• info@transittag.com
  • Solanite Godowns, Mombasa RD, Nairobi.

Privacy Policy

Introduction

Welcome to TransitTag, a cutting-edge digital student ID card system designed to transform student safety in the modern era. We prioritize the privacy and security of our users, which include students, parents, schools, and transportation providers. This Privacy Policy outlines the types of information we collect, how we use it, and the measures we take to ensure it is protected.

Content

Definition and InterpretationInformation We CollectHow We Use Your InformationHow We Protect Your InformationSharing Your InformationYour Choices and RightsChanges to This Privacy Policy

Definition and Interpretation

For the purposes of this Privacy Policy, the following definitions apply:

"Applicable Law" means the Constitution of the Republic of Kenya, all Acts of Parliament including regulations, rules, guidelines, guidance notes issued pursuant to any Act of Parliament, legislative and regulatory requirements, and codes of practice applicable to the processing of personal data and/or applicable to a data controller or data processor as may be amended from time to time;

“Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”). For clarity, an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of such a natural person;

“Controller” means the natural or legal person, authority, organization or other agency that makes decisions individually or together with other parties regarding the purposes and means for processing personal data;

A. Information We Collect

1. Personal Information:

  • Students: Name, student ID number, grade, and digital ID card information.
  • Parents/Guardians: Name, contact information (phone number, email address), and relationship to the student.
  • Schools and Transportation Providers: Staff names, contact information, and bus details.

2. Location Data:

  • Real-time tracking data of the school bus, including GPS coordinates, route details, and timestamps of boarding and alighting.

3. Video and Audio Data:

  • Live video streaming data from cameras installed inside school buses for monitoring purposes.

4. Usage Data:

  • Information about how users interact with our app and system, including login times, accessed features, and usage patterns.

B. How We Use Your Information

1. To Ensure Student Safety:

  • Real-time tracking and monitoring of student commutes to provide instant notifications to parents and schools.
  • Live video streaming (when implemented) to monitor student behavior and driver conduct.

2. To Facilitate Communication:

  • Sending real-time notifications to parents and schools regarding bus details, departure times, and any incidents.

3. To Improve Our Services:

  • Analyzing usage data to enhance the functionality and user experience of TransitTag.

4. To Comply with Legal Obligations:

  • Ensuring compliance with Data Protection Act, 2019 and its regulation, the Data Protection Policy, 2018 among others regarding student safety and data privacy.

C. How We Protect Your Information

1. Data Encryption:

  • We will encrypt all sensitive data both in transit and at rest. This prevents unauthorized

2. Access Control:

  • We will implement role-based access control (RBAC) to ensure that only authorized personnel have access to sensitive data. We will limit access privileges based on job roles and responsibilities.

3. Authentication Mechanisms:

  • We will enforce strong authentication methods like multi-factor authentication (MFA) to verify the identity of users accessing the system or sensitive data.

4. Data Minimization:

  • We will collect and retain only the minimum amount of personal data necessary for the application’s functionality. We will regularly review and purge unnecessary data.

5. Regular Audits and Monitoring:

  • We will conduct regular audits of access logs, system activity and data handling practices. We will set up real-time monitoring for suspicious activities and potential security breaches.

6. Employee Training and Awareness:

  • We will train all employees on data protection policies and procedures. We will ensure they understand the importance of safeguarding personal data and the potential consequences of non-compliance.

7. Secure Development Practices:

  • We will follow secure coding practices and conduct regular security reviews and penetration testing of the application to identify and address vulnerabilities.

8. Data Backup and Disaster Recovery:

  • We will implement regular data backup procedures to ensure data can be recovered in case of accidental loss or system failure. We will test disaster recovery plans regularly.

9. Vendor Risk Management:

  • If third-party services are used, we will conduct thorough due diligence on vendors' security practices and ensure they comply with relevant data protection regulations.

10. Incident Response Plan:

  • We have developed and will maintain an incident response plan to outline steps to be taken in case of a data breach or security incident. This should include communication protocols and notification procedures.

11. Privacy by Design:

  • We have incorporated privacy considerations into the application’s design and development process from the outset. This includes implementing privacy enhancing features and minimizing data exposure.

12. Regular Compliance Checks:

  • We will continuously monitor changes in data protection regulations and ensure that the app remains compliant with applicable laws and regulations.

D. Sharing Your Information

1. With Schools and Transportation Providers:

  • Necessary personal and location data is shared with schools and transportation providers to facilitate student safety and communication.

2. With Parents:

  • Real-time tracking and notification data is shared with parents to keep them informed about their child's commute.

3. Legal Requirements:

  • We may disclose personal information if required by law or in response to valid requests by public authorities (e.g., a court or government agency).

4. Third-Party Service Providers:

  • We may employ third-party companies and individuals to facilitate our service, provide the service on our behalf, or assist us in analyzing how our service is used. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

E. Your Choices and Rights

  • Right to be informed that we are collecting your personal information and how we are processing it;
  • Right to rectify your personal data where it is inaccurate or incomplete;
  • Right to withdraw your consent to the processing of your personal data. However, we may continue processing your personal data for legitimate interests or legal grounds;
  • Right to object to processing of all or part of your personal data. However, we may decline your request if we are obliged by law or entitled to do so;
  • Right of erasure of your personal data held by us, noting that we may continue to retain your information if we are entitled to do so or obliged by law;
  • Right to access your personal data in our possession;
  • Right to not be subjected to profiling or automated decision making in regards to processing of your Personal Data. However, we may decline your request if we are obliged by law or entitled to do so;
  • Right to request your personal data to be processed in a restricted manner. Note that we may continue processing data and reject the request if we are entitled to or are legally obliged;
  • Right to data portability in a manner we may deem appropriate such as electronic format;

F. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and, if the changes are significant, providing a prominent notice. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.