Introduction

Stroil respects the privacy rights of individuals and is committed to handling Personal Information responsibly, in accordance with applicable law, applicable contractual obligations, and Stroil’s Commitment to the Protection of Personal Information (the Commitment), described below.  The Commitment sets out Stroil's principles for the processing of Personal Information by and on behalf of Stroil Company Limited.

​

The Commitment establishes a legal basis for cross-border transfers of Personal Information within Stroil Company Limited.  including where Stroil affiliates adhere to relevant parts of the Commitment as data processors. Additionally, Stroil may carry out cross-border transfers of Personal Information to third parties outside Stroil in accordance with applicable law.  Stroil will handle Personal Information in accordance with the Commitment where applicable, unless in conflict with stricter requirements of local law, in which case local law will prevail.  

 

Scope

The Commitment is designed to ensure that Personal Information will be protected regardless of geography or technology, when used within Stroil, and applies to Stroil’s processing of Stroil's Personal Information and Stroil's Customer Personal Information. 

​

Processing Personal Information

Stroil observes the following principles when processing Personal Information:

​

Fairness:  Stroil will process Personal Information fairly and lawfully.

​

Purpose:  Stroil will limit the processing of Personal Information to the fulfilment of Stroil's specific, legitimate purposes. Stroil will only carry out processing that is compatible with such purposes unless Stroil, or its Customer where Stroil is a processor, has unambiguous consent for unrelated purposes.

 

In general, Stroil will process Personal Information:

• where Stroil has a legitimate interest that, on balance, justifies the processing;

• where necessary for the maintenance or the performance of a legal relationship between Stroil and the individual;

• where necessary for complying with an obligation imposed on Stroil by applicable law, regulation, or governmental authority;

• where there are exceptional situations that threaten the life, health or security of the individual or of another person;

• after obtaining the individual’s freely given, explicit and informed consent where required by applicable law;

• where the processing is in connection with a Customer service agreement.

​​

Where consent has been obtained directly by Stroil, Stroil will provide a process to allow individuals to withdraw their consent to the extent required under applicable law, at any time and without charge.

​

Proportionality: Stroil will limit the processing of Personal Information to that which is adequate, relevant and not excessive in relation to the purposes for which Stroil collects and uses it. 

​

Information Quality:  Stroil will take reasonable steps to, and where Stroil is a processor provide Customers with a means to, ensure that Personal Information is accurate and kept up to date, to keep Personal Information only for as long as necessary for the purposes for which it is collected and used, and to delete or to render it anonymous after such retention requirements have been met.

​

Transparency: Where required by applicable law, Stroil will make available to individuals at the point of collection, or within a reasonable period of collection, information about Stroil’s identity; the purposes and legal basis of processing their Personal Information; intended recipients and cross-border data transfers; source(s) of Personal Information; how individuals may exercise their rights regarding Personal Information; contact details for the Data Protection Officer where applicable; and additional explanations as needed to ensure fair processing. Where Stroil collects Personal Information through the Internet or other electronic means, Stroil will post an easily accessible privacy notice that meets these transparency requirements.

​

Confidentiality:  Stroil will maintain the confidentiality of Personal Information it processes, except where disclosure is required by an applicable operational or legal requirement.  This obligation will continue even after the relationship with the individual, or Customer where Stroil is a processor, has ended.

​

Security:  Stroil strives to protect Personal Information with appropriate technical and organizational measures to ensure its integrity, confidentiality, security and availability.  Stroil will inform individuals of a security breach affecting their Stroil Personal Information that could pose a high risk to their individual rights and freedoms.  In accordance with applicable law, Stroil will provide reasonable assistance to Customers, where Stroil is a processor, to ensure the security of their processing and will inform Stroil Customers of a security breach of Stroil's Customer Personal Information as required under such laws.

​

Sharing and/or Transferring Personal Information

Stroil may share or transfer Personal Information in the following circumstances:

​

• Personal Information may be shared within Stroil for the purposes specified above, provided the Stroil entity processing Personal Information adheres to this Commitment.

• Stroil may provide Personal Information to selected suppliers or service providers hired to perform certain processing or other services on its behalf.  Stroil will strive to ensure that new supplier engagements provide for processing of Personal Information in a manner consistent with this Commitment and applicable law by means of a legal relationship established through a contract or other legally permissible means.  Under such contracts, suppliers must implement adequate security measures and may only process Personal Information in accordance with Stroil's instructions. 

• Stroil may disclose certain Personal Information to other third parties where required by law, to protect Stroil’s legal rights, or in connection with any Stroil merger or acquisition activity or the insolvency or re-organization of any part of Stroil.   

 

Processing of Sensitive Personal Information

Where Stroil processes and/or transfers Sensitive Personal Information Stroil will inform the individual of the processing and/or transfer and obtain explicit consent for such processing and/or transfer when Stroil is required to do so by applicable law.  Appropriate security measures will be provided depending upon the nature of this information and the risks associated with its intended uses.

