Privacy Policy

Introduction
Thank you for choosing MTECH as your SMS platform provider. Protecting your privacy is of utmost importance to us, and we take our responsibility to protect your personal information seriously. This data privacy policy outlines the information we collect, how we use it, and your rights in relation to your personal data.

1.1 This Data Privacy Policy outlines how Mtech Limited collects, uses, discloses, transfers, and stores your personal data in accordance with the Data Protection Act of 2019 and other applicable Kenyan laws and regulations pertaining to data protection and privacy.

2. Scope and Application
2.1 This policy applies to the processing of personal data by Mtech as both a data controller and data processor in the course of our business activities and service provision to our customers.

3. Definitions
3.1 “Personal data” means any information relating to an identified or identifiable natural person.

3.2 “Processing” means any operation or set of operations performed on personal data or sets of personal data.

3.3 “Data subject” means the individual to whom personal data relates.

3.4 Other key definitions are as set out in the Data Protection Act of 2019.

4.Principles Relating to Processing of Personal Data
In processing personal data, Mtech shall be guided by the principles set out in the Data Protection Act, including:

4.1 Processing personal data lawfully, fairly and in a transparent manner.

4.2 Collecting personal data only for explicit and legitimate purposes.

4.3 Ensuring personal data is adequate, relevant, and limited to what is necessary.

4.4 Keeping personal data accurate and up to date.

4.5 Retaining personal data only as long as necessary for the specified purpose.

4.6 Processing personal data in a secure manner to prevent unauthorized access or disclosure.

5. Obtaining Consent
5.1 Mtech shall obtain clear, unambiguous consent from data subjects before collecting, using, or disclosing their personal data, unless an exception applies under the law.

5.2 Consent shall be obtained through a freely given, specific, informed, and unambiguous indication by the data subject.

5.3 Data subjects have the right to withdraw their consent at any time.

6.Grounds for Processing Personal Data
6.1 Mtech shall only process personal data where there is a lawful basis as permitted by the Data Protection Act, including:

(a) With consent from the data subject.

(b) To fulfil our contractual

(c) To comply with a legal obligation. obligations to the data subject.

(d) To protect the vital interests of the data subject or another person.

(e) To carry out a task in the public interest.

(f) To pursue our legitimate interests or those of a third party (balanced against the rights of the data subject).

6.2 For processing special categories of personal data, additional protections and safeguards shall be put in place as per the Act.

7. Privacy Notices
7.1 When collecting personal data directly from data subjects, Mtech shall provide data subjects with the following information through clear privacy notices:

(a) Identity and contact details of Mtech as the data controller.

(b) Purpose and legal basis for processing personal data.

(c) Categories of personal data being processed.

(d) Any recipients or categories of recipients sharing the personal data.

(e) Details of transfers of personal data outside Kenya.

(f) Period for which personal data will be stored.

(g) Existence of data subject rights.

(h) Right to withdraw consent at any time.

(i) Right to lodge a complaint with the data commisioner

(j) Source of personal data, if not obtained directly from the data subject.

(k) Existence of automated decision-making, including profiling.

8. Data Subject Rights
8.1 Data subjects have the following rights with respect to their personal data processed by Mtech:

(a) Right to access their personal data and receive a copy of it.

(b) Right to have inaccurate personal data corrected.

(c) Right to have personal data erased in certain circumstances.

(d) Right to restrict or object to certain processing of their personal data.

(e) Right to data portability by receiving personal data in a generic format.

(f) Right to object to automated decision-making, including profiling.

(g) Right to withdraw consent for processing based on consent.

8.2 Mtech has implemented measures to address and facilitate data subject requests regarding these rights within the timelines specified by law.

9. Transfer of Personal Data Outside Kenya
9.1 Mtech shall not transfer personal data to a location outside Kenya unless:

(a) The data subject has consented to the transfer; or

(b) The country or territory enforces data protection laws/rules that provide adequate protection as determined by the Data Commissioner; or

(c) Contractual clauses are in place to ensure adequate safeguards for the protection of personal data.

10. Data Protection Measures
10.1 Mtech shall implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access.

10.2 These measures include, but are not limited to, encryption, access controls, audit trails, system monitoring, incident response plans and regular security testing.

11. Data Protection Officer
11.1 Mtech has appointed a Data Protection Officer (DPO) to monitor compliance with the Data Protection Act and our internal data protection policies and procedures.

11.2 The DPO can be contacted at: dpo@mtech.ke

12. Compliance and Accountability
12.1 Mtech maintains documentation of our data processing activities and implements data protection by design and default principles.

