Data Protection Notice
St. Paul’s University, a leading chartered Christian University committed to provision of quality education and producing graduates in various fields for global service, holds data protection in high regard. This DATA PROTECTION NOTICE sets out guidelines for ST. PAUL’S UNIVERSITY otherwise referred to as (“we”, “us”, “our”) in the document may collect, use, disclose, or process personal data in accordance with Kenya Data Protection Act No 24 of 2019 and the Data Protection (General) Regulations, 2021; when utilizing any our online services:
- Visiting our website at https://www.spu.ac.ke, mini-websites or mobile applications
- Our digital resources such as digital repositories, journals, social media pages that link to this privacy notice.
- Engaging with us in related ways like including online marketing, live events or virtual classes.
How data is Collected
We collect data from our online users primarily during application for admission, submission of inquiries, logging on to virtual classes and live streamed events, application for recruitment, physically attending events and appointment process. It will be used by us only in accordance with the purposes outlined in this notice.
What data is Collected
Personal data: Personal data is information that can be directly related to you, for example name, phone number, address, email addresses and any other personal details required which includes user behaviour (information that relates to an identifiable natural person (Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR, Kenya Data Protection Act No. 24 of 2019- part IV-28)).
Derivative data: Derivative data is information that users browsers send to our server in accordance with the user’s settings. The information is technically required for users to view our website and related online resources in order to maintain stability and security in compliance with GDPR Article 6 Paragraph 1 Sentence 1 Letter f and Kenya Data Protection Act No. 24 of 2019- part IV-28). Such data includes: IP addresses, date and time of the request, content of the request (specific web pages), access status/HTTP status code, website from which the request comes, browser, location of access, device type of access, geolocation.
Cookie usage: Cookies are text files saved on users’ computers when they visit our website or online resources, in addition to the data described above. Cookies are either session (transient cookies) or permanent cookies. Session cookies are temporary and are instantly erased when a user shuts down the browser. They keep track of a session ID, which is used to associate different browser requests with the shared session. Permanent cookies on the other hand are retained on users’ computers upon shutting down the browser. In the event that you visit our website again, this enables us to identify your machine. We only use session cookies not permanent, third party or flash cookies.
The two main purposes of cookies are: They help us make it easier for you to navigate through our website/online resources and they also enable the website to be displayed correctly. They are not used to spread viruses or to open programs.
Social network data: This is login information for social media accounts.
Mobile data: This information includes: Mobile device IDs, mobile device manufacturers
Third-party data: Third party data is any data you might share with or sell to a third-party. We generally do not collect your personal data from a third party unless they have been duly authorized by you to disclose your personal data to us (your “authorized representative”) after (i) you (or your authorized representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorized representative) have provided written consent to the collection and usage of your personal data for those purposes.
Third-party data: Third party data is any data you might share with or sell to a third-party. We generally do not collect your personal data from a third party unless they have been duly authorized by you to disclose your personal data to us (your “authorized representative”) after (i) you (or your authorized representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorized representative) have provided written consent to the collection and usage of your personal data for those purposes.
How we use your personal data
The University processes personal data for administrative and other purposes necessary for the management and functioning of the University. Primarily, the University processes your personal data during the course of your application, admission and registration, for assessment/examinations, fee collection, IT administration and library administration, on your graduation and at the end of your studies for archival and alumni relations purposes (upon graduation, the Student Records & Examinations Office will automatically transfer your student record to the University’s Development and Alumni Office). This data may, in some cases, include “special categories of data” (as defined in the Data Protection Acts) where it is necessary for the University to collect and process such data.