info@islamic-relief.or.ke
+254 727 531 220, +254 734 740 074
Trusted since 1994
Privacy Policy

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: January 2025
Contents

Your privacy matters deeply to us. Islamic Relief Kenya is committed to being transparent about how we handle your personal data. This policy explains what information we collect, why we collect it, and how you can control it. We will never sell your data or use it for purposes beyond what is described here.

1. Introduction

This Privacy Policy applies to Islamic Relief Kenya ("we", "our", or "us"), a registered non-governmental organisation operating in Kenya. It governs the collection and processing of personal data through our donation platform at islamicrelief.or.ke and any related digital services.

By using our platform to browse causes, make a donation, or contact us, you agree to the practices described in this policy. If you do not agree, please do not use our services.

This policy is governed by the Kenya Data Protection Act, 2019 and aligns with international best practices including the GDPR where applicable to our donors abroad.

2. Data We Collect

We collect only the data necessary to process your donation and communicate with you. This includes:

  • Identity data: First name, last name
  • Contact data: Email address, phone number, physical address (optional)
  • Transaction data: Donation amounts, causes supported, reference numbers, payment method (not card numbers)
  • Communication data: Dedications or messages you choose to include with your donation
  • Technical data: IP address, browser type, device type, pages visited — collected automatically via server logs and analytics tools
  • Cookie data: Session cookies required for cart functionality; optional analytics cookies (see Section 8)

We never store raw card numbers or CVV codes. All card payments are tokenised directly by our payment gateway (Stripe / Flutterwave). We only receive a payment token and confirmation status.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Processing donations: To complete your payment and allocate funds to your chosen causes
  • Sending receipts: Email and SMS confirmations with your reference number and donation breakdown
  • Legal compliance: Maintaining financial records as required by Kenyan law and NGO reporting obligations
  • Fraud prevention: Detecting and preventing fraudulent transactions or misuse of our platform
  • Impact reporting: Aggregated, anonymised data to measure programme outcomes (no individual is identifiable)
  • Marketing communications: Updates on causes and campaigns — only if you have opted in
  • Platform improvement: Analysing usage patterns to improve the donor experience

We will never use your data for purposes not listed above, sell it to advertisers, or share it with organisations unrelated to processing your donation.

4. Data Sharing

We share your data only with trusted third parties essential to delivering our service:

  • Payment processors (M-Pesa / Safaricom, Stripe, Flutterwave) — to securely process transactions
  • Email service providers — to deliver your receipt and communications
  • SMS gateway providers — to deliver your SMS receipt
  • Regulatory bodies — where legally required, e.g. Kenya Revenue Authority, NGO Coordination Board

All third parties are contractually bound to process your data only as instructed by us and to maintain appropriate security standards. We do not allow them to use your data for their own marketing purposes.

5. Data Security

We take data security seriously and implement the following safeguards:

  • SSL/TLS encryption on all data transmitted between your browser and our servers
  • Card tokenisation via PCI-DSS compliant payment gateways — raw card data never touches our servers
  • Access controls — only authorised staff can access donor records, on a need-to-know basis
  • Regular security audits and vulnerability assessments of our platform
  • Encrypted backups stored in secure, geographically distributed servers

In the unlikely event of a data breach that affects your rights, we will notify you within 72 hours of becoming aware, as required by law.

6. Data Retention

We retain your personal data only for as long as necessary:

  • Transaction records — retained for 7 years as required by Kenyan financial regulations
  • Contact and identity data — retained for the duration of our relationship and up to 3 years after your last donation
  • Marketing preferences — retained until you withdraw consent
  • Technical / log data — retained for up to 12 months for security and analytics purposes

After the applicable retention period, your data is securely deleted or anonymised.

7. Your Rights

Under the Kenya Data Protection Act 2019, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Ask us to correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data where we no longer have a legal basis to retain it
  • Right to restrict processing: Ask us to limit how we use your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing for marketing purposes at any time
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, contact us. We will respond within 30 days. There is no charge for making a request. We may need to verify your identity before processing it.

8. Cookies

We use cookies to make our platform work and to understand how it is used. Here is what we use:

  • Essential cookies: Required for core functionality — your donation cart, session management, and CSRF security tokens. These cannot be disabled without breaking the site.
  • Analytics cookies: Help us understand which pages are popular and how donors navigate the site. These are anonymous and aggregated.
  • Preference cookies: Remember your settings such as language preference.

We do not use advertising or tracking cookies. You can control non-essential cookies through your browser settings at any time.

9. Children's Privacy

Our donation platform is intended for use by adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with their data, please contact us immediately and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we do:

  • The "Last updated" date at the top of this page will be revised
  • For material changes, we will notify donors by email where we hold your address
  • Continued use of our platform after changes are posted constitutes acceptance of the updated policy

We encourage you to review this page periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to our Data Protection contact:

Islamic Relief Kenya — Data Protection Office
Along Ngong road Adams Mosque 3rd Floor Next to Green house Mall
info@islamic-relief.or.ke
+254 727 531 220, +254 734 740 074

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya if you believe your rights have been violated.

Islamic Relief Kenya — Privacy Policy  ·  Effective: January 2025  ·  Version 1.0