Privacy Policy

At Elearn Training Institute, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, visit our website, or interact with us in any way.

This policy is designed to comply with Kenya's Data Protection Act, 2019, and other applicable laws and regulations. By using our services, you consent to the collection and use of your information as described in this policy.

Our commitment to data protection extends beyond legal compliance. We believe that protecting your privacy is fundamental to building trust and maintaining the highest standards of professional service in the education sector. This policy reflects our dedication to transparency, accountability, and respect for your fundamental rights.

We regularly review and update this policy to ensure it remains current with evolving privacy laws, technological advances, and best practices in data protection. Your continued use of our services after any changes indicates your acceptance of the updated policy.

2.1 Personal Information

We may collect the following types of personal information:

• Identity Information: Full name, date of birth, national ID number, passport number, gender, marital status, and emergency contact details
• Contact Information: Email address, phone number (mobile and landline), physical address (current and permanent), postal code, and alternative contact methods
• Educational Information: Academic records, qualifications, course preferences, learning objectives, previous educational institutions, transcripts, certificates, and academic achievements
• Financial Information: Payment details, fee records, scholarship information, bank account details, credit card information, payment history, and financial aid applications
• Technical Information: IP address, browser type, device information, cookies, session data, website usage patterns, and online learning platform interactions
• Professional Information: Employment history, current employer, job title, work experience, professional certifications, and career goals

2.2 Sensitive Personal Information

In certain circumstances, we may collect sensitive personal information including:

• Health Information: Medical conditions, disabilities, accessibility requirements, emergency medical contacts, and health insurance details for accommodation purposes
• Religious Beliefs: Religious affiliations, cultural considerations, dietary restrictions, and accommodation needs for religious observances
• Biometric Data: Fingerprints, facial recognition data, and other biometric identifiers for identification and security purposes
• Family Information: Parental consent forms, guardian details, family income information, and dependency status for financial aid purposes

2.3 Automated Information Collection

We also collect information automatically through various technologies:

• Cookies and Similar Technologies: Session cookies, persistent cookies, and tracking technologies to enhance user experience and analyze website performance
• Log Files: Server logs, access logs, error logs, and performance metrics to monitor system health and security
• Device Fingerprinting: Device characteristics, operating system information, and browser configurations for security and compatibility purposes

3.1 Primary Educational Purposes

We use your personal information primarily for educational and administrative purposes:

• Academic Services: Course registration, academic advising, progress tracking, grade management, and certificate issuance
• Student Support: Counseling services, career guidance, accommodation arrangements, and disability support services
• Communication: Course updates, academic announcements, emergency notifications, and administrative communications
• Financial Management: Fee collection, payment processing, scholarship administration, and financial aid distribution

3.2 Administrative and Operational Purposes

Your information also supports our institutional operations:

• Institutional Planning: Curriculum development, resource allocation, capacity planning, and strategic decision-making
• Quality Assurance: Program evaluation, accreditation compliance, performance monitoring, and continuous improvement initiatives
• Security and Safety: Campus security, emergency response, incident investigation, and risk management
• Legal Compliance: Regulatory reporting, audit requirements, legal proceedings, and government compliance obligations

3.3 Research and Development

We may use anonymized and aggregated data for:

• Educational Research: Learning outcome analysis, teaching methodology improvement, and educational technology development
• Institutional Research: Student success metrics, program effectiveness studies, and institutional performance analysis
• Industry Collaboration: Partnership development, industry trend analysis, and workforce development initiatives

4.1 Compliance with Kenya's Data Protection Act, 2019

Our processing of your personal information is based on the following legal grounds as outlined in Kenya's Data Protection Act, 2019:

• Contract Performance: Processing necessary for the performance of educational services contract between you and our institution
• Legal Obligation: Processing required to comply with applicable laws, regulations, and government requirements
• Legitimate Interest: Processing necessary for our legitimate interests in providing quality education and institutional management
• Consent: Processing based on your explicit consent for specific purposes such as marketing communications
• Vital Interest: Processing necessary to protect your vital interests in emergency situations
• Public Interest: Processing necessary for the performance of tasks carried out in the public interest

