Home / Data Protection

Data Protection Guide

Last Updated: May 2026

Your Rights Under Data Protection Laws

As a user of Erudite Systems Solutions applications, you have fundamental rights regarding your personal data. This guide explains those rights and how to exercise them.

Right to Access (Right to Know)

You have the right to request and receive a copy of all personal data we hold about you in a clear, understandable format.

  • How to Request: Email privacy@erudite.co.ke with "DATA ACCESS REQUEST" in the subject line
  • What to Include: Your name, email, and the app(s) you use
  • Response Time: Within 30 days of receipt
  • Format: Data will be provided in a machine-readable format (JSON or CSV)
  • Cost: Free for the first request; subsequent requests may incur reasonable fees

Right to Rectification (Right to Correct)

If any personal data we hold about you is inaccurate, incomplete, or out of date, you have the right to request correction.

  • Self-Service: Update most information directly in the app settings
  • Manual Request: Contact privacy@erudite.co.ke for data we don't expose in settings
  • Verification: We may ask you to verify your identity
  • Timeline: Corrections made within 30 days

Right to Erasure (Right to Be Forgotten)

You have the right to request deletion of your personal data, subject to certain exceptions.

  • When You Can Request: When data is no longer necessary, or you withdraw consent
  • Process: Submit deletion request through your app account settings or email privacy@erudite.co.ke
  • Exceptions: We may retain data for legal/tax compliance (e.g., 7 years for financial records)
  • Timeline: Deletion completed within 30 days; backups deleted within 90 days
  • Irreversible: This action cannot be undone

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

  • When Applicable: While you dispute accuracy, we're not required to keep data, or for legal reasons
  • How to Request: Email privacy@erudite.co.ke with "RESTRICT PROCESSING" in the subject
  • What This Means: We'll limit data use while maintaining your account

Right to Data Portability

You have the right to receive your data in a portable, machine-readable format and transfer it to another service.

  • Scope: Personal data you've provided or that we've generated about you
  • Format: Available as JSON or CSV
  • How to Request: Through app settings or email privacy@erudite.co.ke
  • Timeline: Within 30 days

Right to Object

You can object to certain types of data processing, particularly for marketing purposes.

  • Marketing Communications: Unsubscribe from emails or manage preferences in app settings
  • Profiling: Object to automated decision-making about you
  • How to Object: Email privacy@erudite.co.ke with your request

Right to Appeal

If you're not satisfied with our response to a data protection request, you have the right to appeal.

  • Process: Submit a written appeal with reasons to privacy@erudite.co.ke
  • Response Time: Within 30 days
  • Escalation: You may lodge a complaint with relevant data protection authorities

How to Protect Your Personal Data

Best Practices

  • Strong Passwords: Use unique, complex passwords for your account
  • Two-Factor Authentication: Enable 2FA when available for added security
  • Secure Connection: Only access the app over secure networks (avoid public WiFi for sensitive operations)
  • Keep Software Updated: Install security updates for your device OS and apps
  • Logout: Always logout after using shared devices
  • Monitor Activity: Regularly review your account activity for suspicious access
  • Backup Data: Download important data regularly in case you need to delete your account
  • Report Issues: Immediately contact us if you suspect a security breach

Data Minimization

You can reduce your data footprint by:

  • Only sharing necessary information during registration
  • Declining optional permissions (camera, location, contacts) if you don't need them
  • Regularly reviewing and updating your profile information
  • Removing old or unnecessary data from the application
  • Disabling push notifications if you prefer not to receive them

Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will:

  • Notify you within 72 hours of discovery
  • Provide details of the breach and data affected
  • Explain steps we've taken to secure your data
  • Recommend protective measures you should take
  • Provide contact information for support

We will also notify relevant regulatory authorities as required by law.

Data Retention Schedules

Different types of data are retained for different periods:

Data Type Retention Period Reason
Account Information While account is active Necessary for account management
Activity Logs 12 months Security and compliance monitoring
Financial Records 7 years Tax and legal compliance
Backup Copies 90 days after deletion Data recovery purposes
Support Communications 2 years Support history and reference
Marketing Data Until opt-out Marketing purposes (can unsubscribe anytime)

Children's Privacy

Our applications are not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13:

  1. Contact us immediately at privacy@erudite.co.ke
  2. Provide the child's name and date of birth
  3. We will delete the information within 7 days

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we:

  • Use standard contractual clauses approved by regulators
  • Implement additional security safeguards
  • Ensure your data is treated with the same protection as domestic data
  • Obtain your explicit consent where required

Regulatory Compliance

Erudite Systems Solutions complies with data protection regulations including:

  • GDPR (EU General Data Protection Regulation) - EU users
  • CCPA (California Consumer Privacy Act) - California users
  • Kenya Data Protection Act - Kenya-based operations
  • PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada

Submit a Data Protection Request

Exercise your data protection rights using the form below:

We will respond within 30 days of your request. You will receive confirmation at the email address provided.

Contact & Support

For questions about your data protection rights or to file a complaint:

Erudite Privacy Team
Email: privacy@erudite.co.ke
Response Time: Within 30 days

Data Protection Authority (Kenya):
Office of the Data Protection Commissioner
www.odpc.go.ke