Data Processing Policy
Data Processing Policy
ISO-POL-CWC-005-R1: Data Processing Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.
Printed copies are uncontrolled. Refer to the online version for the current revision.
1. Introduction
This Privacy Policy explains how Enxèro Systems collects, uses, stores, and protects personal data when you use our platform and related services (“Services”).
We are committed to handling personal data responsibly and in accordance with applicable data protection laws.
By using the Services, you acknowledge this Privacy Policy.
2. Who We Are
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
(“Company”, “we”, “us”, or “our”)
3. Our Role
In most cases, Enxèro Systems acts as a data processor on behalf of our Customers.
This means our Customers determine:
what personal data is collected
why it is processed
who it relates to
We process personal data only as necessary to provide the Services.
In limited situations, we may act as a data controller for our own operational purposes, such as:
account administration
billing
security monitoring
legal compliance
direct communication with Customers
4. Personal Data We Process
Depending on how the Services are used, we may process:
Account Information
names
email addresses
usernames
account details
Technical Information
IP addresses
browser type
device information
system logs
authentication records
Customer Data
Information uploaded or managed by Customers through the Services.
Communication Information
support requests
correspondence
feedback
We do not intentionally collect unnecessary personal data.
5. How We Use Personal Data
We may process personal data to:
provide and maintain the Services
authenticate users
secure systems and prevent misuse
provide customer support
process subscriptions and billing
comply with legal obligations
improve service reliability and performance
We do not sell personal data.
We do not use Customer Data for advertising purposes.
6. Legal Basis for Processing
Where applicable law requires a legal basis for processing, we rely on:
performance of a contract
legitimate business interests
legal obligations
Customer instructions provided through use of the Services
7. Sharing of Personal Data
We may share personal data only where necessary with:
infrastructure and hosting providers
payment providers
technical service providers
professional advisors
regulators or authorities where legally required
Service providers acting on our behalf are required to protect personal data and process it only for authorized purposes.
Information about subprocessors may be available through our Governance Hub.
8. International Transfers
Personal data may be processed or stored in jurisdictions outside the country where it was originally collected.
Where required, we implement reasonable safeguards designed to protect transferred personal data.
9. Data Retention
We retain personal data only for as long as reasonably necessary for:
service delivery
legal obligations
security purposes
dispute resolution
Additional information is available in our Data Retention Policy.
10. Security
We implement reasonable technical and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, or disclosure.
These measures may include:
access controls
authentication mechanisms
encryption where appropriate
monitoring and logging
secure infrastructure practices
No method of transmission or storage is completely secure.
11. Data Subject Rights
Depending on applicable law, individuals may have rights relating to their personal data, including the right to:
access personal data
request correction
request deletion
object to certain processing
request restriction of processing
request data portability
Where Enxèro Systems acts as a processor, requests shall be directed to the relevant Customer acting as controller.
12. Cookies and Similar Technologies
The Services may use cookies or similar technologies necessary for:
authentication
security
system functionality
performance monitoring
Where required by law, additional cookie information or consent mechanisms may be provided.
13. Children’s Data
The Services are intended for business and organizational use and are not directed toward children.
We do not knowingly collect personal data from children where prohibited by law.
14. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated through:
email notification
publication in the Governance Hub
notification on the Service page
Updated versions become effective on the stated effective date.
15. Contact Information
For legal or governance inquiries:
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
[email protected]
ISO-POL-CWC-005-R1: Data Processing Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.