SSK Privacy Policy

Effective Date: July 24, 2025

The Statistical Society of Kenya (SSK) is committed to protecting the privacy and personal data of its members, website visitors, and all individuals with whom we interact. This Privacy Policy outlines how SSK collects, uses, processes, stores, and protects your personal data in compliance with the Kenya Data Protection Act 2019 (KDPA) and international best practices for data privacy.

1. Introduction and Scope

This Privacy Policy applies to all personal data collected and processed by SSK through its website, Member Management System, event registrations, communications, and any other interactions where personal data is provided to SSK.

2. Data Controller Information

The Data Controller responsible for your personal data under this policy is: Statistical Society of Kenya (SSK): P. O. Box 62000-00200, Nairobi, Kenya, Phone Number: +254725817836 / +254757165770, Email: info@knss.org

3. Definitions (as per Kenya Data Protection Act 2019)

3.1. Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2. Data Subject: An identified or identifiable natural person to whom personal data relates.

3.3. Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4. Consent: Any express indication of the data subject’s wishes by which the data subject signifies agreement to the processing of their personal data.

3.5. Data Controller: A natural or legal person, public authority, agency or other body which alone or jointly with others determines the purpose and means of processing personal data.

3.6. Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

4. Principles for Processing Personal Data

SSK adheres to the following principles as mandated by the KDPA 2019:

4.1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject.

4.2. Purpose Limitation: Personal data is collected for explicit, specified, and legitimate purposes and not further processed in a manner incompatible with those purposes.

4.3. Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

4.4. Accuracy: Personal data is accurate and, where necessary, kept up to date. Every reasonable step is taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.

4.5. Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

4.6. Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

4.7. Accountability: The data controller is responsible for and is able to demonstrate compliance with these principles.

5. Types of Personal Data Collected

SSK collects various types of personal data, depending on your interaction with us:

5.1. Membership Data:

  • Identification: Full Name, Gender, Date of Birth, Nationality, National ID/Passport Number (if required for specific purposes like professional registration verification).
  • Contact Information: Email Address, Phone Number, Postal Address, County of Residence.
  • Professional Details: Academic Qualifications (e.g., BSc, MSc, PhD), Area of Specialization, Current Employer/Organization, Job Title, Professional Memberships, CV (if provided for specific applications).
  • Payment Information: Transaction details for membership dues (we do not store full credit card details; these are processed by secure payment gateways).
  • Membership History: Membership category, join date, renewal dates, participation in SSK activities.

5.2. Website Usage Data:

  • Technical Data: IP address, browser type and version, operating system, device type, referral source, pages visited, time spent on pages, access dates and times.
  • Cookies: Information collected through cookies and similar tracking technologies (see Section 12).

5.3. Event Participation Data:

  • Name, contact information, dietary requirements (if applicable), accessibility needs, payment information for event fees.

5.4. Communication Data:

  • Records of correspondence with SSK (e.g., emails, inquiries, feedback).

6. Purposes of Data Collection and Processing

SSK collects and processes your personal data for the following purposes:

  • Membership Management: To process membership applications and renewals, maintain member records, manage member benefits, and provide access to the Member Management System.
  • Communication: To send you important updates, newsletters, event invitations, announcements, and other relevant information related to SSK activities and the field of statistics.
  • Service Delivery: To provide you with services and resources offered by SSK, such as access to publications, online forums, and professional development opportunities.
  • Event Organization: To facilitate your registration and participation in SSK events, workshops, conferences, and training programs.
  • Networking and Collaboration: To enable professional networking among members and facilitate collaboration on statistical initiatives.
  • Research and Advocacy: To conduct research, surveys, and analyses to understand the needs of the statistical community, inform policy advocacy, and promote the role of statistics in national development.
  • Financial Management: To process payments for membership dues and event fees, manage financial records, and comply with accounting and tax obligations.
  • Website Improvement: To monitor and analyze website usage, improve website functionality, and enhance user experience.
  • Legal and Regulatory Compliance: To comply with legal obligations under the KDPA, other Kenyan laws, and relevant international regulations.
  • Safeguarding: To ensure the safety and well-being of all participants in SSK activities, in line with our safeguarding policies.

7. Legal Basis for Processing Personal Data

SSK relies on the following legal bases for processing your personal data:

  • Consent: Where you have given explicit consent for specific processing purposes (e.g., subscribing to newsletters, providing optional demographic data). You have the right to withdraw your consent at any time.
  • Performance of a Contract: Where processing is necessary for the performance of a contract to which you are a party (e.g., your membership agreement with SSK, event registration).
  • Legitimate Interests: Where processing is necessary for the legitimate interests pursued by SSK or a third party, provided that your fundamental rights and freedoms are not overridden (e.g., internal administrative purposes, improving our services, communicating relevant professional opportunities).
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which SSK is subject (e.g., tax compliance, regulatory reporting).

