top of page

Stakov 360 Personnel, Applicant, and Candidate Privacy Policy

personal infor.png

Certain information is mandatory to comply with legal or contractual obligations (e.g., payroll and identification).

​

3. How and Why We Use Personal Information

 

We use personal data only for lawful purposes, including HR management, payroll, compliance, and organizational development.

4. Legal Basis for Processing (Kenya, EEA, UK, and Global)

​

Depending on your jurisdiction, Stakov 360 relies on the following lawful bases for processing:

  • Contractual Necessity: To enter or perform an employment or service contract.

  • Legal Obligation: To comply with laws (e.g., tax, labor, safety).

  • Legitimate Interest: For internal management, training, communication, and IT operations.

  • Consent: For optional or sensitive data (e.g., diversity metrics, health disclosures).

  • Vital Interest: To protect life or respond to emergencies.

​

5. Sharing and Disclosure of Personal Information

​

We share personal data only when necessary and in line with data protection principles:

  • Internal Access: With authorized HR, finance, and management staff for legitimate business purposes.

  • Affiliates and Divisions: Within Stakov 360 group entities, including StatQuestJourney Hub and S.H.E.M. for HR and administrative purposes.

  • Service Providers: Trusted third parties such as payroll processors, insurance firms, IT service providers, and training platforms (bound by confidentiality agreements).

  • Legal Authorities: Where required by law or to protect our legal rights.

  • Mergers or Reorganizations: In case of a merger, partnership, or acquisition, with appropriate data safeguards.

  • Consent-Based Sharing: When you explicitly authorize us to share your information (e.g., references, external verification).

We do not sell or trade personal information under any circumstance.

​

6. Data Security

​

We implement administrative, technical, and organizational security measures to protect personal data, including:

  • Access controls and role-based permissions,

  • Data encryption and secure communication channels,

  • Periodic audits and vulnerability assessments,

  • Confidentiality clauses in all staff and contractor agreements.

Only authorized personnel can access sensitive information on a “need-to-know” basis.

​

7. International Data Transfers

​

Stakov 360 operates globally with collaborators and contractors across Kenya, Uganda, Nigeria, and beyond.

When personal data is transferred outside Kenya or your country of residence, we ensure appropriate data transfer safeguards, such as:

  • Contractual Data Protection Clauses;

  • Compliance with GDPR Standard Contractual Clauses (SCCs); or

  • Explicit consent, where applicable.

You can request details of these safeguards at privacy@stakov360.com.

​

8. Data Retention

​

We retain personal information only for as long as necessary to fulfill the purposes outlined above, or as required by law.

Typically, this means:

  • Employment Records: 7 years after termination.

  • Recruitment Data: Up to 2 years after application (unless consent for retention is withdrawn).

  • Contractor/Consultant Data: 5 years post-engagement for legal and audit purposes.

After retention periods expire, data is securely deleted or anonymized.

​

9. Your Rights

​

Under the Kenya Data Protection Act (2019) and other global laws, you have the right to:

  • Access your personal information;

  • Request correction or deletion;

  • Withdraw consent where applicable;

  • Object to certain types of processing;

  • Request data portability (where applicable); and

  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC – Kenya) or your local authority.

Requests can be made by emailing privacy@stakov360.com.
We may require proof of identity to process your request securely.

​

10. International Workforce Rights (EEA, UK, and Switzerland)

​

Personnel based in the EEA, UK, or Switzerland may exercise additional rights under the GDPR, including:

  • Restricting processing;

  • Objecting to profiling or automated decision-making; and

  • Requesting details of cross-border transfer safeguards.

​

11. Data Privacy Framework (DPF) and Compliance

​

For international staff and partners, Stakov 360 aligns its practices with recognized international frameworks such as the EU–U.S. Data Privacy Framework and UK Extension DPF Principles through our contracted third-party service providers.

We maintain written agreements ensuring compliance with onward transfer principles and fair processing obligations.

​

12. Dispute Resolution

​

If you have concerns or complaints about how your data is handled:

  1. Contact privacy@stakov360.com directly.

  2. If unresolved, you may contact the Office of the Data Protection Commissioner (Kenya) or your regional data protection authority.

  3. Stakov 360 will cooperate with any authorized data authority to resolve issues in good faith.

​

13. Policy Updates

​

This Privacy Policy may be updated periodically to reflect legal, operational, or technological changes.
The “Last Updated” date at the top of this page indicates the most recent version.

Significant updates will be communicated via email or internal staff announcements.

​

14. Contact Information

​

If you have questions, concerns, or requests related to this policy, please contact:

 privacy@stakov360.com

bottom of page