top of page

Privacy Policy

 

Effective Date: 1 September 2024

 

Last Updated: 30 August 2024

 

Introduction

 

Aquarech Limited (“we,” “our,” or “us”) operates at the forefront of innovative fish farming methods that not only improve the livelihoods of small-scale fishing communities but also allow for sustainable, environment-friendly practices while introducing value chain efficiencies for all actors in the aquaculture ecosystem. We are committed to protecting the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website www.aquarech.com or interact with us through any services we provide via our mobile platforms.

 

Data We Collect

 

We may collect personal data from you in a variety of ways, including when you visit our website, register for services, or engage with us in other ways. The types of personal data we collect include:

 

  1. Identity Data - Name, ID number, date of birth.

  2. Contact Data - Email address, phone number, physical address.

  3. With your permission, we collect your device's location to offer tailored services based on your geographical area. This information is stored securely and used to optimise your experience.

  4. We may collect data related to how you interact with the app, such as the features you use, the time spent on the app, and your preferences. This data helps us improve app functionality and user experience.

  5. We collect data about the device you use to access the app, such as device model, operating system version, and mobile network information, to ensure compatibility and app performance.

  6. If you use our app for any financial transactions, we collect information related to these transactions for payments for fish farming products and services, including processing financial information for online transactions.

 

How We Collect Your Data

We collect personal and sensitive data through various methods, including:

  • Directly from you when you fill out online forms, applications, surveys, or when you communicate with our representatives via email, phone, in-person meetings, or other direct channels especially, during customer onboarding or in partnership negotiations.

  • Online Interactions when you interact with our website, mobile applications, or other online platforms. This may include information gathered through cookies, web forms, chatbots, and online registration processes Fish farmers, customers, and partners provide personal information via Aquarech’s digital platforms (website, mobile applications).

  • Automatically through automated means which include, but are not limited to, the following:

  1. We may use cookies and similar technologies to gather information about your online activities and preferences. This helps us to improve our services and provide a more personalised experience. You can manage your cookie preferences through your browser settings. However, disabling cookies may affect your ability to use certain features of our website. For more information on how we use cookies, please see our Cookie Policy.

  2. We collect IP addresses, device information, and browser data for security, performance monitoring, and analytics purposes. This information helps us to ensure the security of our systems, analyse trends, and improve our services.

  3. We track user behaviour and interactions with our websites and applications to better understand how our services are used and to enhance user experience. This data is used to improve functionality, customise content, and offer relevant features.

 

  • We may collect personal data indirectly from data that is publicly available, such as contact information from professional directories, social media profiles, or publicly accessible databases, when relevant and in compliance with data protection laws. In such a case, we shall notify you within Fourteen (14) days after obtaining the data.

We are committed to ensuring that personal data collected through these methods is used for lawful and legitimate purposes as specified in this Policy.

​

How We Use Your Data

 

We shall collect and process personal data necessary for the specific purposes of our aquaculture and business operations, which include but not limited to:

  • To provide our services to you. This includes facilitating farm management tools, market access, and financial services that support the growth of the aquaculture sector in Kenya and beyond.

  • To fulfil our contractual obligations with farmers, customers, partners, suppliers, and consultants.

  • To promote ethical business practices, we collect Know Your Customer (KYC) data for the following purposes: 

  1. Identity Verification to prevent fraudulent activities and maintain the integrity of our platform.

  2. Assessing and mitigating potential risks related to onboarding new fish farmers and business partners.

  3. Compliance with Regulatory Requirements including anti-money laundering (AML) and counter-terrorism financing (CTF) regulations.

​

  • ​​We process personal data based on the informed and voluntary consent of data subjects when such activities are not covered by contractual or legal obligations, such as marketing communications or customer feedback surveys.

  • To analyse and improve our services, and optimise our platform functionality.

  • To communicate with fish farmers, customers, partners, and other stakeholders. This includes sharing updates, educational resources, market information, and opportunities relevant to our aquaculture platform.

  • To ensure the security of our digital platforms and prevent fraud, we collect and process relevant personal data for verification and fraud prevention measures.

  • To generate reports and analytics for internal use and for external stakeholders. 


 

Legal Basis for Processing

 

We process your personal data under the following lawful bases:

 

  1. When you provide clear and explicit consent for us to process your data for a specific purpose.

  2. When processing your data it is necessary to perform a contract with you.

  3. Where we are required to process your data to comply with legal obligations.

  4. Where processing your data is necessary for our legitimate interests such as to improve our services, provided these do not override your rights and freedoms.

 

Data Sharing and Disclosure

 

We may share your personal data with the following parties:

 

  1. Third-party vendors who provide us with services such as payment processing, data hosting, and analytics. We shall enter into binding Data Sharing/Processing Agreements with vendors that outline the purpose of the data sharing, the types of data to be shared, the security measures to be implemented, and the responsibilities of each party.

  2. Where required by law, we may disclose your information to regulatory or governmental bodies.

  3. In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction.

 

International Data Transfers

 

Your personal data may be transferred and stored outside of Kenya where necessary for our business and operational needs in accordance with the Data Protection Act. Before transferring personal data out of Kenya, we shall ascertain that the transfer is based on: 

 

  1. appropriate data protection safeguards;

  2. an adequacy decision made by the Data Commissioner;

  3. transfer as a necessity; or

  4. consent of the data subject. The data subject shall be informed of the destination country and the safeguards in place to protect their personal data.

When transferring personal data to a third country or international organisation, we shall: 

 

  • Document the transfer. The documentation shall include—

  1. the date and time of the transfer;

  2. the name of the recipient;

  3. the justification for the transfer; and

  4. a description of the personal data transferred.

 

  • Ensure that the receiving entity provides sufficient protection standards equivalent to those required under Kenyan law. This may include: 

  1. The recipient has ratified the African Union Convention on Cyber Security and Personal Data Protection; or

  2. The recipient has a reciprocal Data Protection Agreement with Kenya.

 

  • We shall execute Corporate Binding Rules among a concerned group of undertakings or enterprises

 

Data Security

 

We shall implement robust technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. These measures include, but are not limited to:

Technical measures

 

  1. Encrypting data both at rest and in transit using strong encryption algorithms to protect it from unauthorized access and interception.

  2. Firewalls and intrusion detection systems (IDS),  monitoring and protecting our network from potential security threats.

  3. Implementing Multi-factor authentication (MFA) before granting access to sensitive data.

  4. Data anonymization/masking personal data when used for analysis or processing to protect individual identities.

  5. Following secure coding practices during application development to prevent vulnerabilities. 

  6. Conducting regular security testing, including penetration testing to identify and address potential weaknesses.

  7. Regular updating of our software and systems with security patches and updates to protect against known vulnerabilities.

  8. Classification of data based on sensitivity and importance, and appropriate security measures are applied based on the classification level.

  9. Securely deleting or destroying data that is no longer needed in accordance to our Data Retention Policy and Procedures to prevent unauthorized access or recovery.

 

Organizational measures:

 

  1. Access restriction of data to authorised personnel based on job roles and responsibilities. Role-based access controls (RBAC) are implemented to ensure that only individuals with a need-to-know have access to sensitive information.

  2. Regular backups of critical data are performed and stored securely. 

  3. Data storage facilities and offices are protected by physical security measures, including access controls, lockable storage cabinets with restricted access, and secure entry points.

  4. When selecting cloud service providers for data storage, we ensure that they meet the highest standards of security, reliability, and compliance with the Kenya Data Protection Act, and our internal policies. We prioritise providers with strong encryption protocols, both during transfer and at rest, as well as comprehensive access controls to protect the personal and sensitive data we handle. Additionally, we ensure that our cloud service providers support data localisation requirements, so that data remains within required jurisdictions where necessary.

  5. Regularly training our staff on data protection practices and the importance of compliance with policies.

  6. Implementing a structured procedure for responding to data breaches or security incidents.

  7. Conducting periodic audits to review data handling and ensure compliance with privacy laws and regulations.

 

While we strive to protect your data, please note that no security system is foolproof. We cannot guarantee the absolute security of your information.

 

Data Retention

 

We shall retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements as more Specifically Set out in our Data Protection Policy. Data that is no longer required will be securely deleted or anonymized.

​

Your Data Protection Rights

 

You  have the following rights regarding your personal data in our possession:

 

  1. You have the right to request access to the personal data.

  2. You may request corrections to any inaccurate or incomplete personal data.

  3. You may request the deletion of your personal data where there is no legal basis for its retention.

  4. You have the right to object to the processing of your data in certain circumstances.

  5. You have the right to request that we transfer your data to another service provider.

  6. Where processing is based on your consent, you can withdraw that consent at any time.

 

To exercise any of these rights, please contact us using the Contact Information provided below.

 

Changes to This Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We encourage you to review this policy periodically to stay informed of how we are protecting your personal data.

 

Acknowledgment and Consent 

 

By using our website and services, you acknowledge that you have read, understood, and consented to this Privacy Policy. You agree to the collection, processing, and use of your information as described herein. 

 

IF YOU DO NOT AGREE with any part of this Privacy Policy, please refrain from using our website and services. Additionally, by using our services, you confirm that you have the legal capacity to access and use our website and services, either as an individual of legal age or as a representative of an entity authorised to do so. Your continued use indicates your acceptance of the terms outlined in this Privacy Policy.

 

Contact Information

 

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us via our website at CONTACT US or contact our Data Protection Officer (DPO) via the address below:

 

Data Protection Officer

Aquarech Limited

info @ aquarech.com  

P.O Box 1424 -40100

Kisumu

​

bottom of page