Privacy Policy

Transformative Engineers Foundation (TEF)
Email: info@tef-org.org
Registered Office: Eldoret, Kenya
Registration No.: NGO-JDUMBK6

1. Introduction

Transformative Engineers Foundation (TEF) is committed to protecting the privacy, confidentiality, and security of personal data entrusted to us by donors, funding partners, beneficiaries, volunteers, staff, consultants, website users, and other stakeholders.

This Privacy Policy explains how TEF collects, uses, stores, shares, and protects personal data when you visit our website, contact us, support our work, apply to collaborate with us, participate in our programs, or otherwise interact with us.

TEF’s data protection practices are guided by the Constitution of Kenya, including Article 31 on the right to privacy, the Kenya Data Protection Act, 2019, and the Data Protection (General) Regulations, 2021. Where TEF processes personal data in connection with individuals, institutions, or funders located in the European Economic Area, including Germany, TEF seeks to apply standards aligned with the EU General Data Protection Regulation (GDPR) and, where relevant, the German Federal Data Protection Act (BDSG).

2. Data Controller

For the purposes of TEF’s website and organizational activities, the data controller is:

Transformative Engineers Foundation (TEF)
Registered Office: Eldoret, Kenya
Email: info@tef-org.org

3. Scope of This Policy

This Privacy Policy applies to personal data processed by TEF in connection with:

  • use of the TEF website;
  • communication through email, phone, contact forms, or social media;
  • donations, funding relationships, and partnerships;
  • volunteer, internship, consultancy, employment, and advisory applications;
  • project implementation, beneficiary support, monitoring, evaluation, and reporting;
  • compliance, safeguarding, governance, and security processes.

This policy does not automatically apply to third-party websites, platforms, or services that may be linked from the TEF website.

4. Personal Data We May Collect

Depending on the nature of the interaction, TEF may collect and process the following categories of personal data:

4.1 Identity and Contact Data

This may include name, title, organization name, postal address, email address, telephone number, country, and other contact details.

4.2 Donor and Partner Data

This may include professional affiliation, grant-related contact details, project interests, correspondence, contractual information, due diligence documents, partnership records, and information relating to funding, collaboration, or reporting obligations.

4.3 Beneficiary and Program Data

Where relevant to TEF’s charitable, educational, environmental, innovation, health, or community development work, this may include basic demographic details, participation records, support records, assessments, monitoring and evaluation data, and program-related communications.

4.4 Website Usage Data

This may include IP address, browser type, device type, operating system, referring pages, pages visited, date and time of access, and technical logs generated when users access the website.

4.5 Communication Data

This includes information contained in messages sent to TEF through contact forms, email, telephone, social media, or other communication channels.

4.6 Recruitment and Volunteering Data

Where a person applies for employment, volunteering, consultancy, internship, or advisory engagement, TEF may collect CVs, educational and professional background, references, availability, motivation letters, and other application-related information.

4.7 Compliance and Security Data

This may include information required for fraud prevention, accountability, safeguarding, incident reporting, risk management, legal compliance, and organizational security.

TEF seeks to collect only the personal data reasonably necessary for the specific purpose for which it is processed.

5. Sensitive Personal Data

In limited circumstances, and only where necessary and lawful, TEF may process sensitive or special categories of personal data. This may arise, for example, in connection with safeguarding, child protection, disability inclusion, vulnerability-related support, or other program activities where such information is necessary for lawful and responsible delivery of support.

TEF does not seek to collect sensitive personal data unless there is a clear and legitimate reason to do so. Where such data is processed, TEF seeks to apply appropriate safeguards, confidentiality measures, and access restrictions proportionate to the sensitivity of the information.

6. How We Collect Personal Data

TEF may collect personal data in the following ways:

  • directly from individuals when they contact us, donate, apply, register, subscribe, or provide information;
  • from partner organizations, funders, consultants, service providers, or publicly available lawful sources;
  • through project implementation, grant administration, and reporting activities;
  • through website forms, cookies, server logs, and similar technical means;
  • during due diligence, safeguarding, compliance, governance, and audit processes.

Where TEF collects personal data directly from individuals, it seeks to do so fairly, transparently, and for legitimate purposes consistent with applicable law.

7. Purposes of Processing

TEF may process personal data for the following purposes:

  • to respond to enquiries and maintain communication with donors, beneficiaries, volunteers, partners, and the public;
  • to establish, manage, and document partnerships, grants, donations, and funding relationships;
  • to deliver charitable, educational, environmental, technical, innovation, and community development programs;
  • to monitor, evaluate, audit, and report on project implementation, outputs, and outcomes;
  • to assess and process applications for jobs, internships, consultancies, advisory roles, and volunteering;
  • to manage contracts, procurement, payments, administration, and governance;
  • to maintain website functionality, performance, and security;
  • to prevent fraud, abuse, unauthorized access, and other security risks;
  • to meet legal, regulatory, contractual, safeguarding, and accountability obligations;
  • to protect the rights, safety, dignity, and interests of TEF, its beneficiaries, its personnel, and its partners.

8. Lawful Bases for Processing

Depending on the circumstances, TEF may rely on one or more lawful bases for processing personal data, including:

  • consent;
  • performance of a contract or steps taken before entering into a contract;
  • compliance with a legal or regulatory obligation;
  • protection of vital interests;
  • legitimate interests pursued by TEF or a third party, provided such interests are not overridden by the rights and freedoms of the individual;
  • public interest or other lawful grounds recognized under applicable law.

