Logo
Sign in
Legal

Privacy Policy

Last updated: January 2026 · Operated by BIBA Kenya

Back to Home
The Community Agroecology Data Hub (“CADH”, “we”, “us”, or “our”) is an open-access platform operated by the Biodiversity and Biosafety Association of Kenya (BIBA Kenya). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our platform at cadh.bibakenya.org and related services. Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Register for an account or submit content to the repository
  • Make a donation through our PesaPal payment gateway
  • Submit a contact form or inquiry
  • Subscribe to our newsletter or updates
  • Participate in surveys or feedback sessions

This may include your name, email address, phone number, organisation, and location.

1.2 Automatically Collected Information

When you visit the platform, we may automatically collect:

  • Browser type, device type, and operating system
  • IP address and approximate geographic location
  • Pages visited, time spent, and navigation paths
  • Referring URLs and search terms used

This is collected through standard web analytics tools and server logs. We use this data solely to improve platform performance and user experience.

1.3 Indigenous and Community Knowledge Data

Content submitted to the repository — including farmer innovations, seed varieties, recipes, and traditional practices — is treated under our Community Data Governance Charter. Contributors retain attribution rights. Traditional Knowledge content is protected under TK Labels and CC-BY-NC-SA licensing.

2. How We Use Your Information

We use collected information to:

  • Operate, maintain, and improve the Community Agroecology Data Hub
  • Process donations securely via PesaPal and send payment receipts
  • Respond to enquiries and provide support
  • Send newsletters and platform updates (only with your consent)
  • Enforce our licensing frameworks and governance policies
  • Comply with legal obligations under Kenyan law
  • Conduct anonymised research and impact reporting

We never sell, rent, or trade your personal information to third parties for commercial purposes.

3. Legal Basis for Processing (GDPR & Kenya Data Protection Act 2019)

We process personal data under the following legal bases:

  • Consent — where you have explicitly agreed (e.g. newsletter sign-up, cookie preferences)
  • Contract — to process donations and deliver services you have requested
  • Legitimate Interests — to improve platform security and functionality
  • Legal Obligation — to comply with applicable Kenyan laws and regulations

4. Sharing of Information

We may share your information with:

  • PayPal — our payment processor. PayPal handles payment data in compliance with PCI-DSS standards. View their privacy policy at paypal.com/privacy-policy
  • BIBA Kenya — the parent organisation operating this platform, for programme reporting and governance purposes
  • Legal authorities — only where required by Kenyan law, court order, or to protect the safety of users and communities

All data processors are contractually bound to handle your data in accordance with this policy and applicable data protection law.

5. Data Retention

We retain personal data only as long as necessary for the purposes stated:

  • Account data — retained while your account is active, deleted within 30 days of account closure upon request
  • Donation records — retained for 7 years for financial and legal compliance
  • Repository contributions — retained indefinitely as part of the community knowledge archive, subject to contributor governance rights
  • Analytics data — retained in anonymised form for up to 24 months

6. Your Rights

Under the Kenya Data Protection Act 2019 and applicable law, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data, subject to legal obligations
  • Restriction — request we limit processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw Consent — at any time where processing is based on consent

To exercise any of these rights, contact us at data@bibakenya.org. We will respond within 30 days.

7. Cookies

We use strictly necessary cookies to operate the platform and optional analytics cookies (with your consent) to understand how the platform is used. You can manage cookie preferences at any time through your browser settings.

We do not use advertising or tracking cookies.

8. Security

We implement industry-standard security measures including SSL/TLS encryption, role-based access controls (RBAC), and regular security audits to protect your data. However, no method of transmission over the internet is 100% secure.

9. Children's Privacy

Our platform is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a child has submitted data to us, please contact us immediately at data@bibakenya.org.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes by email and update the “Last updated” date above. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy enquiries, data requests, or complaints, contact:

BIBA Kenya — Data Protection Officer

Biodiversity and Biosafety Association of Kenya

Nairobi, Kenya

Email: data@bibakenya.org

Website: bibakenya.org

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya.

Data Protection PolicyMake a Donation Back to Home