Effective Date: 30 May 2021 (Last Updated: 15 September 2025)

1.0 Introduction

At Expertech Electrical Contractors Ltd (“Expertech”, “we”, “us”, or “our”), we are committed to protecting your privacy. This Privacy and Data Protection Policy outlines the types of personal data we collect, the reasons for collecting it, how we process it, and how you can exercise your rights regarding the use of your personal data.

This statement applies to all individuals, including customers, suppliers, contractors, and visitors to any of Expertech’s offices or websites.

2.0 Definitions

• “You” means:
  • Customer – any individual who requests our electrical installation, maintenance, or related services, accesses our website (expertech.co.ke), or uses our products.
  • Supplier/Contractor/Agent – any individual or company engaged to provide goods or services to Expertech.
  • Visitor – any natural person (including subcontractors or other third parties) who accesses Expertech premises.
• “Personal Data” means any information that identifies you as a natural person, including name, contact details, national ID, and related information.
• “Sensitive Personal Data” means information requiring special protection, such as health records, biometric data, property details, marital/family details, or financial information.
• “Data Controller” refers to Expertech Electrical Contractors Ltd, which determines the purpose and means of processing personal data.

3.0 Collection of Information

We collect personal data with your knowledge and consent when you:

• Request a service or make an application (e.g., electrical installation, inspection, maintenance).
• Contact us via phone, email, or online forms.
• Visit our offices or project sites.
• Engage with us as a supplier, contractor, or consultant.
• Participate in surveys, events, or promotions.

We may also collect information from public sources, government agencies, or utility partners where necessary.

4.0 What Information We Collect

The data we collect includes (but is not limited to):

• Identity: name, national ID, KRA PIN, address, phone number, email.
• Service details: project location, property information, land ownership documents.
• Financial data: bank account details, payment records, invoices.
• Usage data: browser type, IP address, website interactions.
• CCTV and visitor register data when you visit our premises.
• Technical data from customer installations (where applicable).

5.0 Use of Information

We may use your information to:

• Provide and manage our services (installation, maintenance, consultancy).
• Process payments and issue invoices.
• Communicate with you regarding services, updates, or technical issues.
• Fulfill regulatory obligations (e.g., with EPRA, KPLC, REREC, or other authorities).
• Ensure site and workplace security (including CCTV monitoring).
• Conduct surveys, audits, and service improvements.
• Prevent fraud and protect business interests.

6.0 Lawful Basis for Processing

We process personal data based on:

• Contractual necessity – to deliver services you request.
• Legal obligation – to comply with statutory or regulatory requirements.
• Consent – where you agree to receive marketing or promotional updates.
• Legitimate interests – ensuring security, business continuity, and service quality.
• Vital interests – protecting safety in emergencies.

7.0 Retention of Data

We retain personal data only as long as necessary for service delivery, compliance, or dispute resolution. Anonymized data may be retained indefinitely for statistical or research purposes.

8.0 Data Sharing Guidelines

Developers & Technical Partners

We may grant limited access to personal data to internal or contracted software developers strictly for system development, troubleshooting, security testing, or maintenance. Such access is controlled, monitored, and subject to confidentiality obligations and data protection requirements.

We may share data under the following principles:

• Consent – when you explicitly allow us.
• Contractual necessity – sharing with subcontractors to deliver services.
• Legal obligation – compliance with regulators (EPRA, KPLC, REREC, tax authorities).
• Legitimate interests – fraud prevention, audits, or due diligence.

All external sharing will follow:

• Written requests and formal Data Sharing Agreements.
• Use of secure transfer methods (encryption, VPN, password-protected files).
• Where possible, sharing anonymized or aggregated data.

• Access Control Guidelines

• Developer access is role-based and follows the principle of least privilege.
• All database access by developers is logged and audited.
• External developers must sign Data Sharing Agreements or NDAs.
• Access is based on least privilege and role-based permissions.
• Multi-factor authentication is required for sensitive systems.
• User accounts are reviewed regularly and terminated when no longer needed.
• Logs are maintained to track access, modification, or sharing of personal data.
• Data masking and encryption are applied where necessary.

10.0 Data Security

We use appropriate technical and organizational measures to protect your data, including:

• Encryption of sensitive information.
• Secure file storage and backup systems.
• Monitoring and auditing of data access.
• Staff training on data handling and confidentiality.

11.0 Data Breach Handling

In the event of a data breach:

1. The incident will be reported immediately to our Data Protection Officer (DPO).
2. The breach will be investigated, contained, and documented.
3. The Office of the Data Protection Commissioner (ODPC) will be notified within 72 hours.
4. Affected individuals will be informed promptly.
5. Preventive measures will be implemented to avoid recurrence.

12.0 Your Rights under the Data Protection Act, 2019

As a Data Subject, you have the right to:

• Be informed of how your data is used.
• Access your personal data.
• Request correction or deletion of inaccurate data.
• Object to or restrict processing.
• Withdraw consent where applicable.
• Request transfer of your data in electronic format.

To exercise these rights, contact us at customercare@expertech.co.ke.

13.0 Children’s Privacy

Our services are not directed to children under 18. We do not knowingly collect their data. If identified, such data will be deleted immediately.

14.0 International Data Transfers

Where data is transferred outside Kenya (e.g., cloud hosting providers), we will ensure appropriate safeguards are in place in compliance with the Data Protection Act, 2019

15.0 Training & Awareness

• All staff and contractors will undergo regular training on data protection.
• Awareness campaigns will be run internally to reinforce compliance.
• Staff are responsible for safeguarding data and reporting suspected breaches.

16.0 Right to Lodge Complaint

You may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe your data rights are violated.

17.0 Non-Compliance

Expertech reserves the right to terminate any agreement with suppliers, contractors, or staff found violating this policy.

18.0 Updates to This Policy

This Policy may be revised from time to time. The most current version will always be available on our website expertech.co.ke.

19.0 Contact Us

Expertech Electrical Contractors Ltd
Email: customercare@expertech.co.ke
Website: www.expertech.co.ke