Privacy Policy

OVERVIEW

1. INTRODUCTION

1.1 www.africansinaviation.com is a subscription-based website that grants subscribers access to exclusive aviation related content. The website is operated and managed by AfroAero Ventures Ltd, a company duly incorporated in the Republic of Kenya.

1.2 In order to access the exclusive aviation related content, you are required to pay an annual or monthly subscription.

1.3 Subscribers are required to provide us with personal data including their name, profession, email address and/or mobile number, location and debit/credit card details in order to create a profile.

1.4 At AfroAero Ventures Ltd, we recognize the importance of safeguarding the privacy and confidentiality of personal data entrusted to us.

1.5 This Data Privacy Policy outlines our commitment to protecting personal data in compliance with relevant laws and regulations.

2. KEY DEFINITIONS

2.1 The definitions in this clause apply in this Policy.

Applicable Law: means any laws that are applicable to Personal Data and Sensitive Personal Data in Kenya and includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation; any binding court order, judgement or ruling; any applicable industry code, policy or standard enforceable by law; or any applicable direction, policy or order that is given by any regulator or competent authority in Kenya;

Child: means any natural person under the age of eighteen (18) years; Consent: means any express, unequivocal, free, specific and informed indication of the Data Subject's wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to the Data Subject

Data Breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data under the control of or in the possession of AfroAero Ventures Ltd.

Data Subject: means any identified or identifiable natural person to whom Personal Data relates; Direct Marketing: means to approach a person, by electronic communication, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to them;

Employee: means any employee of AfroAero Ventures Ltd;

Personal Data: means any information relating to an identified or identifiable natural person;

Policy: means this Data Privacy Policy;

Sensitive Personal Data: means any data revealing the natural person's race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person's children, parents, spouse or spouses, sex or the sexual orientation of the data subject;

Services: means the provision of exclusive aviation related content on www.africansinaviation.com and any other services as shall be determined by AfroAero Ventures Ltd from time to time;

Third Party: means any independent contractor, agent, consultant, sub-contractor or any other authorised representative of AfroAero Ventures Ltd;

We or Us: means AfroAero Ventures Ltd.

Website: means www.africansinaviation.com

3. PURPOSE AND SCOPE OF THE POLICY

3.1 Purpose: The purpose of this Policy is to inform subscribers of www.africansinaviation.com , on how we process your Personal Data and Sensitive Personal Data by, inter alia, collecting or collating, receiving, recording, storing, updating, distributing, erasing or destroying, disclosing and/or generally using your Personal Data and Sensitive Personal Data.

3.2 Scope:

The scope of our Data Privacy Policy includes, but is not limited to all personal data collected, processed, stored, or shared by us in the course of our activities, including data related to our employees, volunteers, and other stakeholders.

4. APPLICABILITY OF THE POLICY

4.1 This policy is applicable to but not limited to:

(a) our employees;

(b) our volunteers

(c) our stakeholders;

(d) our suppliers, contractors, consultants and service providers; and

(e) any other third party interacting with us.

4.2 We shall strive to observe, and comply with our obligations under the Data Protection Act, CAP 411C, laws of Kenya, the regulations under it and this Policy when we process your Personal Data.

4.3 This Policy applies to Personal Data and Sensitive Personal Data processed by us:

a) in connection with the Services which we offer and provide;

b) offline through our Direct Marketing campaigns (save for Sensitive Personal Data which is not collected for this purpose);

c) online through our website, branded pages on Third Party platforms and applications accessed or used through such websites or Third-Party platforms which are operated by or on our behalf.

4.4 This Privacy Policy does not apply to the information practices of Third Parties (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that we do not manage or employ. These Third-Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using those Third-Party sites.

5. DATA COLLECTION AND PROCESSING

5.1 We will only collect personal data directly from you for specified and lawful purposes, such as subscription ship management, payment processing, and communication with stakeholders, unless an exception is provided for under any Applicable Law (such as, where the you have made the Personal Data or the said Data is contained in or derived from a public record).

5.2 Personal data will be collected directly from you whenever possible, and consent will be obtained where required by law.

5.3 We will collect Personal Data in a fair, lawful and reasonable manner to ensure that your privacy is protected and will process your Personal Data based on any available lawful grounds in a manner that does not adversely affect you.

5.4 Should we need to obtain your Personal Data from Third Parties, we will ensure that we obtain your consent.

6. NOTIFYING DATA SUBJECTS

6.1 We will inform you of the fact that we are processing your Personal Data and the specific purpose for which we will be processing such Personal Data, including making you aware of any Third-Party recipients of the Personal Data (which may also include cross-border transfers of Personal Data).

6.2 We will not use your Personal Data and Sensitive Personal Data for any purpose other than the purposes set out under this Policy without your Consent, unless we are permitted or required to do so by law.

7. RIGHTS OF DATA SUBJECTS

7.1 You shall have the following rights:

a) the right to be informed of the use of your Personal Data;

b) the right to access your Personal Data and Sensitive Personal Data which is in our custody;

c) the right to have any false or misleading Personal Data and Sensitive Personal Data about you corrected or deleted;

d) the right to object to the processing of all or part of your Personal Data and Sensitive Personal Data about you.

7.2 You may exercise any of the above-mentioned rights by submitting a request to us in writing either by email at the following email address: info@africansinaviation.com or by post under the following address: P.O. Box 46036-00100, Nairobi in the Republic of Kenya.

8. LAWFUL PROCESSING OF PERSONAL DATA

8.1 We will only Process your Personal Data where we have a lawful ground for doing so including where –

a) your Consent is obtained;

b) processing is necessary to enable us to render Services to you;

c) processing is necessary for complying with an obligation imposed by law on us;

d) processing is necessary for the protection of your vital interests; or

e) processing is necessary for pursuing the legitimate interests of AfroAero Ventures Ltd or of a Third Party to whom the information is supplied.

8.2 Where we are relying on your Consent as the legal basis for processing Personal Data, you may withdraw the Consent at any time but such withdrawal shall not affect the lawfulness of any processing of the Personal Data that had already been lawfully carried out before the withdrawal of Consent.

8.3 If the Consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Data, we will ensure that your Personal Data is no longer processed.

9. SPECIAL PROVISIONS FOR THE PROCESSING OF SENSITIVE PERSONAL DATA AND PERSONAL DATA OF CHILDREN

9.1 We acknowledge that we will generally not process your Sensitive Personal Data unless –

a) processing is carried out in accordance with your Consent;

b) processing is necessary for the establishment, exercise or defence of a legal claim;

c) processing is necessary for purposes of carrying out the obligations and exercising specific rights of AfroAero Ventures Ltd or yourself;

d) the Sensitive Personal Data has manifestly been made public by yourself; or

e) processing is necessary for protecting your vital interests or those of another person.

9.2 We acknowledge that we may not process any Personal Data or Sensitive Personal Data concerning a Child and will only do so where we have obtained the Consent of the parent or guardian of that Child and subject to Processing procedures that advance the rights and best interests of the Child.

10. DATA SHARING AND DISCLOSURE

We will only share personal data with third parties when necessary for the fulfilment of the purposes for which it was collected, and will ensure that appropriate data sharing agreements are in place to protect data privacy.

11. DATA ACCESS AND SECURITY

11.1 Access to your personal data will be restricted to authorized individuals who require access to perform their duties, and access controls will be implemented to prevent unauthorized access.

11.2 Personal data will be stored securely, physical and electronic form, and appropriate measures will be taken to prevent data breaches.

12. RETENTION OF PERSONAL DATA

12.1 We may keep records of the Personal Data and Sensitive Personal Data we have collected, correspondence, or comments in electronic or hardcopy format.

12.2 We shall not retain your personal information for a period longer than is necessary to achieve the purpose for which it was collected or processed. We will delete or destroy (in such a way that it cannot be reconstructed) or de-identify the information provided to us as soon as is reasonably practicable once the purpose has been achieved, no longer applies or becomes 5 obsolete. This prohibition will not apply where the retention of the record for a longer period than that stated above

a) is required or authorised by law;

b) is reasonably necessary for a lawful purpose; or

c) is authorised or consented to by yourself.

12.3 Accordingly, we will, subject to the exceptions noted herein, retain your Personal Data or Sensitive Personal Data for as long as necessary to fulfil the purposes for which that Personal Data was collected and/or as permitted or required by Applicable Law.

12.4 In instances where we de-identify your Personal Data or Sensitive Personal Data, we may use such de-identified information indefinitely without further notice to you.

13. FAILURE TO PROVIDE PERSONAL DATA

13.1 Should we need to collect your Personal Data or Sensitive Personal Data by law or to enable the delivery of the Services, and you fail to provide the Personal Data when requested, we may be unable to deliver the Services to you.

13.2 In such a case, we may have to decline to provide relevant Services or receive any services as the case may be, and you will be notified where this is the case.

14. SAFEKEEPING, SECURITY AND ACCESS OF PERSONAL DATA

14.1 We shall preserve the security of your Personal Data and Sensitive Personal Data and, in particular, prevent its alteration, loss and damage, or access by non-authorised third parties.

