Privacy Policy

1. Data Controller Information

Kenya Tchoukball Federation ("KTF," "we," "us," or "our") is the data controller responsible for your personal information collected through our website and services.

By using our website at tchoukball.ke or our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please discontinue use of our website and services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when you:

• Create an account: Full name, email address, phone number, password, profile photo
• Register as a member/player: Date of birth, gender, National ID/passport number, postal address, nationality
• Register for teams/clubs: Team affiliation, playing position, jersey number, emergency contact information
• Register for events: Dietary requirements, accessibility needs, travel information
• Make purchases: Billing address, shipping address, M-Pesa phone number
• Subscribe to communications: Email address, communication preferences
• Contact us: Name, email, phone number, message content
• Connect via social media: Social media profile information (if you link accounts)

2.2 Sensitive Personal Data

We may collect the following sensitive/special category data with your explicit consent:

• Health information: Medical conditions relevant to player safety, allergies, disabilities requiring accommodation
• Biometric data: Photos for player identification (if applicable)

Note: Under the Kenya Data Protection Act 2019, sensitive personal data requires explicit consent and is subject to additional protections.

2.3 Information Collected Automatically

When you visit our website, we automatically collect:

• Device information: IP address, browser type and version, operating system, device type
• Usage data: Pages visited, time spent on pages, click patterns, referring/exit pages
• Location data: Approximate geographic location based on IP address
• Cookies and similar technologies: Session cookies, persistent cookies, pixel tags (see Section 7)

2.4 Information from Third Parties

We may receive information about you from:

• Social media platforms: When you log in using Facebook, Google, or other social accounts
• Payment processors: Transaction confirmation from M-Pesa/Safaricom
• International Federation (FITB): Player registration verification
• Partner organizations: Sports Kenya, SASDEF, other sports bodies

3. Legal Basis for Processing

Under the Kenya Data Protection Act 2019 (Section 30) and in alignment with GDPR principles, we process your personal data based on the following lawful grounds:

Legitimate Interests: Where we rely on legitimate interests, we have conducted a balancing test to ensure your rights and freedoms do not override our interests. You may request details of this assessment by contacting our Data Protection Officer.

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Core Services

• Create and manage your account and membership
• Process registrations for teams, clubs, and events
• Process transactions, orders, and payments via M-Pesa
• Manage player statistics, rankings, and match records
• Issue membership cards and player licenses
• Facilitate participation in national and international competitions

4.2 Communications

• Send transactional emails (order confirmations, registration confirmations)
• Send important service announcements and updates
• Send newsletters and marketing communications (with your consent)
• Respond to your inquiries and provide customer support
• Send WhatsApp/SMS notifications (with your consent)

4.3 Safety and Compliance

• Ensure player safety during events and competitions
• Comply with sports federation regulations (FITB, Sports Kenya)
• Prevent fraud and protect against security threats
• Comply with legal obligations under Kenyan law

4.4 Improvement and Analytics

• Analyze website usage to improve our services
• Develop new features based on user needs
• Conduct research for the development of tchoukball in Kenya

5. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following circumstances:

5.1 Service Providers

• Payment Processing: Safaricom (M-Pesa) for transaction processing
• Hosting Services: Cloud infrastructure providers for website hosting
• Email Services: Email delivery providers for communications
• Analytics: Website analytics services (with anonymized data where possible)

5.2 Sports Organizations

• International Federation of Tchoukball (FITB): Player registrations for international competitions
• Sports Kenya: National sports regulatory compliance
• SASDEF: Sports development and heritage requirements
• Event Organizers: Tournament and event participant information

5.3 Legal Requirements

We may disclose your information when required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from public authorities
• Protect the rights, property, or safety of KTF, our users, or others
• Enforce our terms and policies

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information.

6. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are:

After the retention period, data is either securely deleted or anonymized for statistical purposes. You may request earlier deletion subject to our legal obligations.

7. Cookies & Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide and improve our services.

7.2 Types of Cookies We Use

7.3 Your Cookie Choices

• Cookie Banner: When you first visit, you can accept or customize cookie preferences
• Browser Settings: Most browsers allow you to block or delete cookies
• Opt-Out Links: For analytics cookies, you may use available opt-out mechanisms

Note: Disabling essential cookies may affect website functionality and your ability to use certain features.

8. Social Media & Third-Party Platforms

8.1 Social Login

If you choose to register or log in using a social media account (Facebook, Google, etc.), we receive:

• Your public profile information (name, email, profile picture)
• Any additional information you authorize the platform to share

We do not post to your social media accounts or access your contacts without your explicit permission.

8.2 Social Media Widgets

Our website may include social media features (share buttons, embedded feeds). These features may:

• Collect your IP address and page visits
• Set cookies to enable functionality
• Be governed by the privacy policies of the respective platforms

8.3 Meta (Facebook/Instagram) Integration

We may use Meta technologies for:

• Facebook Login: Account authentication
• Facebook Pixel: Measuring advertising effectiveness (with consent)
• Instagram Integration: Displaying feeds and enabling sharing

Your data shared with Meta is subject to Meta's Privacy Policy. You can manage your Meta privacy settings through your Facebook/Instagram account.