Where TEF relies on consent, individuals may withdraw that consent at any time, subject to the lawfulness of processing already carried out before withdrawal.

9. Cookies and Similar Technologies

The TEF website may use cookies or similar technologies to support website functionality, improve security, remember user preferences, and better understand traffic and usage patterns.

Users may be able to control cookies through their browser settings. Disabling certain cookies may affect website functionality.

Where TEF introduces additional tools or services that require more detailed cookie disclosures, this policy may be updated accordingly.

10. Disclosure and Sharing of Personal Data

TEF does not sell personal data.

TEF may share personal data only where necessary, appropriate, and lawful, including with:

  • donors and funding partners, where reporting is contractually required and proportionate;
  • partner organizations involved in joint projects, implementation, or service delivery;
  • auditors, legal advisers, compliance advisers, and other professional consultants;
  • website hosts, cloud service providers, email providers, IT support providers, and similar service providers operating under confidentiality and security obligations;
  • regulators, public authorities, law enforcement agencies, or courts where disclosure is required by law;
  • safeguarding bodies or emergency responders where disclosure is necessary to protect individuals or the public interest.

Where personal data is shared, TEF seeks to ensure that recipients process it only for proper purposes and under appropriate confidentiality and security arrangements.

11. International Data Transfers

Because TEF works across borders and may engage with donors, partners, service providers, consultants, and supporters located in different countries, personal data may in some cases be transferred outside Kenya or outside the country in which the individual is located.

Where cross-border transfers occur, TEF seeks to apply appropriate safeguards, including contractual protections, controlled access, confidentiality measures, and reasonable organizational and technical protections, in a manner consistent with applicable Kenyan law and, where relevant, standards aligned with the GDPR.

12. Data Security

TEF takes reasonable technical and organizational measures to protect personal data against unauthorized or unlawful access, alteration, disclosure, loss, misuse, or destruction.

Such measures may include:

  • restricted access on a need-to-know basis;
  • password protection and role-based access controls;
  • secure document and email management practices;
  • periodic review of access permissions and data handling practices;
  • confidentiality obligations for staff, board members, consultants, and service providers;
  • secure hosting and basic network protection measures;
  • procedures for breach identification, escalation, and response.

Although TEF seeks to maintain appropriate security standards, no website, system, or method of internet transmission can be guaranteed to be completely secure. TEF nevertheless remains committed to maintaining a level of security appropriate to the nature of the data and the risks involved.

13. Data Retention

TEF retains personal data only for as long as reasonably necessary for the purpose for which it was collected, or for as long as required by law, regulation, donor requirements, audit obligations, contractual commitments, safeguarding requirements, or legitimate organizational interests.

Retention periods may vary depending on the category of data involved, including:

  • correspondence and enquiries;
  • donor, grant, and partnership documentation;
  • contracts and procurement records;
  • employment, consultancy, and volunteer records;
  • website logs and technical data;
  • financial, accounting, and audit records;
  • safeguarding, compliance, and incident-related files.

When personal data is no longer required, TEF seeks to delete, anonymize, or securely archive it, as appropriate and lawful.

14. Rights of Data Subjects

Subject to applicable law, individuals may have the right to:

  • be informed about how their personal data is processed;
  • access personal data held about them;
  • request correction of inaccurate or incomplete data;
  • request deletion or erasure in appropriate circumstances;
  • object to certain forms of processing;
  • request restriction of processing in certain circumstances;
  • withdraw consent where processing is based on consent;
  • request portability of personal data where legally applicable;
  • lodge a complaint with a competent supervisory authority.

The exercise of these rights may be subject to legal limitations, verification requirements, and exemptions under applicable law.

15. How to Exercise Your Rights

If you wish to access, correct, update, object to, restrict, or request deletion of your personal data, or if you have concerns about how your personal data has been handled, please contact TEF at:

Email: info@tef-org.org

TEF may request additional information to verify identity before acting on a request, in order to protect personal data against unauthorized access or disclosure.

16. Complaints

If you believe that TEF has handled your personal data improperly, you may contact TEF first so that we can review and respond to your concern.

Where applicable, individuals may also lodge a complaint with a competent supervisory authority, including in Kenya through the relevant data protection authority. Where a specific processing activity is connected to the European Economic Area, an individual may also have the right to approach a relevant supervisory authority in the applicable jurisdiction.

17. Children’s Data

TEF may work on programs that support children and young people. Where personal data relating to children is processed, TEF seeks to apply heightened care, lawful justification, safeguarding measures, and appropriate confidentiality protections, especially where the information is sensitive or directly connected to program delivery.

18. Third-Party Links

The TEF website may contain links to third-party websites, partner pages, donor platforms, social media platforms, or external resources. TEF is not responsible for the privacy practices, security, or content of third-party websites. Users are encouraged to review the privacy notices of those external sites separately.

19. Changes to This Policy

TEF may update this Privacy Policy from time to time to reflect changes in law, regulation, organizational practice, website functionality, or operational requirements. The most current version will be posted on this page.

20. Contact

For privacy, data protection, or compliance-related enquiries, please contact:

Transformative Engineers Foundation (TEF)
Eldoret, Kenya
Email: info@tef-org.org

 

Information icon

Wir benötigen Ihre Zustimmung zum Laden der Übersetzungen

Wir nutzen einen Drittanbieter-Service, um den Inhalt der Website zu übersetzen, der möglicherweise Daten über Ihre Aktivitäten sammelt. Bitte überprüfen Sie die Details in der Datenschutzerklärung und akzeptieren Sie den Dienst, um die Übersetzungen zu sehen.