Privacy Policy
Last updated: 1 January 2026 | New Face Party of Kenya (NFP)
New Face Party of Kenya is committed to protecting your personal data and handling it responsibly in accordance with Kenya's Data Protection Act, 2019, and the Office of the Data Protection Commissioner (ODPC) requirements.
1. Information We Collect
We collect your name, ID/Passport number, date of birth, sex, ethnicity, religion, county of voter registration, constituency, ward, phone number, email address, and postal address when you register as a member. We also collect IP addresses and device data automatically when you use our website.
2. How We Use Your Information
Your information is used to: process membership applications and maintain party records; comply with ORPP reporting obligations; communicate party news, events and updates (where you have consented); organise party activities; and improve our digital services.
3. Information Sharing
We do not sell your data. We share information only with trusted service providers necessary for our operations (hosting, email), and where required by law including ORPP statutory reporting.
4. Your Rights
Under Kenya's Data Protection Act, 2019, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data where there is no lawful basis for continued processing.
- Right to Restriction: Request that we limit how we use your data in certain circumstances.
- Right to Data Portability: Receive your data in a structured, commonly used format.
- Right to Object: Object to processing of your data for direct marketing or other purposes.
- Right to Withdraw Consent: Withdraw consent for communications at any time without affecting prior processing.
To exercise any of these rights, email data@nfp.or.ke. We will respond within 21 days. If you are dissatisfied with our response, you may complain to the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.
5. Data Security
We implement appropriate technical and organisational security measures including encrypted storage, access controls, brute-force login protections, and audit logging. Access to member data is restricted to authorised party officials on a need-to-know basis. Sensitive fields such as ID numbers are masked even in administrative interfaces.
6. Incident and Data Breach Management
In the event of a personal data breach, New Face Party of Kenya will:
- Contain and assess the breach immediately upon discovery, taking steps to limit further exposure.
- Notify the ODPC within 72 hours of becoming aware of a breach that poses a risk to data subjects, as required by Section 43 of the Data Protection Act, 2019.
- Notify affected individuals without undue delay where the breach is likely to result in high risk to their rights and freedoms, including details of what data was involved and recommended protective steps.
- Investigate and remediate the root cause and implement measures to prevent recurrence.
- Document all incidents in an internal breach register, regardless of whether ODPC notification is required.
To report a suspected data breach or security incident, email data@nfp.or.ke immediately.
7. Cookies
We use essential and preference cookies to improve your experience and remember accessibility settings. You can manage cookies through your browser settings.
8. Retention
Membership data is retained for as long as you are a member and for a period thereafter as required by ORPP regulations. Resigned member records are retained for 7 years for statutory compliance. You may request erasure of non-statutory data at any time.
Contact: Data Protection Officer —
data@nfp.or.ke
New Face Party of Kenya, Karen Park Mall, Nairobi | Registered with ODPC