Data Privacy Policy

Last Updated: 29^th August, 2025

Africa School of Project Management (ASPM) (“we,” “our,” “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you visit our website https://aspm.co.ke/ or interact with our services.

1. Data Controller

ASPM is registered and certified as a Data Controller by the Office of the Data Protection Commissioner (ODPC), Kenya. We process personal data in accordance with the Data Protection Act, 2019 (Kenya).

2. Information We Collect

We may collect the following types of personal information:

1. Directly from you:
   • When you fill in forms on our website
   • When you send us enquiries by email, phone, or social media
   • When you leave comments on our website or posts
   • When you register for trainings or request services
   • When you access our website or online platforms
   • When you Attend ASPM events/trainings both physically and virtually
2. Automatically:
   • Through cookies, analytics tools, or when you interact with our online advertisements

3. How We Use Your Information

We process the data we collect for the following purposes:

1. To respond to your enquiries and provide requested services
2. To organize and deliver trainings and related services
3. To communicate with you about upcoming courses, events, or updates
4. To improve our website, marketing, and customer experience
5. To comply with legal and regulatory obligations

4. Legal Basis for Processing

We rely on the following grounds to process your personal data:

1. Consent – when you voluntarily provide your information (e.g., filling a form)
2. Contractual necessity – to deliver training and services you have requested
3. Legitimate interest – to improve our services and marketing effectiveness
4. Legal obligation – to meet regulatory requirements under Kenyan law

5. Data Sharing and Disclosure

We do not sell personal data. We may disclose information as follows:

5.1 Authorized ASPM Staff
Your personal data may be accessed by authorized ASPM staff strictly for service delivery and customer support.

5.2 Professional Bodies and Accreditation Agencies
Where applicable, we may share personal data with professional bodies or accreditation agencies to support certification, accreditation, or compliance with professional standards.

5.3 Service Providers
We may engage trusted third-party service providers (such as IT support, cloud storage, email platforms, or marketing services) to assist with service delivery. These providers may access personal data only to perform their functions under strict confidentiality obligations.

5.4 Government Authorities and Regulators
We may disclose personal data to government authorities, regulatory bodies, or law enforcement agencies as required or permitted by law.

6. Retention of Information

6.1 We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected. This includes meeting legal, regulatory, tax, accounting, or reporting requirements.

6.2 In determining the appropriate retention period, we consider:

• The amount, nature, and sensitivity of the data collected
• The potential risks of unauthorized use or disclosure
• The purposes of processing and whether they can be achieved through other means
• Compliance with our internal policies and procedures
• Legal, regulatory, or contractual requirements

6.3 In certain cases, we may retain data longer if there is a complaint or a reasonable prospect of legal action related to our services.

6.4 Once the retention period expires, we securely dispose of or anonymize personal data to prevent unauthorized access or disclosure.

6.5 Anonymized data that can no longer be linked to you may be retained indefinitely.

7. Safeguarding and Protection of Information

We apply technical and organizational measures to protect your personal data, including:

• Data encryption and secure storage
• Access controls and authentication
• Network and application security
• Data minimization and anonymization
• Regular system updates and security patching
• Staff training and awareness on data protection

8. Your Rights

Under the Data Protection Act, 2019 (Kenya), you have the following rights:

• To be informed of how your data is used
• To access your personal data in our custody
• To object to the processing of all or part of your data
• To request correction of inaccurate or misleading data
• To request deletion of data (subject to legal and contractual obligations)

To exercise these rights, contact us using the details below.

9. Cookies and Online Tracking

9.1 Our website uses cookies and similar technologies to recognize returning visitors, improve website performance, analyze traffic, and optimize marketing.

9.2 Cookies may collect information such as your IP address, date and time of visit, pages viewed, and browsing outcomes.

9.3 You may disable cookies through your browser settings, but this may affect site functionality.

10. International Transfers

While ASPM primarily stores and processes data in Kenya, some personal data may be transferred outside Kenya (e.g., cloud services). In such cases, we ensure compliance with applicable laws and apply safeguards to maintain privacy and security.

11. Non-Compliance with this Policy

We reserve the right to restrict or terminate services if you fail to comply with this Privacy Policy.

12. Updates to this Policy

We may amend this Privacy Policy from time to time. Any changes will be posted on our website with an updated “Last Updated” date

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at:

Africa School of Project Management (ASPM)
Website: https://aspm.co.ke/
Email: info@aspm.co.ke
Phone: +254 792 022726
Nairobi, Kenya