Kenya Great Party (KGP) is committed to respecting and protecting the privacy of all members, supporters, volunteers, employees, suppliers, and visitors to our platforms. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in compliance with the Constitution of Kenya (Article 31), the Data Protection Act, 2019, the Access to Information Act, 2016, the Political Parties Act, 2011, and the KGP Constitution (Article 10: Membership Requirements and Procedures, Article 20: Access to Records, Article 27: Democratic Practices).

This policy applies to all personal data processed through our website (kenyagreatparty.co.ke), membership portals, physical membership forms, SMS platforms, and any other KGP-controlled systems or events. The data collection requirements and usage are specifically mandated by the KGP Constitution Article 10.10.

Data Controller: Kenya Great Party (KGP)

Registered Office: TEJ Plaza Building, 5th Floor, Room 12, Off Pumwani Road, P.O. Box 26338-00100, Nairobi, Kenya.

Data Protection Officer (DPO): The KGP Secretary General is mandated as the DPO for purposes of compliance.

Contact Email: privacy@kenyagreatparty.org

Telephone: +254 729 554 475

As per KGP Constitution Article 10.10, the following information is required for member registration:

Legal Basis: Collection is mandated by the KGP Constitution (Article 10) and required for compliance with the Political Parties Act, 2011.

We only process personal data when permitted by law. The lawful bases we rely on include:

• Constitutional & Statutory Obligation: Compliance with the KGP Constitution (Article 10.10), Political Parties Act, 2011 (Section 34(d)), Data Protection Act, 2019, and Access to Information Act, 2016. The collection of specific data (names, ID, region, county, ethnicity, disability, gender) is mandated by Article 10.10 of the KGP Constitution.
• Consent: For membership applications, campaign communications, testimonials, and optional programs. Consent can be withdrawn at any time, subject to legal obligations.
• Contractual Necessity: To manage your membership, process event registrations, and deliver member services.
• Legal Obligation: Compliance with statutory requirements, including electoral laws, IPPMS reporting to the Registrar of Political Parties (Article 10.4), taxation, anti-money laundering, and public access requirements.
• Legitimate Interests: For party administration, branch assignment (Article 10.8), democratic representation and affirmative action (Article 27), safeguarding our systems, preventing misuse, and promoting party objectives while balancing your rights.
• Public Interest: When processing is necessary for public participation, democratic practices, or performing tasks in the public interest as contemplated by the Constitution and Political Parties Act.

As per KGP Constitution Article 10.4 and Article 10.8, we use personal data for:

• Membership Verification & Record-Keeping: To keep and continuously update the membership list, maintain signed membership forms, and issue standardized membership cards.
• Branch Assignment: To determine your correct local branch or sub-branch based on where you are enrolled to vote (Article 10.8).
• Democratic Representation: To implement policies on diversity, affirmative action, and ensure representation for minorities, marginalized groups, and adherence to the two-thirds gender rule (Article 27).
• IPPMS Reporting: To forward member details through the Integrated Political Parties Management System (IPPMS) to the Registrar of Political Parties for centralized record-keeping (Article 10.4).
• Public Access Compliance: To comply with Section 34(d) of the Political Parties Act, 2011, which requires membership registers to be accessible to the public with proper legal safeguards (Article 20).
• Facilitate party governance, elections, assemblies, and committee operations.
• Communicate policy positions, events, fundraising appeals, and volunteer opportunities.
• Improve our digital services, protect against fraud, and audit system security.

You have the following rights under the Data Protection Act, 2019:

• Right to be informed: To receive clear information about how we use your data.
• Right of access: To request a copy of the personal data we hold about you.
• Right to rectification: To ask us to correct inaccurate or incomplete data.
• Right to erasure: To request deletion of personal data, subject to legal obligations.
• Right to object or restrict processing: To stop or limit certain processing, including direct marketing.
• Right to data portability: To receive your data in a structured, commonly used format.
• Right not to be subjected to automated decision-making: We do not make decisions solely based on automated processing.

To exercise any right, contact the DPO through privacy@kenyagreatparty.org. We will respond within the statutory timelines.

We do not sell personal data. We may disclose data to:

• Integrated Political Parties Management System (IPPMS): Member details are forwarded to the Registrar of Political Parties for centralized record-keeping as required by Article 10.4 of the KGP Constitution.
• Authorized KGP officials, committees, and volunteers bound by confidentiality agreements.
• Service providers (IT, SMS gateways, secure storage, payment processors) operating under strict data processing agreements.
• Regulatory bodies such as the Office of the Registrar of Political Parties (ORPP), the Independent Electoral and Boundaries Commission (IEBC), or ODPC where required by law.
• Law enforcement agencies when mandated by a court order or applicable law.

Any sharing is governed by written contracts and data protection impact assessments where necessary. All disclosures comply with the Data Protection Act, 2019 and the Access to Information Act, 2016.

As per KGP Constitution Article 20 and Section 34(d) of the Political Parties Act, 2011, the membership register must be accessible to members of the public with proper legal safeguards:

Purpose of Public Access: This requirement ensures transparency and compliance with democratic principles while protecting members through legal safeguards (affidavits) that prevent misuse of information.

Contact for Access Requests: All requests should be directed to the Secretary General at the KGP registered office or via privacy@kenyagreatparty.org.

Where data is transferred outside Kenya (for example, to cloud infrastructure or communication platforms), we ensure that the destination jurisdiction provides an adequate level of protection or that appropriate safeguards (such as standard contractual clauses) are in place, as required by Sections 48 and 49 of the Data Protection Act.

We implement technical and organizational measures to protect personal data, including:

• Role-based access controls and staff vetting.
• Multi-factor authentication for administrative systems.
• Encryption in transit (HTTPS/TLS) and at rest where appropriate.
• Secure storage of physical records and restricted access to archives.
• Regular security audits, intrusion detection, and incident response procedures.

In case of a personal data breach, we will notify the ODPC and affected individuals in accordance with Section 43 of the Data Protection Act.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to satisfy legal, regulatory, or reporting requirements. Membership records are retained for the period of membership and five (5) years thereafter, unless the law requires a longer period.

KGP membership is limited to individuals aged 18 years and above. We do not knowingly collect data from persons under 18. If such data is inadvertently collected, it will be erased promptly upon notification.

This policy will be reviewed regularly to ensure ongoing compliance with Kenyan law and best practices. Significant changes will be communicated via our website and other official channels. The latest version is always available at kenyagreatparty.co.ke/privacy-policy.

Effective Date: 11 November 2025