12.2 Where required, Data Protection Impact Assessments are conducted for high-risk processing activities.

12.3 Mtech employees undergo regular data protection training and awareness programs.

12.4 Mtech shall cooperate with the Office of the Data Protection Commissioner regarding compliance matters.

13. Third-Party Service Providers
13.1 Mtech imposes appropriate contractual obligations and due diligence processes on third-party service providers acting as data processors to ensure compliance with the Data Protection Act.

14. Retention of Personal Data
14.1 Personal data shall only be retained for as long as necessary to fulfil the purpose for which it was processed.

14.2 Mtech maintains documented retention schedules and periodically reviews the need for retaining personal data.

15. Modifications
15.1 This Data Privacy Policy may be updated periodically to reflect changes in our practices, services, or legal requirements. The latest version shall be made available on our website.

TERMS AND CONDITIONS
A. These terms and conditions shall apply to the use of MTech’s (service provider) Services through its combined GSM market expertise & application development capabilities.

B. MTech offers a multitude of services that range from mobile content & applications to complete services integration and platforms development. Products and Services Portfolio includes (SMS, Fintech, Airtime, MMS, IVR, WEB & WAP Portals, RBT and other services)

C. The terms service provider and Mtech refer to one and the same party and can be used interchangeably throughout these terms.

D. By signing the Agreement the client agrees to abide by the following terms and conditions;

1. CLIENT OBLIGATIONS
1.1. The Client hereby acknowledges that the base of Users on the Networks covers all age groups. The Client shall be responsible for the Content provided to Users and it shall take all appropriate measures to ensure that the Content is not inappropriate for the User. For the purposes of this Agreement, “inappropriate” shall mean anything that violates the rights of a third party including but not limited to privacy, publicity, copyright, patent or trademark, and it also applies to Content and or Associated Client services that could reasonably be interpreted as obscene, defamatory or libellous.

1.2. The Client shall not cause, nor knowingly or recklessly allow others to cause, any nuisance, annoyance or inconvenience, whether to MTech, the Networks or Users, by any means including without limitation the sending of any unsolicited communications

1.3. Without prejudice to MTech’s rights under this Agreement the parties hereby expressly agree that any breach of the provisions of these obligations shall entitle MTech to bar access to the Services and/or to cease to provide the Services in whole or in part at any time. This shall apply once the Client has been given 72 hour notice to remedy the situation failure to which a Fourteen(14) Days’ Notice will be issued by MTech to terminate the Agreement

1.4. In the event that any Regulatory Body imposes any fine on the Client and/or MTech or requires the Client and/or MTech to pay any charge or other sum, which applies or relates or may apply or relate to the business or activities of the Client with regard to the services provided to the client by MTech, then MTech shall be entitled to charge a sum equal to such fine, to the Client under this Agreement and to pay the same to the relevant Regulatory Body

2. MTECH’S RIGHTS
2.1. MTech shall not be liable to the Client for barring access to the Services or any part thereof pursuant to this Clause 2.1 MTech’s rights to bar access or to cease to provide the Service and/or withhold payment pursuant to this Clause 2.1 may be exercised only for as long as the breach in question persists. If the period of such withholding, bar or cessation or any other barring, cessation, suspension or delay in providing the Services or any part thereof pursuant to any of its rights under this Agreement exceeds thirty (30) business days, then MTech shall have the right forthwith upon notice to the Client to terminate this Agreement.

2.2. Without prejudice to MTech’s other rights under this Agreement, MTech shall have the right at any time at its sole option to:-

2.2.1. require the immediate cessation of the provision of any Content or other data, matter or thing which it may determine to have been or to be in breach of this Agreement and/or the Codes of Practice and it is hereby expressly agreed that any failure by the Client to promptly comply with any request made by MTech pursuant to this Clause 6.1. shall constitute a material breach of this Agreement for the purposes of Clause 12.1.2.

2.2.2. assign this Agreement to a subsidiary from time to time of its ultimate holding company PROVIDED that in the event of such assignment, MTech shall continue to be liable for the performance of its obligations under this Agreement and shall prior to the assignment give a 14 days notice in writing to the Client.

2.2.3. Suspend on prior notice to the Client the provision of Services or any part thereof and/or withhold payments due to the Client at any time if:

2.2.3.1. The Client is or has been in breach and/or any Codes of Practice or is not or has not been providing a bona fide service to the Users; or

2.2.3.2 Any person or the Client is doing or suffering anything to be done which in MTech’s opinion relates to the Services and which in MTech’s opinion (a) is or was unlawful, (b) has brought, brings or may bring the Network’s value added services into disrepute, or (c) was, is or may be prejudicial to MTech’s commercial interests.

2.2.3.3 either any Network or MTech objects to the involvement of any person, either Network or MTech deems to be unsuitable to be involved in the use of the Services and the Client does not cease using such person or prevent such person being involved in such use of the Services of written notice of such objection being given to the Client.

