Free Consultation

Free Consultation
Bostium Limited
Privacy Notice

Introduction and Scope

At Bostium, privacy is at the core of everything we do. We therefore take the protection of Personal Data very seriously.

We Process Personal Data in various ways as part of our business operations. This Privacy Notice (‘Notice’) covers Personal Data that We collect, store, use, disclose or otherwise Process about you, as well the rights available to you when Bostium acts as a Data Controller for such Personal Data.

This Notice does not apply to the processing of information that is not Personal Data.

Websites that we manage, such as https://bostium.com, that link to this Notice may contain hyperlinks to external websites (‘Linked Sites’). We are not accountable for the privacy practices of these Linked Sites or other entities that we do not own or control, and this Notice does not cover them. Linked Sites might gather additional information beyond what we collect through Our Website. We recommend reviewing the privacy notices of each Linked Site to understand how your Personal Data is processed and safeguarded.

Definition and Interpretations

  • “Applicable Law” means any laws (including the DPA) that are applicable to Personal Data and Sensitive Personal Data in Kenya and includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation; any binding court order, judgement or ruling; any applicable industry code, policy or standard enforceable by law; or any applicable direction, policy or order that is given by any regulator or competent authority in Kenya
  • Bostium” means Bostium Limited, a Company incorporated in Kenya. “We”, “Our” or “Us” have a corresponding meaning;
  • Child” means any natural person under the age of eighteen (18) years;
  • Data Controller” means the legal entity which, alone or jointly with others, determines the purpose and means of processing of Personal Data;
  • Data Subject” means any identified or identifiable natural person to whom Personal Data relates;
  • “DPA” means the Kenyan Data Protection Act Number 24 of 2019;
  • Personal Data” means any information relating to an identified or identifiable natural person;
  • Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by Us.
  • “Processing” means any operation or sets of operations which is performed on Personal Data or on sets of Personal Data whether or not by automated means as ascribed under the DPA. “Process” has a corresponding meaning;
  • “Services” means the provision of professional services including professional data protection compliance consulting services and external data protection officer and privacy officer services;
  • “Third Party” means any entity or individual, such as service providers, banks, organizations owning and managing Linked Sites, or any organization not owned, controlled, or managed by Bostium, which may also Process your Personal Data under specific circumstances;
  • “Website” means the Bostium website currently located at https://bostium.com  and any accounts operated by Bostium on social media platforms.

Personal Data We Collect

Bostium collects Personal Data that has been provided by you directly through your interactions with us including in the course of provision of Our Services, when you attend our events or webinars as well as when you visit Our website.

We may process the following categories of Personal Data:

  • Biographical information such as your first name and last name;
  • Contact information such as your email address, phone number, postal address, office or residential address;
  • Professional information such as your job title, position and information about your company or business;
  • Payment information such as bank account information;
  • Cookie information depending on your tracking preferences including your device’s Internet Protocol (IP) address, pages visited and time stamp. Please see our cookie notice, which forms part of this Notice for more information on Our use of cookies and other tracking technologies;
  • Customer enquiries and feedback before or after receiving Our Services.

How We use your Personal Data and on what grounds

Bostium uses the Personal Data we collect for providing and improving Our Services, communication purposes, legal compliance and managing our Website.

Providing and improving Our Services

We use the Personal Data we collect in relation to Our Services so as to:

  • Provide and improve the Services.
  • Tailor the Services to interest and needs.
  • Process and complete transactions.
  • Manage payments.
  • Provide customer service and support.
  • Gather feedback through surveys to assess customer satisfaction with Our Services
  • For any other purposes about which we notify clients and stakeholders.

The legal basis under the Applicable Law for the above-mentioned processing is either based on performance of a contract (i.e. the Agreement that we have in place with you), your consent or our legitimate interest such as improving our business practices.

Communication purposes

Your Personal Data may be collected to enable us to:

  • Respond to enquiries and requests.
  • Send updates, notifications and administrative communications.
  • Provide you with information you have requested about Our Services or to provide you with information on Services we think might be of interest to you.
  • Send information related to the processing or completed transactions and invoices.

