TAITA TAVETA DATA PROTECTION & PRIVACY POLICY

Data Protection & Privacy Statement — County Government of Taita Taveta

This website (and any associated online services) uses cookies and may collect personal and non-personal data to enhance user experience, manage requests, and analyze site usage. By accessing our website, you acknowledge that you have read, understood, and agree to the contents of this Privacy & Cookie Policy.

If you click “I Accept” (or equivalent) when prompted, you consent to the storage of cookies on your device for the purposes described herein, including website navigation, functionality, and analytics.

Cookie Policy

• We may store some information (using “cookies” and similar technologies) on your device when you visit our website. This helps us recognize you on subsequent visits. The data collected is generally non-personal, such as your IP address (or anonymized version), the date and time of your visit, pages viewed, and whether pages were successfully delivered. 
• We may also use aggregated data for statistical analysis to help improve our services and tailor content to user needs.
• You have the right to opt out of non-essential cookies. If you do so (or block cookies via your browser), some features of the website may not function as intended. 

Privacy Statement — How We Handle Your Data

Definitions

For the purposes of this policy:

• “We”, “Us”, “County Government of Taita Taveta (CGTT)” refers to the County Government and its relevant departments and offices.
• “You”, “Your” refers to any individual whose personal data is collected or processed by CGTT via the website or associated services.
• Personal Data means any information that identifies you directly or indirectly (e.g., name, national ID number, contact details, location, online identifiers, etc.). 
• Sensitive Personal Data includes data revealing sensitive attributes (e.g., health status, biometric data, disability status, etc.) — when applicable. 
• Processing means any operation on personal data including collection, storage, retrieval, alteration, disclosure, deletion, etc. 

What Data We Collect

We may collect data directly (e.g., when you fill a contact form, apply for services, submit queries) or indirectly (e.g., via analytics, cookies). The kinds of data we may collect include — but are not limited to:

• Name, postal or physical address, email address, phone number
• National ID / passport number (when required for service delivery)
• Date of birth, gender, marital status, disability status (if relevant)
• Other service-specific information (e.g., application data, service requests)
• Non-personal usage data: IP address (or anonymized form), browser/device type, timestamps of visits, pages viewed, referring/exit pages, and general site-usage statistics. 

How & Why We Use Your Data

We use your data for lawful purposes, including:

• To respond to service requests, applications, or inquiries you submit.
• To provide you with information, services or notifications you request.
• To administer and improve our website, services, and user experience.
• To carry out statutory duties and responsibilities of the County Government (e.g., public service delivery, regulatory compliance, record-keeping).
• To ensure security, prevent fraud, unauthorized access or misuse of our systems.
• For historical, statistical or research purposes (aggregate data, anonymized where possible).

Legal Basis for Processing

We process personal data when:

1. You give your consent (e.g., via forms or explicit acknowledgement).
2. Processing is necessary for the performance of our statutory functions or duties.
3. Processing is necessary to fulfil a contract or service agreement you have requested.
4. Processing is required to comply with a legal obligation.
5. Processing is necessary to protect vital interests (yours or others), or in the public interest.

Your Rights

As a data subject you have the following rights — subject to applicable law and legitimate limitations:

• Right to be informed about the collection and use of your personal data.
• Right to access personal data we hold about you and request a copy.
• Right to request correction or updating of inaccurate or incomplete data.
• Right to request erasure (“right to be forgotten”), subject to any overriding legal or legitimate obligations we may have to retain data.
• Right to object to or withdraw consent for further processing (when our processing is based on consent).
• Right to lodge a complaint with the relevant supervisory authority if you believe your data rights have been violated.

Data Sharing & Third Parties

• We may share your personal data with third-party service providers (e.g., contractors, technology vendors) strictly to the extent necessary to deliver an agreed service. Any such third parties will be bound by confidentiality and security obligations.
• We may also disclose personal data when required by law, or in order to comply with legal or regulatory obligations.
• Should any part of our operations involve transferring data outside Kenya (e.g., cloud hosting, international partners), we will ensure that appropriate safeguards are in place, and that overseas recipients maintain equivalent levels of data protection.

Data Security & Retention

We employ appropriate technical and organizational measures to safeguard personal data against unauthorized access, alteration, disclosure, or destruction.

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law or legitimate interest.

Use of Embedded Features, Third-Party Links & Services

Our website may contain embedded plugins/widgets, links to other government/non-government websites, third-party tools or services. These external sites have their own privacy policies. Once you leave our site by clicking such links, this policy no longer applies. CGTT does not control external sites and is not responsible for their privacy practices.

Cookie Consent & Your Choices

• Upon first visit, you will be presented with a cookie consent banner informing you of our use of cookies, what types we use (essential, analytics, functional, etc.), and offering you a choice to accept non-essential cookies. (Essential cookies are typically required for the website’s core functionality.)
• You may manage cookie preferences at any time via the “Cookie Settings” link (or similar) on our website.
• You can also disable or delete cookies via your browser settings. Be aware that disabling certain cookies may restrict access to some website features or affect functionality. 

Data Protection Officer (DPO) / Contact Information

For any queries, concerns or to exercise your data rights (access, correction, erasure, complaints), please contact our Data Protection Officer:

Name: GIBRAN MWADIME
Designation: Director — eGovernance & ICT
Email: ict@taitataveta.go.ke
Telephone: +254 788186436 or +254 718988717

Changes to This Policy

We may update this Privacy & Cookie Policy from time to time — for example, to reflect changes in law, regulatory guidelines (e.g., amendments under the Data Protection Act, 2019), new services, or technology changes. Any updates will be published on this website, and the “Last Updated” date will be revised accordingly.

We encourage you to review this policy periodically. Continued use of the website after changes indicates acceptance of the revised policy.