1. POLICY STATEMENT

NAS Servair Limited (herein referred to as “NAS”) is committed to processing personal data in a lawful, fair and transparent manner in accordance with the Data Protection Laws of Kenya.

This Privacy Policy outlines how we collect, use, disclose, and protect personal information and your rights.

ABOUT US

NAS is incorporated in Kenya and licensed to offer a wide range of services that includes laundry services, inflight catering, laboratory services, corporate catering, airport restaurant and lounge services and ship chandelling. It was licensed and began full operations in the year 1949.

It has a team of highly qualified, experienced and dynamic staff who render personalized, efficient and professional services.

2. WHO DOES THIS POLICY APPLY TO

This Policy applies to all personal information collected, processed, and stored by the Company during the job application and recruitment process. It encompasses all stages of recruitment, including the submission of applications, interviews, and assessments.

This policy applies to all job applicants, whether they apply through our website, email, or any other method. By submitting your application and personal information, you acknowledge that you have read and understood this Job Applicant Privacy Policy.

3. WHAT IS PERSONAL DATA

In this Policy personal data means any information relating to an identified or identifiable natural person. This includes, but is not limited to, identification details (e.g. name, ID/Passport), contact details (e.g. name, address, phone number, email address), professional information (e.g. resume/CV, employment history, educational background, qualifications), and reference and recommendation letters.

Personal data may also include sensitive data such as racial or ethnic origin, religious beliefs, health data, property records and biometric data.

4. WHAT DO WE MEAN BY PROCESSING

In this Policy, processing refers to any operation or set of operations performed on personal data, whether automated or manual.
Processing includes, but is not limited to, the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction of personal data.
Processing of personal data occurs throughout the entire job application and recruitment process, starting from the initial submission of the application until the final decision regarding the job applicant’s suitability for the position.

5. TYPES OF INFORMATION COLLECTED, PURPOSE AND LAWFUL OBLIGATION

Types of Personal Data Collected	Purpose of Collection	Lawful Basis
Identification Details such as name, ID/Passport Number, photo	To identify and verify job applicants	Lawful Obligation To comply with legal requirements for employment verification
Contact Details i.e. phone number, email address, postal address	To communicate with job applicants regarding the application process	Legitimate Interest To schedule interviews and assessments To provide updates on the application process
Education and Work History: Information contained in CVs and Cover Letters, Academic and Professional Certificates	To assess the qualifications, skills, and experience of job applicants.	Legitimate Interest To evaluate suitability for the applicant.
Background checks	To assess your history and confirm details provided by you.	Legitimate Interest To evaluate suitability for the applicant.
Information relating to health, safety and security: Pre-employment health checks, Medical history, Health/lab checks and reports, health and wellbeing information declared by you or from medical reports	To ensure assess your fitness for work and comply with employment, occupational safety, and health regulations	Legitimate Interest To evaluate suitability for the applicant. Lawful Obligation To comply with legal requirements for employment in the sector
Interviews: interview dates, responses given during job interview, interview notes	To assess the job applicant’s responses, qualifications, and suitability for the role	Legitimate Interest To evaluate suitability for the applicant.
CCTV Records: When you visit our offices	To secure company premises and assets	Legitimate Interest To monitor and ensure the safety and security of the workplace
Correspondence: Any correspondence with job applicants through emails or phone calls	To communicate with job applicants regarding the application process	Legitimate Interest To address inquiries and provide information
Online Identifiers such as cookies and IP addresses	To monitor and improve website functionality and user experience	Consent (where applicable) Legitimate Interest To detect and prevent fraudulent activities

Please note that the lawful basis for collection may vary depending on applicable data protection laws and the specific circumstances of data processing.

