KDPA Compliance
Kenya Data Protection Act 2019
SHA Online Cyber Services is fully committed to complying with the Kenya Data Protection Act (KDPA) 2019. As a platform handling sensitive health-related and identity data, we take our obligations under this law seriously.
AES-256 Encryption
All personal data and documents are encrypted in transit and at rest using military-grade AES-256 encryption.
48-Hour Auto-Deletion
Uploaded documents (IDs, police abstracts, certificates) are permanently deleted within 48 hours of processing completion.
Purpose Limitation
Your data is collected only for the specific SHA service you request and is never used for marketing or sold to third parties.
Lawful Processing
We process your data based on your explicit consent and contractual necessity as defined in Section 30 of the KDPA.
Your Rights Under the KDPA
The Kenya Data Protection Act 2019 grants you the following rights regarding your personal data:
- Right of Access (Section 26): You can request a copy of all personal data we hold about you at no cost.
- Right to Rectification (Section 26): You can request correction of inaccurate personal data.
- Right to Deletion (Section 26): You can request deletion of your personal data when it is no longer necessary for the purpose it was collected.
- Right to Object (Section 26): You can object to processing of your data in certain circumstances.
- Right to Data Portability (Section 26): You can request your data in a structured, commonly used format.
Data We Collect and Why
| Data Type | Purpose | Retention |
|---|---|---|
| Full name, ID number | SHA service processing | 12 months |
| Phone, email | Status updates, support | 12 months |
| SHA PIN | Service request processing | 12 months |
| Document uploads | Identity verification | 48 hours |
| M-Pesa receipt | Payment confirmation | 12 months |
How to Exercise Your Rights
To exercise any of your data protection rights, send a request to our Data Protection Officer at support@shacyberservices.com with the subject line "KDPA Data Request." We will respond within 30 days as required by law.
Complaints
If you believe your data protection rights have been violated, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.
Your Data is Safe with Us
We are committed to protecting your personal information at every step of your SHA service request.