Privacy Policy

Definitions

In this Policy (as defined below), unless the context requires otherwise, the following capitalised terms shall have the meanings given to them –

  1. "Account" means the account created by any user of the Jani App for availing the Services provided by Jani;

  2. "Applicable Law" means any laws (including the DPA) that are applicable to Personal Data and Sensitive Personal Data in Kenya and includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation; any binding court order, judgement or ruling; any applicable industry code, policy or standard enforceable by law; or any applicable direction, policy or order that is given by any regulator or competent authority in Kenya;

  3. "Jani" means Jani Limited, a company incorporated in Kenya whose registered address is at Rivaan Centre, Muguga Green Westlands, Nairobi;

  4. "Jani App" means the mobile application (including software, servers, and associated user interface) through which Jani shall offer the Services;

  5. "Child" means any natural person under the age of 18 (eighteen) years;

  6. "Consent" means any express, unequivocal, free, specific and informed indication of the Data Subject's wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to the Data Subject

  7. "Controller" has the meaning ascribed thereto under DPA;

  8. "Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data under the control of or in the possession of Jani. The terms "you" and "your" shall have a corresponding meaning;

  9. "Data Controller" means a natural or legal person who or which, alone or jointly with others, determines the purpose and means of processing of Personal Data and for purposes of this Privacy Policy includes Jani;

  10. "Data Processor" means any natural or legal person who or which processes personal data on behalf of the Data Controller;

  11. "Data Subject" means any identified or identifiable natural person to whom Personal Data relates including users of the Jani App;

  12. "Direct Marketing" means to approach a person, by electronic communication, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to them ;

  13. "DPA" means the Kenyan Data Protection Act Number 24 of 2019;

  14. "Employee" means any employee of Jani;

  15. "Financial Data" means the mobile money details or bank details provided by the users of the Jani App;

  16. "Personal Data" means any information relating to an identified or identifiable natural person;

  17. "Policy" means this Privacy Policy;

  18. "Processing" has the meaning ascribed thereto under DPA. "Process" has a corresponding meaning;

  19. "Regulator" means the Office of the Data Commissioner established under the DPA;

  20. "Sensitive Personal Data" means any data revealing the natural person's race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person's children, parents, spouse or spouses, sex or the sexual orientation of the data subject;

  21. "Services" means the provision of a technology platform through the Jani App that enables users to arrange and schedule transport on the Bus on Approved Routes, to facilitate payment of Bus Fare and any other services as shall be determined by Jani from time to time;

  22. "Third Party" means any independent contractor, agent, consultant, sub-contractor or any other authorised representative of Jani; and

  23. "Website" means the Jani website currently located at www.basi-go.com.

  1. INTRODUCTION

    1. This Policy regulates the Processing and protection of the Personal Data and Sensitive Personal Data that Jani Processes.

    2. Jani acknowledges the need to ensure that Personal Data is Processed with care and is committed to ensuring that it complies with the requirements of the Applicable Law in the Processing of Personal Data and Sensitive Personal Data.

  2. PURPOSE

"The purpose of this Policy is to inform Data Subjects about how Jani Processes their Personal Data and Sensitive Personal Data by," inter alia , collecting or collating, receiving, recording, storing, updating, distributing, erasing or destroying, disclosing and/or generally using the Data Subject's Personal Data and Sensitive Personal Data.

  1. APPLICATION

    1. This Policy has been prepared in respect of and applies to Jani.

    2. Jani shall strive to observe, and comply with its obligations under the DPA, the regulations under it and this Policy when it Processes Personal Data from or in respect of a Data Subject. 

    3. This Policy applies to Personal Data and Sensitive Personal Data collected by Jani:

      1. in connection with the Services which we offer and provide; Personal Data 

      2. offline through our Direct Marketing campaigns (save for Sensitive Personal Data which is not collected for this purpose);

      3. online through our websites, branded pages on Third Party platforms and applications accessed or used through such websites or Third Party platforms which are operated by or on behalf of Jani. 

    4. This Privacy Policy does not apply to the information practices of Third Party companies (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that Jani does not manage or employ. These Third Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using those Third Party sites.

  2. PROCESS OF COLLECTING PERSONAL Data

    1. Jani collects Personal Data directly from Data Subjects, unless an exception is provided for under any Applicable Law  (such as, for example, where the Data Subject has made the Personal Data public or the Personal Data is contained in or derived from a public record).

