Data Policy

Introduction

This Data Policy ("Policy") outlines the rules and practices governing the collection, storage, processing, and sharing of data by CarPal Platform Administrator users. This Policy is aligned with the Data Protection Act, 2019, and other applicable Kenyan laws as of 2025. Only authorized employees of Citrus Labs Limited ("the Company") are permitted to access and use the CarPal Platform ("the Platform").

By accessing the Platform, users agree to adhere to this Policy. Non-compliance may result in disciplinary action, including termination of access and legal consequences.

Scope of the Policy

1. Applicability

  • This Policy applies to all CarPal Platform Administrator users authorized by Citrus Labs Limited.
  • Covers data handling practices for all data types, including but not limited to personal data, business data, and operational data.

2. Definitions

  • Personal Data: Information that can identify an individual, such as names, contact details, and identification numbers.
  • Confidential Data: Sensitive business and operational data related to Citrus Labs Limited and its clients.
  • Data Subject: Any individual whose personal data is collected or processed by the Platform.

Data Collection and Use

1. Data Collection Practices

  • Only data necessary for the legitimate operation of the Platform shall be collected.
  • Data sources include user inputs, system logs, and automated processes.

2. Purpose of Data Collection

  • To facilitate platform management and functionality.
  • For analytics to enhance operational efficiency.
  • To comply with legal and regulatory obligations.

3. Consent

  • Data subjects must provide explicit consent where required under the law.
  • Administrators must ensure data subjects are informed of their rights and the intended use of their data.

Data Storage and Security

1. Storage Practices

  • Data shall be stored securely on company-approved servers located within Kenya or jurisdictions approved by Kenyan law.
  • Access to stored data is restricted to authorized personnel only.

2. Security Measures

  • Encryption protocols must be employed for data at rest and in transit.
  • Multi-factor authentication (MFA) is mandatory for all administrator accounts.
  • Regular security audits must be conducted to ensure compliance with this Policy.

3. Retention Period

  • Data shall be retained only as long as necessary to fulfill its intended purpose or as required by law.
  • Upon expiry of the retention period, data must be securely deleted or anonymized.

Contact Information

For questions or concerns about this Policy, contact Citrus Labs Limited:

Email: support@citruslabs.co.ke

Phone: +254-700-000-000

Address: Citrus Labs Limited, Nairobi, Kenya