Personal data processing
These general conditions of use have been translated into English. In the event of a dispute, the general conditions of use written in the original language, that is to say French are valid.
RWANDA:
LAW Nº 058/2021 OF 13/10/2021 RELATING TO DATA PROTECTION AT
PERSONAL CHARACTER AND PRIVACY
EU (European Union):
GDPR 27 April 2016 (General Data Protection Regulation. Regulation (EU) 2016/679 of the European Parliament and of the Council of Europe of 27 April 2016 on the protection of natural persons with regard to the processing of personal data personal character and the free movement of such data);
Table of contents
ARTICLE 1: Type of personal data collected 2
ARTICLE 2: Mode of collection of personal data 3
ARTICLE 3: Purposes of processing 3
ARTICLE 4: Duration of retention of personal data 3
ARTICLE 5: Protection of personal data 4
ARTICLE 6: Rights of data subjects 4
ARTICLE 6.1 Access of the person concerned to his personal data. 4
ARTICLE 6.2 Modification of the personal data of the data subject 4
ARTICLE 6.3 Deletion of personal data of the data subject 5
ARTICLE 6.4 Portability of personal data of the data subject 5
ARTICLE 7: Transfer of personal data 5
ARTICLE 7.1 Telephone Payments: 5
ARTICLE 7.2 Credit Card Payments: 6
Legal Notice
Service provider
Kaimus Ltd Referred to herein as "Provider"
Registration number: 120126453
KG 11 No. 81
Kimironko Kigali Rwanda
Email: info@kaimus.com
Contact DPD/DPO (Data Protection Officer, Data Protection Officer):
Controller: Kaimus Ltd
Kaimus Ltd is a multi-service company based in Rwanda, the competent authority in case of dispute is Rwanda.
The user, customer,
Is considered as a customer, any natural or legal person using the services and/or the website of the company Kaimus Ltd and having contracted with the service provider and is referred to in this document as "the customer".
Is considered a user, any natural or legal person using the web services of the Kaimus.com site and are referred to in this document as "the user".
ARTICLE 1: Type of personal data collected
For legitimate needs, the service provider is required to collect certain personal data from the customer and/or user such as:
• For a natural person
◦ The name;
◦ first name;
◦ address;
◦ telephone number;
◦ email;
• For a legal person
◦ Company name;
◦ business registration number;
◦ the date of establishment of the business;
◦ the address of the registered office of the company;
◦ the company contact email
◦ the name of the person to contact
◦ the first name of the person to contact.
The service provider does not collect so-called sensitive personal data.
ARTICLE 2: Mode of collection of personal data
The collection is carried out through the contact form and the registration form on the provider's website located at the following address: https://kaimus.com and or through the provider's messaging system.
The collection is also carried out during the payment of the service, the data is collected by the service provider and by the organization which carries out the transaction. The service provider does not have access to the customer's bank details.
The customer, the user undertakes not to provide the service provider with incorrect or fictitious data.
The service provider may at any time ask the customer or the user for proof of his identity.
By using the provider's services, by creating an account on the provider's site, by contacting the provider or the customer electronically, the user accepts the collection of his personal data. By this fact the customer, the user consents to the processing of his personal data.
ARTICLE 3: Purposes of processing
"The processing is necessary for the performance of a contract to which the client or user is a party or for the performance of pre-contractual measures taken at the latter's request. »
The personal data collected by the service provider are for the purposes of the contractual and communication needs of the customer, the user and the service provider.
The service provider undertakes not to rent, sell, give up free of charge, disclose the personal data of the customer or the user.
ARTICLE 4: Duration of retention of personal data
Personal data is kept within the EU for a period of one year (365 days), duration from the last connection of the customer, the user to his account or, where applicable, the last relationship contractual.
After the period of one year (365 days) the data will be transferred to Rwanda stored in Rwanda and they will be kept for the legal period (Rwandan legislation) concerning accounting and/or contractual operations.
ARTICLE 5: Protection of personal data
The service provider makes every effort to protect the personal data of its customers and users. However, on the internet the risk of piracy is always present.
