Your privacy is our priority. Learn how we collect, use, and protect your personal information in compliance with Kenyan and international data protection laws.
At Cognifitech, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the Kenya Data Protection Act 2019, the General Data Protection Regulation (GDPR), and other applicable international privacy laws.
Cognifitech Limited serves as the data controller responsible for your personal data. Our complete contact details are provided in the 'Contact Us' section at the end of this policy.
We collect your name, email address, phone number, job title, company name, and business address when you contact us or request our services.
We automatically collect your IP address, browser type, device information, operating system, and website usage data through cookies and analytics tools.
We maintain records of your communications with us, including emails, phone calls, and meeting notes to provide better service.
We collect information about your business needs, project requirements, and preferences for our AI, cloud, and cybersecurity services.
Directly from you when you fill out forms, contact us, or request services.
Through our website using cookies and analytics tools.
From business cards or information provided during meetings and conferences.
Through referrals from business partners or clients.
From publicly available sources such as company websites and professional networks.
We process your personal data based on the following legal grounds:
For business development, improving our services, and maintaining security.
To deliver services you have requested or contracted for.
For marketing communications and certain optional data processing activities (where you have given explicit consent).
To comply with applicable laws, regulations, and legal requirements.
We use your personal information for the following purposes:
Providing AI, cloud, cybersecurity, and consulting services.
Communicating about our services and responding to your inquiries.
Processing payments and managing client relationships.
Improving our website and services through data analytics.
Sending marketing communications (only with your consent).
Complying with legal and regulatory requirements.
Protecting against fraud, security threats, and unauthorized access.
We do not sell your personal data to third parties. We may share your information only in the following circumstances:
With trusted third-party providers such as cloud hosting services, email platforms, CRM systems, and analytics tools that help us operate our business securely.
With your explicit consent, we may share relevant information with partners to provide joint services or integrated solutions.
When required by law, court order, legal process, or to protect our rights, safety, and the safety of others.
In connection with mergers, acquisitions, or sales of business assets, subject to appropriate confidentiality protections.
We may transfer your personal data outside Kenya for cloud hosting and business operations. When we do, we ensure adequate protection through:
Adequacy decisions issued by relevant data protection authorities.
Standard contractual clauses approved by data protection authorities.
Binding corporate rules and recognized certification mechanisms.
Specific authorization for individual transfers where required by law.
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:
For the duration of our business relationship plus seven (7) years for legal, tax, and audit purposes.
Until you withdraw consent or after three (3) years of inactivity, whichever comes first.
Up to twenty-six (26) months for Google Analytics and similar tools.
Up to seven (7) years for business records and legal compliance purposes.
Under Kenyan and international data protection laws, you have the following rights regarding your personal data:
You can request copies of the personal data we hold about you.
You can request correction of any inaccurate or incomplete personal data.
You can request deletion of your personal data in certain circumstances.
You can request that we limit how we use your personal data.
You can request to receive your data in a structured, machine-readable format.
You can object to processing based on legitimate interests or for direct marketing purposes.
You can withdraw consent at any time for processing activities that require your consent.
To exercise any of your privacy rights, please follow these steps:
Email us at info@cognifitech.co.ke with your specific request.
Provide sufficient information to verify your identity for security purposes.
Clearly specify which right you wish to exercise and include relevant details.
Allow up to thirty (30) days for us to respond to your request.
We implement comprehensive technical and organizational measures to protect your personal data, including:
Encryption of data both in transit and at rest using industry-standard protocols.
Multi-factor authentication and strict access controls for our systems.
Regular security assessments, vulnerability testing, and system updates.
Comprehensive employee training on data protection and security best practices.
Incident response procedures and breach notification protocols.
Secure cloud infrastructure with automated backup and disaster recovery systems.
We may send you marketing communications about our services only if:
You have given us explicit consent to receive such communications.
We have a legitimate business interest and you have not opted out.
You are an existing client and the communications relate to similar services you have used.
You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly. Your opt-out will be processed immediately.
We do not engage in automated decision-making or profiling that would produce legal effects or significantly impact you without human oversight. Any AI tools we use in our business operations are subject to human review and intervention to ensure fair and accurate outcomes.
Our website may contain links to third-party websites and services. We are not responsible for the privacy practices or content of these external sites. We strongly encourage you to read their privacy policies before providing any personal information to third parties.
Our services are designed for business use and are not intended for individuals under eighteen (18) years of age. We do not knowingly collect personal information from minors. If you become aware that a child has provided us with personal information, please contact us immediately so we can take appropriate action.
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
Notify the Office of the Data Protection Commissioner (Kenya) within seventy-two (72) hours of becoming aware of the breach.
Inform affected individuals without undue delay if there is a high risk to their rights and freedoms.
Document the breach incident and our response measures in detail.
Take immediate steps to contain the breach, assess the damage, and implement remedial measures.
If you have concerns about how we handle your personal data, you have the right to file a complaint. You can:
Contact us directly using the contact information provided below – we will investigate and respond promptly.
File a complaint with the Office of the Data Protection Commissioner (Kenya) as our primary supervisory authority.
Contact your local data protection authority if you are located in the EU or other jurisdictions with applicable privacy laws.
We may periodically update this Privacy Policy to reflect changes in our practices, services, or legal requirements. When we make updates, we will:
Post the updated policy on our website with a revised 'Last Updated' date.
Notify you of material changes via email or prominent website notice.
Maintain previous versions of this policy for reference where required by law.
Provide reasonable notice before any changes take effect, where legally required.
If you have any questions about this Privacy Policy or our data practices, please contact us:
Data Protection Officer
Nairobi, Kenya
East Africa
For general inquiries about our services, please visit our contact page.