14.2 We will ensure the security and integrity of your Personal Data and Sensitive Personal Data in our possession or under our control with appropriate, reasonable technical and organisational measures to prevent loss, unlawful access and unauthorised destruction thereof.

14.3 We have implemented physical, organisational, contractual and technological security measures (having regard to generally accepted information security practices or industry specific requirements or professional rules) to keep all your Personal Data and Sensitive Personal Data secure, including:

a) implementing an elaborate access control restriction process for various systems to ensure individuals only have access to the data that they are authorized to access on a need-to-know basis;

b) password policy implementation including two-factor authentication;

c) embracing modern technologies by reliable Third Parties that have in place stringent data security measures; and

d) conducting regular preventive maintenance of our devices including security checks to confirm no unauthorized software is installed on our devices.

14.4 Furthermore, we maintain and regularly verify that the security measures are effective and regularly update the same in response to new risks.

15. BREACH OF PERSONAL DATA

15.1 A Data Breach may happen for many reasons, which include:

a) loss or theft of data or equipment on which your Personal Data or Sensitive Personal Data is stored; b) inappropriate access controls allowing unauthorised use; 6

c) equipment failure;

d) human error;

e) unforeseen circumstances, such as a fire or flood;

f) deliberate attacks on systems, such as hacking, viruses or phishing scams;

g) alteration of your Personal Data or Sensitive Personal Data without permission; and

h) loss of availability of your Personal Data or Sensitive Personal Data.

15.2 We will address any Data Breach in accordance with the terms of the Data Protection Act and the regulations under it.

15.3 We will notify the Office of the Data Protection Commissioner and you (unless the Applicable Law requires that we delay notifying you) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of your Personal Data or Sensitive Personal Data.

15.4 We will provide such notification as soon as reasonably possible after we have become aware of any Data Breach in respect of your Personal Data or Sensitive Personal Data and, in any event, within the statutory time limits set under any Applicable Law.

16. KEEPING PERSONAL DATA ACCURATE

16.1 We will take reasonably practicable steps to ensure that your Personal Data and Sensitive Personal Data is complete, accurate, not misleading and up to date (having regard to the purpose for which Personal Data is collected or further processed).

16.2 Accordingly, we will take reasonable steps to ensure that all Personal Data and Sensitive Personal Data is kept as accurate, complete and up-to-date as reasonably possible.

16.3 We may from time to time send automated prompts to you requiring that you confirm that the Personal Data and/or Sensitive Personal Data in our possession is accurate and up to date.

16.4 You must, however, notify us from time to time in writing of any updates required in respect of your Personal Data and/or Sensitive Personal Data. Such notifications should be submitted to us in writing either by email at the following email address: info@africansinaviation.com or by post under the following address: P.O. Box 46036-00100, Nairobi, Kenya.

17. COMPLAINTS PROCEDURE

17.1 You have the right to complain in instances where any of your rights have been infringed. We shall take all complaints very seriously and will address all such complaints in accordance with the following procedure –

a) Complaints must be submitted to us in writing either by email at the following email address: info@africansinaviation.com or by post under the following address: P.O. Box 46036-00100, Nairobi, Kenya.

b) Our response to you may comprise any of the following – i. a suggested remedy for the complaint; ii. a dismissal of the complaint and the reasons as to why it was dismissed; and/or iii. an apology (if applicable) and any action proposed to be taken.

17.2 If you are not satisfied with the suggested remedies, you have the right to complain to the Office of the Data Protection Commissioner.

18. INTERNATIONAL DATA TRANSFERS

We will not transfer your Personal Data or Sensitive Personal Data outside of Kenya without ensuring that appropriate safeguards are in place to protect data privacy and security.

19. TRAINING AND AWARENESS

We have trained and are providing continuous awareness programs to our employees and volunteers on data protection principles, their responsibilities under this policy, and how to handle Personal Data or Sensitive Personal Data securely.

20. COMPLIANCE AND REVIEW

We commit to comply with all relevant data protection laws and regulations governing the collection, storage, and processing of your personal data. In the event of any legal obligation to disclose information, we will do so only to the extent mandated by law and will notify you, if permissible. Compliance with this policy will be monitored regularly, and periodic reviews will be conducted to ensure its effectiveness and continued compliance with applicable laws and regulations.

21. CHANGES TO THIS POLICY

21.1 We reserve the right to make amendments to this Policy from time to time and will use reasonable efforts to notify you of such amendments.

21.2 The current version of this Policy will govern the respective rights and obligations between you and AfroAero Ventures Ltd.

22. NOTIFICATION OF THE POLICY

We shall notify and communicate the existence and contents of this Policy to our subscribers, employees and stakeholders of AfroAero Ventures Ltd along with suitable contact details for reporting.