We rely either on your consent or our legitimate interests in ensuring we respond to enquiries, provide helpful and timely communications and tailor Our communications to you as the lawful basis for the processing of your Personal Data in line with the purposes above.

Legal Compliance

We process your personal information where needed in accordance with our legal obligations under applicable laws, legal processes, or government regulations, and to cooperate with public or government authorities, courts or regulators. For more information on how we handle information requests from public authorities and law enforcement agencies, please see the section on disclosures below.

The legal basis under data protection law for the above processing is complying with legal obligations or legitimate interest. 

Managing our Website

Bostium uses the personal information we collect to effectively manage our Website, enhance functionality, understand user behavior, identify trends, deliver relevant content, and improve your overall experience. We may also process your personal information as part of our efforts to keep our Website secure. Read Our Cookie Notice if you’d like to know about the Personal Data we process in order to ensure network security, information security, and to help us improve our business performance.   The lawful basis we rely on to process your personal information for the purposes described above is either consent or our legitimate interests in ensuring the effective operation, improvement, security, and personalization of our Website, while providing relevant content based on user interactions and requests.

How we may disclose your Personal Data

We may disclose your Personal Data in the following limited circumstances:

  • Consultants, vendors and other Service Providers: We may disclose your Personal Data to vendors, consultants and service providers who perform services and Process Personal Data on our behalf including cloud data storage services, website hosting services, software development services, email software services including scheduling and analytics, account software, professional tax/accounting/legal services, project management software services, team collaboration, video and web conferencing services and electronic signature software services.
  • Corporate transactions: We may choose to buy or sell assets and may share and/or transfer Customer information, including Personal Data, in connection with the evaluation of, and entry into, such transactions, based on our legitimate interests. Also, if We or Our assets are acquired, or if We go out of business, enter bankruptcy, or go through some other change of control, Personal Data may be one of the assets transferred to or acquired by the third party.
  • Protection of Bostium and others: We reserve the right to access, read, preserve, and disclose any Personal Data as necessary to comply with a law or a court order, enforce an agreement with you and other agreements, or protect the rights, property, or safety of Bostium, Our employees, or others. 
  • Disclosure for national security or law enforcement: We may be compelled to share your Personal Data in response to a valid government or law enforcement request under certain circumstances such as the prevention, detection, investigation, prosecution and punishment of crime, for the enforcement of a law which imposes a pecuniary penalty or for the performance of a task carried out in the public interest.

Processing of Personal Data by Third-Party service providers

Your Personal Data may be Processed by Third-Party Service Providers via cloud services or other technologies, where Bostium has contracted such Third Parties to support Bostium’s business operations.

These contracted Third-Party service providers, including data storage and processing providers, may from time to time also have access to Your Personal Data in connection with purposes for which the Personal Data was initially collected. The Third-Party service providers do not access or use your Personal Data other than for purposes specified by Us. We require that they Process Personal Data in accordance with the provisions of this Notice, all other relevant internal policies and procedures as well as the Applicable law.

Bostium requires the Third-Party service providers to employ at least the same level of security that We use to protect your Personal Data.

Your Personal Data may be Processed in another country where Bostium and its contracted Third-Party service providers maintain servers and facilities. We will take reasonable steps, including by way of contracts, to ensure that any such Personal Data continues to be protected, regardless of its location, in a manner consistent with the standards of protection required under the Applicable Law.

The decision to host the Personal Data outside Kenya will be based on Our legitimate interest to have access to the best-in-class security and data protection infrastructure as well as data processing capabilities. By taking up Our Services, you hereby acknowledge and consent that Bostium can host and transmit such data to locations outside Kenya.

Data Security and integrity

We have implemented and will maintain appropriate technical, organizational and administrative security measures to protect any Personal Data we Process from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have also implemented solutions to prevent accidental loss and mitigate unavailability of relevant information systems used to Process Personal Data.