6. HOW DO WE COLLECT YOUR PERSONAL DATA

We collect your information directly from you:

when you submit your CV and cover letter to us electronically, or in hard copy format when you present your application to our offices in person.
during the interview process
after the interview process for successful candidates

Indirectly:

from your employment references.
From background check agencies.
from our website where we collect online identifiers such as cookies, IP address, domain names
when you access our premises through CCTV Cameras.
when you interact with our social media platforms such as LinkedIn.
We also collect personal data indirectly when you use our website, social medial platforms or when you visit our offices, and your images are captured by CCTV.

7. CONSEQUENCES OF FAILING TO PROVIDE PERSONAL DATA

If you fail to provide the required information or provide inaccurate or incomplete information, it may hinder our ability to properly evaluate your application. This could result in the rejection of your application or the inability to proceed with the recruitment process.

8. DATA SHARING

We take care to ensure your personal data is only accessed by authorised individuals. We may share your personal data within the Company to facilitate our internal operations and provide you with efficient services.

We may share your personal data with third parties in the following circumstances:
We may engage third-party service providers to perform various services on our behalf, such as IT service providers. These service providers will have access to your personal data as necessary to perform their functions but are strictly prohibited from using your personal data for any other purposes.
We may disclose your personal data to comply with legal obligation (including to comply with laws, regulations, and contracts, to respond to court orders, administrative or judicial process and search warrants, or to meet national security and law enforcement requests)
We may share your personal data with third parties if you have given us explicit consent to do so. You have the right to withdraw your consent at any time.
to establish, exercise, or defend against potential, threatened, or actual litigation.
to protect the safety, property, or vital interests of a person.
to protect NAS’s rights or property.
to protect NAS other employees, customers, or the public from harm or illegal activities.
to respond to an emergency that we, in good faith, believe requires us to disclose data to prevent harm; and
in connection with the sale, assignment, merger, or other reorganisation or transfer of all or part of our business.
When sharing your personal data with third parties, we prioritise the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.
We carefully select and evaluate third-party service providers, business partners, and other recipients of your personal data. We enter into contractual agreements with these parties, imposing obligations to protect your personal data and restricting their use of the information solely for the specified purposes outlined in our agreement. Furthermore, we require these third parties to implement appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction of your personal data.

9. DATA SECURITY

We understand the importance of keeping your personal data secure and take appropriate measures to protect it against unauthorized access, loss, misuse, or alteration. We have implemented robust security measures to ensure the confidentiality, integrity, and availability of your information. These measures include:

Physical safeguards, such as locked doors and file cabinets, controlled access to our facilities, and secure destruction of media containing personal data.
Technology safeguards, such as use of anti-virus and endpoint protection software, passwords, encryption, and monitoring of our systems to ensure compliance with our security policies.
Organisational safeguards, through training and awareness programs on security and privacy, to ensure employees understand the importance and means by which they must protect personal data, as well as through privacy policies and policy standards that govern how NAS treats personal data.
If you suspect any misuse, loss, or unauthorised access to your personal data, please let us know immediately by sending us an email on [email protected] .

10. PERSONAL DATA RETENTION

We retain the personal information of unsuccessful job candidates for a period of three (3) years from the date of the decision or completion of the recruitment process. This retention period allows us to defend ourselves in case of any legal claims or disputes that may arise.

For successful job candidates who are hired, we retain their personal information for the duration of their employment with our company and for a period of three (3) years after the termination of their employment. This extended retention period ensures compliance with legal, contractual, and regulatory requirements, as well as for potential reference purposes.
During the retention period, appropriate measures will be taken to protect the personal information from unauthorised access, use, disclosure, alteration, or destruction.
After the expiration of the respective retention periods, we will securely dispose of or anonymise the personal information in a manner that complies with applicable data protection laws and regulations.

