Privacy Policy

This privacy statement is effective as of November 22, 2024. Please note that this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.

1. Introduction

Esaya Creations (“we,” “us,” “our”) values your privacy and is committed to protecting your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your data in connection with our operations in the United States, Kenya, and the United Kingdom.

Our services include:

  • Cybersecurity consulting services
  • Software and mobile app development
  • Digital marketing services
  • Website design and development
  • General ICT Consultancy and Advisory services

We adhere to applicable privacy and data protection laws, including but not limited to:

  • General Data Protection Regulation (GDPR) for the UK and EU residents
  • California Consumer Privacy Act (CCPA) and other U.S. state laws
  • Kenya Data Protection Act (KDPA)

This policy applies to our clients, employees, job applicants, contractors, and website users.

2. Scope of This Privacy Policy

This policy governs the collection, use, and management of personal data by Esaya Creations in connection with:

  • Client engagements
  • Employment relationships
  • Marketing and communications
  • Website interactions

By engaging our services or accessing our platforms, you agree to the terms of this Privacy Policy.

3. Data We Collect

3.1. Categories of Personal Data

We may collect and process the following types of personal information:

Clients and Prospective Clients:

  • Name, title, and contact details (e.g., phone number, email address)
  • Company information (e.g., business name, address, tax identification numbers)
  • Project-related data (e.g., requirements, preferences, and deliverables)
  • Financial information (e.g., billing and payment details)

Employees and Job Applicants:

  • Identification information (e.g., name, ID numbers, passport details)
  • Contact information (e.g., address, email, phone number)
  • Employment history and qualifications
  • Bank account details for payroll
  • Sensitive data (e.g., health data, if required by law or with consent)

Website Users:

  • IP address and device information
  • Cookies and browsing behavior (see our Cookies Policy)
  • Inquiry details submitted through contact forms

3.2. Special Categories of Data

We may process sensitive data (e.g., health information or biometric data) only:

  • When required by law
  • With explicit consent

4. How We Collect Your Data

We collect data through the following channels:

  • Directly from clients during consultations and contracts
  • Employee records, resumes, and recruitment applications
  • Website forms, email correspondence, and online surveys
  • Third-party service providers, such as analytics tools

5. How We Use Your Data

We use your data to:

  • Provide consulting, development, and advisory services
  • Manage client relationships and communications
  • Fulfill contractual obligations
  • Process payments and invoices
  • Ensure compliance with legal and regulatory requirements
  • Market our services and manage events

6. Legal Basis for Processing

6.1. Under GDPR

For clients and employees in the UK and EU, we process personal data based on:

  • Consent
  • Contractual necessity
  • Legitimate interests (e.g., improving services)
  • Compliance with legal obligations

6.2. Under U.S. Laws

We comply with applicable federal and state laws, ensuring transparency, fairness, and data security.

6.3. Under KDPA

We process personal data in accordance with Kenya’s Data Protection Act, ensuring data subjects’ rights are respected.

7. Disclosure of Data

We may share your data with:

  • Service Providers: For tasks such as hosting, payment processing, or IT support
  • Legal Authorities: When required by law or to defend against legal claims
  • Partners: With your consent, for co-branded services

We ensure all third parties comply with relevant data protection laws and agreements.

8. Data Retention

We retain your data only as long as necessary for:

  • The purposes outlined in this policy
  • Legal and regulatory obligations
  • Resolving disputes

Retention periods vary based on the type of data and applicable regulations.

9. Data Security

We implement robust technical and organizational measures to protect your data, including:

  • Encryption and secure storage systems
  • Access controls and employee training
  • Regular audits and vulnerability assessments

However, no system is entirely secure. We cannot guarantee the absolute security of your data.

10. International Data Transfers

Given our operations in the USA, Kenya, and the UK, your data may be transferred internationally.

  • EU to Non-EU Transfers: We use Standard Contractual Clauses (SCCs) or other safeguards under GDPR.
  • U.S. Transfers: We comply with U.S. state and federal laws.
  • Kenya Transfers: We ensure compliance with KDPA requirements for cross-border data sharing.

11. Your Rights

11.1. Under GDPR (UK/EU Residents)

  • Right to Access: Obtain a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data.
  • Right to Restriction: Limit processing in specific cases.
  • Right to Portability: Receive your data in a portable format.
  • Right to Object: Withdraw consent or object to processing.

11.2. Under CCPA (U.S. Residents)

  • Right to Know: Request details about data collection and use.
  • Right to Delete: Request deletion of personal data.
  • Right to Opt-Out: Decline the sale of personal data.
  • Right to Non-Discrimination: Exercise your rights without penalty.

11.3. Under KDPA (Kenya Residents)

  • Right to Information: Know how your data is processed.
  • Right to Access: Request your personal data.
  • Right to Object: Decline specific processing activities.

To exercise your rights, contact us.

12. Third-Party Links

Our website may link to third-party sites. Esaya Creations is not responsible for their privacy practices. We encourage you to review their policies.

13. Children’s Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect data from minors without parental consent.

14. Changes to This Policy

We may update this Privacy Policy periodically. Substantial changes will be communicated to you via email or website updates.

15. Contact Us

For questions, concerns, or requests regarding this policy, contact us: