Privacy Policy

Last Updated: December 1, 2024

CountyERP ("we," "our," or "us") is committed to protecting the privacy and security of information collected through our platform. This Privacy Policy explains how we collect, use, and safeguard information in compliance with applicable laws, including Kenya's Data Protection Act.

1. Information We Collect

County Government Data

• Financial records and revenue collection data
• Employee records and payroll information
• Citizen service requests and applications
• Property records and asset information
• Health records and patient information where applicable

User Information

• Account credentials and login information
• User roles and access permissions
• System usage logs and audit trails
• Communication preferences

2. How We Use Information

• Service Delivery: To provide and maintain our ERP platform services
• System Administration: To manage user accounts, security, and system performance
• Compliance: To meet legal and regulatory requirements
• Support: To provide technical support and customer service
• Improvement: To enhance platform functionality and user experience

3. Data Security

We implement comprehensive security measures to protect your data:

• Encryption: Data is encrypted both in transit and at rest using industry-standard protocols
• Access Controls: Role-based access controls ensure users only see authorized information
• Audit Trails: Complete logging of all system activities for accountability
• Regular Backups: Automated, secure backups to prevent data loss
• Security Monitoring: Ongoing monitoring for security threats and vulnerabilities

4. Data Sharing and Disclosure

We do not sell, trade, or transfer your data to third parties. We may share information only in the following circumstances:

• With Consent: When you explicitly authorize data sharing
• Legal Requirements: When required by law, court order, or government regulation
• Service Providers: With trusted partners assisting platform operations under strict confidentiality agreements
• Inter-County Reporting: Aggregated, anonymized data for national reporting purposes where required by law

5. Data Retention

We retain data for as long as necessary to provide services and comply with legal obligations. County governments maintain control over their data retention policies within the platform, subject to applicable laws and regulations.

6. Your Rights

Under applicable data protection laws, you have the right to:

• Access your personal information
• Correct inaccurate or incomplete data
• Request deletion of personal data, subject to legal requirements
• Object to processing for legitimate interests
• Data portability where technically feasible

7. Compliance with Kenyan Law

CountyERP is designed to comply with Kenya's Data Protection Act, the Public Finance Management Act, and other relevant legislation governing county operations and data protection.

8. International Data Transfers

Your data is primarily stored within Kenya. Any international data transfers are conducted with appropriate safeguards and in compliance with Kenyan data protection laws.

9. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us:

10. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify users of material changes through the platform and update the last-updated date above.

This Privacy Policy is effective as of the date last updated above and applies to all users of the CountyERP platform.