11. YOUR RIGHTS OVER YOUR DATA

The data protection Act accords you several rights. However, these rights are not absolute and may be subject to some exceptions according to the data protection law.

right to information: you have a right to be informed of how the Company will use your personal data.
right to access: you are entitled to access your personal data that is in our possession or custody.
right to object: you can object to the processing of all or part of your personal data, except when we can demonstrate a compelling legitimate interest for the processing which overrides your interests or for the establishment, exercise or defence of a legal claim.
right to rectification: you have the right to request the correction of inaccurate, outdated, incomplete or misleading personal data in our possession or under our control, without undue delay.
right to erasure: you have the right to request deletion or destruction, without undue delay, of personal data that we are no longer authorised to retain, or that is irrelevant, excessive, or obtained unlawfully.
right to data portability: you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit the data to another data controller without hindrance. Where technically feasible, you may also request direct transmission of your personal data from us to another data controller or data processor.
automated decision making: you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that affects you. If we make automated decisions based on your personal data, you will be notified in writing. You can also request us to reconsider any decisions made solely through automated processing or to make a new decision that is not solely automated
right of restriction: you can request the restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of the data, it is no longer needed for processing, it was processed unlawfully, or you have objected to the processing pending verification of our legitimate interests.
right to raise a complaint: you can raise a complaint about our processing with the Regulator i.e. the Data Commissioner in Kenya. You may also be able to seek a remedy through the courts if you believe that your rights have been breached.

12. HOW TO EXERCISE YOUR RIGHTS

If you wish to exercise any of the rights outlined above, please write an email to the Data Protection Officer (DPO) on [email protected] .

We will make every effort to address your inquiries and requests via email within the timelines specified by applicable data protection laws and regulations.
To ensure the security and accuracy of the personal data we provide, we may request additional information and verification of your identity. This is necessary to confirm that we are releasing the data to the rightful owner.
While we strive to fulfil all valid requests, there may be cases where we are unable to comply. If such a situation arises, we will inform you of the reasons for our inability to fulfil your request.

13. YOUR RESPONSIBILITIES

As a data subject, it is important that you understand and fulfil certain responsibilities to ensure the protection and privacy of your personal data. By providing your personal data to the Company, you agree to adhere to the following responsibilities:

Accuracy and Updates: You are responsible for providing accurate and up-to-date personal data to the Company. Please inform us promptly when details such as your contact information, employment history, educational background, and any other relevant information requested by the employer changes.
Security Measures: While we take appropriate measures to protect your personal information, it is important for job applicants to also take precautions to safeguard their own information. This includes using secure internet connections when submitting online applications, keeping login credentials confidential, and being cautious when sharing personal information through email or other communication channels.
Reference information confidentiality:s a job applicant, it is your responsibility to respect the confidentiality of information related to your references. When providing references, you should seek their consent and inform them that their contact information and any relevant details will be shared with the employer for the purpose of evaluating your application. You should also advise them to refrain from disclosing any confidential or sensitive information about themselves or others during the reference process. By ensuring the confidentiality of reference information, you help maintain trust and protect the privacy of all individuals involved in the job application process.
Reporting Concerns:If you have any concerns or complaints regarding the processing or transfer of your personal data, please contact our designated Data Protection Officer (DPO) at [email protected] .We appreciate your feedback and will promptly address any issues raised.

14. INTERNATIONAL DATA TRANSFERS

As part of our business operations, we may transfer personal data to recipients located in countries outside Kenya.

We are committed to ensuring that any transfer of personal data outside of Kenya complies with the provisions set forth by the Data Protection Act, 2019 and the Data Protection (General) Regulations,2021.
To ensure that your personal data receives adequate levels of protection, we carefully select third party services providers who can provide sufficient guarantees regarding adequate security measures to safeguard your personal information.

15. CHANGES TO THIS POLICY

We reserve the right to update or modify this Job Applicant Privacy Policy from time to time. Any changes will be effective immediately upon posting the revised policy on our website or notifying you through other appropriate means. It is your responsibility to review this policy periodically to stay informed about any updates or modifications.

By continuing to use our services or submitting job applications after any changes to this policy, you acknowledge and agree to the revised terms. If you disagree with any changes to this policy, you should refrain from using our services or submitting job applications.