Privacy Policy

PRIVACY POLICY STATEMENT

Your data and personal information is crucial to us. This privacy policy explains how Bringing Smiles Foundation online platforms processes data provided by its foundation supporters. This statement should be read together with the Terms and Conditions of Bringing Smiles Foundation. Where there is a conflict, this policy shall prevail. This policy applies to all our members and volunteers.


We only collect Personal Data that is necessary to inform you of our programs and projects, to carry out an agreement with you and to be in contact with you. In order to do so, we base ourselves on the agreement’s grounds for processing, the legal obligations, our legitimate interest and in some cases, your permission (see also article 2). You can also subscribe to the Bringing Smiles Foundation Newsletter.


The processing of your Personal Data is subjected to this privacy statement. For questions and/or comments, please write to info@bringingsmilesfoundation.org. By providing your Personal Data, you are considered to have acknowledged the use of your Personal Data in accordance with this privacy statement.


Article 1: Definitions


“Act” means the Data Protection Act, (Act No 24 of 2019), Laws of Kenya


 “Foundation” means Bringing Smiles Foundation


 “Data Controller” has the meaning as defined in the Act. The Foundation will be qualified as the Data Controller which determines the purposes and processes of the processing of your Personal data.


 “Data Processor” has the meaning as defined in the Act, which processes the Personal data on behalf of and under orders of the Controller.


 “Personal Data” has the meaning as defined in the Act, including any information that allows a natural person (also data subject) to be identified or with which a natural person can be identified. 


 “Website” means the website of the foundation: www.bringingsmilesfoundation.org


 ‘’Foundation Supporters’’ means the members of the Foundation, members or affiliates of any other entity (organizations, companies, individuals or businesses) that has partnered with the Foundation in any of its programs or projects, non-members who have shown up to any of the Foundation's programs or projects and visitors.


‘’Any agent’’ means a dealer and/or merchants who has signed an agreement with us and is recognized as a merchant or agent in accordance with any applicable laws or Regulations.


 ‘’Visitor’’ means a person or anyone who gains access to any of our websites


‘’ Data ‘’ As defined in General Data Protection Regulation (GDPR) and the Data Protection Act 2018 to include name, postal address, telephone number, email address or any other personal data that may be collected on this website


Article 2: Personal Processing and Legal Ground


Foundation Supporters Data


As part of our services and activities, we collect and process the Personal Data of our members, members or affiliates of any other entity (organizations, companies, individuals or businesses) that has partnered with the Foundation in any of its programs or projects, non-members who have shown up to any of the Foundation's programs or projects and visitors. The purposes for these processing operations are the performance of agreements with our Foundation supporters (agreements on monthly contributions, partnerships etc.),member management, to enhance communication through collection of email addresses and phone numbers and impact assessment through member's feedback. The legal grounds are the performance of the agreement, the compliance with legal and regulatory obligations, our legitimate interest and in some cases permission.


Data of Suppliers and Contractors


We collect and process the identity and contact data of our suppliers and subcontractors, as well as their (sub) sub-contractors, personnel, workers, agents and other useful contacts. The purposes of these processing operations are the performance of the agreement, the management of the suppliers/subcontractors, accounting and direct marketing activities such as sending promotional or commercial information. The legal grounds are the performance of the agreement, the compliance with legal and regulatory obligations and/or our legitimate interest (such as for direct marketing).


Other Data:


In addition to the data of the Foundation's supporters, we also process Personal Data of others, such as potential new /prospective members/partners, useful contacts in the charity sector, etc. This is via our Website or via other channels, which shall include but not be limited to Social Media, events, referrals from members. The purposes of these processing operations are to further the interest of our activities and public relations. The legal ground is our legitimate interest, the performance of an agreement and/or in some cases permission.


Specifically, we may use the personal data we collect for the following purpose:


  • To identify you as a user of the website;
  • To provide information to you regarding our projects, products and services;
  • To provide our services to you and perform possible agreements;
  • To process and treat possible complaints or requests;
  • To help us evaluate, correct or improve the Website and all related services of the Foundation.
  • To strategically plan our activities in a way that aligns with our new/prospective members/partners.