4.2 Specific Legal Requirements

We process sensitive personal information under specific legal bases:

• Employment and Social Security: Processing necessary for employment law compliance and social security purposes
• Health and Safety: Processing necessary for occupational health and safety requirements
• Equal Opportunity: Processing necessary for equal opportunity monitoring and compliance
• Legal Claims: Processing necessary for the establishment, exercise, or defense of legal claims

4.3 Consent Management

Where we rely on consent as a legal basis:

• We obtain explicit, informed, and freely given consent
• You have the right to withdraw consent at any time
• Withdrawal of consent does not affect the lawfulness of processing before withdrawal
• We maintain records of consent for audit and compliance purposes

5.1 Internal Sharing

Within our institution, your information may be shared among:

• Academic Staff: Faculty members, instructors, and academic advisors for educational purposes
• Administrative Staff: Registration officers, financial aid staff, and student services personnel
• Support Services: IT support, library staff, and facilities management for service delivery
• Management: Department heads, deans, and senior administrators for institutional oversight

5.2 External Sharing

We may share your information with external parties in the following circumstances:

• Regulatory Bodies: Government agencies, accreditation bodies, and regulatory authorities as required by law
• Educational Partners: Partner institutions, exchange programs, and collaborative initiatives with your consent
• Service Providers: Technology vendors, payment processors, and third-party service providers under strict confidentiality agreements
• Legal Requirements: Law enforcement, courts, and legal proceedings when required by law or court order

5.3 Data Transfer Safeguards

When sharing information with external parties, we implement appropriate safeguards:

• Data Processing Agreements: Contractual obligations for data protection and security
• Confidentiality Clauses: Legal commitments to maintain information confidentiality
• Access Controls: Limited access to only necessary information for specific purposes
• Audit Rights: Our right to audit external party compliance with data protection requirements

6.1 Technical Security Measures

We implement comprehensive technical security measures to protect your information:

• Encryption: End-to-end encryption for data transmission, database encryption at rest, and secure communication protocols
• Access Controls: Multi-factor authentication, role-based access controls, and privileged access management
• Network Security: Firewalls, intrusion detection systems, and secure network architecture
• Endpoint Protection: Antivirus software, device encryption, and mobile device management

6.2 Administrative Security Measures

Our administrative security practices include:

• Staff Training: Regular data protection training, security awareness programs, and policy compliance education
• Incident Response: Security incident response procedures, breach notification protocols, and recovery plans
• Vendor Management: Security assessments of third-party vendors, contract requirements, and ongoing monitoring
• Physical Security: Secure facilities, access controls, and environmental controls for data centers

6.3 Security Monitoring and Testing

We continuously monitor and test our security measures:

• Security Audits: Regular internal and external security assessments and penetration testing
• Vulnerability Management: Continuous vulnerability scanning, patch management, and security updates
• Log Monitoring: Real-time monitoring of security events, anomaly detection, and threat intelligence
• Compliance Monitoring: Regular compliance assessments and regulatory requirement reviews

7.1 Retention Periods

We retain your personal information for specific periods based on:

• Legal Requirements: Statutory retention periods for educational records, financial documents, and regulatory compliance
• Business Needs: Operational requirements, service delivery, and institutional continuity
• Contract Terms: Duration of educational services and post-graduation support periods
• Historical Value: Institutional memory, accreditation requirements, and research purposes

7.2 Specific Retention Schedules

Our retention schedules include:

• Academic Records: Permanent retention for degree verification and institutional history
• Financial Records: 7 years for tax compliance and audit purposes
• Student Services Records: 5 years after graduation or last enrollment
• Marketing Communications: 2 years from last interaction or until consent withdrawal
• Website Analytics: 3 years for trend analysis and service improvement

7.3 Secure Disposal

When information is no longer needed, we ensure secure disposal:

• Digital Destruction: Secure deletion, overwriting, and physical destruction of storage media
• Paper Records: Secure shredding, incineration, and certified destruction services
• Third-Party Disposal: Certified disposal services with documentation and verification
• Disposal Records: Documentation of disposal activities for audit and compliance purposes

8.1 Right to Information

You have the right to be informed about:

• Data Collection: What personal information we collect and why we collect it
• Data Processing: How we use your information and the legal basis for processing
• Data Sharing: Who we share your information with and under what circumstances
• Data Retention: How long we keep your information and when it will be disposed of

8.2 Right to Access

You have the right to access your personal information:

• Information Request: Request a copy of all personal information we hold about you
• Processing Details: Information about how and why we process your data
• Third-Party Sharing: Details of any third parties with whom we share your information
• Data Sources: Information about the sources of your personal data

8.3 Right to Rectification

You have the right to correct inaccurate or incomplete information:

• Data Accuracy: Request correction of factual errors in your personal information
• Data Completeness: Request addition of missing information that is relevant and necessary
• Verification Process: We may require verification of corrected information
• Third-Party Notification: We will notify relevant third parties of corrections when appropriate

8.4 Right to Erasure

You have the right to request deletion of your personal information in certain circumstances:

• Legal Grounds: When data is no longer necessary, consent is withdrawn, or processing is unlawful
• Exceptions: When retention is required for legal, regulatory, or contractual obligations
• Impact Assessment: We will assess the impact of deletion on our services and legal obligations
• Partial Deletion: We may delete specific information while retaining other necessary data

8.5 Right to Restrict Processing

You have the right to limit how we process your information:

• Processing Limitations: Restrict processing while accuracy is verified or objections are resolved
• Service Impact: Understand how restrictions may affect our ability to provide services
• Temporary Measures: Restrictions may be temporary while issues are resolved
• Legal Compliance: We will comply with restrictions while maintaining legal obligations

8.6 Right to Data Portability

You have the right to receive your data in a portable format:

• Structured Format: Receive your data in a commonly used, machine-readable format
• Direct Transfer: Request direct transfer to another data controller when technically feasible
• Format Options: We will provide data in formats such as CSV, JSON, or XML
• Scope Limitations: Portability applies to data provided by you or processed with your consent

8.7 Right to Object

You have the right to object to certain types of processing:

• Direct Marketing: Object to processing for direct marketing purposes
• Legitimate Interests: Object to processing based on legitimate interests
• Scientific Research: Object to processing for research purposes
• Automated Decision-Making: Object to automated processing that affects your rights

8.8 Right to Withdraw Consent

When processing is based on consent, you have the right to withdraw it:

• Consent Withdrawal: Withdraw consent at any time without affecting previous processing
• Service Impact: Understand how withdrawal may affect our ability to provide services
• Alternative Bases: We will identify alternative legal bases for processing when possible
• Easy Withdrawal: We provide simple and accessible methods for consent withdrawal

9.1 Types of Cookies We Use

We use various types of cookies and tracking technologies:

• Essential Cookies: Necessary for website functionality, security, and basic user experience
• Functional Cookies: Enhance user experience by remembering preferences and settings
• Analytics Cookies: Help us understand how visitors use our website and improve our services
• Marketing Cookies: Track user behavior for targeted advertising and marketing purposes

9.2 Cookie Management

You can control cookies through various methods:

• Browser Settings: Configure your browser to accept, reject, or delete cookies
• Cookie Consent: Use our cookie consent management system to control preferences
• Third-Party Opt-Out: Opt out of third-party tracking and advertising cookies
• Mobile Device Settings: Configure cookie settings on mobile devices and applications

9.3 Third-Party Tracking

We may use third-party services that use tracking technologies:

• Analytics Services: Google Analytics, Facebook Pixel, and other analytics platforms
• Advertising Networks: Social media advertising and display advertising networks
• Social Media Platforms: Social media integration and sharing features
• Payment Processors: Secure payment processing and fraud prevention services

