CATHOLIC DIOCESE OF ELDORET**
Effective Date: [Date, e.g., 1st October 2024]
1. Introduction
The Catholic Diocese of Eldoret (“the Diocese,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the Data Protection Act, 2019 of Kenya, the Children Act, 2022, and other applicable laws.
This policy applies to all clergy, staff, volunteers, parishioners, donors, visitors, children, vulnerable persons, and any individuals who interact with the Diocese through its parishes, institutions, programs, digital platforms, or events.
2. Data Protection Principles
We adhere to the following data protection principles:
-
Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
-
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
-
Data Minimization: We only collect data that is adequate, relevant, and limited to what is necessary.
-
Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
-
Storage Limitation: Data is kept in a form that permits identification of data subjects for no longer than necessary.
-
Integrity and Confidentiality: We process data securely using appropriate technical and organizational measures.
-
Accountability: We are responsible for and able to demonstrate compliance with data protection laws.
3. Information We Collect
We may collect and process the following categories of personal data:
-
Identity Data: Name, date of birth, national ID/passport number, photographs.
-
Contact Data: Address, email address, telephone number, parish information.
-
Demographic Data: Gender, marital status, language, role in the Church.
-
Financial Data: Donation history, bank details, M-Pesa records (processed securely).
-
Safeguarding Data: Information related to child protection, vulnerable persons, incident reports, and disclosures (handled with utmost confidentiality).
-
Special Category Data: Religious affiliation, health information, disability status—processed only with explicit consent or where permitted by law.
-
Technical Data: IP address, browser type, device information when you visit our website.
4. How We Use Your Information
We use your personal data for purposes including but not limited to:
-
Providing pastoral care, sacramental services, and spiritual guidance.
-
Managing safeguarding concerns, investigations, and protection of minors and vulnerable persons.
-
Processing donations, issuing receipts, and managing donor relations.
-
Recruitment, training, and management of clergy, staff, and volunteers.
-
Sending communications about diocesan events, programs, and spiritual activities.
-
Complying with legal, canonical, and regulatory obligations.
-
Ensuring the safety, security, and well-being of our community.
5. Legal Basis for Processing
We process your personal data on one or more of the following legal grounds:
-
Your explicit consent.
-
Performance of a contract or agreement.
-
Compliance with a legal obligation (e.g., reporting to child protection authorities).
-
Protection of vital interests (e.g., health and safety emergencies).
-
Legitimate interests pursued by the Diocese, provided they do not override your rights.
6. Data Sharing and Disclosure
We do not sell, trade, or rent your personal data. We may share information in the following circumstances:
-
With Diocesan offices, parishes, schools, and affiliated institutions for legitimate ecclesiastical and operational purposes.
-
With government authorities, law enforcement, or child protection agencies as required by law.
-
With trusted third-party service providers (e.g., IT support, financial processors) under strict confidentiality agreements.
-
When necessary to protect the rights, safety, or well-being of individuals, especially children and vulnerable persons.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include:
-
Secure storage systems with access controls.
-
Encryption of sensitive data.
-
Regular staff training on data protection and confidentiality.
-
Secure destruction of data no longer needed.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Kenyan law, canon law, or safeguarding obligations. Safeguarding records may be retained longer to ensure continued protection and compliance.
9. Your Rights Under Kenyan Law
You have the following rights regarding your personal data:
-
Right of Access: Request a copy of the personal data we hold about you.
-
Right to Rectification: Request correction of inaccurate or incomplete data.
-
Right to Erasure: Request deletion of your data under certain conditions.
-
Right to Restrict Processing: Request limitation of how we use your data.
-
Right to Object: Object to processing based on legitimate interests.
-
Right to Data Portability: Receive your data in a structured, machine-readable format.
-
Right to Withdraw Consent: Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, please contact our Data Protection Officer using the details below.
10. Children’s Privacy
We take special care to protect the privacy of children under 18. Personal data of minors is collected only with parental or guardian consent, except where otherwise permitted by law for safeguarding purposes. We comply fully with the Children Act, 2022 and our Diocesan Safeguarding Policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will be posted on our website and available at Diocesan offices. Continued engagement with the Diocese constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Data Protection Officer
Catholic Diocese of Eldoret
, Eldoret
Email:
Phone: