Email iconinfo@mobikey.co.ke Phone icon+254 716 666 111
Email iconinfo@mobikey.co.ke Phone icon+254 716 666 111

Privacy Policy

We understand that the use of your personal data requires your trust. We adhere to the highest privacy standards and will only use your personal data for clearly identified purposes and in accordance with your data protection rights.
The confidentiality and integrity of your personal data are among our main concerns.
This Privacy Policy sets out how Mobikey uses the personal data of its customers and prospective customers.

1. General Part

1.1 COLLECTION AND PROCESSING OF USER DATA

The Personal Data collected and processed consists of information relating to name, email address, and home address, although other personal data may also be collected if necessary or convenient for the provision of Services by Mobikey.
After collecting the Personal Data, Mobikey provides the User with detailed information regarding the nature of the data collected, as well as the purpose and processing that will be carried out in relation to the Personal Data.

Mobikey also collects and processes information regarding the characteristics of the User’s hardware device and browser/software features, as well as information about the pages visited by the User within the Website. This information may include the browser type, domain name, access times, and links through which the User accessed the Website (“Usability Information”). We use this information solely to improve the quality of your visit to our Website.

Usability Information and Personal Data are referred to in this Privacy Policy as “User Data”.

For the purposes of this Privacy Policy, a contractual relationship refers to any and all contracts established between Mobikey and the entities with which it interacts, regardless of the respective subject matter.

1.2 SUBCONTRACTED ENTITIES

In the context of processing User Data, Mobikey uses or may use third-party entities, subcontracted by Mobikey, to process User Data on Mobikey’s behalf and in accordance with the instructions provided by Mobikey, in compliance with the law and with this Privacy Policy.

These subcontracted entities may not transmit User Data to other entities without Mobikey’s prior written authorization, and they are also prohibited from hiring other entities without Mobikey’s prior authorization.

Mobikey undertakes to subcontract only entities that offer maximum security in implementing appropriate technical and organizational measures, so as to ensure the protection of User rights. All subcontracted entities are bound to Mobikey through a written contract that regulates, in particular, the subject and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, and the rights and obligations of the parties.

After collecting personal data, Mobikey provides the User with information regarding the categories of subcontracted entities that, in the specific case, may process data on behalf of Mobikey.

1.3 DATA COLLECTION CHANNELS

Mobikey may collect data directly (i.e., directly from the User) or indirectly (i.e., through partner entities or third parties). Data collection may occur through the following channels:

  • Direct collection: in person, by telephone, by email, and through the Website;

  • Indirect collection: through partners or group companies, as well as official entities.

2. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA

In terms of general principles relating to the processing of personal data, Mobikey undertakes to ensure that the User Data it processes is:

  • Processed lawfully, fairly, and transparently in relation to the User;

  • Collected for specified, explicit, and legitimate purposes, and not further processed in a manner incompatible with those purposes;

  • Adequate, relevant, and limited to what is necessary for the purposes for which it is processed;

  • Accurate and updated whenever necessary, with all reasonable measures taken to ensure that inaccurate data, considering the purposes for which it is processed, is erased or corrected without delay;

  • Stored in a form that allows identification of the User only for the period necessary for the purposes for which the data is processed;

  • Processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, through the adoption of appropriate technical or organizational measures.

Data processing carried out by Mobikey is permitted and lawful when at least one of the following situations applies:

  • The User has given clear, unambiguous consent for the processing of their User Data for one or more specific purposes;

  • Processing is necessary for the performance of a contract to which the User is a party, or for pre-contractual procedures requested by the User;

  • Processing is necessary for compliance with a legal obligation to which Mobikey is subject;

  • Processing is necessary to protect the vital interests of the User or another natural person;

  • Processing is necessary for the purposes of the legitimate interests pursued by Mobikey or by third parties (except where overridden by the User’s interests or fundamental rights and freedoms that require the protection of personal data).

Mobikey undertakes to ensure that the processing of User Data only takes place under the conditions listed above and in compliance with the principles mentioned.

When the processing of User Data by Mobikey is based on the User’s consent, the User has the right to withdraw such consent at any time. The withdrawal of consent does not, however, affect the legality of processing carried out by Mobikey based on previously provided consent.

The period for which data is stored and retained varies depending on the purpose for which the information is processed.
Indeed, there are legal requirements that oblige the retention of data for a minimum period. Thus, whenever no specific legal obligation exists, the data will be stored and retained only for the minimum period necessary for the purposes that motivated its collection or subsequent processing, after which it will be deleted.

3. USE AND PURPOSES OF USER DATA PROCESSING

In general terms, Mobikey uses User Data for the following purposes:

  • Managing contacts with the User;

  • Informing the User—when requested—about new products and services available on the Website, special offers and campaigns, updated information on Mobikey’s activities, and, in general, for Mobikey’s marketing purposes through any communication channel, including electronic media or social networks;

  • Enabling access to restricted areas of the Website, such as the online store;

  • Ensuring that the Website meets the User’s needs by developing and publishing content as tailored as possible to the User’s requests and profile, improving search capabilities and Website functionalities, and obtaining associated or statistical information regarding typical User profiles (consumer profiling);

  • Providing Services and other offerings, such as newsletters, opinion surveys, or other information or products requested or purchased by the User;

  • Sending satisfaction surveys;

  • Mobikey may combine Usability Information with anonymous demographic information for research purposes and may use the result of this combination to provide more relevant content on the Website. In certain restricted areas of the Website, Mobikey may combine Personal Data with Usability Information to provide the User with more personalized content.

User Data collected by Mobikey is not shared with third parties without the User’s consent, except in the situations described in the paragraph below. However, if the User contracts services from Mobikey that are provided by other entities responsible for processing personal data, the User Data may be accessed or consulted by those entities to the extent necessary for the provision of such services, and the User will be informed accordingly.

Under applicable law, Mobikey may transmit or disclose User Data to other entities when such transmission or disclosure is necessary for the execution of the contract entered into between the User and Mobikey, or for pre-contractual procedures at the User’s request; when necessary for compliance with a legal obligation to which Mobikey is subject; or when necessary to pursue the legitimate interests of Mobikey or a third party.
In the event of a transmission of User Data to third parties, reasonable efforts will be made to ensure that the recipient uses the transmitted User Data in a manner consistent with this Privacy Policy.

4. IMPLEMENTED TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES

To ensure the security of User Data and maximum confidentiality, Mobikey processes the information you provide to us in absolute confidentiality, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as needed, as well as in line with the legally applicable terms and conditions.

Taking into account the nature, scope, context and purposes of data processing, as well as the risks to the rights and freedoms of the User, Mobikey undertakes to apply, both at the time of defining the means of processing and at the time of the actual processing, the technical and organizational measures necessary and appropriate for the protection of User Data and for compliance with legal requirements.

Mobikey also undertakes to ensure that, by default, only the data necessary for each specific purpose of the processing is processed and that such data is not made available, without human intervention, to an indeterminate number of persons.

Communication between the User’s device and Mobikey is carried out through secure communication channels that use the HTTPS protocol and the SSL security standard.
In addition, as general measures, Mobikey adopts the following:

  • Regular audits in order to assess the effectiveness of the technical and organizational measures implemented;

  • Awareness and training of staff involved in data processing operations;

  • Pseudonymisation and encryption of personal data;

  • Mechanisms capable of ensuring the ongoing confidentiality, availability and resilience of information systems;

  • Mechanisms that ensure the swift restoration of information systems and access to personal data in the event of a physical or technical incident.

5. USE OF COOKIES

When you visit our Website, a small text file (a cookie) is created and stored on your computer’s hard drive; consequently, by browsing the Website, you are accepting the installation of this text file on your device. This file will allow you easier and faster access to the Website, as well as its customization according to your preferences.

If you wish to delete cookies or automatically block their use, you will find instructions on how to configure these options in the “Help” menu of your browser. However, if you do not allow the use of cookies, some features of the Website may not function properly.

By browsing our Website, you are allowing the collection and storage of small text files called cookies, which contain information and are downloaded to the Users’ computer or other devices through a server. These text files enable a more personalized and efficient browsing experience. On each visit to the Website, your internet browser sends these cookies back to the Website, allowing the recognition and memorization of Users’ identity, as well as their usage preferences.

6. RIGHTS OF USERS (DATA SUBJECTS)

6.1. RIGHT TO INFORMATION

6.1.1. Information provided to the User by Mobikey (when data is collected directly from the User):

  • The identity and contact details of Mobikey and of the data controller;

  • The contact details of the Data Protection Officer;

  • The purposes for which the personal data is intended, as well as, where applicable, the legal grounds for processing;

  • Where processing is based on the legitimate interests of Mobikey or of a third party, an indication of such interests;

  • Where applicable, the recipients or categories of recipients of the personal data;

  • Where applicable, an indication that personal data will be transferred to a third country or to an international organization, and whether or not there is an adequacy decision by the Commission, or a reference to appropriate or suitable transfer safeguards;

  • The period for which personal data will be stored;

  • The right to request from Mobikey access to personal data, as well as its rectification, erasure or restriction of processing, the right to object to processing, and the right to data portability;

  • Where processing is based on the User’s consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

  • The right to lodge a complaint with the CNPD – Comissão Nacional de Proteção de Dados (Portuguese Data Protection Authority) or other supervisory authority;

  • An indication of whether the communication of personal data constitutes a legal or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;

  • Where applicable, the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where User Data is not collected directly by Mobikey from the User, in addition to the above information, the User is also informed of the categories of personal data concerned, as well as of the source of the data and, where applicable, whether the data originated from publicly accessible sources.

Where Mobikey intends to further process User Data for a purpose other than that for which the data was collected, Mobikey shall provide the User with information on that other purpose and any additional relevant information prior to such further processing, under the terms referred to above.

6.2. Procedures and measures implemented to ensure the right to information

The information referred to in 7.1 is provided in writing (including by electronic means) by Mobikey to the User prior to the processing of the personal data concerned. Under applicable law, Mobikey is not obliged to provide the User with the information mentioned in 7.1 where and to the extent that the User already has such information.

The information is provided by Mobikey free of charge.

7. RIGHT OF ACCESS TO PERSONAL DATA

Mobikey guarantees the means that allow the User to consult their Personal Data. The User has the right to obtain from Mobikey confirmation as to whether or not personal data concerning them is being processed and, where that is the case, the right to access their personal data and the following information:

  • The purposes of the data processing;

  • The categories of personal data concerned;

  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients established in third countries or belonging to international organizations;

  • The envisaged period for which the personal data will be stored;

  • The right to request from Mobikey the rectification, erasure or restriction of processing of personal data, or the right to object to such processing;

  • The right to lodge a complaint with the CNPD or another supervisory authority;

  • Where the data has not been collected from the User, any available information as to its source;

  • The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject;

  • The right to be informed of the appropriate safeguards relating to the transfer of data to third countries or international organizations.

Upon request, Mobikey will provide the User, free of charge, with a copy of the User Data undergoing processing. The provision of additional copies requested by the User may be subject to an administrative fee.

8. RIGHT TO RECTIFICATION OF PERSONAL DATA

The User has the right to request, at any time, the rectification of their Personal Data and the right to have incomplete personal data completed, including by means of providing a supplementary statement.

In the event of data rectification, Mobikey will communicate the rectification to each recipient to whom the data has been disclosed, unless such communication proves impossible or involves a disproportionate effort for Mobikey.

9. RIGHT TO ERASURE OF PERSONAL DATA (“RIGHT TO BE FORGOTTEN”)

The User has the right to obtain from Mobikey the erasure of their data where one of the following grounds applies:

  • User Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

  • The User withdraws the consent on which the processing is based and there is no other legal ground for the processing;

  • The User objects to the processing under the right to object and there are no overriding legitimate grounds for the processing;

  • User Data has been unlawfully processed;

  • User Data has to be erased for compliance with a legal obligation to which Mobikey is subject.

Under applicable law, Mobikey is not obliged to erase User Data to the extent that processing is necessary for compliance with a legal obligation to which Mobikey is subject or for the establishment, exercise or defence of legal claims by Mobikey.

In the event of data erasure, Mobikey will communicate the erasure to each recipient/entity to whom the data has been disclosed, unless such communication proves impossible or involves a disproportionate effort for Mobikey.

Where Mobikey has made User Data public and is obliged to erase the data under the right to erasure, Mobikey undertakes to take reasonable steps, including technical measures, taking into account available technology and the cost of implementation, to inform controllers which are processing the personal data that the User has requested the erasure of any links to, or copies or replications of, such personal data.

10. RIGHT TO RESTRICTION OF PROCESSING OF PERSONAL DATA

The User has the right to obtain from Mobikey the restriction of processing of User Data where one of the following applies (restriction consists of marking stored personal data with the aim of limiting its processing in the future):

  • The accuracy of the personal data is contested by the User, for a period enabling Mobikey to verify the accuracy of the data;

  • The processing is unlawful and the User opposes the erasure of the data and requests the restriction of its use instead;

  • Mobikey no longer needs User Data for the purposes of processing, but the data is required by the User for the establishment, exercise or defence of legal claims;

  • The User has objected to processing, pending the verification whether the legitimate grounds of Mobikey override those of the User.

Where User Data is subject to restriction, it shall, with the exception of storage, only be processed with the User’s consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest laid down by law.

A User who has obtained restriction of processing in the above cases will be informed by Mobikey before the restriction is lifted.

In the event of restriction of processing, Mobikey will communicate the restriction to each recipient to whom the data has been disclosed, unless such communication proves impossible or involves a disproportionate effort for Mobikey.

11. RIGHT TO DATA PORTABILITY

The User has the right to receive the personal data concerning them, which they have provided to Mobikey, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller where:

  • The processing is based on consent or on a contract to which the User is a party; and

  • The processing is carried out by automated means.

The right to portability does not cover inferred or derived data, i.e. personal data generated by Mobikey as a consequence of or result from the analysis of data undergoing processing.

The User has the right to have personal data transmitted directly from one controller to another, where technically feasible.

12. RIGHT TO OBJECT TO PROCESSING

The User has the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them which is based on the pursuit of the legitimate interests of Mobikey, or where processing is carried out for purposes other than those for which the personal data were collected, including profiling, or where personal data is processed for statistical purposes.

Mobikey will cease the processing of User Data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User, or for the establishment, exercise or defence of legal claims by Mobikey.

Where User Data is processed for direct marketing purposes, the User has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the User objects to processing for direct marketing purposes, Mobikey shall no longer process the data for such purposes.

The User also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except where the decision:

  • Is necessary for entering into, or performance of, a contract between the User and Mobikey;

  • Is authorized by law to which Mobikey is subject; or

  • Is based on the User’s explicit consent.

13. PROCEDURES FOR THE EXERCISE OF RIGHTS BY THE USER

The right of access, the right to rectification, the right to erasure, the right to restriction, the right to portability and the right to object may be exercised by the User by contacting Mobikey’s Data Protection Officer via the email dpo@grupojap.pt.

Mobikey will respond in writing (including by electronic means) to the User’s request without undue delay and at the latest within one month of receipt of the request, except in cases of particular complexity, where this period may be extended to two months.

If the User’s requests are manifestly unfounded or excessive, in particular because of their repetitive character, Mobikey reserves the right to charge a reasonable administrative fee or to refuse to act on the request.

14. PERSONAL DATA BREACHES

In the event of a personal data breach, and insofar as such breach is likely to result in a high risk to the rights and freedoms of the User, Mobikey undertakes to communicate the personal data breach to the affected User without undue delay and, where feasible, within 72 hours after having become aware of it.

Under the law, communication to the User is not required in the following cases:

  • Where Mobikey has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular measures that render the data unintelligible to any person not authorized to access it, such as encryption;

  • Where Mobikey has taken subsequent measures which ensure that the high risk to the User’s rights and freedoms is no longer likely to materialize; or

  • Where communication to the User would involve a disproportionate effort for Mobikey. In such a case, Mobikey shall instead make a public communication or take a similar measure through which the User is informed.

To exercise any of these rights, you may fill in the appropriate form.

15. FINAL PART

15.1. CHANGES TO THE PRIVACY POLICY

Mobikey reserves the right to amend this Privacy Policy at any time. In case of modification of the Privacy Policy, the date of the last update, available at the bottom of this page, will also be updated. Where the amendment is substantial, a notice will be posted on the Website.