Our Store

Coming Soon! We're excited to share that our online store is currently under development and will launch very soon. In the meantime, please feel free to reach out to us with any questions or inquiries. We'd love to hear from you!

Contact Us

Color Switcher

Theme Color

Secondary Color

imgJoin our team, work with us!

Donate

Youth and urbanism Privacy Policy

  • Home
  • Our Privacy Policy
Data Protection & Privacy

Youth and Urbanism Privacy Policy

We are committed to protecting your personal data in full compliance with the Data Protection Act, 2019 (DPA) of Kenya and respecting your rights as a data subject. This comprehensive privacy policy outlines how we collect, use, disclose, store, and protect your personal information.

1. Introduction

Youth and Urbanism ("we," "us," or "our") is a non-profit organization based in Kenya, dedicated to empowering youth in urban environments through education, advocacy, community development, and sustainable urbanism initiatives. We are committed to protecting the privacy and personal data of our beneficiaries, donors, volunteers, partners, and website visitors in full compliance with the Data Protection Act, 2019 (DPA) of Kenya, the Constitution of Kenya (Article 31), and relevant regulations issued by the Office of the Data Protection Commissioner (ODPC).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data. It also outlines your rights as a data subject. By engaging with our programs, services, website, events, or communications, you acknowledge that you have read and understood this policy.

If you are under 18 years old, please review this policy with a parent or guardian, as we require their consent for processing your data in certain cases.

2. Scope and Application

This policy applies to all personal data processed by Youth and Urbanism as a data controller or processor. Personal data means any information relating to an identified or identifiable individual, such as your name, contact details, or other identifiers.

Our Data Protection Principles

We process data in accordance with the DPA's principles:

  • Lawfulness, fairness, and transparency: Processing is lawful, fair, and transparent to the data subject
  • Purpose limitation: Data is collected for specified, explicit, and legitimate purposes
  • Data minimization: Data is adequate, relevant, and limited to what is necessary
  • Accuracy: Data is accurate and kept up to date
  • Storage limitation: Data is kept in a form that permits identification for no longer than necessary
  • Integrity and confidentiality: Data is processed in a manner that ensures appropriate security
  • Accountability: We are responsible for and can demonstrate compliance with these principles

We are registered with the ODPC as required under the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021, where applicable thresholds are met.

3. Types of Data We Collect

We collect only the personal data necessary for our non-profit activities. Categories include:

Data Categories

Data Type Description Examples
Identification Data Basic personal information for verification Name, age, gender, date of birth, national ID or passport number
Contact Data Communication details Email address, phone number, postal address
Demographic Data Background information for program targeting Location, education level, employment status
Financial Data Payment and donation information Bank details, payment information (processed securely via third-party providers)
Sensitive Data Special category data (with explicit consent) Health information, ethnic origin, religious beliefs
Digital Data Website usage information IP address, browser type, device information
Program-Specific Data Event and program participation Photos, videos, testimonials (with consent)
Children's Data Youth under 18 (with parental consent) Essential information for participation

We do not collect data on political opinions, trade union membership, or genetic/biometric data unless strictly required and with enhanced protections.

4. How We Collect Your Data

We collect data through various channels to ensure we can effectively serve our community:

Collection Methods

  • Direct interactions: Forms on our website, registration for events/workshops, donation submissions, volunteer applications, or surveys
  • Automated technologies: Cookies, analytics tools (e.g., Google Analytics) on our website to track usage
  • Third parties: Partners (e.g., schools or community organizations) with your consent, or publicly available sources
  • Events and programs: In-person sign-ups or online platforms

We always inform you at the point of collection about the purpose and obtain consent where required.