Your privacy rights and choice

You have certain rights in relation to your Personal Data in accordance with the Applicable Law. Subject to any limitations and exceptions under the Applicable Law, these rights include:

  • Right to be informed of the use to which your Personal Data is to be put;
  • Right to access your Personal Data in Our custody;
  • Right to have false or misleading Personal Data about you rectified, corrected or updated;
  • Right to deletion of false or misleading Personal Data about you, including from Third-Party service providers where your Personal Data has been shared or disclosed;
  • Right to object to the processing of all or part of your Personal Data;
  • Right to restrict Our Processing of your Personal Data;
  • Right to opt out of the Processing of your Personal Data for direct marketing purposes;
  • Right to withdraw your consent at any time, to the extent that the Processing of your Personal Data is based on the consent;
  • Right not to be subject to any automated decision making and profiling;
  • Right to data portability with respect to your Personal Data.

If you would like to exercise any of the privacy rights available to you, you can do so by sending an email request to [email protected]. Our privacy team will review verified privacy rights requests and respond to you as quickly as possible. If We are unable to comply with your request due to an exception or limitation, we will explain this in writing. If we need more time, we will inform you of the reason and extension period in writing.

The privacy rights conferred to you may be exercised by a person duly authorized by you (‘agent’). If you would like an agent to make a privacy rights request on your behalf, the agent may do so by sending an email to the email address above. We will ask for written and signed permission that the agent has been authorized to act on your behalf. Once written authorization is provided, we will review your privacy rights request and respond to you as quickly as possible. We will respond directly to the e-mail address provided by the authorized agent regarding the fulfillment of the privacy rights request.

In instances where the Data Subject is a minor, the privacy rights conferred on the minor may be exercised who has parental authority or guardianship over the minor. In instances where the Data Subject has a mental or other disability, the privacy rights conferred may be exercised by a person duly authorized to act as their guardian or administrator.

You have a right to lodge a complaint, including with the office of the Data Protection Commissioner (‘ODPC’) should you feel unsatisfied with Our treatment of your Personal Data. We take all complaints very seriously and we will address all such complaints expeditiously and in accordance with the following procedure:

  • Complaints should be submitted to Bostium through [email protected];
  • We will acknowledge receipt of the complaint and investigate the complaint within a reasonable time;
  • We will then respond to the complaint either suggesting a remedy, offer an apology (where applicable) and take any appropriate action in response to the complaint, or dismiss the complaint with reasons as to why the complaint has been dismissed.
  • Where you are not satisfied with the suggested response to the complaint, you have the right to complain to the ODPC. Complaints to the ODPC can be done through their official website.

Processing of Children’s Personal Data

Our Website, Services, and events are not directed at children. We do not knowingly collect Personal Data from children under the age of 18. We do not knowingly collect Personal Data from children unless we have obtained consent from a parent or guardian, or the collection is unsolicited or incidental. If you are a Child, please do not attempt to enlist Our Services or attend Our events or send any Personal Data about yourself to us.

If you believe We have mistakenly or unintentionally collected Personal Data of a Child without appropriate consent, please contact us by using the information in the ‘Contact us’ section below and we will take steps to delete their Personal Data from our systems.

How long do we store your Personal Data

We retain your Personal Data for varying durations depending on its category and the nature of our relationship with you. Our aim is to store your Personal Data only for as long as necessary to fulfill the purpose for which it was collected. Several factors influence our retention period, including the type of Personal Data, its relevance to the services we provide under our agreement with you, the duration required to meet legal obligations, and Our legitimate interests, such as enhancing network security or protecting our legal rights.

Failure to provide Personal Data

In circumstances where We need to collect your Personal Data by law or to enable the delivery of Our Services, and you fail to provide the requested Personal Data, We may be unable to deliver the Services to you.

In such cases, We may decline to provide the relevant Services or receive any services from you as the case may be, and you will be notified where this is the case.

Changes to this Notice

We reserve the right to make amendments to this Notice from time to time. We will use reasonable efforts to notify you of material changes. you can see when this Notice was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Notice. If you disagree with any changes to this Notice, you should stop using Our Services.

Contact Us

You can contact us for any personal Data related matter by sending an email to the privacy team through email address [email protected].

Cart (0 items)