Josam Group Privacy Statement

Effective Date: 5th October 2024

1. Introduction At Josam Group, we are committed to protecting the privacy of our employees, clients, and partners. This IT Privacy Policy outlines how we collect, use, and safeguard personal and organizational information through our IT systems.

2. Purpose The purpose of this policy is to ensure that personal data and sensitive information are handled responsibly and securely within Josam Group. This includes ensuring compliance with applicable data protection laws, such as the General Data Protection Regulation (GDPR) and Kenya’s Data Protection Act (DPA), among others.

3. Scope This policy applies to all employees, contractors, consultants, and third-party service providers who use, access, or manage Josam Group's IT systems, applications, networks, and data.

4. Collection of Personal Information Josam Group may collect the following types of personal information:

Employee Information: Contact details, identification documents, work performance data, etc.
Client Information: Names, contact information, financial details, and service usage data.
Website Visitors: IP addresses, browser types, page views, and cookies.

5. Use of Personal Information Personal information is used for the following purposes:

Employee Management: Processing payroll, benefits, performance evaluations, and maintaining employment records.
Service Delivery: Providing products and services to clients, including support and troubleshooting.
Communication: Notifying clients and employees of updates, changes, or issues related to our services.
Security: Monitoring and safeguarding IT systems and ensuring the integrity of data.

6. Data Sharing We will not share personal data with third parties unless:

Consent has been given by the data subject.
It is required by law or a legal process.
It is necessary for service delivery (e.g., third-party service providers like cloud hosting).
It is necessary for protecting Josam Group's rights or property.

In cases where third parties are involved, we ensure they are bound by privacy obligations consistent with this policy.

7. Data Storage and Security

Personal data is stored on secure servers that comply with industry-standard security protocols.
Access to personal data is restricted to authorized personnel based on role and responsibility.
Encryption and firewalls are employed to protect sensitive information during storage and transmission.
Regular security audits are conducted to identify and address vulnerabilities.

8. Retention of Personal Information Personal data is retained for as long as necessary for the purposes outlined in this policy or as required by law. Once no longer needed, personal information will be securely deleted or anonymized.

9. Data Subject Rights Individuals whose personal information is collected have the following rights:

Access: Request access to the personal data held by Josam Group.
Correction: Request corrections to inaccurate or incomplete personal information.
Deletion: Request deletion of personal data, subject to legal and contractual obligations.
Objection: Object to the processing of their personal information in specific circumstances.

10. Employee Responsibilities Employees are responsible for:

Following the company’s IT security policies and procedures.
Reporting any breaches or potential threats to the IT department immediately.
Respecting the privacy of colleagues, clients, and third parties by ensuring personal data is handled confidentially.

11. Data Breaches In the event of a data breach, Josam Group will:

Take immediate action to contain and mitigate the breach.
Notify affected individuals and the relevant data protection authorities where required.
Conduct an investigation to identify the cause and implement corrective actions to prevent future breaches.

12. Changes to the Policy This policy may be updated periodically to reflect changes in our practices or applicable laws. Employees and clients will be notified of any significant changes through appropriate communication channels.

13. Contact Information If you have any questions or concerns about this privacy policy or your personal data, please contact us at: