Our Information Security Policy

Terms & Conditions
|
Legal
|
Licenses

Thank you for choosing to be part of our community at Workpay. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at hello@myworkpay.com

Data Protection and Privacy Policy

The Privacy Policy Statement

WORKPAY (“we” or “us” or “our”) recognises the provisions of the laws on data protection. We acknowledge the importance of confidentiality and privilege duty owed to our clients’ information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our page. We are limited to use your personal information to offer you products and services that are likely to be relevant and useful for you as far as our services and products are concerned.

We invite you to read this policy carefully. If you use our website on behalf of others, you are responsible for ensuring that the others are aware of the content of this Privacy Policy and are in agreement with you supplying their personal data to use to make a booking or enquiry. By making a booking or an enquiry, you agree to the transfer, storage and processing of it as necessary. We will take all reasonable steps necessary to ensure your data is treated securely and in accordance with this privacy. You reserve the right to agree or otherwise.

Our mandate to Protect your Data

Our company strictly adheres to European General Data Protection Regulation (GDPR), which came into force on 25th May 2018, the Kenyan Constitution 2010, the Data Protection Act 2019 and its Data Protection(Complaints Handling Procedure and Enforcement) Regulations, 2021.

Our mandate is tailored as per the provisions of the laws cited above whose principles entail lawfulness, fairness and transparency, accuracy, integrity and confidentiality (security) and Accountability in data collection and processing.

Therefore, our Mandate to you is to:

·        hold your data secure and privilege;

·        share only where you agree;

·        use your data to tailor the information we provide you, arrange your travel arrangements and improve our services; and

·        put you in control by allowing you to update, delete and access your data.

The Nature of Data or Personal Information we collect

Type of personal information Description
Personal information This could include things like (without limitation) your name, address, email address, telephone number, date of birth passport, national identification number, driver’s licence, photographs or birth certificate, residential address, billing address
Transactional Details about the transactions you carry out and the payments to and from your accounts with us
Payment Bank account, mobile number, cards and virtual cards.
Contractual Details about the products or services we provide to you
Location Details that we get about where you are. This may come from where you connect a computer to the internet, bank account number where we receive payments or where we pay you, contract jurisdiction.
Behavioural Data on how you use our Services and Site
Technical Details on the devices, software and technology you use
Documentary data Data about you , your work, salary, working hours, terms of work, contract duration, employers, length of service, stored in documents in different formats, or copies of them.
Communications Data from communications between us.
Public and third-party records Details about you that are in public records and information about you that is publicly available on the internet. We also collect information about you which we receive from other companies, such as (without limitation) credit reference or fraud protection agencies (see below for more information).
Usage data Other data about how you use our products and services
Consents Any permissions, consents or preferences that you give us
Sensitive personal data Such as information concerning medical conditions, disabilities religious beliefs, race, marital status, children details, spouse details, next of kin, medical data, financial data including pensions, saving schemes, loans, deductions.

 

Utilisation of Your Information

We may use your information to:

1.    Fulfil our contract with you and/or deal with your transaction.

·        We use your information when processing payments, contract, payroll processing, processing payments including business expenses, or other details relating to services.

·        Manage our relationship with you or your business

2.     Improving our business

·        Operating our business in an efficient and proper way, including managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit

·        Carrying out our obligations arising from and exercising our rights set out in our contracts

·        Improve the products and services we offer or help us to create new ones

·        Testing new products

·        Manage our business such as systems testing, IT maintenance or development training, benchmarking and performance measurement

·        Use in connection with your online account as you may authorise or consent to additionally from time to time and other use which may be authorised by you and legal authorities as per the law.

·        Keeping our records up to date

·        Managing how we work with other companies that provide services to us and our customers

·        Developing new ways to meet our customers’ needs and grow our business

·        Working out which of our products and services may interest you and telling you about them

·        Developing products and services, our pricing for them, and types of customers that may want to use them

·        Asking for your consent when we need it to contact you

3.     Managing our operations

·        Delivering Workpay’s products and services

·        Making and managing payments

·        Managing fees and charges due on user accounts

·        Collecting and recovering money that is owed to Workpay

4.     Marketing and events-related communications

·        Develop and carry out marketing activities

·        Study how our customers use our products and services

·        Communicate with you about our products and services

·        Conduct customer satisfaction surveys so that we can obtain a better understanding of how we can continue to improve the products and services we offer or help us to create new ones. During these surveys we may collect personal information from you relating to your thoughts/comments about your experience with us

·        Market our products and services to you

·        Communicating Workpay’s products, services, invite you to participate in events or surveys, or otherwise communicate with you for marketing purposes with the consent requirements of applicable law

5.     Crime prevention and managing risks

·        Reporting under the Anti Money Laundering Framework of your country of residence and our country of operations

·        Reporting Fraud

·        Reporting Suspicious Financial Activities

 

Where we collect personal information

We may collect personal information about you or your businesses from any of these sources:

·        Data we collect when you use our products or services

·        Payment and transaction data

·        Profile and usage data (including, without limitation, your security details, app or your website browser settings, marketing choices and data from the devices you use to connect to our Platform so we can provide you with our products or services).

·        We also use cookies and other internet tracking software to collect data while you are using our website or mobile apps (or any other device as described in more detail below

Data from third parties

·        Companies and business partners that introduce you to us

·        Our service partners, such as bank and PSP partners

·        Our third-party vendors, including (without limitation) those that help us authenticate your identity

·        Social networks and other technology providers (for instance, when you click on one of our Facebook or Google adverts)

·        Fraud prevention agencies

·        Other financial services companies (to fulfil a payment or other service as part of a contract [which they have] with you, or to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behaviour)

·        Public information sources such as (without limitation) Companies Registry, Embassy and Consular offices, National Identity Databases, Tax Agencies

·        Third-party agents, suppliers, sub-contractors and advisers

·        Market researchers

·        Firms providing data services

·        Government, law enforcement agencies, authorities and regulatory bodies to help  Workpay comply with its legal obligations;

Sharing your personal information with third parties

We may share your personal information to third parties in the manner and for the purposes of rendering a quality service. We will only share your information with the third parties listed below for the purposes described above in the “Use of Your Information” Section, unless otherwise noted at the point of collection:

 

1.    To improve the products and services we offer or help us to create new ones  for marketing, profiling and analytics as detailed below; and for the purposes described in this Privacy Notice.

2.    with third parties who help us manage our business and deliver our products and services. These third parties have agreed to confidentiality obligations and use any personal information we share with them or which they collect on our behalf solely for the purposes of providing the contracted service to us. These third parties include service providers who help manage our IT and back-office systems, detect fraudulent transactions and security incidents, provide customer service centre support, manage communications and tailor marketing and advertising; verify payments such as banks and payment card companies; provide internet services; host our facilities and conduct research that assists us with understanding consumer interests.

i. Governments, government organisations and agencies, and taxing authorities, as required to provide the Service, including but not limited to the, state and local tax agencies, border control agencies, regulators, law enforcement and others as permitted or required by law to generally comply with all applicable laws, regulations and rules.

3.    Third-party agents, partners, and service providers who are only permitted to use your information as we allow which may include contacting you on your behalf, and are required under law or contract to keep your personal information confidential. Information is shared to help us provide the Service.

4.    With third party advertising and social media website to provide advertising

5.    Bank and payment providers to authorise and complete payments;

6.    With third parties whose products or services you are purchasing through our website or offices, or otherwise such as;

7.    Insurance carriers and other third parties, as needed to carry out the Benefits Service

8.    Certain parties as necessary to respond in good faith to legal process where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

9.    Legal and financial advisors and auditors

10.  The following third-parties under the circumstances described below:

a)     we may share business or personal information with credit bureaus, and we may share information with certain companies, banks and organizations for purposes such as fraud prevention or determining eligibility for the Service;

b)    if you participate in a referral program, the referral email and referral link sent to any Referred Leads may include your first name;

c)     if there is a sale of Workpay(including, without limitation, a merger, stock acquisition, sale of assets or reorganization), or in the event that Workpay liquidates or dissolves, we may sell, transfer or otherwise share some or all of our assets, which could include your information, to the acquirer;

d)    we may share de-identified personal information with academic institutions to perform research, under controls that are designed to protect your privacy—including requiring such institutions to operate under confidentiality agreements and mandating that published findings contain only de-identified and aggregated data;

e)     from time to time, we may share reports with the public that contain anonymized, aggregate, de-identified information and statistics; and

f)      we may share your information with certain other third parties with whom you, your Client, or your Client’s accountant partner expressly authorize us to share your information

Communications

We may contact you with newsletters and other marketing information that may be of interest to you. You may opt out of receiving any, or all, of these marketing communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us. Please note that we may still send you transactional or administrative messages related to the Service even after you have opted out of receiving marketing communications.

Managing Marketing Ads

To protect your privacy and to ensure you have control over how we manage marketing with you and provided that you have indicated that you would like to receive advertisements, we will:

·        take steps to limit direct marketing to a reasonable level; and

·        only send you communications which we believe may be of interest or relevance to you and at all times in line with your permissions, which, as appropriate, may include informing you about developments in the products and services available through us.

You can click the “unsubscribe” link that you will find at the bottom of our emails which you receive from us, or you can unsubscribe by contacting us or changing your account settings which will remove you from the relevant marketing list.

You can request that we stop sending you marketing advertisements.

Protection of your Personal Information

We have in place appropriate technical and organisational security measures, and procedures designed to protect the personal information that you share with us and safeguard the privacy of such information. The measures include:

  1. placing confidentiality requirements on our staff members and service providers;
  2. destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
  3. following security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it; and
  4. using secure communication channels on our website such as SSL for transmitting data that is sent to us. SSL are industry standard encryption protocols used to protect online transaction channels.

Right to Access Personal Information

As our visitor, you have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: the source of your personal information; the purposes, legal basis and methods of processing; the data controller’s identity; and the businesses or categories of businesses to whom your personal information may be transferred.

Right to Rectify or Erase Inaccurate Personal Information

You have a right to request that we rectify inaccurate personal information about you. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

·        it is no longer needed for the purposes for which it was collected; or

·        you have withdrawn your consent (where the data processing was based on consent); or

·        following a successful right to object; or

·        it has been processed unlawfully; or

·        the personal information must be erased for compliance with a legal obligation

·        We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

·        for compliance with a legal obligation; or

·        for the establishment, exercise or defence of legal claims.

·        Right to object to the processing (including direct marketing) of your personal information

If you have joined our mailing list, you can manage your marketing preferences automatically by clicking the “unsubscribe” link that you will find at the bottom of our emails which you receive from us.

 

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of your country.

We may redact data transfer agreements to protect commercial terms.

 

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

·        its accuracy is contested, to allow us to verify its accuracy; or

·        the processing is unlawful, but you do not want it erased; or

·        it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or

·       you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

You have a right to lodge a complaint with the office of Data Protection Commissioners if you have concerns about how we are processing your personal information.

How long we keep your personal information

We will keep your personal information as long as you are a User of Workpay

We may keep your personal information for up to 15 years after you stop being a customer. The reasons we may do this are:

To respond to a question or complaint, or to show whether we gave you fair treatment

To study customer data as part of our own research

To comply with legal rules that apply to us about keeping records. For example, the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to retain certain data for a minimum of 5 and a maximum of 10 years.

We may also keep your data for longer than 10 years if certain laws mean that we cannot delete it for legal, regulatory or technical reasons.

Security

The security of your Personal Information is important to us. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you. You are also a key stakeholder in making sure that your Personal Information is protected. If you become aware of any breach of security or privacy, please contact us immediately.

International Transfer

Information collected while you use the Site and/or Service, including your Personal Information, may be transferred to — and maintained on— computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside the Kenya [MN-GSA1]  and choose to provide information to us, please note that we transfer the information, including your Personal Information, to the Kenya and process it there. Your consent to this Privacy Policy followed by your submission of such Personal Information represents your agreement to that transfer.

Children's Privacy

We do not knowingly collect Personal Information from Children under 18. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 18 without verifiable parental consent, we will take steps to remove that information from our servers.

Links to Other Websites

This policy only extends to our website, which is owned and operated by us. We do not therefore, extend to your use of, provision of information to and collection of information on any website not connected to us to which you may link by using the hypertext links within our website. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Update of this Policy

This Policy is subject to changes, renewals, amendments and revision. You are expected to check this page from time to time to take notice of any changes we have made, as they are binding on you.  If we make any substantial changes, using your personal information we may notify you by posting a prominent notice on our website.

In case of any query regarding this policy, or if you have any comments or want to opt-out of receiving marketing communications from us or to complain about our use of your personal data kindly contact us through legal@myworkpay.com. [MN-GSA2] 

FOR EU RESIDENTS:

We collect, process, use and are responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation (EU) 2016/679 (GDPR) which applies across the European Union and EEA (including in the UK), and the Data Protection Act2018 (together with the DPA).

 

For individuals residing in the EU please contact our EU Representative with any requests you may have either by emailing legal@myworkpay.comor addressing it to the Head of Data Privacy Manager Service.[MN-GSA3] 

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

When transferring data from the European Union, the European Economic Area, and Switzerland, Workpay relies upon a variety of legal mechanisms, including contracts with our Users.

Workpay complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Workpay has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit (https://www.privacyshield.gov/)[MN-GSA4] 

Workpay commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Workpay is subject to oversight by the Kenya Office of Data Protection Commissioner. ODPC is the Kenyan-based independent organization responsible for reviewing and resolving complaints about our data protection and privacy compliance — free of charge to you. We ask that you first submit any such complaints directly to us via legal@myworkpay.com . If you aren't satisfied with our response, please contact ODPC at https info@odpc.go.ke . In the event your concern still isn't addressed by ODPC you may be entitled to binding arbitration.

Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, Workpay will provide individuals access to personal data about them. Workpay also will take reasonable steps to enable individuals to correct, amend, or delete personal data that is demonstrated to be inaccurate.

Workpay is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Workpay complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

Under applicable EU regulation, as of May 25, 2018 you may have some or all of the following rights in respect of your personal information:

·        to obtain a copy of your personal information together with information about how and on what basis that personal information is processed;

·        to rectify inaccurate personal information;

·        to erase your personal information in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed;

·        to restrict processing of your personal information where: (a) the accuracy of the personal information is contested; (b) the processing is unlawful but you object to the erasure of the personal information; (c) we no longer require the personal information for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim;

·        to challenge processing which we have justified on the basis of our legitimate interest;

·        to object to decisions which are based solely on automated processing or profiling;

·        to obtain a portable copy of your personal information, or to have a copy transferred to a third party controller; or

·        to obtain a copy of or access to safeguards under which your personal information is transferred outside of the EEA.

In addition to the above, you have the right to lodge a complaint with a supervisory authority for data protection. You also have the right to withdraw your consent to the processing of your information at anytime. We may ask you for additional data to confirm your identity and for security purposes, before disclosing data requested to you. We reserve the right to charge a fee where permitted by law. We may also decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we may need to retain certain personal information for a limited period of time for record-keeping, accounting and fraud prevention purposes.

WorkPay maintains high standards for the protection of privacy over the Internet. The purpose of this statement is to explain the types of information WorkPay obtains about visitors to our websites.

The only information WorkPay obtains about individual visitors to our websites is information supplied voluntarily by the visitor. This means that the visitor can visit our websites without telling us who they are or revealing any information about themselves –we DO NOT track where you go on our sites, so you never receive unsolicited emails from us.

You can choose to provide individually-identifiable information to WorkPay in a number of ways through our website – by joining our demo/trial product from us or request for a particular service, sending us an email, registering to receive newsletters or website update information.

When visitors supply information about themselves for a specific purpose, WorkPay uses this information for that purpose (such as to provide the information that the visitor has requested). In addition, when visitors use our websites for additional information of our products, or to request some information about our services, we may use the individually-identifiable information as we would use the same information obtained off-line.

If you have voluntarily provided personally identifiable information, we may, from time to time, send you mail or e-mail regarding products and services. If you do not want to receive such offers and mailings, you can easily unsubscribe the service by clicking the same in the e-zine/e-mail.

We do not sell or disclose individually identifiable information obtained on-line about our visitors to anyone outside of WorkPay unless law requires it, or disclosure is necessary to protect the safety of customers, employees or property.

Internally, we will restrict access to your personally identifiable information to employees who need access to the information in order to do their jobs. These employees are limited in number, and are committed to our privacy policies.

Some of WorkPay web pages may use “cookies” to improve our level of service to visitors. Cookies are lines of text that are transmitted to your web browser when you click on a site. Your browser stores the information on your hard drive and when you return to that site later, the cookie is transmitted back to the server that originally sent it to you. Cookies provide a way for a server to recall a previous request or previous registration, or to keep track of a transaction as it progresses, so that information does not have to be repeated.

To be notified when you are about to receive a cookie you can configure your browser to alert you when a site is attempting to send you a cookie and at that time you will have the option of refusing the cookie. You can check your hard drive for cookie files, on the “cookies.txt” file on your PC’s hard drive; or under “magic cookies” on a Macintosh.

We exercise great care to protect your personally identifiable information. This includes, among other things, using industry standard techniques such as firewalls, encryption, intrusion detection and site monitoring. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personally identifiable information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. This is especially true for information you transmit to us via e-mail. We have no way of protecting that information until it reaches us. Once we receive your transmission, we make our best effort to ensure its security on our servers.

WorkPay is committed to safeguarding its customer privacy on all its webpages in its site www.myworkpay.com. We require our employees to protect the privacy of information about our customers and expect our partners and suppliers to do so as well. You can feel confident that your individually-identifiable information will be protected when you access our webpages over the Internet. We employ security measures to safeguard your transactions with us.

WorkPay website may contain links to other sites. We are not responsible for the content or the privacy practices employed by other sites.

To improve the services it can offer you, WorkPay may opt to expand its capabilities for obtaining information about users in the future. We will update our privacy statement continually to ensure that you are aware of developments in this area.

WorkPay has adopted Privacy Principles that state our commitment and define our policy on safeguarding customer privacy in all of our businesses.

Version 2.0 – 03.02.2020

Harness the power of Workpay

Our innovative cloud based solution makes managing your teams more seamless than ever before, streamline your processes and take your business to the next level.