THE AGA KHAN ACADEMY MOMBASA - DATA PROTECTION

REGULATIONS

Privacy Notice and Consent form for Employees & New Staff

In November 2019, the Data Protection Act (DPA) came into effect. Among other requirements,
it provides guidance to data controllers and processors on the collecting, storing and use of an
individuals’ personal and/or sensitive personal data. The Aga Khan Academy Mombasa as an
employer collects and holds data about employees to enable us to meet our contractual obligations
to them. It is therefore our intention and commitment to be in compliance with the requirements of
the DPA.

Your consent is requested.

We require your consent to collect and hold personal and/or sensitive personal data about you
in order that we can meet our contractual obligations to you. It covers all personal data we may
collect about you before, during and after our working relationship, including personal information
relating to your family and property. You are entirely in control of your decision to give consent
to our use of your data as requested in this form. However, without the required data, we may not
be able to make a decision on your suitability for employment or comply with the law, and
therefore, we may not be able to confirm your employment.
As for employees, if you fail to provide the required data, we may not be able to perform the
contract we have entered into with you (such as paying you or providing a benefit), or we may be
prevented from complying with our legal obligations (such as to ensure the health and safety of our
workers)

The specific data we wish to obtain, and hold is as follows:

Type of personal Why we wish to hold it How long it will be kept for
data/sensitive personal
data

Page 1 of 8
1 Recruitment data: This will allow us to make Data will be kept for the duration
● Current resume a decision on your of your employment with us.
● Academic, Professional suitability for employment. When your employment is
certificates The documents will be completed, the data will be kept
● Statutory Documents sent to a background in accordance with the Company
(National ID, NHIF, vetting service provider. Rules & Regulations for Data
NSSF, KRA PIN) Your employment storage as well as the Legal
● Current Certificate of confirmation is subject Statutory requirement on storage
Good conduct to a successful of employment records for a
● Previous employment background vetting period of five (5) years as
history process. provided under Section 10(6) of
the Employment Act, 2007.

Page 2 of 8
2 Your personal details:
Name as per your
National
Identification card or
passport, postal address, email
address, physical address,
telephone contacts etc.,
3 Residential Address
4 Your Referees details
5 Beneficiary Nomination Details
This enables us to comply Data will be kept for the duration
with the law and maintain of your employment with us.
correct employment When your employment is
records completed, data will be kept in
accordance with the Company
Rules & Regulations for Data
storage as well as the Legal
Statutory requirement as guided
by the Employment Act.
This enables us to reach Data will be updated as
you in the event of a appropriate and kept for the
need to or deliver duration of your employment
personal communication with us.
to you When your employment is
completed, data will be kept in
accordance with the Company
Rules & Regulations for Data
storage as well as the Legal
Statutory requirement as guided
by the Employment Act.
To contact them for Data will be kept for the duration
reference check to inform of your employment with us.
the decision of your When your employment is
suitability for the job completed, data will be kept in
accordance with the Company
Rules & Regulations for Data
storage as well as the Legal
Statutory requirement as guided
by the Employment Act.
To be used in the event of Data will be kept for the duration
your demise to apportion of your employment with us.
any proceeds from your When your employment is
pension and terminal completed, data will be kept in
dues. accordance with the Company
Rules & Regulations for Data
storage as well as the Legal
Statutory requirement as guided
by the Employment Act.
Page 3 of 8
6 Next of kin and their contact
details
7 Health / disability information
and details of your General
Practitioner
8 Financial information:
Bank details
9 Staff employment data:
including the start date of
employment, contract of
employment, leave records,
exit data such as resignation
letter, termination letter,
retirement letter, reasons for
exit and responses given by the
employee during the exit
interview.
Photographs
In case of an emergency Data will be kept for the duration
incident, your next of of your employment with us.
kin will be contacted When your employment is
completed, data will be kept in
accordance with the Company
Rules & Regulations for Data
storage as well as the Legal
Statutory requirement as guided
by the Employment Act.
So that we are able to Data will be kept for the duration
place relevant Insurance of your employment with us.
covers, make provisions When your employment is
for any medical issues you completed, data will be kept in
may have in your work, accordance with the Company
and know who to Rules & Regulations for Data
contact if you have a storage as well as the Legal
medical episode Statutory requirement as guided
by the Employment Act.
This will be shared with Data will be kept for the duration
our payroll processing of your employment with us.
service provider for When your employment is
processing your salary completed, data will be kept in
accordance with the Company
Rules & Regulations for Data
storage as well as the Legal
Statutory requirement as guided
by the Employment Act.
This will be collected in Data will be kept for the duration
compliance with the legal of your employment with us.
requirement to keep When your employment is
employment records for a completed, data will be kept in
period of five (5) years accordance with the Company
from the end of Rules & Regulations for Data
employment. storage as well as the Legal
Statutory requirement as guided
by the Employment Act.
This will be used for Data will be kept for the duration
staff ID cards, access of your employment with us.
control
systems, identification in
Page 4 of 8
 the absence of ID card,
promotional material and
publications
When your employment is
completed, data will be kept in
accordance with the Company
Rules & Regulations for Data
storage as well as the Legal
Statutory requirement as guided
by the Employment Act.

