Privacy Policy

1. Introduction

Welcome to Net Pay Kenya's Privacy Policy. We are committed to protecting your privacy and being transparent about how we handle your personal information. This Privacy Policy explains in detail what data we collect, how we use it, who we share it with, and your rights regarding your personal data.

Net Pay Kenya operates a comprehensive suite of free online calculators and tools designed specifically for Kenya's payroll and tax system. This policy applies to all visitors and users of our website (netpaykenya.org), mobile applications, calculators, and related services.

Scope: This Privacy Policy applies to personal data collected through our Services. It does not apply to third-party websites, applications, or services that we may link to. We encourage you to review the privacy policies of any third-party sites you visit.

Data Controller: Net Pay Kenya is the data controller responsible for your personal information collected through our Services. For data protection inquiries, contact us at mynetpaykenya@gmail.com.

Compliance: We comply with applicable data protection laws, including Kenya's Data Protection Act, 2019, and where applicable, the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.

2. Data We Collect

We collect different types of information depending on how you interact with our Services:

Information You Provide Directly

• Contact Information: When you contact us via email, forms, or live chat, we collect your name, email address, phone number (if provided), and the content of your message.
• Account Information: If you create an account (optional), we collect your username, email address, password (encrypted), and profile preferences.
• Newsletter Subscriptions: If you subscribe to our rate update alerts or newsletter, we collect your email address and subscription preferences.
• Feedback and Survey Responses: When you participate in surveys or provide feedback, we collect your responses and any contact information you choose to provide.
• Payment Information: If we offer paid features in the future, payment information will be processed by secure third-party payment processors. We do not store complete credit card details.

Information Collected Automatically

• Usage Data: We automatically collect information about how you use our Services, including pages visited, calculators used, time spent on pages, links clicked, and features accessed.
• Device Information: We collect device type, operating system, browser type and version, screen resolution, device identifiers, and mobile network information.
• Log Data: Our servers automatically record log files including IP address, browser type, referring/exit pages, date/time stamps, and clickstream data.
• Location Data: We collect approximate location based on IP address (country, region, city level) to provide localized content and comply with regional regulations.
• Performance Data: We collect technical information about page load times, errors, and performance metrics to improve our Services.

Cookies and Similar Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information and improve your experience. These technologies help us:

• Remember your preferences and settings
• Understand how you use our Services
• Measure the effectiveness of our content
• Provide security features and prevent fraud
• Deliver relevant content and advertisements (if applicable)

For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

Information from Third Parties

• Analytics Providers: We receive aggregated, anonymized analytics data from Google Analytics and similar services.
• Social Media: If you interact with us on social media platforms, we may receive information from those platforms in accordance with their privacy policies.
• Public Sources: We may collect publicly available information to verify accuracy of tax rates and regulations.

3. How We Use Data

We use the personal data we collect for the following purposes:

Service Delivery and Functionality

• Provide access to our calculators, tools, and features
• Process and respond to your inquiries and support requests
• Create and manage your account (if applicable)
• Remember your preferences and settings
• Enable sharing and exporting of calculation results
• Deliver newsletters and rate update alerts (with your consent)

Service Improvement and Development

• Analyze usage patterns to understand how users interact with our Services
• Identify and fix technical issues, bugs, and errors
• Conduct research and development to improve existing features
• Develop new calculators, tools, and features based on user needs
• Test new features and functionality before public release
• Optimize performance, speed, and user experience

Communication and Marketing

• Send important service announcements and updates
• Notify you of changes to tax rates, regulations, or our Services
• Respond to your comments, questions, and feedback
• Send promotional communications (with your consent, where required)
• Conduct surveys to gather feedback and improve our Services

Security and Fraud Prevention

• Detect, prevent, and respond to fraud, abuse, and security threats
• Protect the rights, property, and safety of Net Pay Kenya, our users, and the public
• Monitor and analyze security incidents and vulnerabilities
• Verify user identity when necessary
• Enforce our Terms of Service and other policies

Legal Compliance and Protection

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Establish, exercise, or defend legal claims
• Maintain records for accounting, tax, and regulatory purposes
• Protect our intellectual property rights

Analytics and Insights

• Generate aggregated, anonymized statistics about usage patterns
• Understand demographic trends and user preferences
• Measure the effectiveness of our content and features
• Create reports for internal business purposes

4. Legal Bases

We process your personal data based on one or more of the following legal grounds under applicable data protection laws:

• Consent: Where you have given us clear, informed consent to process your personal data for specific purposes (e.g., subscribing to newsletters, accepting optional analytics cookies). You can withdraw consent at any time.
• Contractual Necessity: Where processing is necessary to provide the Services you have requested or to take steps at your request before entering into a contract (e.g., creating an account, using calculators).
• Legitimate Interests: Where processing is necessary for our legitimate business interests or those of a third party, provided these interests do not override your fundamental rights and freedoms. Examples include:
  • Improving and developing our Services
  • Ensuring security and preventing fraud
  • Analyzing usage patterns to enhance user experience
  • Direct marketing (where permitted by law)
• Legal Obligations: Where processing is necessary to comply with legal or regulatory obligations, such as responding to lawful requests from authorities, maintaining records for tax purposes, or complying with court orders.
• Vital Interests: In rare cases, where processing is necessary to protect someone's life or physical safety.
• Public Interest: Where processing is necessary for tasks carried out in the public interest.