10.1 Transfer Scenarios

Your personal information may be transferred internationally in the following circumstances:

• Cloud Services: Data stored in cloud infrastructure located in different countries
• Service Providers: Third-party services that operate globally or in specific regions
• Educational Partnerships: International exchange programs and collaborative initiatives
• Regulatory Requirements: Compliance with international regulations and reporting requirements

10.2 Transfer Safeguards

We implement appropriate safeguards for international transfers:

• Adequacy Decisions: Transfers to countries with adequate data protection standards
• Standard Contractual Clauses: EU-approved contractual clauses for data protection
• Binding Corporate Rules: Internal policies for multinational organizations
• Certification Schemes: Industry-recognized data protection certifications

10.3 Transfer Impact Assessments

Before international transfers, we conduct impact assessments:

• Risk Assessment: Evaluation of data protection risks in destination countries
• Legal Analysis: Review of applicable laws and regulations in destination countries
• Technical Measures: Assessment of technical and organizational security measures
• Ongoing Monitoring: Continuous monitoring of transfer risks and compliance

11.1 Age Verification

We take special care to protect the privacy of children and young people:

• Age Thresholds: Special protections for individuals under 18 years of age
• Verification Processes: Age verification procedures for online services and registrations
• Parental Consent: Parental or guardian consent requirements for minors
• Educational Context: Special considerations for educational services provided to minors

11.2 Parental Rights

Parents and guardians have specific rights regarding their children's information:

• Access Rights: Right to access their child's personal information
• Consent Management: Right to provide or withdraw consent for data processing
• Deletion Requests: Right to request deletion of their child's information
• Information Updates: Right to update or correct their child's information

11.3 Special Protections

We implement additional protections for children's data:

• Limited Collection: Collection of only necessary information for educational purposes
• Enhanced Security: Additional security measures for children's data
• Monitoring and Oversight: Regular review of children's data processing activities
• Staff Training: Specialized training for staff handling children's information

12.1 Update Process

We may update this Privacy Policy from time to time to reflect:

• Legal Changes: Updates to applicable laws, regulations, and compliance requirements
• Technology Changes: Advances in technology, new services, and improved security measures
• Business Changes: Organizational changes, new partnerships, and service expansions
• User Feedback: Improvements based on user experience and feedback

12.2 Notification Methods

When we make changes, we will notify you through:

• Website Updates: Prominent posting of updated policy on our website
• Direct Communication: Email notifications for significant changes affecting your rights
• Service Notifications: In-app or platform notifications for policy updates
• Social Media: Announcements through our social media channels

12.3 Consent for Material Changes

For material changes that affect your rights:

• Explicit Consent: We will obtain your explicit consent when required by law
• Opt-Out Options: Provide options to opt out of new processing activities
• Grace Periods: Reasonable time periods to review and respond to changes
• Alternative Arrangements: Work with you to find alternative solutions when possible

13.1 Internal Complaint Process

If you have concerns about how we handle your personal information, we encourage you to contact us first:

• Initial Contact: Reach out to our Data Management Officer with detailed information about your concern
• Investigation Process: We will investigate your concerns thoroughly and respond promptly
• Resolution Timeline: We aim to resolve complaints within 30 days of receipt
• Escalation Process: If not resolved, complaints may be escalated to senior management

13.2 External Complaint Options

If you are not satisfied with our response, you have the right to lodge a complaint with:

• Office of the Data Protection Commissioner (ODPC): Kenya's independent data protection authority
• Alternative Dispute Resolution: Mediation services and alternative dispute resolution mechanisms
• Legal Proceedings: Court proceedings for data protection violations
• Industry Ombudsman: Relevant industry-specific complaint resolution bodies

13.3 ODPC Complaint Process

To lodge a complaint with the ODPC:

• Complaint Submission: Submit complaints through ODPC's official channels
• Required Information: Provide detailed information about the alleged violation
• Investigation Process: ODPC will investigate and may request additional information
• Resolution Options: ODPC may mediate, issue recommendations, or take enforcement action