The customer, the user, by using the service provider's services, by using the provider's website, by creating an account on the provider's site accepts the risk and undertakes not to sue the provider in the event of loss or theft of personal data.
The service provider is committed to a personal data protection policy not to sell, not to assign, not to disclose, not to rent the personal data of its customers, its users.
However, the service provider is required by the legislation in force to provide access to the personal data of its customers, of its users to authorized third parties.
To do this, the authorized third party must be mandated either by a court or by the regulatory body for the protection of personal data.
The service provider acknowledges the jurisdiction of the courts of Rwanda and the Rwandan regulatory body with regard to the protection of personal data.
In the context of a request for access to personal data made outside the jurisdiction of Rwanda, the service provider undertakes not to disclose the personal data of its customers, its users.
ARTICLE 6: Rights of data subjects
The customer, the user can ask the service provider for access, modification, portability, deletion of his personal data.
ARTICLE 6.1 Access of the person concerned to his personal data.
The customer, the user who wishes to have access to all of his personal data stored with the service provider can request it by e-mail: kaimusdpo@gmail.com
By return mail, the person concerned will be asked to prove his identity. Accepted evidence is left to the discretion of the service provider in accordance with Rwandan legislation.
ARTICLE 6.2 Modification of the personal data of the data subject
The person concerned can modify his personal data directly from his account on the provider's site.
The customer agrees not to insert erroneous or fictitious data.
The service provider may at any time ask the client or the user for proof of his identity.
ARTICLE 6.3 Deletion of personal data of the data subject
The customer, the user who wishes to erase all of his personal data stored with the service provider can request it by e-mail: kaimusdpo@gmail.com
By return mail, the person concerned will be asked to prove his identity. Accepted evidence is left to the discretion of the service provider in accordance with Rwandan legislation.
However, the portability and deletion of personal data can only take place if the service provider is not required to keep the personal data according to the legislation in force in Rwanda and in the European Union concerning contracts. and/or accounting operations.
ARTICLE 6.4 Portability of personal data of the data subject
It is understood by portability of personal data that the data provided to the customer, to the user is readable by an information system other than that of the customer.
The customer, the user who wishes the portability of all his personal data stored with the service provider can make the request by e-mail: kaimusdpo@gmail.com
By return mail, the person concerned will be asked to prove his identity. Accepted evidence is left to the discretion of the service provider in accordance with Rwandan legislation.
ARTICLE 7: Transfer of personal data
Transfer of personal data means any data leaving Rwanda and/or leaving the EU.
The site of the provider Kaimus. Com is hosted within the EU (European Union). By registering on the site or by using the contact form, the customer, the user consents that his personal data be stored on a European server which complies with the regulations of Rwanda and complies with the regulations of the European Union with regard to the protection of personal data.
The competent jurisdiction in this matter is that of Rwanda.
ARTICLE 7.1 Telephone Payments:
-
MTN Rwanda
The data controller is MTN, whose head office is located in Johannesburg South Africa.
- The service provider receives on the telephone dedicated to transactions a transaction notification by SMS (Short Message Service) containing the surname, first name, middle name, telephone number, transaction number of the customer or user.
- The service provider does not have access to the data of the customer's or user's account.
-
- By paying through the MTN telephone operator, the customer accepts the privacy policy and the conditions of use of the MTN payment platform, the general conditions of which can be consulted here: https://www.mtn.co. rw/momo-terms/
-
AIRTEL Rwanda
- The data controller is the company AIRTEL whose head office is located in New Delhi, India
- The service provider receives on the telephone dedicated to transactions a transaction notification by SMS (Short Message Service) containing the surname, first name, middle name, telephone number, transaction number of the customer or user.
- The service provider does not have access to the data of the customer's or user's account.
-
- By paying through the telephone operator AIRTEL, the customer accepts the privacy policy and the conditions of use of the AIRTEL payment platform, the general conditions of which can be consulted here: https://www.airtel.co.rw /airtelmoney/am-T-and-C
ARTICLE 7.2 Credit Card Payments:
- the service provider uses the PAYPAL payment platform.