5. Purposes and Legal Basis for Processing

We process data only for specified, explicit, and legitimate purposes, and not further in incompatible ways. Legal bases under the DPA include:

Legal Bases for Processing

  • Consent: For newsletters, marketing, or sensitive data (you can withdraw consent anytime)
  • Contractual Necessity: To fulfill program participation or volunteer agreements
  • Legitimate Interests: For internal operations, fraud prevention, or improving services (balanced against your rights)
  • Legal Obligation: Compliance with Kenyan laws, e.g., reporting to authorities
  • Public Interest: Advancing youth empowerment and urbanism goals as a non-profit

Specific Processing Purposes

  • Administering programs, events, and services for youth in urban areas
  • Processing donations and issuing receipts
  • Communicating updates, newsletters, or impact reports
  • Evaluating program effectiveness through anonymized analytics
  • Ensuring safety and security (e.g., background checks for volunteers working with youth)

We retain data only as long as necessary: up to 5 years for program records, or longer if required by law (e.g., financial audits). Data is securely deleted or anonymized thereafter.

6. Sharing and Disclosure of Your Data

We do not sell, rent, or trade your data. We share it only when necessary:

Data Sharing Partners

Partner Type Purpose Legal Basis
Service Providers Email platforms, payment processors Contractual necessity, legitimate interests
Partners/Collaborators Joint programs with other NGOs Consent, public interest
Regulatory Bodies Compliance with Kenyan laws Legal obligation
Emergency Situations Protecting vital interests Legal obligation

International transfers (e.g., to cloud services outside Kenya) occur only with adequate safeguards, such as ODPC-approved mechanisms or contractual clauses ensuring DPA-equivalent protection.

7. Data Security

We implement robust measures to protect data from unauthorized access, loss, or breach:

Security Measures

  • Technical: Encryption, firewalls, secure servers
  • Organizational: Access controls (need-to-know basis), staff training on data protection
  • Physical: Locked offices and secure storage for paper records

In case of a breach, we notify the ODPC within 72 hours and affected individuals if there's a high risk, per DPA requirements. We conduct regular Data Protection Impact Assessments (DPIAs) for high-risk processing, especially involving youth data.

8. Your Rights as a Data Subject

Under the DPA, you have rights including:

Your Data Protection Rights

Right Description How to Exercise
Access Request a copy of your data Contact our Data Protection Officer
Rectification Correct inaccurate data Contact our Data Protection Officer
Erasure Delete data where no longer needed Contact our Data Protection Officer
Restriction Limit processing in certain cases Contact our Data Protection Officer
Objection Oppose processing based on legitimate interests Contact our Data Protection Officer
Portability Receive data in a structured format Contact our Data Protection Officer
Withdraw Consent At any time, without affecting prior processing Contact our Data Protection Officer
Not to be Subject to Automated Decisions If impacting you significantly Contact our Data Protection Officer

For children's data, parents/guardians exercise these rights. To exercise rights, contact our Data Protection Officer (details in Section 12). We respond within 30 days, free of charge (unless requests are excessive).

You can complain to the ODPC if unsatisfied: Office of the Data Protection Commissioner, P.O. Box 30924-00100, Nairobi, Kenya; Email: info@odpc.go.ke.

9. Special Considerations for Youth and Children's Data

As a youth-focused organization, we prioritize protecting minors:

Youth Data Protection Measures

  • Data for those under 18 is processed only with verifiable parental/guardian consent
  • We minimize collection and use child-friendly language in notices
  • No targeted advertising to children
  • Enhanced security for sensitive youth data (e.g., health in programs)
  • Staff/volunteers undergo training on child data protection best practices

10. Cookies and Tracking Technologies

Our website uses cookies for functionality and analytics:

Cookie Categories

  • Essential cookies: For site operation
  • Analytics cookies: To understand usage (anonymous)

You can manage preferences via browser settings or our cookie banner. See our Cookie Policy for details.

We comply with DPA requirements for consent on non-essential cookies.

11. Changes to This Policy

We review this policy annually or as needed. Changes are effective upon posting. Continued engagement implies acceptance.

Policy Updates

  • Annual review process
  • Updates posted on our website
  • Significant changes communicated via email or prominent notices

12. Contact Us

For questions or to exercise rights, contact our Data Protection Officer:

Contact Information

  • Email: privacy@youthandurbanism.org
  • Address: Youth and Urbanism, P.O. Box [Insert Box Number], Nairobi, Kenya
  • Phone: [Insert Phone Number]

This policy draws inspiration from best practices of major non-profits like UNICEF and APHRC, adapted to Kenyan law.


Get in Touch

Your email address will not be published. Required fields are marked