How your personal information is collected

We collect personal information directly from you or sometimes indirectly from recruitment
agencies that work with us or our medical service providers.

We use your personal information in the following ways:

● Making a decision about your recruitment or appointment.

● Determining the terms on which you work for us.
● Paying you and, if you are an employee or deemed employee for tax purposes, deducting
tax and National Insurance contributions (NHIF and NSSF).
● Providing benefits to you.
● Administering the contract, we have entered into with you.
● Business management and planning, including accounting and auditing.
● Conducting performance reviews, managing performance and determining performance
requirements.
● Making decisions about salary reviews and compensation.
● Assessing qualifications for a particular job or task, including decisions about promotions.
● Gathering evidence for possible grievance or disciplinary hearings.
● Making decisions about your continued employment or engagement.
● Making arrangements for the termination of our working relationship.
● Education, training and development requirements.
● Dealing with legal disputes involving you, or other employees, workers and contractors,
including accidents at work.
● Ascertaining your fitness to work.
● Managing sickness absence.
● Complying with health and safety obligations.
● To prevent fraud.
● To monitor your use of our information and communication systems to ensure compliance
with our School Policies.

Page 5 of 8
 ● To ensure network and information security, including preventing unauthorized access to
our computer and electronic communications systems and preventing malicious software
distribution.
● To conduct data analytics studies to review and better understand employee retention and
attrition rates.

Lawful Purpose for using your Personal Data

We will only use your personal information when the law allows us to. Most commonly, we will use
your personal information in the following circumstances:

● Where we need to perform the contract, we have entered into with you.
● Where you have given us your consent. We rely on consent where we need to
process your child’s information, use your information for marketing purposes or to
transfer sensitive personal data concerning you to institutions outside Kenya.
● Where we need to comply with a legal obligation.
● Where it is necessary for legitimate interests pursued by us or a third party, as long as your
interests and fundamental rights do not override those interests.

We may also use your personal information in the following rare situations:

● Where we need to protect your vital interests (or someone else’s interests).
● Where it is needed in the public interest
● Where it is necessary for any task carried out by a public authority

Sensitive Personal Information

In general, we will not process your sensitive personal information unless it is necessary for
performing or exercising obligations or rights in connection with employment. On rare occasions,
there may be other reasons for processing, such as it is in the public interest to do so. The situations
in which we will process your particularly sensitive personal information are listed below. We have
indicated the reasons for which we are processing or will process your more sensitive personal
information.

We will use information about your physical or mental health, or disability status, to:

● ensure your health and safety in the workplace.

● assess your fitness to work;
● provide appropriate workplace adjustments;
● monitor and manage sickness absence; and
● administer benefits including statutory maternity pay, statutory sick pay and pensions
and permanent health insurance.

Page 6 of 8
 ● If you leave employment and any share plan operated by us or any affiliated company, and
the reason for leaving is determined to be ill health, injury or disability, we will use
information about your physical or mental health, or disability status, in reaching a
decision about your entitlements under the share plan.

We process other categories of more sensitive data if we reasonably believe that you or another
person are at risk of harm and the processing is necessary to protect you or them from physical,
mental or emotional harm or to protect physical, mental or emotional well-being.

Consent to share your data with third party service providers.

We may share your data with third parties such as the staff insurance and pension
administrators, Head office in Aga Khan Education Services, Global office for Aga Khan Schools,
AKDN agencies, Banks, employee background vetting service provider(s),salary processing
service provider, organization and reward structure evaluation service providers, training providers,
Legal & Regulatory Authorities such as KRA, NHIF and NSSF and all other providers that may in
the course of time be contracted by the School to carry out work to support service delivery to
staff and compliance with any legal requirements. When we do, we require third parties to respect
the security of your data and treat it in accordance with the law.

International Data Transfers

The Company may contract third-party service providers situated in other countries, and your data
may be transferred across borders to these contracted service providers, subject to the imposition
of appropriate safeguards with respect to the security and protection of the personal data and/or
sensitive personal data to prevent unauthorized disclosure and in compliance with the Data
Protection Act, 2019 and the Data Protection (General) Regulations, 2021. Your consent to the
transfer of personal data to countries outside your country of residence shall be consistent with the
terms of this Privacy Notice.

Change of Lawful Purpose

We will only use your personal information for the purposes for which we collected it, unless we
reasonably consider that we need to use it for another reason and that reason is compatible with
the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and we will
explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in
compliance with the above rules, where this is required or permitted by law.

Page 7 of 8
Your Rights and Duties

Duty to inform the school of changes: It is important that the personal information we
hold about you is accurate and current. Please keep us informed if your personal information
changes during your working relationship with us.

Your rights in connection with personal information - Under certain circumstances, by law
you have the right to:

1) Request access to your personal information

This enables you to receive a copy of the personal information we hold about you and to check that
we are lawfully processing it.

2) Request correction of the personal information that we hold about you.

This enables you to have any incomplete or inaccurate information we hold about you corrected.

3) Request erasure of your personal information.

This enables you to ask us to delete or remove personal information where there is no good reason
for us continuing to process it. You also have the right to ask us to delete or remove your personal
information where you have exercised your right to object to processing (see below).

4) Object to processing of your personal information

This applies where we are relying on a legitimate interest (or those of a third party) and there is
something about your particular situation which makes you want to object to processing on this
ground. You also have the right to object where we are processing your personal information for
direct marketing purposes.

5) Request the restriction of processing of your personal information.

This enables you to ask us to suspend the processing of personal information about you, for example
if you want us to establish its accuracy or the reason for processing it.

6) Request the transfer of your personal information to another party.

7) Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection,
processing and transfer of your personal information for a specific purpose, you have the right to
withdraw your consent for that specific processing at any time. Once we have received notification
that you have withdrawn your consent, we will no longer process your information for the purpose
or purposes you originally agreed to, unless we have another legitimate basis for doing so in law, or
unless the request is clearly unfounded or excessive.

Page 8 of 8
Consent/Agreement to use my data.

I hereby give _The Aga Khan Academy Mombasa _ consent to use and process my personal
and/or sensitive personal data relating to my employment in the manner set out above.

In giving my consent:

I understand that the information provided will be kept confidential and only used for the purposes
stated in relation to my employment.

I understand that the third parties engaged by the school, locally and/or internationally, operate in
compliance with the Data Protection Act and Regulations.

I understand that I can ask for a copy of the personal data held about me at any time.

I understand that I can request that data that is no longer required to be held can be removed from
my file and destroyed.

I understand that if I leave my employment, my personal and/or sensitive personal data will be kept
in accordance with the Company Rules & Regulations for Data storage as well as the Legal
Statutory requirement as guided by the Employment Act and its subsidiary legislation.

I understand that you are the Data Controller for my employment information, and I can contact you
directly if I have any updates, questions, or concerns about my data.

I understand that if I am dissatisfied with how my data is used, I can make a complaint to the Head
of Human Resources and/or withdraw the consent given herein.

I understand that the school reserves the right to update this Consent Form at any time and
will provide you with a new Form when any substantial updates are made. The school may also
notify you in other ways from time to time about the processing of your personal information.

Name:

Signature: Date:

Issued by: Stella Njagi – Head of HR

Date: 20 March 2024

Page 9 of 8