In summary of the above the Foundation generally collects only the personal information necessary to fulfil your request. Where additional, optional information is sought, you will be notified of this at the point of collection.


The applicable laws allow us to process personal information, so long as we have a ground under the law to do so. They also require us to tell you what those grounds are. As a result, when we process your personal information, we will rely on one of the following processing conditions:


  • Performance of a contract: this is when the processing of your personal information is necessary in order to perform our obligations under a contract;
  • Legal obligation: this is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
  • Legitimate interests: we will process information about you where it is in our legitimate interest in running a lawful organization to do so in order to further our goals, so long as it does not outweigh your interests; or
  • Your consent: in some cases, we will ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. You may withdraw you consent at any time by contacting Bringing Smiles Foundation on www.bringingsmilesfoundation.org
  • Examples of the ‘legitimate interests’ referred to above are:
  • To offer information and/or services to individuals who visit our website.
  • To prevent fraud or criminal activity and to safeguard our IT systems.
  • To customize individuals’ online experience and improve the performance usability and effectiveness of the Foundation's online presence.
  • To conduct, and to analyze, our organization's activities.
  • To meet our social responsibility obligations.
  • To exercise our fundamental rights including our freedom to conduct a business and right to property.


Article 3: Confidentiality of Your Personal Data


Every time you, as a user of the Website or in any other way, provide Personal data to us, we will treat this information in accordance with the provisions of this privacy statement and the legal obligations in connection with the processing and storing of Personal Data, under the Act.


We implement internationally acceptable measures and procedures to secure and protect the Personal Data we collect through the website or via (electronic) correspondence.


In this way we undertake, as far as can reasonably be expected, to prevent any illegal processing of Personal Data and unintentional loss or destruction of your Personal Data. Despite these precautions, we cannot guarantee that your Personal Data will be protected if it is forwarded outside the Website in an unsecured manner through other channels or otherwise communicated.


We try to optimize the security of your Personal Data by limiting access to your Personal data to individuals on a “need-to-know” basis (for example only employees, workers or subcontractors who need your Personal Data for the purposes described in Article 2 will be able to access the data). Upon reasonable request, we may provide you with the names of such subcontractors.


Article 4: How does Bringing Smiles Foundation Collect Your Personal Data and How Long is it Saved?


We collect your Personal Data in the following cases which is not limited:


  • When sending a request for information on the website (via the contact form);
  • When you submit your email address to be added to the Foundation's mailing list
  • When your picture or video is taken at any of the Foundation's events;
  • When you sign up for the Foundation's activities including events, fellowships, programs etc;
  • When you reach a contract (of employment) with us;
  • If you call, mail or correspond with us in any other way other than via the website
  • When signing up for membership;
  • When filling a complaint or feedback via the website;


We save and process Personal Data for a period that is necessary to fulfil the purposes of the processing and to fulfil the (possibly contractual) relationship between the organization and you.


Foundation Supporters' data will in any case be deleted from our systems after a period of 500 days following the termination of the agreement or project, with the exception of Personal Data that we are required to save for a longer period following specific legislation or in the event of an ongoing dispute for which the Personal Data is still necessary.


Data collected via a form on our Website or via another channel which shall include but not be limited to Social Media, events, referrals from clients, is not saved for longer than a period that we shall deem necessary in the circumstances after the last time there was a meaningful contact with you.


Personal Data of personnel is removed after a period which we shall deem necessary and reasonable in the circumstances.


We avoid the collection of Personal Data that is not relevant for the purposes set out in Article 2.


Article 5: Transfer of Personal Data


There may be circumstances where we will be required to transfer your Personal Data to third parties in and outside of Kenya. By accepting the terms in this agreement, you consent to us transferring your Personal Data where we deem it necessary or appropriate, subject to the conditions set out in this Article 5.


Where we deem it necessary or appropriate to transfer your Personal Data, we will ensure that the transfer of and receipt of your Personal Data will be done with the implementation of internationally acceptable measures and procedures to secure and protect your Personal Data.


Any transfer of Personal Data to a recipient as listed above is in accordance with the provisions of the Act.


We shall ensure that measures are adopted so that the recipients cannot use this Personal Data for purposes other than those listed exhaustively in Article 2 and also, that the recipients have taken sufficient technical and organizational measures to protect these data.


To guarantee the security of Personal Data, we will always reach a processor agreement with the aforementioned recipients of this Personal Data. We will take all necessary precautions to ensure that employees and workers who have access to Personal Data process this exclusively in accordance with this privacy statement and the legal obligations under the Act. 


Article 6. Lawful Basis for processing your information


We will process your personal information based on any of the lawful basis provided for under the Data Protection Law.


  • The performance of a Membership/Service Agreement with you;
  • The Foundation's legitimate interests;
  • Compliance with a mandatory legal obligation;
  • Consent you provide;
  • Public interest;
  • Your vital interest.


Article 7. Retention of Information


We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.


To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.


Article 8. Grounds for disclosure of information:


Any disclosure of your information shall be in accordance with applicable law and regulations. The Foundation shall assess and review each application for information and may decline to grant such information to the requesting party.


We may disclose your information to our subsidiaries, associates, partners, software developers or agents who are involved in delivering the Foundation's services you order or use; Survey agencies that conduct surveys on behalf of the Foundation;


We shall not release any information to any individual or entity that is acting beyond its legal mandate. We will get your express consent before we share your personal data with any third party for direct marketing purposes.


Article 9: Rights of the Data Subject


Rights of Access to Personal Data


You have the right to instruct us to disclose any Personal Data that we hold about you, provided that the rights of other data subjects are not affected.


Right to Rectify Personal Data


We kindly ask you to ensure that the Personal Data in our database is as accurate and complete as possible. If you believe that the data provided to us is incorrect or incomplete, please inform us as described above. Your Personal Data will be corrected or supplemented as soon as possible.

 

Right to Erase Personal Data


You have the right to delete your Personal Data without undue delay in the following cases:


  • If it is no longer necessary to retain the Personal Data for the purposes for which it was collected or otherwise processed;
  • In the event of withdrawal of consent for permission-based processing;
  • Processing intended for direct marketing; and
  • If the Personal Data was unlawfully processed.


However, there are certain general exclusions to the right to erase. These general exclusions comprise the cases where processing is necessary:


  • For exercising the right of freedom of expression and information.
  • For compliance with a legal obligation. or
  • For the establishment, exercise or defense of legal claims.


Right to Limit the Processing of Data


In the following cases you have the right to limit the processing of your Personal data:

  • To dispute the correctness of your Personal Data;
  • When the processing is unlawful, but you do not want the Personal Data to be erased; or
  • If you object to the processing of your Personal Data, and verification of that objection is pending.
  • If processing is restricted on this basis, we may continue to store your Personal Data. However, we will only process the data with your express consent to institute, exercise or defend legal claims, to protect the rights of another natural or legal person or for reasons of substantial public interest.


Right to Object


You have the right to object to our processing of your Personal Data.


Right of Data Portability


If you wish to exercise your right of data portability, we will transfer the Personal Data in a structured, common and machine-readable form to a data controller of your choice.


Right to Withdraw Consent


To the extent that the legal basis for our processing of your Personal Data is your consent, you have the right to withdraw your consent at any time. However, such withdrawal shall not affect the lawfulness of the processing that took place before the withdrawal.


If you wish to exercise any of the rights set out above, please contact us on info@bringingsmilesfoundation.org


Article 10: Referral to Third Parties


The Website may contain links to other websites that are not managed by us. While we do our utmost to ensure that links only lead to websites that have corresponding security and confidentiality standards, we are in no way responsible for the protection and confidentiality of Personal Data, including the data you provide on other websites, after you leave the Website.


We reiterate that you must work carefully and always consult the privacy statement that applies to the website in question before providing Personal Data on other websites.