If you have questions about the legal basis for processing your data, please contact us at mynetpaykenya@gmail.com.

5. Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and purpose:

Retention Periods by Data Type

• Account Data: Retained for the duration of your account plus 30 days after account closure, unless longer retention is required by law.
• Contact and Support Data: Retained for up to 3 years after the last interaction to maintain service quality and handle follow-up inquiries.
• Newsletter Subscriptions: Retained until you unsubscribe, after which we retain only a record of your unsubscribe request to honor your preferences.
• Usage and Analytics Data: Aggregated data retained indefinitely; identifiable data retained for up to 26 months.
• Log Files: Retained for up to 12 months for security and troubleshooting purposes.
• Cookie Data: Varies by cookie type; see our Cookie Policy for specific retention periods.
• Legal and Compliance Records: Retained as required by applicable laws (typically 6-7 years for financial and tax records).

Retention Criteria

We determine appropriate retention periods based on:

• The nature, sensitivity, and volume of personal data
• Potential risks from unauthorized use or disclosure
• The purposes for which we process the data
• Whether we can achieve those purposes through other means
• Applicable legal, regulatory, tax, accounting, or reporting requirements
• Our legitimate business interests

Secure Deletion

When personal data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent unauthorized access or reconstruction.

6. Sharing & Third Parties

We do NOT sell your personal data to third parties. We may share your information in the following limited circumstances:

Service Providers and Business Partners

We share data with trusted third-party service providers who process data on our behalf under strict contractual obligations:

• Hosting and Infrastructure: Cloud hosting providers, content delivery networks (CDNs), and server infrastructure providers
• Analytics Services: Google Analytics and similar tools that provide aggregated, anonymized usage metrics
• Communication Tools: Email service providers, live chat platforms (Smartsupp), and customer support systems
• Security Services: Fraud detection, DDoS protection, and security monitoring services
• Payment Processors: If we offer paid features, secure payment gateways that handle transaction processing

These service providers are contractually required to:

• Process data only for specified purposes
• Implement appropriate security measures
• Not use data for their own purposes
• Delete or return data when services end

Legal Requirements and Protection

We may disclose personal data when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or lawful government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Net Pay Kenya, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims that content violates third-party rights

Business Transfers

If Net Pay Kenya is involved in a merger, acquisition, asset sale, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you individually with partners, researchers, or the public for analysis, research, or marketing purposes.

With Your Consent

We may share your data with third parties when you have given us explicit consent to do so.

7. Cookies & Preferences

We use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience and understand how you use our Services.

Types of Cookies We Use

• Essential Cookies: Required for basic site functionality, security, and navigation. These cannot be disabled.
• Functional Cookies: Remember your preferences, settings, and choices to provide a personalized experience.
• Analytics Cookies: Help us understand how visitors use our Services, which pages are most popular, and how to improve user experience.
• Performance Cookies: Collect information about site performance, load times, and errors to optimize functionality.

Managing Cookie Preferences

You can control cookies through:

• Cookie Banner: When you first visit our site, you can accept or decline optional cookies.
• Browser Settings: Most browsers allow you to block or delete cookies. Note that blocking essential cookies may affect site functionality.
• Opt-Out Tools: For analytics cookies, you can use browser extensions like Google Analytics Opt-out.

For comprehensive information about the specific cookies we use, their purposes, retention periods, and how to manage them, please see our detailed Cookie Policy.

8. Your Rights

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal data:

Access and Portability

• Right to Access: Request a copy of the personal data we hold about you, including information about how we use it.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another service provider.

Correction and Deletion

• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes collected or you withdraw consent.

Control and Restriction

• Right to Restrict Processing: Request that we limit how we use your personal data in certain situations.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time (without affecting the lawfulness of processing before withdrawal).

Automated Decision-Making

• Right to Human Review: Not be subject to decisions based solely on automated processing that significantly affect you (we do not currently use automated decision-making).

Complaints and Supervision

• Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we've violated your privacy rights.

How to Exercise Your Rights

To exercise any of these rights:

1. Email us at mynetpaykenya@gmail.com with your request
2. Specify which right(s) you wish to exercise
3. Provide sufficient information to verify your identity
4. We will respond within 30 days (or as required by applicable law)

Identity Verification: To protect your privacy, we may need to verify your identity before processing requests. We may request additional information to confirm you are the person about whom we hold data.

No Fee: Exercising these rights is generally free. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

9. Security

We take the security of your personal data seriously and implement comprehensive technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction.