2.2.3.4 the client delays in utilizing and providing the messaging services provided by MTECH to its customers within a month.

2.3. Where MTech or the Network have been advised by a Regulatory Body or the Networks (as applicable) that the Client may be, is or has been in breach of the Codes of Practice, the client shall pay such sums as are necessary to settle any fines imposed by the relevant Regulatory Body. The client shall be notified by MTech of the breach and shall take necessary and reasonable measures to rectify it failure to which, MTech shall temporarily suspend access to the Services.

3. RIGHTS
3.1. This Agreement shall not operate as an assignment to MTech of any copyright, registered design trademark or other proprietary right as may subsist in or be contained in or be reproduced in any Content or service of the Client or associated service and the Client shall retain ownership of or other interest in any such copyright, registered design, trademark or other proprietary or intellectual property right to which the Client may be entitled.

3.2. This Agreement shall not operate as an assignment to the Client of any copyright, registered design, trademark or other proprietary right belonging to MTech or the Networks and MTech shall retain ownership of or other interest in any such copyright, registered design, trademark or other proprietary right to which MTech may be entitled.

3.3. Subject to the rights specified in Clause 7.2 hereof, all copyright as may subsist in the form or presentation of any Content or associated service provided by the Client shall be vested in the Client.

3.4. All Intellectual Property Rights in the Services, communication media and systems associated with the Services and in any developments or enhancements thereto are and shall remain the exclusive property of MTech. Access to the Services is provided on a non-exclusive licence basis and by using the Service(s); the Client does not obtain any Intellectual Property Rights for the infrastructure, content, software or short codes associated with the Services.

4. INTELLECTUAL PROPERTY
4.1. The Service Provider reserves copyright in any literary and artistic works and computer programs which it has already produced through its own efforts prior to entering into this Agreement or which it may produce or use in performing the services in this Agreement. However, The Service Provider hereby confirms that after full and complete payment for the services, the client shall be entitled to make use of the system and the intellectual property without any hindrance or any further fees or royalties provided that such use is confined strictly to the system set out mutually in agreement by the parties and in the course of the client’s business as disclosed. The client shall not be entitled to reproduce any of the intellectual property for sale or distribution to other third parties.

4.2. The Service Provider is at will to perform similar or related services to other third parties products which are identical, similar or competing with the products developed by its personnel for the client under this Agreement.

4.3. If methods, general or specific programs, software or other tools in general, which The Service Provider owns or which The Service Provider has been granted all necessary rights to perform its services under this Agreement, are made available to the client, free of charge or otherwise, or are used to develop applications, they remain The Service Provider’s exclusive property. The client must take out a user license for these programs in order to use them lawfully.

5. CONFIDENTIALITY
5.1. The client agrees not to disclose or communicate, in any manner, either during or after this agreement, information about either party, operations, clientele, or any other information, that relates to their respective businesses including, but not limited to, the names of their customers, its marketing strategies, operations, or any other information of any kind which would be deemed confidential, a trade secret, a customer list, or other form of proprietary information of either party.

5.2. The client understand that any breach of clause 4.(i), or that of any other Confidentiality and Non-Disclosure Agreement, is a breach of this Agreement. If the client feels they need to disclose any confidential information, they may do so only after obtaining written authorization from Mtech.

5.3. Notwithstanding the above, neither party will have liability to the other with regard to any Confidential Information of the other which the receiving party can demonstrate:

5.4. was in the public domain at the time it was disclosed or has become in the public domain through no fault of the receiving party;

5.5. was known to the receiving party, without restriction, at the time of disclosure, as evidenced by the receiving party’s files in existence at the time of disclosure;

5.6. is disclosed with the prior written approval of the disclosing party;

5.7. was independently developed by the receiving party without use or reliance upon Confidential Information of the disclosing party;

5.8. is disclosed by the disclosing party to any third party without confidentiality obligations similar to those contained in this Agreement; or

5.9. is disclosed pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided, however, that the receiving party will, to the extent lawful and reasonably possible, provide prompt notice thereof to the disclosing party to enable the disclosing party to seek a protective order or otherwise prevent or restrict such disclosure.

6. PERSONAL DATA PROTECTION
6.1. In so far as the Parties processes any personal data (including name, postal address, email address, mobile/telephone details, and other contact or personal details) relating to individuals which is acquired or collected by the Parties in connection with this Agreement, the Parties shall:

6.1.1. processed lawfully, fairly and in a transparent manner in relation to any data subject in accordance with the right to privacy of the data subjects

6.1.2. process the personal data only for the purposes of performing this Agreement and only in accordance with instructions contained in this Agreement or provided to the Parties from time to time

6.1.3. collect and share personal data for explicit specified and legitimate purpose adequate, relevant, limited to what is necessary in relation to the purposes for which it is processed and not further processed in a manner incompatible with those purposes.

