Data Protection Policy
ABN Genesis is a product of ABNO Softwares International Ltd, a company established in 2004 and headquartered in Kenya.
ABNO Softwares International Ltd is registered and certified by the Office of the Data Protection Commissioner (ODPC), Kenya as both a Data Controller and Data Processor, in accordance with the Kenya Data Protection Act, 2019.
This Data Protection Policy outlines how personal and business data is processed, protected and governed within the ABN Genesis platform and associated services.
1. Purpose of This Policy
This Policy establishes ABNO’s commitment to:
- Lawful and transparent data processing
- Protection of personal data within ERP environments
- Structured governance over employee, payroll and financial data
- Compliance with the Kenya Data Protection Act, 2019
- Alignment with recognized data protection best practices
2. Scope
This Policy applies to:
- Visitors to the ABN Genesis website
- Organizations booking Compliance Risk Reviews
- Client organizations using ABN Genesis ERP
- Employees and authorized users of client organizations
- ABNO personnel involved in implementation and support
3. Data Controller and Processor Roles
3.1 As Data Controller
ABNO acts as a Data Controller when processing:
- Website visitor information
- Marketing inquiries
- Demo and Compliance Risk Review submissions
- Internal employee and contractor data
3.2 As Data Processor
ABNO acts as a Data Processor when processing organizational data on behalf of client institutions within the Genesis platform.
Client organizations remain Data Controllers of their employee and business data.
Processing is governed by:
- Signed service agreements
- Data Processing Agreements (where applicable)
- Confidentiality clauses
4. Categories of Data Processed
Within ABN Genesis, data processed may include:
- Employee identification data
- Payroll and statutory contribution records
- Financial transaction data
- Procurement and approval workflows
- Asset registers
- Operational and attendance records
Only data necessary for defined operational purposes is processed.
5. Lawful Basis for Processing
Personal data is processed based on:
- Contractual necessity (ERP service delivery)
- Legal obligations (statutory compliance)
- Legitimate interests
- Consent where applicable
6. Data Protection Principles
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
7. Security Safeguards
ABNO implements administrative, technical and organizational safeguards including:
- Role-based access controls
- Segregation of duties within system workflows
- Secure authentication mechanisms
- Encrypted data transmission (HTTPS/TLS)
- Structured backup procedures
- Audit logging and monitoring
- Controlled access to infrastructure environments
Security controls are designed to protect payroll, financial and operational data from unauthorized access, alteration or loss.
8. Data Retention
Personal data is retained only for as long as necessary to:
- Fulfill contractual obligations
- Meet statutory requirements
- Resolve disputes
- Enforce agreements
Client data retention schedules are governed by signed contracts.
9. Data Subject Rights
Data subjects have the right to:
- Access personal data
- Request correction of inaccurate data
- Request deletion (subject to legal and contractual limits)
- Object to processing in certain circumstances
- Withdraw consent where applicable
- Lodge complaints with the Office of the Data Protection Commissioner (Kenya)
Requests should be directed to the contact details provided below.
10. Data Breach Management
In the event of a suspected data breach, ABNO:
- Activates internal incident response procedures
- Assesses scope and impact
- Notifies affected client organizations without undue delay
- Complies with ODPC notification requirements where applicable
- Implements corrective and preventive measures
11. Cross-Border Data Transfers
Where data is processed outside Kenya, appropriate safeguards are implemented in accordance with the Kenya Data Protection Act and applicable regulatory guidance.
12. Governance and Accountability
ABNO maintains structured governance over data protection through:
- Documented policies and procedures
- Staff training and awareness programs
- Access control audits
- Regular system monitoring
- Defined data protection responsibilities
13. Policy Updates
This Policy may be updated periodically to reflect legal, regulatory or operational changes. The updated version will be published with a revised “Last Updated” date.
14. Contact Information
ABNO Softwares International Ltd
Data Protection Contact: info@abnosoftwares.com
Phone: +254 (0)705 597336
Website: https://abngenesis.com