Technical Security Measures

• Encryption: Data transmitted between your browser and our servers is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using industry-standard encryption algorithms.
• Access Controls: Strict access controls ensure only authorized personnel can access personal data on a need-to-know basis.
• Authentication: Multi-factor authentication (MFA) for administrative access to systems containing personal data.
• Firewalls and Network Security: Advanced firewalls, intrusion detection systems, and network monitoring to prevent unauthorized access.
• Regular Security Updates: Timely application of security patches and updates to all systems and software.
• Secure Development: Security-by-design principles in software development, including code reviews and vulnerability testing.

Organizational Security Measures

• Employee Training: Regular security awareness training for all personnel with access to personal data.
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements.
• Incident Response Plan: Documented procedures for detecting, responding to, and recovering from security incidents.
• Vendor Management: Due diligence and contractual security requirements for third-party service providers.
• Regular Audits: Periodic security audits and assessments to identify and address vulnerabilities.
• Data Minimization: We collect and retain only the data necessary for specified purposes.

Your Role in Security

You can help protect your data by:

• Using strong, unique passwords for your account
• Enabling two-factor authentication if available
• Keeping your login credentials confidential
• Logging out after using shared or public devices
• Reporting suspicious activity immediately

Security Limitations

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

10. Children

Net Pay Kenya's Services are not directed to, and we do not knowingly collect personal data from, children under the age of 18 (or the applicable age of majority in your jurisdiction).

Age Restrictions

• Our Services are designed for adults who are employed or managing payroll
• We do not knowingly collect, use, or disclose personal data from children
• We do not target children with our marketing or communications
• Account creation requires users to confirm they are 18 or older

Parental Rights

If you are a parent or guardian and believe your child has provided us with personal data without your consent:

1. Contact us immediately at mynetpaykenya@gmail.com
2. Provide details about the data you believe we have collected
3. We will promptly investigate and delete any such data

If we become aware that we have collected personal data from a child without proper consent, we will take steps to delete that information as quickly as possible.

11. International Transfers

Net Pay Kenya is based in Kenya. However, we may transfer, store, and process your personal data in countries other than your country of residence, including countries that may have different data protection laws.

Data Transfer Safeguards

When we transfer personal data internationally, we implement appropriate safeguards to protect your data:

• Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with service providers in countries without adequate data protection laws.
• Adequacy Decisions: We transfer data to countries recognized by relevant authorities as providing adequate data protection.
• Binding Corporate Rules: Where applicable, we rely on approved binding corporate rules for intra-group transfers.
• Consent: In some cases, we may obtain your explicit consent for specific international transfers.
• Contractual Necessity: Transfers may be necessary to fulfill our contract with you (e.g., processing payments).

Service Provider Locations

Our service providers may be located in:

• Kenya (primary hosting and operations)
• European Union (analytics and support tools)
• United States (cloud infrastructure and analytics)
• Other countries where our service providers operate

Your Rights Regarding International Transfers

You have the right to:

• Request information about international transfers of your data
• Obtain copies of safeguards we have in place
• Object to transfers in certain circumstances

For more information about international data transfers or to request copies of safeguards, contact us at mynetpaykenya@gmail.com.

12. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in our practices, Services, legal requirements, or for other operational, legal, or regulatory reasons.

How We Notify You of Changes

• Date Update: The "Last Updated" date at the top of this policy will be revised
• Website Notice: For material changes, we will display a prominent notice on our website
• Email Notification: If you have an account or subscription, we may email you about significant changes
• In-App Notifications: If applicable, we may notify you through our Services

Material Changes

Material changes include:

• Changes to the types of personal data we collect
• New purposes for processing data
• Changes to data sharing practices
• Significant changes to your rights
• Changes to data retention periods

Your Acceptance

By continuing to use our Services after changes become effective, you accept the updated Privacy Policy. If you do not agree with changes, please discontinue use of our Services and contact us to close your account (if applicable).

Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. You can always find the current version at netpaykenya.org/pages/privacy.html.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, we're here to help.

Contact Information

Email: mynetpaykenya@gmail.com

Subject Line: Please use "Privacy Inquiry" or "Data Protection Request" for faster processing

What to Include in Your Message

• Your full name and email address
• Description of your inquiry or request
• Any relevant account information (if applicable)
• Preferred method and language for response

Response Time

We aim to respond to all privacy inquiries within:

• General Questions: 5 business days
• Data Subject Rights Requests: 30 days (as required by law)
• Urgent Security Matters: 24-48 hours

Data Protection Authority

If you are located in Kenya, you have the right to lodge a complaint with:

Office of the Data Protection Commissioner (ODPC)
Website: www.odpc.go.ke

For users in the European Economic Area, you may contact your local data protection authority.

Related Documents

For more information about our practices, please review:

• Terms of Service - Rules governing use of our Services
• Cookie Policy - Detailed information about cookies we use
• Accessibility Statement - Our commitment to accessibility
• Contact Page - General inquiries and support