6.1.4. not otherwise modify, amend or alter the contents of the personal data or disclose or permit the disclosure of any of the personal data to any third party unless specifically authorized in writing by the other Party and the data subject.

6.1.5. Maintain personal data that is accurate and where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data is erased or rectified without delay.

6.1.6. implement appropriate technical and organizational measures to protect the personal data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure

6.1.7. ensure that personal data is not transferred outside Kenya, unless there is proof of adequate data protection safeguards or written consent from the data subject.

6.1.8. Ensure personnel who need to have access to the personal data are granted access to such data and only for the purposes of the performance of this Agreement and ensure that all of the Parties’ personnel required to access the personal data are informed of the confidential nature of the personal data and comply with the obligations set out in this agreement.

6.1.9. That each party confirms that during collection of personal data in its possession, the data subject was informed of the Use of their personal data and they can access their personal data whenever requested.

6.1.10. Ensure that before processing of personal data in relation to a minor consent is granted by the parent or the guardian

6.1.11. not publish, disclose or divulge any of the personal data to any third party (including the data subject) unless directed to do so in writing by the other Party.

6.2 Notify the other Party within five (5) Business Days if it:     

6.2.1. becomes aware of any breach of this clause by it or its subcontractors;

6.2.2. receives a complaint or request relating directly or indirectly to the processing of any personal data in connection with this Agreement; and

6.2.3. receives any other communication relating directly or indirectly to the processing of any personal data in connection with this Agreement.

6.2.4. The Parties shall, at all times during and after the Term, indemnify each other against all losses, damages, costs or expenses and other liabilities (including legal fees) incurred by, awarded against or agreed to be paid by the Party being indemnified arising from any breach of the Parties’ obligations under this clause

7. REPRESENTATIONS AND WARRANTIES.
7.1. The Service Provider represents and warrants to the client that it has full power and authority to enter into this Agreement including all rights necessary to make the foregoing representations to the client and also that in performing under the Agreement The Service Provider will not violate the terms of any agreement with any third party and that the Services and any work product thereof are the original work of Contractor, do not and will not infringe upon, violate or misappropriate any patent, copyright, trade secret, trademark, contract, or any other publicity right, privacy right, or proprietary right of any third party.

7.2. The Service Provider warrants that the software shall be reasonably fit for the purposes for which it is to be used by the client in accordance with the requirements of the client.

7.3. The Service Provider warrants that the software shall operate substantially in accordance with this Agreement but it shall have no responsibilities for failures brought about by local power or telecommunication problems.

8. INDEMNITY
The client shall defend, indemnify and hold The Service Provider and its successors, assigns and licensees harmless from any and all claims, actions and proceedings, and the resulting losses, damages, costs and expenses (including reasonable attorneys’ fees) arising from any claim, action or proceeding based upon or in any way related to any financial losses or otherwise that may come about as a result of the Client’s gross negligence or willful misconduct.

9. DISPUTE RESOLUTION
In the event of any dispute or difference arising between the parties herein as to the construction of this Agreement, the rights, duties or obligations of any party or any matter arising out of or concerning any of the content of this Agreement, any such dispute shall be solved amicably between the Parties failing which it shall be referred to a mutually agreed Arbitrator, failing which one shall be appointed by the Chairman of the Chartered Institute of Arbitrators (Kenya Branch) on due request by either party whose decision shall be final and binding. Arbitration will be in English and will be held in Nairobi.

10. NATURE OF ENGAGEMENT
The Client enters into this Agreement as, and shall continue to be, an independent contractor. All Services shall be performed only by The Service Provider and its employees. Under no circumstances shall its employees look to the client as its employer, agent or principal. Neither The client, nor any of its employees, shall be entitled to any benefits accorded to the Service Provider’s employees, including without limitation worker’s compensation, disability insurance, vacation or sick pay.

11. FORCE MAJEURE
Neither party shall be in breach of this Agreement if it fails to discharge any obligation imposed on it hereunder, if the sole reason for the failure is any cause or event outside the control of the Party in question, including war, riot, act of God, terrorism, extreme weather, interruption of water, power or any essential supply, arson or any criminal act by any third party not connected with the Party affected, trade disputes (other than trade disputes directly involving the Party’s own employees) or any other cause.

12. EXCLUSION
The Parties further agree that the Partner in the duration of this Agreement shall not be prohibited to enter into any other Agreement that is similar to this Agreement which the said action shall not constitute a fundamental breach of this Agreement.

13. GOVERNING LAW
This Agreement shall be construed in accordance with and governed for all purposes by the laws of Kenya applicable to contracts executed and wholly performed within such jurisdiction.