Edge by Citrus Privacy Policy
Effective Date: January 11th, 2025.
Last Updated: February 17th, 2025.
This Privacy Policy outlines how "Edge by Citrus" collects, uses, stores, and protects your personal data in compliance with Kenya's Data Protection Act, No. 24 of 2019 (and any subsequent amendments) as of 2025. This document applies to all users of our SaaS webapp.
1. Data Collection and Use
Types of Data Collected:
- Personal Identification Data: Name, email address, contact information, billing details, and account credentials.
- Usage Data: Log files, IP addresses, device information, browser type, and interaction data.
- Transactional Data: Payment details and service usage metrics.
Purposes for Collection:
- To register and manage user accounts.
- To process transactions and deliver our services.
- To communicate updates, support, and notifications.
- To analyze and improve service performance and user experience.
- To comply with legal and regulatory obligations.
2. Legal Basis for Processing
Consent:
Users explicitly provide consent during the registration or through designated opt-in mechanisms.
Contractual Necessity:
Processing is essential for fulfilling our service agreements and executing user contracts.
Legal Obligations:
We process data to comply with legal and regulatory requirements under the Data Protection Act.
Legitimate Interests:
Data is processed to ensure the security, integrity, and continuous improvement of "Edge by Citrus."
3. Data Subjects' Rights
Right of Access:
Users can request a copy of their personal data held by us.
Right to Correction:
Users may request updates or corrections to inaccurate or incomplete data.
Right to Deletion:
Users can request deletion of their personal data, subject to legal retention obligations.
Right to Data Portability:
Users may request their data in a structured, commonly used, and machine-readable format.
Right to Object or Restrict Processing:
Users may object to or request limitations on specific processing activities.
To exercise these rights, contact our Data Protection Officer (see Section 9). We commit to addressing all requests in accordance with applicable laws.
4. Data Security
Protection Measures:
- Encryption: Data is encrypted in transit and at rest.
- Access Controls: Role-based access and multi-factor authentication protect against unauthorized access.
- Regular Assessments: Routine vulnerability assessments and audits ensure system integrity.
- Incident Management: A robust incident response protocol is in place to address any breaches.
These measures ensure the confidentiality, integrity, and availability of your personal data.
5. Data Sharing and Transfers
Third-Party Sharing:
Personal data is shared only with trusted partners who support service delivery, subject to strict data protection agreements.
Cross-Border Transfers:
Any international transfers of personal data are conducted under adequate safeguards, such as approved contractual clauses, ensuring compliance with Kenyan law.
Legal Disclosures:
Data may be disclosed when required by law or in response to lawful requests by public authorities.
7. Retention Periods
Data Retention:
Personal data is retained only for as long as necessary to fulfill the purposes outlined or as mandated by legal obligations.
Criteria:
Retention periods are determined by the type of data, the purpose for which it was collected, and any statutory requirements. Data that is no longer needed is securely deleted or anonymized.
8. User Consent
Obtaining Consent:
Consent is obtained through clear, affirmative actions (e.g., opt-in forms) at the point of data collection.
Recording Consent:
All consents are logged and stored securely to ensure accountability.
Withdrawal of Consent:
Users can withdraw consent at any time by contacting us or adjusting account settings. Withdrawing consent will not affect the lawfulness of any processing conducted prior to its withdrawal.
9. Contact Information
For any inquiries, requests, or complaints regarding data protection practices, please contact our Data Protection Officer:
10. Changes to the Privacy Policy
Policy Updates:
We reserve the right to modify this Privacy Policy as required by law or to improve our practices.
Notification Process:
Significant changes will be communicated via email and in-app notifications. The updated Privacy Policy will be posted on our website with a new effective date.
Continued Use:
Continued use of "Edge by Citrus" after updates indicates acceptance of the revised Privacy Policy.
By using "Edge by Citrus," you acknowledge that you have read and understood this Privacy Policy and agree to its terms. For further clarity or concerns, please reach out using the contact information provided above.