    2. Jani will always collect Personal Data in a fair, lawful and reasonable manner to ensure that it protects the Data Subject's privacy and will Process the Personal Data based on any available lawful grounds in a manner that does not adversely affect the Data Subject in question.

    3. Jani often collects Personal Data directly from the Data Subject and/or in some cases, from Third Parties. 

    4. The Personal Data we collect and process may include, but is not limited to, your registration data and Financial Data. 

    5. Please note that you are not obliged to provide any such Personal Data. However, you may be unable to use the Jani App without providing such Personal Data. 

    6. Where Jani obtains Personal Data from Third Parties, Jani will ensure that it obtains the consent of the Data Subject to do so or will only Process the Personal Data without the Data Subject's consent where Jani is permitted to do so under any Applicable Law.

  3. NOTIFYING DATA SUBJECTS 

    1. Jani will make Data Subjects aware of the fact that it is Processing their Personal Data and inform them of the specific purpose for which Jani will be Processing such Personal Data, including making the Data Subject aware of any Third Party recipients of the Personal Data (which may also include cross-border transfers of Personal Data). For the present purposes, Jani collects Personal Data and Sensitive Personal Data from Data Subjects when the Data Subjects fill out and submit the registration form and complete the account creation procedure on the Jani App.

    2. Jani will not use the Personal Data and Sensitive Personal Data of a Data Subject for any purpose other than the purposes set out under Clause ‎9 of this Policy without the consent of the Data Subject, unless Jani is permitted or required to do so by law.

    3. Rights of Data Subjects

Data subjects shall have the following rights:

  1. the right to access their Personal Data and Sensitive Personal Data which is Jani's custody;

  2. the right to have any false or misleading Personal Data and Sensitive Personal Data about them corrected or deleted;

  3. the right to object to the processing of all or part of their Personal Data and Sensitive Personal Data about them.

  4. the right to object to the processing of all or part of their Personal Data and Sensitive Personal Data.

  1. LAWFUL PROCESSING OF PERSONAL INFORMATION

    1. Jani will only Process a Data Subject's Personal Data where it has a lawful ground for doing so including where –

      1. the consent of the Data Subject (or a competent person where the Data Subject is a Child) is obtained;

      2. Processing is necessary to enable Jani to render Services to the Data Subject under the terms and conditions of the Jani App;

      3. Processing is necessary for complying with an obligation imposed by law on Jani;

      4. Processing is necessary for the protection of a vital interests of the Data Subject; and/or

      5. Processing is necessary for pursuing the legitimate interests of Jani or of a third party to whom the information is supplied except if the processing is unwarranted in any particular case having regard to the harm and prejudice to the rights and freedoms or legitimate interests of the Data Subject. 

    2. The below processing activities will be processed on lawful grounds which may include the ones set out in the table below –

Processing Activity Legal Basis
Collecting Personal Data from the following persons –
i) Users of the Jani App (both drivers and passengers); and
ii) existing Jani clients. 		Processing is necessary to enable Jani to render Services to the Data Subject as per the Terms and conditions of the Jani App.
Facilitating communications with Data Subjects.
This may, for example, include:
i) contacting you at the time of pick up; and
ii) communicating any unexpected changes to your commute. 		Processing is necessary to enable Jani to render Services to the Data Subject and to pursue the legitimate interest of ensuring that proper communication takes place between Jani and the Data Subjects.
Sharing Personal Data with third parties such as drivers contracted by Jani, and correspondent attorneys and regulators. Justified in terms of the following legal bases:
i) Necessity for purposes of enabling Jani to render Services to the Data Subject as per the Terms and conditions of the Jani App.
ii) Personal Data is shared with regulators where this is necessary in order to comply with legal obligations imposed on Jani.
iii) Personal Data is shared with Third Parties where such sharing is necessary for the conclusion or performance of a contract to which the Data Subject is party.
Monitoring the use of Jani’s systems by Data Subjects Justified on the legal basis that Jani has a legitimate interest to avoid non-compliance with the terms and conditions of use of the Jani App and to protect its reputation.
Undertaking data analytics in respect of Personal Data Justified on the legal basis that Jani has a legitimate interest to analyse and improve the proper functioning of its business operations.
Collection and storage of Sensitive Personal Data including information on gender and biometric data This processing of Sensitive Personal Data is necessary for purposes of:
a) enabling Jani to better carry out its obligation to identify and provide the Services to the correct passengers and to keep the Data Subject's Personal Data securely;

b) enabling the Data Subject to better exercise its specific right to have ready access to their Account, Personal Data and the Services in a more secure manner.

USE OF PERSONAL DATA

  1. Jani only Processes Data Subjects' Personal Data and Sensitive Personal Data for a specific, lawful and clear purpose (or for specific, lawful and clear purposes) as explained in this Policy. 

  2. Jani always ensures that there is a legal basis for the Processing of any Personal Data and Sensitive Personal Data. Further, Jani ensures that any of its Processing relates only to the designated purpose for such Processing and of which the Data Subject has been made aware (and where relevant, consented to) and does not Process any Personal Data and Sensitive Personal Data for any other purpose(s).

  3. Jani may use Personal Data or Sensitive Personal Data (where necessary) for the following further purposes –

    1. for the purposes of providing its Services or products to the Data Subject from time to time;

    2. to respond to any correspondence that the Data Subject may send to Jani, including via email, Jani's site(s) or by telephone;

    3. to contact the Data Subject for direct marketing purposes subject to the provisions of clause 11 below (save that Sensitive Personal Data shall not be used for such purposes);

    4. for such other purposes to which the Data Subject may consent from time to time; and

    5. for such other purposes authorised in terms of Applicable Law.

  1. PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES

    1. To the extent that Jani carries out any Direct Marketing, it shall strive to observe, and comply with its obligations under DPA and any other Applicable Law when implementing principles and practices in relation to Direct Marketing. 

    2. Jani acknowledges that it may only use Personal Data to contact the Data Subject for purposes of Direct Marketing from time to time where it is permissible to do so. 

    3. It may use Personal Data to contact any Data Subject and/or market Jani's Services directly to the Data Subject(s):

      1. if the Data Subject is one of Jani's existing clients, 

      2. if the Data Subject has requested to receive marketing material from Jani or Jani has the Data Subject's consent to use the Data Subject's Personal Data to enable the marketing of  its Services; and 

      3. only in relation to the Services.

    4. Jani will ensure that a reasonable opportunity is given to the Data Subject to object to the use of their Personal Data for Jani's Direct Marketing purposes when collecting the Personal Data and on the occasion of each communication to the Data Subject for purposes of Direct Marketing.

    5. Jani will not use your Personal Data to send you Direct Marketing materials if you have requested not to receive them. If you request that we stop Processing your Personal Data for Direct Marketing purposes, Jani shall do so. 

  2. SPECIAL PROVISIONS FOR THE PROCESSING OF Sensitive PERSONAL Data AND PERSONAL Data of CHILDren

    1. Jani acknowledges that it will generally not Process Sensitive Personal Data unless –

      1. Processing is carried out in accordance with the Data Subject's consent;

      2. Processing is necessary for the establishment, exercise or defence of a right or obligation in law;

      3. Processing is necessary for purposes of carrying out the obligations and exercising specific rights of the Jani or of the Data Subject;

      4. information has manifestly been made public by the Data Subject; or

      5. processing is necessary for protecting the vital interests of the Data Subject or another person where the Data Subject is physically or legally incapable of giving consent.

    2. Jani acknowledges that it may not Process any Personal Data or Sensitive Personal Data concerning a Child and will only do so where it has obtained the consent of the parent or guardian of that Child and subject to Processing procedures that advance the rights and best interests of the child.

  3. RETention of PERSONAL DATA

    1. Jani may keep records of the Personal Data and Sensitive Personal Data it has collected, correspondence, or comments in an electronic or hardcopy file format. 

    2. Jani may not retain personal information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply where the retention of the record for a longer period that than that stated above –

      1. is required or authorised by law;

      2. is reasonably necessary for a lawful purpose; or

      3. is authorised or consented to by the Data Subject (or competent person, where the data subject is a child) retention of the record is required to enable Jani deliver the Services to the Data Subject.

    3. Accordingly, Jani will, subject to the exceptions noted herein, retain Personal Data or Sensitive Personal Data for as long as necessary to fulfil the purposes for which that Personal Data was collected and/or as permitted or required by Applicable Law.

    4. Once the purpose for which the Personal Data or Sensitive Personal Data was initially collected and Processed no longer applies or becomes obsolete, Jani will ensure that the Personal Data or Sensitive Personal Data is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal Data.

    5. In instances where we de-identify your Personal Data or Sensitive Personal Data, Jani may use such de-identified information indefinitely without further notice to you.   

  4. FAILURE TO PROVIDE PERSONAL DATA

    1. Should Jani need to collect Personal Data or Sensitive Personal Data by law or to enable the delivery of the Services, and you fail to provide the Personal Data when requested, we may be unable to deliver the Services to you. 

    2. In such a case, Jani may have to decline to provide or receive the relevant Services, and you will be notified where this is the case. 

  5. SAFE-KEEPING OF PERSONAL INFORMATION

    1. Jani shall preserve the security of Personal Data and Sensitive Personal Data and, in particular, prevent its alteration, loss and damage, or access by non-authorised third parties. 

    2. Jani will ensure the security and integrity of Personal Data and Sensitive Personal Data in its possession or under its control with appropriate, reasonable technical and organisational measures to prevent loss, unlawful access and unauthorised destruction thereof.

    3. Jani has implemented physical, organisational, contractual and technological security measures (having regard to generally accepted information security practices or industry specific requirements or professional rules) to keep all Personal Data and Sensitive Personal Data secure, including measures protecting any Personal Data and Sensitive Personal Data from loss or theft, and unauthorised access, disclosure, copying, use or modification.

    4. Furthermore, Jani maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.

  6. Breaches Of Personal Data

    1. A Data Breach can happen for many reasons, which include: (a) loss or theft of data or equipment on which Personal Data or Sensitive Personal Data is stored; (b) inappropriate access controls allowing unauthorised use; (c) equipment failure; (d) human error; (e) unforeseen circumstances, such as a fire or flood; (f) deliberate attacks on systems, such as hacking, viruses or phishing scams; (g) alteration of Personal Data or Sensitive Personal Data without permission and (h) loss of availability of Personal Data or Sensitive Personal Data.        

    2. Jani will address any Data Breach in accordance with the terms of the DPA and the regulations under it.  

    3. Jani will notify the Regulator and the affected Data Subject (unless the Applicable Law requires that we delay notification to the Data Subject or permits a lack of notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject's Personal Data or Sensitive Personal Data. 

    4. Jani will provide such notification as soon as reasonably possible after it has become aware of any Data Breach in respect of such Data Subject's Personal Data or Sensitive Personal Data and, in any event, within the statutory time limits set under any Applicable Law.

  7. provision of PERSONAL DATA TO THIRD PARTy service providers

    1. Jani may disclose Personal Data or Sensitive Personal Data to Third Parties and will enter into written agreements with such Third Parties to ensure that they Process any Personal Data and Sensitive Personal Data in accordance with the provisions of this Policy, and Applicable Law.  

    2. Jani notes that such Third Parties may assist Jani with the purposes listed in paragraph 10.2 above – for example, service providers may be used, inter alia, to: (i) notify the Data Subjects of any pertinent information concerning Jani, and/or (ii) for data storage.

    3. Jani will disclose Personal Data or Sensitive Personal Data with the consent of the Data Subject or if Jani is permitted to do so without such consent in accordance with the Applicable Laws. 

    4. Further, Jani may also send Personal Data or Sensitive Personal Data to a foreign jurisdiction outside of Kenya, including for Processing and storage by Third Parties but always subject to the requirements of Applicable Law regarding security and where applicable, the Data Subject's consent. 

  8. ACCESS TO PERSONAL INFORMATION

    1. A Data Subject has the right to obtain from Jani the record or description, in a reasonable form, of Personal Data or Sensitive Personal Data concerning him/her/it and any information regarding the recipients or categories of recipients of the Personal Data. A Data Subject may request: 

      1. Jani to confirm, free of charge, whether it holds any Personal Data or Sensitive Personal Data about him/her/it; and 

      2. to obtain from Jani the record or description of Personal Data or Sensitive Personal Data concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the Personal Data or Sensitive Personal Data. Such record or description is to be provided: 

        1. within a reasonable time; and

        2. in a reasonable manner and format and in a form that is generally understandable.

