Privacy Policy

2.1 GIS Data and Satellite Imagery Requests

When you request satellite imagery or GIS data services, we collect:

Contact Information:

• Full name and professional title
• Organization/company name and type
• Email address and phone number
• Mailing address and country of residence

Project Information:

• Geographic area of interest (coordinates, location descriptions)
• Project specifications and technical requirements
• Intended use and application type
• Timeline and delivery preferences
• File uploads (KMZ, KML, project documents, reference materials)

Commercial Information:

• Billing information and payment details
• Purchase history and service usage
• Pricing discussions and quotations

2.2 Webinar and Educational Events

When you register for or participate in our webinars and events, we collect:

Registration Information:

• Name, email address, and organization
• Professional role and industry sector
• Country and time zone for scheduling
• Areas of interest and experience level

Participation Data:

• Event attendance records and duration
• Chat messages, questions, and poll responses
• Interaction with presented materials
• Feedback and survey responses
• Recording consent preferences

Communication Preferences:

• Follow-up communication consent
• Newsletter and update subscriptions
• Marketing material preferences

2.3 Website and General Usage

Technical Information:

• IP address, browser type, and device information
• Website pages visited and time spent
• Referral sources and search terms
• Cookie and tracking technology data

Communication Records:

• Contact form submissions and inquiries
• Email correspondence and support tickets
• Phone call records (where legally permitted and disclosed in advance)
• Social media interactions

3.1 Service Delivery and Customer Support

For GIS Data Services:

• Processing and fulfilling satellite imagery requests in compliance with applicable data transfer requirements
• Coordinating with satellite data providers (SI Imaging Services - SIIS) in compliance with applicable data transfer requirements
• Providing technical support and project consultation
• Delivering custom data products and analysis
• Managing billing and payment processing

For Educational Services:

• Delivering webinar content and training materials
• Managing event registration and participation
• Providing technical support for platform access
• Sharing relevant educational resources
• Following up on learning objectives and feedback

3.2 Business Operations and Communication

• Responding to inquiries and providing customer service
• Improving our services based on usage patterns and feedback
• Conducting research and analysis for service development
• Ensuring compliance with legal and regulatory requirements
• Protecting against fraud, abuse, and security threats

3.3 Marketing and Business Development

With Your Consent:

• Sending newsletters and industry updates
• Promoting relevant services and special offers
• Inviting you to webinars and industry events
• Sharing case studies and success stories (anonymized or with prior consent if identifiable)
• Conducting market research and satisfaction surveys

5.1 Business Partners and Service Providers

Satellite Data Providers:

• SI Imaging Services (SIIS) for KOMPSAT satellite imagery procurement (subject to cross-border transfer safeguards)
• Other authorized satellite imagery suppliers as needed
• Sharing limited to: contact details, project specifications, and technical requirements

Technology and Support Services:

• Cloud hosting providers for secure data storage
• Payment processors for billing and transactions
• Email and communication platform providers
• Analytics and website optimization services

Professional Services:

• Legal counsel for contract and compliance matters
• Accounting firms for financial and tax obligations
• IT security consultants for system protection

5.2 Legal and Regulatory Requirements

We may disclose your information when required by:

• Kenya Data Protection Commissioner requests
• Court orders or legal process
• Export control and trade compliance investigations
• Law enforcement for fraud prevention or public safety
• Professional licensing body inquiries

5.3 Business Transactions

In the event of a merger, acquisition, or sale of business assets, personal information may be transferred to the acquiring entity, subject to equivalent privacy protections. We will notify affected users before such transfer, where reasonably practicable.

6.1 Recording Practices

Recording Notification:

• All webinars and training sessions may be recorded
• Clear notification provided during event registration
• Additional verbal notice given at event start
• Recordings include video, audio, chat messages, and screen sharing

Recording Consent:

• Participation constitutes consent to recording
• You may disable camera/microphone or leave if you do not consent
• Chat participation is voluntary and recorded if submitted
• Private chat messages to organizers are not recorded

6.2 Use of Recordings

Internal Purposes:

• Training and quality improvement
• Content development and service enhancement
• Compliance documentation and record-keeping

External Sharing (with consent):

• Marketing materials and promotional content
• Public educational resources and case studies
• Client testimonials and success stories
• Conference presentations and industry events

6.3 Recording Rights and Controls

• Request exclusion from recorded portions
• Access copies of your recorded participation (where technically feasible)
• Request removal from promotional materials
• Opt-out of future recording participation (prior to or during sessions)
• Control over use of your image and voice in marketing

7.1 Cross-Border Data Sharing

Satellite Data Processing:

• Information shared with SIIS (South Korea) for imagery procurement
• Technical specifications transmitted to satellite ground stations
• Project coordination with international data providers

Technology Services:

• Cloud storage providers in multiple jurisdictions
• Email and communication platforms with global infrastructure
• Analytics services for website and service optimization

7.2 Transfer Protections

• Adequacy Decisions: Transfers made only to countries recognized by Kenya as providing adequate protection.
• Standard Contractual Clauses: Contracts ensuring equivalent privacy protection for transfers to other countries.
• Consent: Explicit permission for transfers where other protections are not available.
• Necessary Transfers: Transfers essential for service delivery, contract performance, or legal compliance.

8.1 Retention Periods

GIS Data Requests:

• Contact and project information: 5 years after service completion
• Technical specifications: 3 years for reference and support
• Payment records: 7 years for accounting and tax purposes
• Communication records: 3 years for customer service

Webinar Participation:

• Registration information: 3 years for educational program development
• Recording footage: 2 years for training and promotional use
• Participation analytics: 1 year for service improvement
• Marketing consent: Until withdrawn or 3 years of inactivity

General Records:

• Website analytics: 26 months maximum
• Security logs: 12 months for fraud prevention
• Email communications: 3 years for business continuity
• Legal compliance records: As required by applicable law

8.2 Secure Deletion

Information is permanently deleted when retention periods expire, using industry-standard secure deletion methods to prevent recovery.

9.1 Access and Information Rights

• Right to Access: Request copies of personal information we hold about you, including details about processing purposes and data sharing.
• Right to Information: Receive clear explanations about our data practices and your rights under applicable privacy laws.

9.2 Control and Correction Rights

• Right to Rectification: Correct inaccurate or incomplete personal information in our records.
• Right to Update: Modify contact preferences, communication settings, and account information.
• Right to Restriction: Limit how we process your information in specific circumstances.

9.3 Deletion and Portability Rights

• Right to Erasure: Request deletion of your personal information, subject to legal, regulatory and business obligations.
• Right to Portability: Receive your data in a structured, machine-readable format for transfer to other services.

9.4 Objection and Withdrawal Rights

• Right to Object: Oppose processing based on legitimate interests or for marketing purposes.
• Right to Withdraw Consent: Revoke permission for marketing communications, recordings, or optional services.
• Right to Opt-Out: Unsubscribe from marketing emails, webinar invitations, or promotional content.

10.1 How to Contact Us

Privacy Requests:

• Email: info@geosurveysandgeospatialinfo.co.ke
• Phone: 020 765 0202
• Mail: Privacy Officer, GGIL, Flamingo Tower Upper Hill, Nairobi, Kenya

Request Requirements:

• Clearly mark email subject as "PRIVACY REQUEST: [type of request]"
• Specify the right you wish to exercise
• Provide sufficient information to verify your identity
• Describe the specific information or processing concerned
• Include preferred method for receiving our response

10.2 Response Timeline

• Acknowledgment: Within 72 hours of receiving your request
• Response: Within 30 days, or 60 days for complex requests
• Extensions: We will notify you if additional time is needed
• Appeals: Contact us if you're unsatisfied with our response

11.1 Technical Safeguards

Data Encryption:

• Strong encryption for data transmission and storage
• Secure protocols for all website and service communications
• Encrypted backups and secure data archiving

Access Controls:

• Multi-factor authentication for administrative access
• Role-based permissions limiting data access to authorized personnel
• Regular access reviews and account management

System Security:

• Firewall protection and intrusion detection systems
• Regular security updates and vulnerability assessments
• Secure development practices for all technology platforms

11.2 Organizational Measures

Staff Training:

• Regular privacy and security awareness training
• Clear policies for data handling and protection procedures
• Background checks and confidentiality agreements

