Menu

 

SUPPLIERS’ PRIVACY NOTICE

NAS Servair Kenya Ltd (“the Company”, “we”, “us”) respects your right to privacy and is committed to protecting the personal data of all its suppliers, vendors and business partners. This Privacy Notice explains how we collect, use, disclose, and safeguard personal data in the course of our business relationships.

  1. Personal Data We Collect

We may collect and process the following categories of personal data from you or your representatives:

  • Identification details such as name, ID/passport number, nationality.
  • Contact details such as address, email address, phone number.
  • Company registration documents and tax details
  • Bank account and payment details.
  • Certifications and legal documents
  • Contractual and performance-related information.
  • CCTV footage or visitor details if you access our premises.
  • Any other information necessary to manage the supplier relationship or comply with legal requirements.
  1. How We Collect Your Data

We collect data directly from you through correspondence, forms, or contractual documents and indirectly from publicly available sources or government registries, such as the Kenya Revenue Authority (KRA), Registrar of Companies or other authorized third parties.

  1. Purpose and Lawful Basis for Processing

We process your personal data for the following purposes:

  • To evaluate, engage, and manage supplier relationships.
  • To process payments and maintain accounting records.
  • To communicate and manage performance under contracts.
  • To comply with legal and regulatory obligations.
  • To ensure site access control and security when you visit our premises.

The lawful bases for processing are:

  • Performance of a contract with you or your organization.
  • Compliance with legal obligations.
  • Legitimate interests of the Company in managing supplier relationships and ensuring business efficiency.
  • Consent, where applicable.
  1. Data Sharing and Transfers

 We may share your data with:

  • Our group companies, affiliates, and service providers for administrative or operational purposes.
  • Regulatory bodies, auditors, and government agencies as required by law.
  • Banks and financial institutions for payment processing.

Where data is transferred outside Kenya, we ensure that appropriate safeguards, such as data transfer agreements, are in place in accordance with the Data Protection Act, 2019.

  1. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting, or reporting requirements. After the retention period, the data is securely deleted or anonymized.

  1. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, misuse, or disclosure.

  1. Your Rights as a Data Subject

Under the Data Protection Act, 2019, you have the right to:

  • Access and request a copy of your personal data.
  • Request correction or deletion of inaccurate or outdated data.
  • Object to processing or withdraw consent where applicable.
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC).
  1. Contact Information

If you have any questions or wish to exercise your rights, please contact our Data Protection Officer at [email protected]

  1. Updates to This Notice

We may update this Privacy Notice from time to time to reflect changes in our data protection practices or legal obligations. The latest version will always be available on our website or upon request.