9. Messaging & Communications

9.1 WhatsApp Business

We may use WhatsApp Business to communicate with members and users. When you opt in to receive WhatsApp messages:

• Your phone number is shared with WhatsApp (Meta) for message delivery
• Message content may include event updates, order notifications, and member communications
• WhatsApp may process metadata in accordance with their privacy policy
• You can opt out at any time by texting "STOP" or updating your preferences in your account

WhatsApp messages are subject to WhatsApp's Privacy Policy.

9.2 SMS Communications

With your consent, we may send SMS messages for:

• M-Pesa payment confirmations
• Event reminders and urgent notifications
• Account security alerts

9.3 Email Communications

• Transactional emails: Order confirmations, password resets (cannot be opted out)
• Marketing emails: Newsletters, promotions (requires opt-in, can unsubscribe anytime)

10. Your Data Protection Rights

Under the Kenya Data Protection Act 2019 and international standards, you have the following rights:

How to Exercise Your Rights

• Self-service: Update your information in your account settings
• Email request: Send a request to [email protected]
• Phone: Contact us at +254 729 356 779
• Written request: Send to our registered address

Verification: We may need to verify your identity before processing your request. We will respond within 30 days as required by the Kenya Data Protection Act 2019.

Data Deletion Request: To delete your account and associated data, email [email protected] with the subject line "Data Deletion Request" and include your registered email address and phone number for verification.

11. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

• Encryption: SSL/TLS encryption for all data in transit (HTTPS)
• Password Security: Bcrypt hashing for stored passwords
• Access Controls: Role-based access to personal data
• Secure Payments: PCI-DSS compliant payment processing via M-Pesa
• Regular Updates: Security patches and software updates
• Backups: Regular encrypted backups with secure storage

Organizational Measures

• Staff training on data protection
• Data protection impact assessments for high-risk processing
• Vendor due diligence for third-party processors
• Incident response procedures

Your Responsibility: You are responsible for keeping your account credentials confidential. Use a strong password and enable two-factor authentication if available. Notify us immediately at [email protected] if you suspect unauthorized access to your account.

12. Children's Privacy

We are committed to protecting the privacy of children in accordance with the Kenya Children Act and international child protection standards.

Age Requirements

• Users must be at least 13 years old to create an account
• Users under 18 require parental/guardian consent for registration

Youth Player Registration

For players under 18, we collect information with verifiable parental/guardian consent:

• Player name, date of birth, and contact information
• Parent/guardian name and contact details
• Medical information relevant to player safety
• Consent for photography/video at events (optional)

Parental Rights

Parents/guardians may review, correct, or request deletion of their child's information by contacting [email protected]. We do not share children's information with third parties for marketing purposes.

13. International Data Transfers

Your personal data may be transferred to and processed in countries outside Kenya. These transfers occur when:

• FITB Registration: Player data is shared with the International Federation of Tchoukball in Switzerland
• International Events: Participant information is shared with host countries for tournaments
• Cloud Services: Our hosting and service providers may process data in various jurisdictions
• Social Media Platforms: Meta (USA/Ireland) for Facebook/WhatsApp services

Safeguards

In accordance with Section 48 of the Kenya Data Protection Act 2019, we ensure appropriate safeguards for international transfers:

• Transfers to countries with adequate data protection laws
• Standard contractual clauses with service providers
• Binding corporate rules where applicable
• Your explicit consent for specific transfers

14. Automated Decision-Making

We may use automated processing in limited circumstances:

• Fraud Detection: Automated systems may flag suspicious transactions for review
• Player Rankings: Statistics-based automated ranking calculations
• Email Filtering: Automated spam detection on communications

We do not use solely automated decision-making that produces legal effects or similarly significantly affects you without human review.

You have the right to request human intervention, express your point of view, and contest any automated decision by contacting us.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Office of the Data Protection Commissioner (ODPC) within 72 hours as required by law
• Communicate the breach to affected individuals without undue delay if there is a high risk
• Provide information about the nature of the breach, likely consequences, and measures taken
• Offer guidance on steps you can take to protect yourself

We maintain incident response procedures and regularly test our breach notification processes.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

• The "Last Updated" date at the top will be revised
• Material changes will be communicated via email or website notice
• Continued use of our services after changes constitutes acceptance
• We encourage you to review this policy periodically

For significant changes affecting your rights, we will seek your renewed consent where required by law.

17. Contact & Complaints

Contact Us

For questions about this Privacy Policy, to exercise your data rights, or for any privacy-related concerns:

Lodge a Complaint

If you believe your data protection rights have been violated and we have not addressed your concerns satisfactorily, you have the right to lodge a complaint with:

Or contact us directly: