ASPIRA’s business.

We are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity,

(ii) our privacy by design approach,

 (iii) our regular privacy reviews and

(iv) the rights you have in relation to the processing activity.

We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws. 

We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.

We may transfer personal data to our service providers, professional advisors, public and governmental authorities or third parties in connection with a (potential) corporate or commercial transaction. Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and ASPIRA’s internal policies.

Other than to those individuals and entities listed above or if there is no legitimate business purpose to do so, your details and personal information will not be revealed to any external body, unless ASPIRA has your permission, or is under either a legal obligation or any other duty to do so.

We do not generally seek to collect sensitive data (also known as special categories) through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and/or ask for your consent. 

The term “sensitive data” refers to the various categories of personal data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).

We maintain organisational, physical and technical security arrangements for all the personal and sensitive data we hold. To mitigate the risks associated with handling such data, we enforce a set of relevant policies, guidelines, technical controls and procedures.

We adopt market leading security measures to protect your personal data. This includes (without being limitative):

• We have regular penetration testing performed by a third party provider, to ensure the fitness of our cybersecurity defenses.
• We use encryption when and where appropriate
• We use data loss prevention measures to ensure proper protection of our data
• We ensure our staff and third parties are aware of our cyber security policies and level of standards

Your data will be processed by our agents through self-service portal, mobile App, our counters, and any other approved offices throughout the country.

Any such transfers throughout ASPIRA’s locations take place in accordance with the applicable data privacy laws.

We will retain your personal data only for as long as is necessary and according to the legal requirements. We maintain specific records management and retention policies and procedures, so that personal data are deleted according to the following retention criteria:

• We retain your data as long as we have an ongoing relationship with you (in particular, if you have anaccount with us).
• We will only keep the data while your account is active or for as long as needed to provide services to you.
• We retain your data for as long as needed in order to comply with our legal and contractual obligations.

You are entitled and have the rights (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:

• Request access to the personal data we process about you: this right entitles you to know whether we holdpersonal data about you and, if we do, to obtain information on and a copy of that personal data. This request may be subject to payment of a fee.

• Request a rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete with supporting documents. This request may be subject to payment of a fee.

• Object to the processing of your personal data: this right entitles you to request that ASPIRA no longerprocesses your personal data.

• Request the erasure of your personal data: this right entitles you to request the erasure of your personaldata, including where such personal data would no longer be necessary to achieve the purposes.

• Request the restriction of the processing of your personal data: this right entitles you to request that ASPIRAonly processes your personal data in limited circumstances, including with your consent. Request portability of your personal data: this right entitles you to receive a copy of personal data that you have provided to ASPIRA.

To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting ASPIRA on tellmemore@aspira.co.ke. Please note that this will not affect ASPIRA’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.

If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to ASPIRA first to seek resolution of any complaint to our customer experience officer. You have the right at all times to register a complaint directly with the relevant supervisory authority.

We may collect and process the following personal data:

• Personal data that you provide by filling in forms on our website. This includes registering to use thewebsite, subscribing to services,
• If you contact us, we may keep a record of that correspondence.
• We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
• Any postings, comments or other content that you upload or post to ASPIRA website.

In order to improve our Internet service to you, we will occasionally use a “cookie” and/or other similar files or programs which may place certain information on your computer’s hard drive when you visit an ASPIRA web site. A cookie is a small amount of data that our web server sends to your web browser when you visit certain parts of our site.

Cookies do not enable us to gather personal information about you unless you give the information to our server. Most Internet browser software allows the blocking of all cookies or enables you to receive a warning before a cookie is stored. For further information, please refer to your Internet browser software instructions or help screen. Alternatively, information on deleting or controlling cookies is available at http://www.allaboutcookies.org

The bulk of the personal data we collect and use for marketing purposes relates to our clients and other companies with which we have an existing business relationship. We may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.

Do we combine and analyze personal data?

We may combine data from publicly available sources, and from our different e-mail, website, and personal interactions with you (this includes information collected across our different websites such as our careers and corporate sites and information collected when you sign-up or log on to our sites or connect to our sites using your social media credentials (such as LinkedIn and Xing). We combine this data to better assess your experience with ASPIRA and to perform the other activities described throughout our privacy policy.

Do we share personal data with third parties?

In addition to the third parties mentioned above, we may share your personal data with marketing agencies.

What are your rights regarding marketing communications?

You can exercise your right to prevent marketing communications to you by contacting us or by utilising opt-out mechanisms in e-mails we send to you. You can also exercise the right to discontinue marketing communications to you, or to have your personal data removed from our customer relationship management (CRM) databases at any time by contacting us on tellmemore@aspira.co.ke. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.

ASPIRA reserves the right to amend its prevailing Data Protection and Privacy Statement at any time and will place any such amendments on this Web Site. This Data Protection and Privacy Statement is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on ASPIRA in respect of any other party or on behalf of any party.