Privacy Policy
Privacy Policy
ISO-POL-CWC-007-R1: Privacy Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.
Printed copies are uncontrolled. Refer to the online version for the current revision.
1. Introduction
This Privacy Policy explains how Enxèro Systems collects, uses, stores, and protects personal data when you use our platform and related services (“Services”).
We are committed to handling personal data responsibly and in accordance with applicable data protection laws.
By using the Services, you acknowledge this Privacy Policy.
2. Who We Are
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
(“Company”, “we”, “us”, or “our”)
3. Our Role
In most cases, Enxèro Systems acts as a data processor on behalf of Customers using the Services.
Customers generally determine:
what personal data is collected
why it is processed
who it relates to
We process personal data only as necessary to provide the Services.
In limited circumstances, we may act as a data controller for our own operational purposes, including:
account administration
billing and subscription management
service communications
security monitoring
legal and regulatory compliance
4. Personal Data We Process
Depending on how the Services are used, we may process:
Account Information
names
email addresses
usernames
account details
Technical Information
IP addresses
browser information
device information
authentication records
system and access logs
Customer Data
Information uploaded, stored, or managed by Customers through the Services.
Communication Information
support requests
correspondence
feedback submissions
We do not intentionally collect unnecessary personal data.
5. How We Use Personal Data
We may process personal data to:
provide and maintain the Services
authenticate users
secure systems and prevent misuse
provide customer support
process subscriptions and billing
comply with legal obligations
improve service reliability and performance
We do not sell personal data.
We do not use Customer Data for advertising purposes.
6. Legal Basis for Processing
Where applicable law requires a legal basis for processing, we rely on:
performance of a contract
legitimate business interests
compliance with legal obligations
Customer instructions provided through use of the Services
7. Sharing of Personal Data
We may share personal data only where reasonably necessary with:
hosting and infrastructure providers
payment processors
technical service providers
professional advisors
regulators or authorities where legally required
Third-party providers acting on our behalf are required to protect personal data and process it only for authorized purposes.
Information relating to subprocessors may be available through the Governance Hub.
8. International Transfers
Personal data may be processed or stored outside the jurisdiction where it was originally collected.
Where required, we implement reasonable safeguards designed to protect transferred personal data in accordance with applicable law.
9. Data Retention
We retain personal data only for as long as reasonably necessary for:
service delivery
security and operational purposes
legal and regulatory obligations
dispute resolution
enforcement of agreements
Additional information is available in our Data Retention Policy.
10. Security
We implement reasonable technical and organizational safeguards designed to protect personal data against unauthorized access, misuse, loss, or disclosure.
These measures may include:
access controls
authentication mechanisms
encryption where appropriate
logging and monitoring
secure infrastructure practices
No method of transmission or storage is completely secure.
11. Data Subject Rights
Depending on applicable law, individuals may have rights relating to their personal data, including the right to:
access personal data
request correction
request deletion
object to certain processing
request restriction of processing
request data portability
Where Enxèro Systems acts as a processor, requests shall be directed to the relevant Customer acting as controller.
12. Cookies and Similar Technologies
The Services may use cookies or similar technologies necessary for:
authentication
security
system functionality
performance monitoring
Where required by law, additional cookie information or consent mechanisms may be provided.
13. Children’s Data
The Services are intended for business and organizational use and are not directed toward children.
We do not knowingly collect personal data from children where prohibited by law.
14. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated through:
email notification
publication in the Governance Hub
notification on the Service page
Updated versions become effective on the stated effective date.
15. Contact Information
For legal or governance inquiries:
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
[email protected]
ISO-POL-CWC-007-R1: Privacy Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.