Our data Privacy Policy

Jedison Company Limited (Jedison) respects the privacy of individuals who visit our website and is committed to protecting personal data in accordance with the Data Protection Act, 2019 and applicable regulations issued by the Office of the Data Protection Commissioner (ODPC).

This Policy explains how we collect, use, disclose, store, and protect personal data obtained through our website.

For purposes of the Data Protection Act, 2019, Jedison is the Data Controller in respect of all personal data collected and processed through this website. Jedison determines the purpose and means of processing such personal data and is responsible for ensuring compliance with the Act and applicable regulations.

1. Scope of the Policy

This Policy applies to all website visitors, customers, prospective customers, and any other individuals who interact with Jedison through the website.

2. Personal Data We Collect

Through our website, we may collect the following personal data:

  • Identification and Contact Data: Name, phone number, email address, location, and details of your enquiry or request.
  • Technical and Usage Data: IP address, browser type, device information, and website usage data collected through cookies and analytics tools. We only collect personal data that is necessary for legitimate business purposes and do not knowingly collect data from minors.

3. Purpose of Data Collection

We collect personal data for the following purposes:

  • Responding to enquiries and requests;
  • Improving our website, products, and services;
  • Marketing and promotional communications (where permitted);
  • Website analytics and performance monitoring;
  • Compliance with legal and regulatory obligations.

Where personal data is used for marketing or promotional communications, such processing shall be based on the data subject’s consent.

Data subjects may opt out of receiving marketing communications at any time by:

  • Clicking the unsubscribe link included in marketing emails; or
  • Contacting Jedison directly using the contact details provided in this Policy.

Opt-out and withdrawal of consent requests will be actioned within a reasonable timeframe and in accordance with applicable law.

4. Legal Basis for Processing

We process personal data based on:

  • Consent provided through website forms and cookie preferences;
  • Legitimate interests in operating, securing, and improving our website;
  • Legal obligations under the applicable Kenyan laws.

5. Cookies and Third-Party Tools

Our website uses cookies and third-party tools, including analytics and social media plugins. These tools may collect usage data in accordance with their respective privacy policies. For more information, please see our Cookies Policy below.

6. Disclosure of Personal Data

We do not sell personal data. Personal data may be disclosed to:

  • Authorised Jedison personnel on a need-to-know basis;
  • Third-party service providers such as website hosting providers, analytics
  • providers, and IT support partners; Public authorities or regulators where disclosure is required by law.
  • All third parties are required to process personal data in accordance with applicable data protection laws.

7. Cross-Border Data Transfers

Due to the use of third-party service providers such as website hosting services, analytics platforms, email communication tools, and social media integrations, personal data collected through the website may be transferred to or processed outside Kenya.
Where personal data is transferred outside Kenya, Jedison ensures that such transfers are carried out in accordance with the Data Protection Act, 2019, and that appropriate safeguards are in place, including one or more of the following:

  • Transfer to jurisdictions with adequate data protection laws;
  • Contractual safeguards with service providers to ensure equivalent data protection standards; or
  • Data subject consent where required by law.

8. Data Retention

Jedison retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Website enquiries and contact form data: retained for up to twenty-four (24) months, after which it is securely deleted or anonymised unless further retention is required for legitimate business or legal purposes.
  • Marketing and promotional data: retained for as long as the data subject has provided consent. Such data will be deleted or anonymised upon withdrawal of consent or opt-out by the data subject.
  • Website analytics and technical data: retained for up to twenty-six (26) months, after which it is anonymised or securely deleted.

9. Data Subject Rights

In accordance with the Data Protection Act, 2019, you have the right to:

  • Be informed about the use of your personal data;
  • Access your personal data;
  • Request correction of inaccurate data;
  • Object to or restrict processing;
  • Request deletion of your data, subject to legal limitations;
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC).

10. Data Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

11. Data Breach Notification

Any data breach will be managed in accordance with the Data Protection Act, 2019, including notification to affected individuals and the ODPC where required.

12. Contact Information

For data protection queries or requests, contact us at: general@jedisoncompanyltd.com