Privacy Policy

Kenya Power and Lighting Company ("KPLC", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Staff Management System ("Service").

This policy applies to all employees, contractors, and authorized users of the KPLC Staff Management System.

We collect several types of information for various purposes to provide and improve our Service:

Personal Information

• Staff ID and employee number
• Full name and contact information
• Job title, department, and reporting structure
• Work location and assignment details
• Professional qualifications and certifications

System Usage Data

• Login timestamps and session duration
• Features accessed and actions performed
• Device information and IP addresses
• Browser type and operating system
• Performance and error logs

Work-Related Data

• Task assignments and completion status
• Work orders and maintenance records
• Team memberships and project participation
• Performance metrics and reporting data
• Training records and skill assessments

We use the collected information for the following purposes:

Service Operations

• Provide access to the Staff Management System
• Authenticate users and maintain account security
• Process work assignments and task management
• Generate reports and analytics for operational efficiency
• Facilitate communication between teams and departments

System Improvement

• Monitor system performance and reliability
• Identify and resolve technical issues
• Develop new features and enhancements
• Conduct security monitoring and threat detection
• Optimize user experience and interface design

Compliance and Governance

• Meet regulatory and audit requirements
• Maintain records for legal and compliance purposes
• Support internal investigations and quality assurance
• Ensure adherence to company policies and procedures

We implement robust security measures to protect your personal information:

Technical Safeguards

• End-to-end encryption for data transmission
• Secure authentication and authorization systems
• Regular security audits and vulnerability assessments
• Automated backup and disaster recovery procedures
• Network security monitoring and intrusion detection

Administrative Controls

• Role-based access controls and permissions
• Regular security training for all staff
• Incident response and breach notification procedures
• Data classification and handling protocols
• Third-party security assessments and certifications

Physical Security

• Secure data center facilities with restricted access
• Environmental controls and monitoring systems
• Secure disposal of hardware and storage media
• Visitor access controls and activity logging

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• Internal Operations: Sharing within KPLC departments for legitimate business purposes
• Legal Requirements: When required by law, regulation, or legal process
• Emergency Situations: To protect the safety and security of employees or facilities
• Authorized Service Providers: Third-party vendors under strict confidentiality agreements
• Business Transfers: In the event of merger, acquisition, or asset transfer

All external sharing is governed by strict confidentiality agreements and data protection requirements.

We retain your information for different periods depending on the type of data and business requirements:

• Active Employment Data: Maintained throughout employment and updated as needed
• System Usage Logs: Retained for 12 months for security and performance monitoring
• Work Records: Retained per company record retention policies (typically 7 years)
• Security Logs: Retained for 3 years for incident investigation purposes
• Training Records: Retained per regulatory requirements (typically 5-10 years)

Upon termination of employment, personal data is archived or deleted according to legal requirements and company policies.

As a user of the Staff Management System, you have certain rights regarding your personal information:

• Access: Request access to your personal information held in the system
• Correction: Request correction of inaccurate or incomplete information
• Data Portability: Request a copy of your data in a structured format
• Notification: Be informed of any data breaches that may affect you
• Complaints: File complaints about privacy practices with appropriate authorities

To exercise these rights, please contact the IT Department or your Human Resources representative.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify users through the system notification mechanism
• Provide email notification for significant changes
• Maintain previous versions for reference and compliance purposes

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to privacy inquiries within 30 days and data access requests within 45 days, in accordance with applicable data protection regulations.