Privacy Notice

This Privacy Notice explains how CSAV Foundation (Netherlands) (“CSAV”, “we”, “us”) processes personal data in connection with our website and related services. We comply with the Kenya Data Protection Act (2019) and the EU GDPR.

1. Data We Collect

• Contact information you submit via forms: name, email address, and telephone number.
• Operational data generated by site usage: device, browser type, and timestamps.

2. Purpose & Legal Basis

• Respond to enquiries and manage partnership discussions (legitimate interests / consent).
• Operate, secure, and improve the website (legitimate interests).

3. Storage, Security & Retention

• Encryption at rest: All PII collected through contact forms is encrypted at rest.
• Access control: Role-based access and audit logging are used to protect data.
• Retention: Contact enquiries are retained only as long as necessary to respond and document communications, then securely deleted or anonymised.

4. Sharing & Transfers

• We do not sell personal data.
• We may share limited data with service providers under contract (e.g., hosting, email) and, where appropriate, with national regulators under formal agreements.
• Where data is transferred across borders (e.g., EU–Kenya), we implement appropriate safeguards consistent with KDPA and GDPR.

5. Your Rights

You may request access, correction, deletion, or restriction of your personal data, and you may withdraw consent where processing is based on consent.

6. Contact

For privacy requests or questions, contact our Data Protection Officer (DPO) at privacy@csav.africa.

We may update this Notice to reflect legal or operational changes. Material updates will be indicated by the “Last updated” date.