Skip to main content
OpasSecure Ltd

Privacy Policy

Last updated: May 2026. Governed by the Kenya Data Protection Act, 2019 (Cap. 411C).

1. Who we are

OpasSecure Infotech Solutions Ltd ("OpasSecure", "we", "us", "our") is a company registered in Kenya and headquartered in Westlands, Nairobi. We are registered with the Office of the Data Protection Commissioner (ODPC) as both a data controller and data processor under the Kenya Data Protection Act, 2019 (Cap. 411C).

For privacy enquiries: privacy@opassecure.com

2. Information we collect

Website visitors — IP address, browser type, pages visited, referral source, and session duration via server logs and analytics. We do not use third-party advertising trackers.

Contact form and email submissions — name, email address, organisation, and message content you provide.

Client engagements — information you or your organisation provides during the course of a professional services engagement. This may include technical environment data, employee data, and regulated personal information depending on the scope of work.

Careers applicants — CV, cover letter, qualification records, and contact details submitted during the application process.

4. How we use your information

We use the information we collect to respond to enquiries and deliver requested services; manage client engagements and deliver contracted work; send the OpasSecure Brief newsletter (with your consent); improve our website and services; comply with legal and regulatory obligations; and protect the security of our systems and those of our clients.

We do not sell your personal data. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects without explicit consent.

5. Sharing your information

We share personal data only with: service providers who process data on our behalf under data processing agreements (e.g. cloud hosting, CRM, email delivery) assessed under our vendor risk management programme; law enforcement or regulators where required by law (e.g. ODPC, CBK, IRA); and where you have specifically authorised sharing with a named third party.

We do not transfer personal data outside Kenya except where adequate safeguards are in place (e.g. standard contractual clauses or recipient country adequacy determination).

6. How long we keep your data

We retain personal data only as long as necessary: website analytics (12 months); contact and enquiry records (3 years from last contact); client engagement records (7 years from engagement close, as required by Kenyan tax and legal obligation); job applicant records (12 months if unsuccessful; duration of employment if successful); financial and contract records as required by Kenyan law.

7. Your rights

Under the Kenya Data Protection Act, you have the right to: access a copy of personal data we hold about you; request correction of inaccurate or incomplete data; request erasure where we have no lawful basis to retain it; restrict processing in certain circumstances; object to processing based on legitimate interests; receive data in a structured, machine-readable format; and withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact privacy@opassecure.com. We will respond within 21 days. If you are unsatisfied, you may lodge a complaint with the Office of the Data Protection Commissioner (odpc.go.ke).

8. Cookies and tracking

Our website uses essential cookies required for the site to function (session management, security). We do not use third-party advertising or tracking cookies. Analytics are collected server-side and do not require browser-level cookies.

9. Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access controls, Zero Trust network architecture, and regular security testing. For detail on our internal security posture, see our Trust Centre.

In the event of a data breach likely to cause risk to individuals, we will notify the ODPC within 72 hours and affected individuals without undue delay.

10. Changes to this policy

We may update this policy from time to time. The version date is displayed below. Material changes will be communicated by email to clients and newsletter subscribers.

11. Contact

Data Controller: OpasSecure Infotech Solutions Ltd, Westlands, Nairobi, Kenya.

Privacy enquiries: privacy@opassecure.com

ODPC registration: Controller + Processor (registration number on request).

Complaints: Office of the Data Protection Commissioner — odpc.go.ke