- The PAYPAL platform at its head office in Luxembourg (European Union).
- The person responsible for processing personal data for credit card payments is the PAYPAL payment platform.
- The service provider does not have access to the customer's or user's bank details. The service provider receives by e-mail a confirmation of payment from the customer or user containing, his surname, first name, address, e-mail, telephone number, customer identification number, telephone number. transaction, the amount paid by the customer, the user.
- By paying by credit card the customer or user accepts that his personal data will be processed by PAYPAL. PAYPAL's Personal Data Processing Policy can be viewed here: https://www.paypal.com/webapps/mpp/ua/privacy-full
ARTICLE 7.3 Payment by Paypal account
- the service provider uses the PAYPAL payment platform.
- The PAYPAL platform at its head office in Luxembourg (European Union).
- The person responsible for processing personal data for payments by PAYPAL account is the PAYPAL payment platform.
- The service provider does not have access to the customer's or user's bank details. The service provider receives by e-mail a confirmation of payment from the customer or user containing, his surname, first name, address, e-mail, telephone number, customer identification number, telephone number. transaction, the amount paid by the customer, the user.
- By paying through a Paypal account, the customer or user accepts that his personal data will be processed by PAYPAL. PAYPAL's Personal Data Processing Policy can be viewed here: https://www.paypal.com/webapps/mpp/ua/privacy-full
SECTION 8 Cookies
The kaimus.com website uses the GOOGLE analytics free version and consol search free version products on its website.
The cookies collect the following information:
-
Country ;
-
city ;
-
device type;
-
browser type;
-
landing page;
-
exit page;
-
method of arrival on the site (search engine, social networks, direct link, etc.);
These products are used by the service provider for the sole purpose of improving the user experience, and learning more about the habits of those who visit the site, such as: knowing the country from which the Internet user connects. This allows the service provider to see if it would be necessary to have an additional language on the site and which one.
Under no circumstances does the service provider use cookies for the purposes of profiling, advertising or tracking.
These cookies do not collect personal data.
The controller is GOOGLE based in San Francisco USA.
Lexicon :
-
Personal Data:
is considered personal data any information allowing the identification of a natural person. A telephone number is not necessarily considered as personal data if it is not associated with the name of a person, however the telephone number is protected by the laws in force mentioned at the beginning of this document, even for the e-mail address.
-
Collection of personal data
-
The collection of personal data does not only take place on the Internet. Personal data may be collected in the context of an employer-employee relationship (pay slip, contract), contractual relationship, etc.
-
Sensitive personal data:
-
there are 7 categories of data whose collection is prohibited or subject to authorizations with specific collection and protection measures. For this sensitive data, the collection must be legitimate, as is the case for example for a hospital which collects the medical data of its patients.
-
The categories of so-called sensitive data are as follows:
-
Medical data; (Rwanda, Eu)
-
biometric data; (Rwanda, USA)
-
ethnic and/or racial data; (Rwanda, USA)
-
political and/or union data; (Rwanda, USA)
-
religious and/or philosophical data; (Rwanda, USA)
-
genetic data; (Rwanda, USA)
-
data concerning sexual orientation; (Rwanda, USA)
-
Criminal record; (Rwanda)
-
Social origin; (Rwanda)
-
Family details; (Rwanda)▪
-
Controller:
the data controller is the legal personality responsible for the processing, storage and security of personal data. The customer or the user who wishes to access, modify, transfer, delete his personal data must make a request to the data controller.
-
Authorized Third Party:
authorized third parties are court-mandated justice bodies.
-
Regulator:
supervisory body verifies the processing of companies' personal data and grants authorization for processing. It may be required to carry out investigations, to impose fines in the event of non-compliance, to authorize or prohibit the collection of so-called sensitive personal data, etc.
-
Cookie:
-
small file placed in the browser that contains user data (navigation, site visit, purchase, connection ID, location, etc.) Each Cookie is different from one site to another, they may have a lifespan from one minute to an infinite lifetime. Each cookie collects different data depending on the sites.
Kigali 1 May 2023