Vendor Management:

• Due diligence assessments for all service providers
• Contractual privacy and security requirements
• Regular audits of third-party data handling practices

Incident Response:

• Defined procedures for security breaches and data incidents
• Rapid response team for containment and investigation
• Notification procedures for authorities and affected individuals

11.3 Data Breach Notification

Internal Response:

• Immediate containment and investigation of security incidents
• Assessment of risks to personal information and individual rights
• Documentation of incident details and response actions

External Notification:

• Office of Data Protection Commissioner: Within 72 hours
• Affected individuals: Without undue delay if high risk
• Business partners: As required by contracts or law
• Regulatory authorities: As mandated by applicable regulations

12.1 Types of Cookies

Essential Cookies:

• Website functionality and security
• User session management and preferences
• Form submission and error prevention

Analytics Cookies:

• Website usage statistics and performance monitoring
• User behavior analysis for service improvement
• Traffic sources and popular content identification

Marketing Cookies:

• Personalized content and relevant service recommendations
• Email campaign effectiveness measurement
• Social media integration and sharing functionality

12.2 Cookie Management

Browser Controls:

• Modify cookie settings in your browser preferences
• Block or delete cookies for our website specifically
• Use private/incognito browsing to prevent cookie storage

Preference Center:

• Manage cookie categories and tracking preferences
• Update consent choices for marketing and analytics
• Access detailed information about specific cookies used

13.1 External Websites

Our website may contain links to third-party websites, including:

• Satellite data provider portals
• Industry publications and resources
• Business partner and client websites
• Educational and training platforms

Important: This Privacy Policy does not apply to third-party websites. Please review their privacy policies before sharing personal information.

13.2 Integration Services

Business Applications:

• Customer relationship management systems
• Project management and collaboration tools
• Financial and accounting software

Communication Platforms:

• Email marketing and newsletter services
• Webinar and video conferencing platforms
• Social media and professional networking sites

All integrated services are subject to data processing agreements ensuring appropriate privacy protection.

14.1 Age Restrictions

Our services are designed for business and professional use and are not intended for children under 18 years of age.

14.2 Parental Rights

If you believe we have collected information from someone under 18, please contact us immediately. We will:

• Verify the age of the individual
• Delete any personal information collected
• Implement measures to prevent future collection
• Notify parents or guardians as appropriate

15.1 Update Procedures

Regular Reviews:

• Annual review of privacy practices and policy accuracy
• Updates following significant changes to our services
• Revisions to comply with new or changed privacy laws
• Modifications based on user feedback and industry best practices

Notification Methods:

• Email notification to registered users for significant changes
• Website banner highlighting policy updates
• Direct communication during service interactions
• Social media announcements for major revisions

15.2 Continued Use

Continued use of our services after policy changes constitutes acceptance of the updated terms. If you disagree with changes, please contact us to discuss your options or discontinue service use.

16.1 Internal Resolution

We are committed to resolving privacy concerns quickly and effectively. Contact our Privacy Officer for:

• Questions about this policy or our privacy practices
• Concerns about data handling or security
• Complaints about privacy rights or service issues
• Requests for additional information or clarification

16.2 Regulatory Authority

• Kenya Data Protection Authority: Office of the Data Protection Commissioner
• Address: [ODPC Address]
• International Authorities: Contact relevant data protection authorities in your jurisdiction
• EU residents may contact their national data protection authority
• Specific contact information available upon request

17.1 General Contact

• All Inquiries:
• Email: info@geosurveysandgeospatialinfo.co.ke
• Phone: 020 765 0202
• Mail: Geosurveys & Geospatial Information Limited, Flamingo Tower Upper Hill, Nairobi, Kenya
• Hours: Monday-Friday, 8:00 AM - 5:00 PM (EAT)

17.2 How to Reach the Right Department

For faster response, please indicate your inquiry type in the email subject line:

• Privacy Requests: "PRIVACY: [your request type]"
• GIS Data Services: "GIS DATA: [brief description]"
• Webinar Registration: "WEBINAR: [event name or question]"
• General Customer Support: "SUPPORT: [brief description]"
• Legal/Compliance: "LEGAL: [brief description]"