Skip to Content

DATA PROTECTION POLICY FOR HYPERMAX DIGITAL LTD

1. Introduction

This Data Protection Policy outlines Hypermax Digital Limited’s internal framework for ensuring compliance with the Constitution of Kenya, the Data Protection Act, 2019, and applicable data protection principles.

2. Purpose

The purpose of this Policy is to:

  • Ensure lawful, fair, and transparent processing of personal data;

  • Protect the rights and freedoms of data subjects;

  • Establish accountability and compliance mechanisms within Hypermax.

3. Scope

This Policy applies to:

  • All employees, directors, contractors, and agents of Hypermax;

  • All personal data processed by Hypermax in electronic or manual form.

4. Data Protection Principles

Hypermax shall process personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency;

  • Purpose limitation;

  • Data minimization;

  • Accuracy;

  • Storage limitation;

  • Integrity and confidentiality;

  • Accountability.

5. Roles and Responsibilities

5.1 Data Controller

Hypermax Digital Limited is the Data Controller responsible for determining the purposes and means of processing personal data.

5.2 Data Protection Officer (DPO)

Hypermax shall appoint a Data Protection Officer responsible for:

  • Monitoring compliance with data protection laws;

  • Advising on data protection impact assessments;

  • Acting as a liaison with the ODPC;

  • Handling data subject requests and complaints.

6. Legal Grounds for Processing

Personal data shall only be processed on lawful grounds including consent, contractual necessity, legal obligation, or legitimate interest.

7. Data Subject Rights Management

Hypermax shall establish procedures to:

  • Receive and respond to data subject requests promptly;

  • Verify the identity of requesting data subjects;

  • Maintain records of requests and actions taken.

8. Data Security Measures

Hypermax shall implement appropriate security measures including:

  • Role-based access controls;

  • Password protection and encryption;

  • Secure hosting environments;

  • Regular system audits and staff training.

9. Third-Party Processing

All third-party data processors shall:

  • Act only on written instructions from Hypermax;

  • Implement appropriate data protection safeguards;

  • Enter into data processing agreements.

10. Data Breach Management

Hypermax shall maintain a data breach response procedure that includes:

  • Identification and containment of the breach;

  • Assessment of risk to data subjects;

  • Notification to the ODPC and affected data subjects where required;

  • Documentation of the breach and remedial actions.

11. Cross-Border Data Transfers

Cross-border transfers shall only occur where adequate data protection safeguards exist or where permitted by law.

12. Training and Awareness

All employees and contractors shall receive regular training on data protection obligations and best practices.

13. Monitoring, Compliance, and Audit

Hypermax shall conduct periodic data protection audits and reviews to ensure ongoing compliance.

14. Enforcement and Non-Compliance

Non-compliance with this Policy may result in disciplinary action, contractual remedies, and legal penalties.

15. Review and Update

This Policy shall be reviewed periodically and updated to reflect changes in law, technology, or business practices.