8. Data Minimization and Accuracy

We collect only the personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We take reasonable steps to ensure that the personal data we hold is accurate and kept up to date. We encourage you to promptly update your personal information in the Member Management System or notify us of any changes.

9. Data Retention

SSK will retain your personal data for no longer than is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period will vary depending on the type of data and the purpose of processing. For active members, data is retained for the duration of membership and a reasonable period thereafter for administrative and historical purposes.

10. Data Security Measures

SSK implements appropriate technical and organizational measures to ensure the security of your personal data and protect it against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Access Controls: Restricting access to personal data to authorized personnel only.
  • Encryption: Using encryption for data in transit and at rest where appropriate.
  • Firewalls and Network Security: Implementing robust network security measures.
  • Regular Backups: Performing regular backups of data to prevent loss.
  • Security Audits: Conducting periodic security audits and vulnerability assessments.
  • Staff Training: Providing regular data protection and security training to all staff.
  • Physical Security: Ensuring physical security of our premises and data storage facilities.

11. Data Sharing and Disclosure

SSK may share your personal data with third parties only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating the Platform, managing membership, organizing events, or providing other services on our behalf (e.g., IT support, payment processors, email service providers). These providers are contractually obligated to protect your data and use it only for the purposes specified by SSK.
  • Partners and Collaborators: With partners or collaborating organizations for specific joint initiatives, events, or projects, but only with your explicit consent or where necessary for the performance of a contract.
  • Legal Requirements: When required by law, court order, or governmental regulation.
  • Professional Bodies: With relevant professional or regulatory bodies for verification of qualifications or professional standing, where necessary and with your consent.
  • Aggregate/Anonymized Data: We may share aggregated or anonymized data that cannot be used to identify you personally for research, reporting, or analytical purposes.
International Data Transfers:

In some cases, your personal data may be transferred to, and stored at, a destination outside Kenya (e.g., if our service providers operate internationally). Where such transfers occur, SSK will ensure that appropriate safeguards are in place as required by the KDPA 2019, such as Non-Disclosure Agreements (NDAs), standard contractual clauses, binding corporate rules, or reliance on adequacy decisions, to ensure your data receives a similar level of protection.

12. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content.

  • What are Cookies? Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
  • How We Use Cookies: We use cookies for:
    • Essential functionality: To enable core website features (e.g., login sessions, shopping cart).
    • Analytics: To understand how visitors interact with our website (e.g., Google Analytics).
    • Personalization: To remember your preferences and provide a more tailored experience.
  • Your Choices: You can control and manage cookies through your browser settings. However, disabling certain cookies may affect the functionality of the website. By continuing to use our website without changing your cookie settings, you consent to our use of cookies as described in this policy.

13. Your Data Protection Rights (as per Kenya Data Protection Act 2019)

As a Data Subject, you have the following rights regarding your personal data:

  • Right to be Informed: The right to be informed of the use to which your personal data is to be put.
  • Right of Access: The right to access your personal data held by SSK.
  • Right to Object: The right to object to the processing of all or part of your personal data.
  • Right to Rectification: The right to demand the rectification of false or misleading data.
  • Right to Erasure (Right to be Forgotten): The right to demand the erasure of false or misleading data, or data that is no longer necessary for the purpose for which it was collected.
  • Right to Restriction of Processing: The right to request the restriction of processing of your personal data.
  • Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Lodge a Complaint: The right to lodge a complaint with the Office of the Data Protection Commissioner if you believe your rights have been violated.

To exercise any of these rights, please contact our Data Protection Officer/Contact Person using the details provided in Section 15. We will respond to your request in accordance with the KDPA.

14. Children's Data

SSK's services are generally not directed at children under the age of 18. We do not knowingly collect personal data from children without parental consent. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly.

15. Changes to This Privacy Policy

SSK may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "Effective Date" at the top. We encourage you to review this policy periodically.

16. Contact Information for Data Protection Queries

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact:

Email: info@knss.org
Phone Number: +254725817836 / +254757165770
P. O. Box 62000-00200, Nairobi, Kenya
SSK Website| Member Login| Member Registration| Member Checker| Privacy Policy| Terms

© 2026 - STATISTICAL SOCIETY OF KENYA