At Seraph Cyber Ltd., we respect your privacy and are committed to protecting it in compliance with the Kenya Data Protection Act, 2019 and other applicable laws. This Privacy Policy describes the principles and practices that apply to the collection, use, and safeguarding of personal information that Seraph Cyber Ltd. (“Seraph Cyber,” “we,” “our,” “us”) collects from users of our website, www.seraphcyber.com, and any platforms, services, or digital applications we operate (collectively, the “Services”).
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we treat it. By using our Services, you consent to the processing of your information as described in this Privacy Policy.
1. Definitions and Background
- “Personal Data” means any information relating to an identified or identifiable natural person, as defined under the Kenya DPA, 2019.
- “Sensitive Personal Data” includes financial, health, biometric, or other categories as defined in the Act.
- “Data Subject” means an individual whose personal data is processed by us.
- “Processing” refers to any operation performed on personal data, such as collection, recording, storage, retrieval, use, disclosure, or erasure.
- “Device” means any smartphone, tablet, laptop, or connected equipment used to access our Services.
2. Scope of this Policy
This Privacy Policy applies to personal data collected:
- Through our website, systems, and services.
- Through direct communications with our clients and partners.
- From prospective employees, contractors, and vendors.
It does not apply to third-party websites or services that may be linked to our website.
3. Information We Collect
We may collect the following categories of information:
- Information you provide directly
- Name, email address, phone number, organization, role/title.
- Information provided when requesting a consultation, report, or quote.
- Information provided during contractual engagements.
- Automatically collected information
- IP address, browser type, device identifiers.
- Pages viewed, access times, and interactions with our website.
- Cookies and tracking technologies (see Section 6).
- Business-related information
- Data from penetration tests, vulnerability assessments, compliance audits, and risk analysis projects, which may include logs or security-related metadata.
- Sensitive data
- We may process sensitive personal data only with explicit consent or where required by law, particularly when assisting regulated organizations such as banks, SACCOs, and healthcare institutions.
4. How We Use the Information We Collect
We may use your personal data to:
- Deliver cybersecurity services (e.g., penetration testing, vulnerability assessments, audits, compliance checks, incident response).
- Communicate updates, service notices, or security alerts.
- Improve and customize our website and services.
- Conduct research and statistical analysis.
- Comply with legal obligations under the Kenya DPA and other applicable laws.
- Investigate and prevent fraudulent, unauthorized, or illegal activities.
5. How We Share Information
We do not sell your personal data. We may share your information only with:
- Authorized staff and contractors who require access to provide services.
- Third-party service providers for hosting, analytics, secure communication, or technical support, under confidentiality agreements.
- Law enforcement or regulatory bodies where required by Kenyan law (e.g., ODPC, Central Bank regulations).
- Successors or acquirers in the event of a merger, acquisition, or restructuring.
6. Cookies and Tracking Technologies
- We use cookies to enhance browsing, analyze website traffic, and improve user experience.
- Cookies may remember your preferences or track engagement with our content.
- You may disable cookies in your browser, though this may affect some site features.
7. Your Rights under Kenya’s Data Protection Act (2019)
As a Data Subject, you have the right to:
- Access your personal data.
- Correct or delete inaccurate or outdated data.
- Withdraw consent for processing.
- Object to processing for direct marketing or profiling.
- Request data portability where technically feasible.
- Complain to the ODPC if your rights are infringed.
Requests can be made via the contact details in Section 12.
8. Data Security
We implement administrative, physical, and technical safeguards to secure personal data. These include:
- Encryption of sensitive data in transit and at rest.
- Multi-factor authentication for access to client systems.
- Role-based access control for employees.
- Regular audits, penetration tests, and vulnerability assessments.
No system is completely secure, but we take all reasonable steps to minimize risk.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law, contract, or regulatory guidelines.
10. Children’s Privacy
Our Services are not intended for children under 18 years of age. We do not knowingly collect data from minors.
11. International Data Transfers
Although Seraph Cyber is based in Kenya, we may process data across borders when engaging with international clients. Where transfers occur, we ensure appropriate safeguards are in place, including contractual clauses or compliance with GDPR (for EU clients).
12. Dispute Resolution
If you have concerns about our processing of your personal data:
- Contact us directly (see Section 13).
- If unresolved, you may file a complaint with the Office of the Data Protection Commissioner (ODPC), Kenya.
- Disputes may also be resolved through arbitration or legal remedies under Kenyan law.
13. Updates to this Policy
We may update this Privacy Policy periodically. Changes will be posted on our website with a new “Effective Date.” Continued use of our Services after updates indicates acceptance.
14. How to Contact Us
If you have questions, requests, or complaints regarding this Privacy Policy or our practices, please contact us:
info@seraphcyber.com
Seraph Cyber Ltd, Nairobi, Kenya