Privacy Policy for IPASS ACCESS
At IPASS ACCESS, we are committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and store your personal data when you use our Solution/App (the "Services") and the choices you have associated with your data.
1. What this Policy Covers
This Policy applies to anyone who uses our Services, including our website ("Website") and mobile applications ("Apps"). By using our Services, you consent to the collection, use, and disclosure of your personal data as described in this Policy.
2. Why We Collect Data
We collect personal data to provide, improve, and secure our Services. This includes:
” Managing Access Control.”: We process your data to manage your account, access requests, and guest access. *(Legal Basis: Contractual Obligations, Legitimate Interests)
-.” Security.”: We process your data to prevent unauthorized access to IPASS ACCESS-Controlled Premises. This may include Automatic Number Plate Recognition (ANPR). *(Legal Basis: Contractual Obligations, Legitimate Interests)
” Customer Support.”: We use your data to respond to your inquiries and improve our Services. (Legal Basis: Legitimate Interests)
3. Data We Collect
We collect various data depending on how you interact with our Services. Here are some examples:
” Identity Data.”: Name, ID details, photo (captured for access control)
” Contact Data.”: Email address, phone number
” Access Data.”: Access granted/received, access logs (including name, ID number)
” Technical Data.”: Device information, IP address, browsing activity on our Website/Apps
” User Data.”: Information about your use of the Services, feedback, surveys
4. How We Collect Data
We collect data through various methods, including:
- When you register for our Services
- When you use our Apps/System
- When you browse our Website
- When you contact us or we contact you
- When you visit an IPASS ACCESS-Controlled Premise
- From other sources, such as building management or access invites
5. Sharing Your Data
We share your data with third parties only under certain circumstances:
” Service Providers.”: We share data with companies that help us operate our Services, such as cloud storage providers.
” Legal Requirements.”: We may disclose your data if required by law or to protect our legal rights.
” Business Transfers.”: We may share your data in connection with a merger, acquisition, or other business transaction.
We require all third parties to keep your data secure and use it only for the purposes we have authorized.
6. Your Data Protection Rights
You have several rights regarding your personal data:
” Access.”: You have the right to request a copy of your personal data.
” Correction.”: You have the right to correct any inaccurate or incomplete data.
” Objection.”: You can object to how we use your data, including for direct marketing.
” Restriction.”: You can restrict our use of your data in certain situations.
” Deletion.”: You can request that we delete your data, subject to certain exceptions.
To exercise any of these rights, please contact us at compliance@ipass.tech.
7. Security Measures
We take steps to protect your data from unauthorized access, use, or disclosure. These measures include encryption, firewalls, and access controls.
8. Data Transfers
If we transfer your data outside of Kenya, we ensure that adequate safeguards are in place to protect your data. This includes using data protection agreements and ensuring that third parties comply with applicable data protection laws.
9. Age Restrictions and Parental Consent
We do not knowingly collect personal data from children under the age of 18 without parental consent. If you are under 18, please do not provide any personal data without parental consent. If we become aware that we have collected personal data from a child under 18 without parental consent, we will delete it.
10. Data Retention
We retain your data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. When we no longer need your data, we will securely delete or anonymize it.
11. Principles of Data Protection
We adhere to the following data protection principles:
” Right to Privacy.”: Personal data is processed in accordance with the right to privacy of the data subject.
” Lawfulness, Fairness, and Transparency.”: Data is processed lawfully, fairly, and in a transparent manner.
” Purpose Limitation.”: Data is collected for explicit, specified, and legitimate purposes and not further processed in a manner incompatible with those purposes.
” Data Minimization.”: Data is adequate, relevant, and limited to what is necessary.
” Accuracy.”: Data is accurate and kept up to date, with inaccuracies corrected without delay.
” Storage Limitation.”: Data is kept in a form which identifies data subjects for no longer than necessary.
” Integrity and Confidentiality.”: Data is processed in a manner that ensures its security.
” Transfers.”: Data is not transferred outside Kenya without adequate data protection safeguards or consent.
12. Applicable Laws
This Policy is governed by the laws of Kenya, including the Data Protection Act, 2019. If we collect data from citizens in the EU, we comply with the GDPR.
13. Changes to this Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through our Services or by other means.
Contact Us
If you have any questions about this Privacy Policy, please contact us at compliance@ipass.tech.