Privacy Policy

1. About This Policy

Chord Systems Ltd ("we", "us", "our") is committed to protecting the personal data of everyone who interacts with our business — including website visitors, clients, and prospective customers. This Privacy Policy explains what personal data we collect, how we use it, and the rights you hold under the Kenya Data Protection Act, 2019 (No. 24 of 2019) and its accompanying regulations.

By using our website or engaging our services, you acknowledge that you have read and understood this Policy. If you have any questions, you may contact us using the details at the end of this document.

2. Who We Are

Chord Systems Ltd is a Kenyan company registered and operating in Kenya. We provide security systems installation and related services, including CCTV, access control, electric fencing, and system maintenance.

Data Controller: Chord Systems Ltd

Address: Moi Avenue, Nairobi, Kenya

Email: privacy@chordsystems.co.ke

Phone: +254-123-456-789

3. Personal Data We Collect

We collect only the personal data necessary to provide our services and communicate with you. This includes:

• Contact information — name, phone number, email address, and physical location (for site surveys and installations).
• Enquiry and service details — information you provide when requesting a quote or describing your security needs.
• Technical data — IP address, browser type, and pages visited when you use our website (collected automatically via cookies).
• Communication records — records of emails, WhatsApp messages, or phone calls we exchange with you in connection with our services.

We do not collect sensitive personal data (such as financial account details, health records, or biometric data) through our website. Where biometric access control systems are installed on your premises, the associated data is stored on your on-site hardware or your chosen cloud provider — not on our servers.

4. How We Use Your Personal Data

We process your personal data for the following purposes, consistent with the legitimate bases under the Kenya Data Protection Act:

• Responding to enquiries — to assess your security needs and provide quotations.
• Delivering our services — to schedule site surveys, carry out installations, and provide after-sale support.
• Communications — to send service reminders, maintenance alerts, or updates relevant to your installation.
• Legal compliance — to meet obligations under Kenyan law, including record-keeping for tax and contract purposes.
• Improving our website — to understand how visitors use our site so we can make it more useful.

We will not use your data for purposes incompatible with those listed above without first obtaining your consent.

5. Sharing Your Data

We do not sell your personal data. We may share it with the following third parties only where necessary:

• Service subcontractors — engineers or technicians engaged on specific installation or maintenance jobs, who are bound by confidentiality obligations.
• Technology providers — software platforms we use for scheduling, communications, or website operations, subject to data processing agreements.
• Regulatory or legal authorities — where we are required to disclose information under Kenyan law or pursuant to a valid court order.

Any transfer of personal data outside Kenya will only be made where the receiving country provides adequate data protection or where you have given your explicit consent, in compliance with Section 48 of the Data Protection Act, 2019.

6. Data Retention

We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected. Client contact and service records are typically retained for seven years to comply with Kenyan tax and contract law obligations. Website analytics data is retained for twelve months. After the applicable retention period, data is securely deleted or anonymised.

7. Your Rights Under the Kenya Data Protection Act

The Data Protection Act, 2019 grants you the following rights regarding your personal data:

• Right to be informed — you have the right to know how your data is being used, as set out in this Policy.
• Right of access — you may request a copy of the personal data we hold about you.
• Right to correction — you may ask us to correct inaccurate or incomplete data.
• Right to deletion — you may request that we delete your data where it is no longer necessary for the purposes for which it was collected.
• Right to object — you may object to processing of your data, including for direct marketing purposes.
• Right to data portability — you may request your data in a commonly used, machine-readable format.

To exercise any of these rights, contact us at privacy@chordsystems.co.ke. We will respond within 21 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.

8. Security of Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or loss. These include restricted staff access, encrypted communication channels, and regular security reviews. However, no system is entirely risk-free, and we encourage you to contact us immediately if you believe your data may have been compromised.

9. Cookies

Our website uses cookies to improve your browsing experience and to collect anonymous analytics data. For full details on the cookies we use and how to manage your preferences, please read our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated Policy on this page with a revised "last updated" date. We encourage you to review this page periodically.