Article 11: Cookies


The Foundation uses “cookies” every time you use the Website. A “cookie” is information sent to your device via the server and is stored on the device’s hard disk. Cookies help the Foundation to recognize your device when you use the Website. It allows the Foundation to make the processing more user-friendly and to offer a personalized service.


Google Tag Manager and Google Analytics (collectively referred to as “Google”):


Google collects anonymous data (ad views, analytics, browser information, cookie data, date/time, demographic data, hardware/software type, internet service provider, interaction data, page views, and serving domains), pseudonymous data (IP Address (EU PII), Device ID (EU PII), PII (name, address, phone number, email address, login, EU- IP address, EU-unique device ID), sensitive (financial information). Aggregate data, anonymous data, PII data and sensitive data is shared by Google with third-party parties. We use the information we get from Google only to improve this website and for marketing purposes. Google collects only the IP address assigned to you on the date you visit this website, rather than your name or other identifying information. You can review Google’s privacy policy at https://www.google.com/policies/privacy/ .


Although Google plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this website, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google about your visits to this website is restricted by the Google Terms of Use and the Google Privacy Policy. You can prevent Google from recognizing you on return visits to the website by disabling cookies on your browser (see below).


Facebook for Developers (formerly “Facebook Connect”


Facebook for Developers operates Facebook Connect, which collects anonymous data (ad views, analytics, browser information, cookie data, date/time, demographic data, hardware/software type, internet service provider, interaction data, page views, and serving domains), pseudonymous data (IP Address (EU PII), search history, location based data, Click stream Data, PII (name , address, phone number, email address, login, EU- IP address, EU-unique device ID ), sensitive (financial information). Facebook for Developers’ privacy policy can be found at: https://www.facebook.com/about/privacy/ . Aggregate data is shared by Facebook for Developers with third parties. Facebook for Developers also shares anonymous data with third parties. Facebook for Developers shares PII data with third parties. Facebook for Developers also shares sensitive data with third parties. We do not combine the information collected through Facebook for Developers with personally identifiable information.


Analytics, LinkedIn Ads and LinkedIn Marketing Solutions (collectively, “LinkedIn Analytics”)


LinkedIn Analytics collects anonymous data (ad views, analytics, browser information, cookie data, hardware/software type, internet service provider, interaction data, page views, and serving domains), pseudonymous data (IP Address (EU PII)), Location Based Data, Device ID (EU PII), and PII (name, address, phone number, email address, login). Aggregate and anonymous data is shared by LinkedIn with third-party parties. LinkedIn’s privacy policy for LinkedIn Ads and LinkedIn Analytics can be found at: https://www.linkedin.com/legal/privacy-policy 


Calendly


Calendly collects information from you that you provide directly through our contact forms and it automatically collects data through your use of our contact forms. Calendly automatically collects anonymous data (device type, browser information, page views, serving domain, Device ID, IP Address, mobile network carrier, time zone, and location). Calendly’s privacy policy can be found at: https://calendly.com/pages/privacy 


Article 12: Exemptions from the Privacy Policy


Our Privacy Policy does not apply to any non Personal Data you may send to the Foundation by email or instant messaging programs (e.g., Google My Business), or through social media networks, even if you open such programs or services by clicking a link displayed on the Website. Email, social media, and instant messages are not recognized as secure communication forms.


Article 13: Changes to this Privacy Policy


We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Foundation's website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use/disclose it.


Article 14. Right to Lodge Complaint


You have the right to lodge a complaint with the relevant supervisory authority that is tasked with personal data protection within the Republic of Kenya


Article 15. Non-Compliance with this Policy


The Foundation shall have the right to terminate any agreement with you for failure to comply with the provisions of this policy and reject any application for information contrary to this statement.


Article 16. How to Contact Us


If you would like to contact us on any topics in this privacy policy, you can email us on www.bringingsmilesfoundation.org ,info@bringingsmilesfoundation.org  or submit a request via our digital platforms.


Our contact details as a Data Controller are as follows: 


www.bringingsmilesfoundation.org 


info@bringingsmilesfoundation.org 


Policy Effective Date


This  day of  29th February 2024

Share by: