Legal & Compliance
PRIVACY POLICY.
Your privacy is fundamental to our business. This policy explains how Xinteck collects, uses, and protects your personal data in accordance with the Kenya Data Protection Act 2019.
1. Who We Are
Xinteck is a technology solutions company registered and operating in Kenya. We specialize in:
- Web Development
- Mobile Application Development
- Custom Software Development
- UI/UX Design
- Cloud & DevOps Services
For the purposes of the Kenya Data Protection Act 2019, Xinteck acts as the Data Controllerfor personal data collected through our website and services.
Registered Address: Nairobi, Kenya
Contact Email: privacy@xinteck.co.ke
2. Information We Collect
We collect the following categories of personal data:
2.1 Information You Provide
- Contact Information: Name, email address, phone number, company name
- Project Details: Requirements, specifications, and business information shared during consultations
- Account Data: Login credentials and preferences (if you create an account)
- Communications: Messages, feedback, and correspondence with our team
2.2 Automatically Collected Data
- Technical Data: IP address, browser type and version, device information, operating system
- Usage Data: Pages visited, time spent on pages, navigation paths, referring URLs
- Cookie Data: Information collected via cookies and similar technologies (see our Cookie Policy)
2.3 Third-Party Data
We may receive data from third parties such as business partners, analytics providers, or publicly available sources to supplement our records.
3. How We Use Your Data
We use your personal data for the following purposes:
4. Legal Basis for Processing
Under the Kenya Data Protection Act 2019, we process your data based on the following legal grounds:
Consent
You have given explicit consent for processing (e.g., subscribing to our newsletter or marketing communications). You can withdraw consent at any time.
Contract Performance
Processing is necessary to perform a contract with you or take pre-contractual steps at your request (e.g., delivering a software project you commissioned).
Legal Obligation
Processing is required to comply with Kenyan law (e.g., tax records, financial reporting, legal proceedings).
Legitimate Interests
Processing is necessary for our legitimate business interests (e.g., fraud prevention, analytics, improving services), provided these do not override your fundamental rights.
5. Data Sharing & Disclosure
We do not sell your personal data. We may share your data with:
5.1 Service Providers
Trusted third parties who assist in operating our business, including:
- Cloud hosting providers (e.g., AWS, Vercel)
- Analytics services (e.g., PostHog, Google Analytics)
- Payment processors (for client billing)
- Email service providers
These providers are bound by data processing agreements and may only use your data as instructed by us.
5.2 Legal Requirements
We may disclose your data when required by law, court order, or to protect our legal rights.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
6. International Data Transfers
Kenya DPA Requirement: At least one serving copy of personal data must be stored on a server or data center located in Kenya.
Xinteck primarily processes and stores data within Kenya. However, some of our service providers operate internationally. When we transfer data outside Kenya, we ensure:
- The recipient country provides adequate data protection, OR
- Appropriate contractual safeguards are in place (Standard Contractual Clauses), OR
- You have provided explicit consent after being informed of potential risks
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Client project data | 7 years (legal/tax requirements) |
| Contract records | 7 years after contract ends |
| Contact form submissions | 2 years (or until request fulfilled) |
| Marketing consent records | Duration of consent + 3 years |
| Website analytics | 12 months (then anonymized) |
When data is no longer needed, we securely delete or anonymize it.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Access Controls: Role-based access limited to authorized personnel
- Secure Infrastructure: Enterprise-grade cloud security with regular audits
- Incident Response: Procedures to detect, report, and respond to data breaches
- Employee Training: Regular security awareness training for team members
Despite our best efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to notifying you and relevant authorities of any breach as required by law.
9. Your Rights Under Kenya DPA 2019
As a data subject under the Kenya Data Protection Act 2019, you have the following rights:
Right to be Informed
You have the right to know how your data is collected and used. This policy fulfills that obligation.
Right of Access
You can request a copy of the personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data where there is no compelling reason for continued processing.
Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances.
Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format.
Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
To exercise your rights: Contact us at privacy@xinteck.co.ke. We will respond within 30 days as required by law.
Right to Complain: If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.
10. Cookies
Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and for marketing purposes.
For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.
11. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@xinteck.co.ke, and we will take steps to delete such information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
When we make significant changes:
- We will update the "Last Updated" date at the top of this page
- For material changes, we may notify you via email or a prominent notice on our website
- Your continued use of our services after changes constitutes acceptance of the updated policy
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@xinteck.co.ke
Address: Nairobi, Kenya
We aim to respond to all legitimate requests within 30 days.
Kenya Data Protection Act 2019 Compliance
This Privacy Policy is designed to comply with the requirements of the Kenya Data Protection Act 2019 and related regulations. For more information about data protection in Kenya, visit the Office of the Data Protection Commissioner (ODPC).