Logo

LESSO HOA Data Privacy Policy & Code of Conduct

1. Introduction

This policy outlines how LESSO HOA (the "Association") collects, uses, and protects the personal data of its members in compliance with the Kenya Data Protection Act, 2019. Our goal is to ensure community harmony while respecting individual privacy rights under Article 31 of the Constitution of Kenya.

2. Data Collection (Section 28 of the Act)

We collect only the information necessary for the administration of the estate, including:

  • Identification: Names, National ID/Passport numbers.
  • Contact Details: Phone numbers, email addresses, and physical house numbers.
  • Property Records: Ownership documents or lease agreements.
  • Security Data: Vehicle registration numbers and CCTV footage at entry/exit points.
  • Financial Data: Records of service charge payments and penalty history.

3. Principles of Processing (Section 25)

The Association commits to the following principles:

  1. Lawfulness & Transparency: Data is collected only with your consent or for legitimate administrative purposes.
  2. Purpose Limitation: Your data will only be used for HOA-related matters (e.g., security alerts, AGM notices).
  3. Data Minimization: We will not ask for information that isn't required for estate management.
  4. Storage Limitation: Data will be deleted or archived once a member leaves the estate and all accounts are settled.

4. Member Rights (Section 26)

As a member (Data Subject), you have the right to:

  • Be informed of how your data is being used.
  • Access your personal data held by the HOA.
  • Object to the processing of all or part of your data (e.g., opting out of a community WhatsApp group).
  • Correction or Deletion of false or misleading data.

5. Member Code of Conduct (Privacy Focus)

To maintain a respectful community, all members agree to:

  • Confidentiality: Not share the contact details of other neighbors with third parties (e.g., marketers) without explicit consent.
  • Social Media Ethics: Use estate WhatsApp/Telegram groups strictly for HOA business. Posting photos of other residents or their children without permission is strictly prohibited.
  • Security Protocol: Cooperate with the security team in providing visitor details, which will be handled as per our security data policy.

6. Data Security & Breaches

The HOA Committee shall implement technical measures (e.g., password-protected databases) to prevent unauthorized access. In the event of a data breach, the HOA will notify the Office of the Data Protection Commissioner (ODPC) within 72 hours and inform affected members immediately.

7. Third-Party Sharing

We may share data with:

  • Security Firms: For estate access control.
  • Legal/Debt Collectors: Only for the recovery of unpaid service charges.
  • Government Authorities: When required by law.

Guidelines for LESSO HOA Committee:

  1. Registration: If your HOA processes data on a large scale or handles "sensitive" data, you must register as a Data Controller with the ODPC.
  2. CCTV: If you have cameras in common areas, you must place visible signs informing residents and visitors that CCTV is in operation.
  3. WhatsApp Groups: Clearly state the "Group Rules" in the description, noting that by joining, members consent to their phone numbers being visible to others in the group.