PRIVACY POLICY

1. INTRODUCTION

The Novel Tobacco Products Association (NTPA) Kenya is committed to protecting the privacy and confidentiality of personal information collected from our members, website visitors, and stakeholders. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the Data Protection Act, 2019 of Kenya and other applicable privacy laws.

2. ABOUT THIS POLICY

2.1 Scope

This policy applies to all personal information collected by NTPA Kenya through:

Membership applications and processes
Educational programmes and training sessions
Website interactions and communications
Events, meetings, and conferences
Business correspondence and transactions

2.2 Data Controller

NTPA Kenya is the data controller for all personal information collected under this policy.

3. INFORMATION WE COLLECT

3.1 Membership Information

For Corporate Members:

Company name and registration details
Business license numbers and certifications
Tax identification numbers
Principal place of business address
Contact information (phone, email, postal address)
Authorized representative details
Financial information for fee processing
Product portfolios and inventory details
Import/export documentation

For Individual Members:

Full legal names and identification numbers
Contact information (phone, email, address)
Professional qualifications and certifications
Employment details
Financial information for fee processing

3.2 Educational Programme Data

Participant registration information
Training records and certifications
Attendance records and participation levels
Assessment results and evaluation scores
Feedback and survey responses
Learning progress and completion status

3.3 Communication Records

Email correspondence and attachments
Phone call records and voicemail messages
Meeting attendance records and minutes
Event participation and networking activities
Feedback, complaints, and inquiry records
Marketing communication preferences

3.4 Website and Digital Information

IP addresses and device information
Browser type and operating system
Pages visited and time spent on site
Download history and resource access
Cookie data and tracking information
Online form submissions

3.5 Financial Information

Bank account details for fee payments
Payment card information (processed securely)
Transaction histories and receipts
Billing addresses and contact information
Tax-related documentation

4. HOW WE COLLECT INFORMATION

4.1 Direct Collection

Membership application forms
Registration for events and programmes
Voluntary information sharing during communications
Survey responses and feedback forms
Business card exchanges and networking

4.2 Automated Collection

Website cookies and tracking technologies
Server logs and access records
Email open and click-through rates
Mobile app usage data (if applicable)

4.3 Third-Party Sources

Government regulatory databases
Professional licensing bodies
Business registration authorities
Credit reference agencies (with consent)

5. HOW WE USE YOUR INFORMATION

5.1 Primary Purposes

We use collected information to:

Process membership applications and renewals
Provide Association services and member benefits
Conduct educational programmes and training sessions
Facilitate communication and information sharing
Organize events, meetings, and networking opportunities
Process payments and maintain financial records
Provide customer support and respond to inquiries

5.2 Secondary Purposes

Improve our services and programme offerings
Conduct research and analysis for industry development
Comply with legal and regulatory requirements
Maintain Association records and archives
Develop industry statistics and reports (anonymized)
Prevent fraud and ensure security

5.3 Marketing and Communications

Send Association newsletters and updates
Notify members of events and opportunities
Share industry news and regulatory updates
Conduct member surveys and feedback collection
Promote educational programmes and services

6. INFORMATION SHARING AND DISCLOSURE

6.1 We May Share Information With:

Government and Regulatory Bodies:

Kenya Bureau of Standards
Ministry of Health
Kenya Revenue Authority
Other regulatory agencies as required by law

Service Providers:

Payment processing companies
IT support and hosting providers
Event management companies
Educational content providers
Legal and professional advisors

Other Members:

Member directory information (with consent)
Contact details for legitimate Association business
Professional networking and collaboration purposes

6.2 We Will NOT:

Sell personal information to third parties for profit
Share information for unauthorized commercial marketing
Disclose confidential business information without consent
Transfer information to countries without adequate protection
Use information for purposes incompatible with collection

6.3 Legal Disclosures

We may disclose information when required by:

Court orders or legal processes
Law enforcement investigations
Regulatory compliance requirements
Protection of Association rights and property
Emergency situations involving safety

7. DATA SECURITY MEASURES

7.1 Technical Safeguards

Secure encrypted data storage systems
Multi-factor authentication for system access
Regular security updates and patches
Firewall and intrusion detection systems
Secure backup and disaster recovery procedures

7.2 Administrative Safeguards

Access controls based on job responsibilities
Regular staff training on data protection
Confidentiality agreements for all personnel
Incident response and breach notification procedures
Regular security audits and assessments

7.3 Physical Safeguards

Secure office premises with controlled access
Locked filing cabinets for physical documents
Secure disposal of confidential materials
Visitor access controls and monitoring
Clean desk and clear screen policies

8. DATA RETENTION PERIODS

8.1 Retention Schedule

Active Members: Duration of membership plus 7 years
Former Members: 7 years after membership termination
Financial Records: 7 years as required by Kenyan law
Educational Records: 10 years for certification purposes
Legal Documents: Permanently or as required by law
Marketing Communications: Until consent is withdrawn

8.2 Secure Disposal

Information is securely deleted or destroyed when retention periods expire, unless legal obligations require longer retention.

9. YOUR PRIVACY RIGHTS

9.1 Under the Data Protection Act, 2019, You Have the Right To:

Access: Request copies of your personal information
Rectification: Correct inaccurate or incomplete information
Erasure: Request deletion of information (subject to legal requirements)
Restriction: Limit how we process your information
Portability: Request transfer of information to another organization
Objection: Object to certain types of processing
Automated Decision-Making: Not be subject to automated decisions

9.2 Exercising Your Rights

To exercise any of these rights, contact our Data Protection Officer using the details provided in Section 13.

9.3 Response Timeframes

We will respond to rights requests within 30 days, or notify you if additional time is needed.

10. COOKIES AND WEBSITE TECHNOLOGIES

10.1 Cookie Usage

Our website uses cookies to:

Remember your preferences and settings
Improve website functionality and performance
Analyze website traffic and user behavior
Provide personalized content and recommendations
Enable social media sharing features

10.2 Cookie Management

You can control cookies through your browser settings, but some website features may not function properly if cookies are disabled.

10.3 Third-Party Cookies

Our website may contain third-party cookies from:

Analytics providers (e.g., Google Analytics)
Social media platforms
Content delivery networks
Advertising partners (if applicable)

11. INTERNATIONAL TRANSFERS

11.1 Transfer Safeguards

If personal information is transferred internationally, we ensure:

Adequate protection in the destination country
Appropriate contractual safeguards
Explicit consent for transfers where required
Compliance with Kenyan data protection laws

11.2 Cloud Services

Some information may be stored on cloud servers located outside Kenya, subject to appropriate security measures and legal protections.

12. CHILDREN’S PRIVACY

12.1 Age Restrictions

We do not knowingly collect personal information from individuals under 18 years of age, consistent with our mission to protect minors from tobacco product exposure.

12.2 Parental Consent

If we become aware that we have collected information from a minor, we will take steps to delete it immediately unless parental consent is obtained.

13. CONTACT INFORMATION

13.1 Data Protection Officer

Novel Tobacco Products Association (NTPA) Kenya
Data Protection Officer
Physical Address: 1st Floor, Fort Granite Apartment A2, Block A
P.O. Box 43124-00100, Nairobi, Kenya
Email: privacy@noveltobacco.co.ke
General Email: info@noveltobacco.co.ke
Phone: 0704 19 65 60
Landline: 020 4400025

13.2 Complaints

If you have concerns about our privacy practices, you may:

Contact our Data Protection Officer
File a complaint with the Office of the Data Protection Commissioner of Kenya
Seek legal advice or court remedies as provided by law

14. POLICY UPDATES

14.1 Regular Reviews

This Privacy Policy is reviewed annually and updated as necessary to reflect:

Changes in data processing practices
Updates to Kenyan privacy laws
New technologies and security measures
Feedback from members and stakeholders

14.2 Notification of Changes

Material changes to this policy will be communicated through:

Email notifications to registered members
Prominent notices on our website
Announcements at member meetings
Updated policy documents with change summaries

15. LEGAL COMPLIANCE

15.1 Applicable Laws

This Privacy Policy complies with:

The Data Protection Act, 2019 (Kenya)
The Constitution of Kenya, 2010
The Kenya Information and Communications Act
Other applicable Kenyan privacy and data protection regulations

15.2 Regulatory Oversight

NTPA Kenya is subject to oversight by the Office of the Data Protection Commissioner of Kenya regarding data protection compliance.

By engaging with NTPA Kenya as a member or stakeholder, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described herein.