At Kelal Gateway Events PLC, we are committed to maintaining the highest standards of data protection and privacy compliance. This document outlines our compliance with various data protection regulations and our commitment to safeguarding your personal information.
Kelal Gateway Events PLC has been certified by the Information Network Security Administration (INSA) of Ethiopia.
1. Data Protection Regulations Compliance
1.1 General Data Protection Regulation (GDPR)
We comply with GDPR requirements for users in the European Union:
- Lawful Basis: We process personal data based on legitimate interests, contract performance, and consent
- Data Subject Rights: Users have the right to access, rectify, erase, and port their data
- Data Minimization: We only collect data necessary for service provision
- Storage Limitation: Data is retained only as long as necessary
1.2 Ethiopian Data Protection Laws
We adhere to Ethiopian data protection requirements:
- Proclamation No. 1208/2020: Compliance with Ethiopian data protection standards
- Local Data Storage: Primary data storage within Ethiopia when possible
- Government Cooperation: Compliance with lawful government requests
2. Data Collection and Processing
2.1 Types of Data Collected
We collect and process the following categories of personal data:
- Identity Data: Name, email, phone number, date of birth
- Profile Data: Profile pictures, preferences, interests
- Transaction Data: Payment information, booking history
- Technical Data: Device information, IP addresses, usage patterns
- Location Data: General location for event recommendations (with consent)
2.2 Legal Basis for Processing
We process personal data based on the following legal grounds:
- Contract Performance: To provide our services and fulfill bookings
- Legitimate Interests: To improve services and prevent fraud
- Consent: For marketing communications and location services
- Legal Obligations: To comply with applicable laws and regulations
3. Data Security Measures
We implement comprehensive security measures to protect your data:
- Encryption: All data is encrypted in transit and at rest
- Access Controls: Strict access controls and authentication measures
- Regular Audits: Security assessments and penetration testing
- Employee Training: Regular training on data protection practices
- Incident Response: Comprehensive incident response procedures
4. Data Sharing and Third-Party Services
4.1 Service Providers
We work with trusted third-party service providers who:
- Are bound by strict data protection agreements
- Implement appropriate security measures
- Process data only for specified purposes
- Are located in jurisdictions with adequate data protection laws
4.2 Data Transfers
When data is transferred internationally, we ensure:
- Adequate protection through standard contractual clauses
- Compliance with local data protection laws
- Appropriate safeguards for data security
5. User Rights and Control
We respect and facilitate your data protection rights:
Your Rights Include:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Portability: Receive your data in a portable format
- Right to Object: Object to certain types of processing
- Right to Withdraw Consent: Withdraw consent for processing
6. Data Retention and Deletion
We maintain clear data retention policies:
- Account Data: Retained while your account is active
- Transaction Data: Retained for legal and accounting purposes
- Marketing Data: Retained until consent is withdrawn
- Deletion Requests: Processed within 30 days
7. Children's Privacy Protection
We are committed to protecting children's privacy:
- Age Verification: Users must be at least 16 years old
- Parental Consent: Required for users under 18 in certain jurisdictions
- No Collection: We do not knowingly collect data from children under 16
- Immediate Deletion: Child data is deleted upon discovery
8. Breach Notification and Response
In the event of a data breach, we:
- Assess the nature and scope of the breach
- Notify affected users within 72 hours
- Report to relevant authorities as required
- Implement immediate containment measures
- Conduct post-incident reviews
9. Compliance Monitoring and Updates
We continuously monitor and update our compliance:
- Regular Audits: Annual compliance assessments
- Policy Updates: Regular review and updates of policies
- Training Programs: Ongoing staff training on data protection
- Legal Monitoring: Tracking changes in data protection laws
10. Contact Information
For data protection inquiries or to exercise your rights, contact us:
Data Protection Officer
Email: admin@kelalgateway.com
Website: Kelalgateway.com
Address: NB Business Center, Suite 404, Addis Ababa, Ethiopia
Response Time: Within 30 days for all requests
Note: This Data Handling Compliance document is regularly updated to reflect current regulations and best practices. We are committed to maintaining the highest standards of data protection and will notify users of any significant changes.