​

Accountability

Stroil is accountable for fulfilling the requirements sets out in the Commitment and under applicable law. 

 

In particular, Stroil will:

• Take the necessary measures to observe the requirements of the Commitment and applicable law; and

• Have the necessary internal mechanisms in place to demonstrate such observance, including maintaining a record of its processing activities in accordance with applicable law.

​​

Privacy Program

Stroil employs privacy practices designed to support its compliance with the Commitment and applicable law, including the appointment of a network of privacy leaders, education and awareness programs, incident response protocols, privacy impact assessments, audit routines and a Privacy by Design approach to process and system development.

 

Individual Rights

In accordance with applicable law, an individual who has satisfactorily established his or her identity to Stroil as we may exercise the following rights in relation to Personal Information Stroil has collected directly from him or her; where Stroil is a processor, Stroil will assist the Customer in meeting its privacy obligations toward individuals: 

​

Access: Where required by applicable law, Stroil will provide an individual Personal Information about him or her that Stroil holds, including information concerning the source of the Personal Information, the purposes of any processing by Stroil and the recipients, or categories of recipients, to whom such Personal Information is disclosed.

​

Correction and Deletion:  Valid requests for correction or deletion of Personal Information which is incomplete, inaccurate or excessive will be respected, and confirmed as such, except that deletion will not be performed where retention is required by the contractual relationship between Stroil and the individual, in the context of a legal dispute or other legal retention requirement, or as otherwise required by applicable law.

​

Objection: Stroil will cease processing Personal Information where an individual’s objection is justified under applicable law, for example where the individual’s life or health is at risk due to the processing.   An individual also has the right to object to decisions based solely on automated processing of Personal Information that produce legal effects which significantly affect the individual involved, except where the individual requested the processing, or when necessary for the legal relationship between Stroil and the individual. In the latter case, the individual may give his or her views on the automated decision.  An individual has the right to object to processing of Personal Information by Stroil for marketing purposes where allowed by applicable law.  The exercise of this right to object may be superseded where Stroil can demonstrate that its compelling legitimate interest in continuing the processing overrides the interests or fundamental rights and freedoms of the individual.

 

Restriction:  An individual also has the right to request the restriction of any processing of his or her Stroil Personal Information by Stroil, to the extent such right is provided for under applicable law, for example where the accuracy of the Stroil Personal Information is contested.  Stroil will cease processing such information where the restriction is justified, with the exception of storage and other permitted continued processing under applicable law.

​

Complaints: Any individual who claims to have suffered damage as a result of non-compliance by a Stroil entity with the Commitment may file a complaint with the applicable Stroil Compliance Officer, or with Stroil's Complaint

 

Handling Processes available on Stroil’s website if other channels are unavailable or exhausted:

• Internal concern reporting: info@stroilkenya.com - Att: Internal Complaint

• External concern reporting: info@stroilkenya.com - Att: External Complaint

 

If Stroil considers the complaint to be justified, it will take reasonable steps to resolve the complaint to the reasonable satisfaction of the individual.  Stroil endeavors to respond to complaints within thirty days of receipt.  

​

Enforcement:  An individual who has suffered damage as a result of a breach of the Commitment may be entitled to receive compensation for such damages in accordance with applicable law and as provided in the Commitment.    An individual who is entitled to receive compensation may enforce his or her rights as provided in the Commitment by direct recourse to the courts or other judicial authority in accordance with applicable law.

 

Cooperation with Supervisory Authorities

Stroil will cooperate with any competent national or regional supervisory authority responsible for supervising applicable privacy law that has good cause to question any processing of Personal Information by Stroil, and will comply with such competent supervisory authority’s decisions on any issue related to the Commitment.

 

Changes to the Commitment

Stroil reserves the right to modify the Commitment.  Any material changes will be submitted to Stroil’s lead Data Protection Authority and/or its trustmark agent, where appropriate, and will be notified on Stroil’s website.

 

Definitions

​

Personal Information is any information relating to an identified or identifiable natural person.

​

Stroil Personal Information is any Personal Information that is obtained in the context of an individual’s relationship with Stroil and which Stroil processes for its own purposes.  Such Stroil Personal Information may include, for example, employment data obtained in the context of an employment relationship with Stroil, customer data obtained in the context of a customer relationship with Stroil and supplier data obtained from Stroil’s suppliers.

​

Stroil Customer Personal Information is any Personal Information that is obtained in the context of the provision of services by Stroil to a Customer under a service agreement and which Stroil processes on behalf of the Customer.

 

Customer is a person or entity that enters into a service agreement with Stroil.

 

Sensitive Personal Information, a special category of Personal Information, is information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sex life or sexual orientation.