Privacy Policy

This Privacy Policy describes how Witsoft Ltd ("we," "our," or "us") collects, uses, processes, and protects your personal information when you use our Omni HR Software as a Service (SaaS) platform. We are committed to complying with the Kenya Data Protection Act, 2019, and other applicable data protection laws.

1. Company Information

Data Controller: Witsoft Ltd
Email: info@omni.co.ke
Phone: +254720 296 523

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Employee Data: Names, employee IDs, contact information, job titles, department, salary information, performance records, attendance data, and disciplinary records
• Account Information: User credentials, login information, and account preferences
• Technical Data: IP addresses, browser information, device information, and usage analytics
• Communication Data: Records of communications with our support team and within the platform
• Financial Information: Payroll data, tax information, and banking details for salary processing

2.2 Sensitive Personal Data

We may process sensitive personal data including:

• Health information for medical leave and insurance purposes
• Biometric data for attendance tracking (where applicable)
• Background check information
• Next of kin information for emergency contacts

3. Legal Basis for Processing

We process personal information based on the following legal grounds under the Kenya Data Protection Act:

• Consent: Where you have provided explicit consent
• Contract Performance: To fulfill our contractual obligations to provide HR services
• Legal Obligation: To comply with employment laws, tax regulations, and statutory requirements
• Legitimate Interest: To improve our services and ensure platform security

4. How We Use Your Information

We use your personal information for the following purposes:

• Providing HR management services including payroll, attendance tracking, and performance management
• Complying with employment laws and regulations
• Processing payments and managing benefits
• Generating reports and analytics for organizational purposes
• Maintaining platform security and preventing fraud
• Providing customer support and technical assistance
• Improving our services and developing new features

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Cloud hosting and data storage
• Payment processing
• Email and communication services
• Analytics and performance monitoring
• Background verification services

5.2 Legal Requirements

We may disclose your information when required by law, including:

• Compliance with court orders or legal processes
• Cooperation with law enforcement agencies
• Meeting tax and regulatory reporting obligations
• Protecting our legal rights and interests

6. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: Data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Strict user authentication and authorization mechanisms
• Regular Audits: Periodic security assessments and vulnerability testing
• Staff Training: Regular data protection training for all employees
• Incident Response: Procedures for detecting, investigating, and responding to security incidents

7. Data Retention

We retain personal information for the following periods:

• Active Employee Data: During employment and as required for ongoing HR operations
• Former Employee Data: Up to 7 years after termination or as required by law
• Payroll Records: As required by tax and employment laws (typically 5-7 years)
• System Logs: Up to 12 months for security and troubleshooting purposes

8. Your Rights

Under the Kenya Data Protection Act, you have the following rights:

• Access: Request access to your personal information
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal information (subject to legal obligations)
• Portability: Request transfer of your data in a structured format
• Restriction: Request limitation of processing under certain circumstances
• Objection: Object to processing based on legitimate interests
• Complaint: Lodge a complaint with the Office of the Data Protection Commissioner

9. International Data Transfers

If we transfer your personal information outside Kenya, we ensure:

• The destination country has adequate data protection laws, or
• Appropriate safeguards are in place through contractual arrangements
• We obtain your explicit consent where required

10. Cookies and Tracking Technologies

Our platform uses cookies and similar technologies to:

• Maintain user sessions and preferences
• Analyze platform usage and performance
• Enhance security and prevent fraud
• Provide personalized user experiences

You can manage cookie preferences through your browser settings.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will take steps to delete the information promptly.

12. Privacy Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes through:

• Email notifications to registered users
• Prominent notices on our platform
• Updated version dates on this policy