    2. Accordingly, Jani may request the Data Subject to provide sufficient identification to permit access to, or provide information regarding the existence, use or disclosure of the Data Subject's Personal Data or Sensitive Personal Data. 

    3. Any such identifying information shall only be used for the purpose of facilitating access to or information regarding the Personal Data or Sensitive Personal Data.

    4. The Data Subject can, request in writing, to review any Personal Data about the Data Subject that Jani holds including any of their Personal Data or Sensitive Personal Data that Jani has collected, utilised or disclosed.

    5. Jani will provide the Data Subject with any such Personal Data to the extent required by Applicable Law and any of Jani's policies and procedures.

    6. If a Data Subject successfully demonstrates that their Personal Data or Sensitive Personal Data in Jani's records is inaccurate or incomplete, Jani will ensure that such Personal Data or Sensitive Personal Data is amended or deleted as required (including by any Third Parties).

  9. KEEPING PERSONAL DATA ACCURATE

    1. Jani will take reasonably practicable steps to ensure that Personal Data and Sensitive Personal Data is complete, accurate, not misleading and up to date (having regard to the purpose for which Personal Data is collected or further processed).

    2. Accordingly, Jani will take reasonable steps to ensure that all Personal Data and Sensitive Personal Data is kept as accurate, complete and up-to-date as reasonably possible.  

    3. Jani may from time to time send automated prompts to Data Subjects requiring them to confirm that the Personal Data and/or Sensitive Personal Data in Jani's possession is accurate and up to date. 

    4. The Data Subject must, however, notify Jani from time to time in writing of any updates required in respect of his/her/its Personal Data and/or Sensitive Personal Data.

  10. USE OF WEBSITE COOKIES

    1. Our Website and the Jani App use cookies, which are small text files sent by a web server to store on a web browser. They are used to ensure websites function properly, store user preferences when needed and collect anonymous statistics on website usage. 

    2. First party cookies:

      1. Session cookie – This cookie contains a randomly generated number and allows the browser to remember your selections. It expires when you close the browser and contains no personally identifiable information. 

    3. Third party cookies:

      1. Google Analytics – These cookies are used to collect anonymous website statistics such as the number of visitors in a month, average duration of visits and popular pages viewed. This data is used to review and improve the site. 

      2. Addthis.com – If you share pages via social networks, cookies may be placed by addthis.com as well as the social network in question, in accordance with their respective privacy policies.

    4. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the Website. If you accept a “cookie” or fail to deny the use of “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of the Website.

  11. USE OF IP ADDRESSES

We also collect information that does not identify you personally through our Internet log files, which record data such as IP addresses, browser types and other anonymous statistical data. This information may be used to analyse trends and to gather general demographic information. We do not link this information to personally identifiable information.

  1. COMPLAINTS PROCEDURE

    1. Data Subjects have the right to complain in instances where any of their rights under the DPA have been infringed. Jani takes all complaints very seriously and will address all such complaints in accordance with the following procedure – 

      1. Complaints in terms of the DPA must be submitted to Jani in writing to “the Data Protection Officer”  either by email at the following email address info@basi-go.com or by post under the following address: Mezzanine floor, Wing C, RIvaan Center, Muguga Greens, Westlands, Nairobi, Kenya.

      2. Responses to the Data Subject may comprise any of the following –

        1. a suggested remedy for the complaint;

        2. a dismissal of the complaint and the reasons as to why it was dismissed; and/or

        3. an apology (if applicable) and any action proposed to be taken. 

      3. Where the Data Subject is not satisfied with the suggested remedies, the Data Subject has the right to complain to the Data Commissioner. The website of the Data Commissioner may be accessed at the following link www.odpc.go.ke.

  2. CHANGES TO THIS POLICY

    1. Jani reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.

    2. The current version of this Policy will govern the respective rights and obligations between you and Jani each time that you access and use our Website and the Jani App. 

  3. Jani’S CONTACT DETAILS

Name of body Physical and postal address
Jani Limited Physical Address:
Mezzanine Floor, Wing C. Rivaan Centre, Muguga Green Westlands, Nairobi.

Postal Address:
322-00606 Nairobi, Kenya

Email:
customersupport@basi-go.com

TelephoneTelephone Number:
0705 837 904.