Privacy Statement

  •  Purpose

This Privacy Statement provides information on how All Saints’ Cathedral collects and processes your personal data as a data subject, as per the Data Protection Act 2019.

This statement should be read together with the Terms and Conditions of All Saints’ Cathedral, which are also available on the website. For purposes of data privacy and protection, this Privacy Statement will prevail over the Terms and Conditions, in cases where there is a conflict between the two.

This statement applies to all employees, congregants, clients, contractors, vendors, service providers, consultants, any other third parties, visitors to this website, visitors to All Saints’ Cathedral’s social media platforms, and visitors to All Saints’ Cathedral’s physical premises within the Republic of Kenya.

  • Key definitions

“You” means the following:

  1. Employees of All Saints’ Cathedral.
  2. Congregants and clients of All Saints’ Cathedral.
  3. Contractors, vendors, and service providers who have been contracted by All Saints’ Cathedral to provide goods and services.
  4. Consultants and any other third parties who have entered into legally-binding contracts and agreements with All Saints’ Cathedral for the provision of professional services.
  5. Visitors to the All Saints’ Cathedral website (www.allsaintsnairobi.com).
  6. Users of All Saints’ Cathedral’s social media platforms.
  7. Visitors to All Saints’ Cathedral’s physical premises within the Republic of Kenya.

“We,” “our,” “ours,” and “us,” means All Saints’ Cathedral and its affiliated organizations, as may from time to time be specified by All Saints’ Cathedral to you.

“Personal data”means any information relating to an identified or identifiable natural person.

“Sensitive personal data” means data revealing the natural person’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person’s children, parents, spouse or spouses, sex or the sexual orientation of the data subject.

“Processing” means any operation or sets of operations which is performed on personal data or on sets of personal data whether or not by automated means, such as

  1. collection, recording, organization, structuring
  2. storage, adaptation or alteration
  3. retrieval, consultation or use
  4. disclosure by transmission, dissemination, or otherwise making available
  5. alignment or combination, restriction, erasure or destruction
  • Data collection

All Saints’ Cathedral collects your personal data with your knowledge and consent, when you do any of the following:

  1. register for a specific service or event offered by us
  2. visit any of our physical premises within the Republic of Kenya
  3. visit our website and social media platforms
  4. enter into a legally binding contract or agreement with us
  5. make inquiries using our website chatbot, official email, WhatsApp channel, direct messages (DMs) on our social media platforms, or at the reception desk at our offices
  6. respond to or participate in a survey disseminated by us
  7. respond to or participate in marketing promotions and competitions organized by us

We may also collect your personal data indirectly, in the following ways:

  1. from other organisations including credit-reference bureaus, fraud prevention agencies, and business directories
  2. from professional service platforms such as LinkedIn, GlassDoor, etc., where you have made your personal data publicly available
  3. from your social media platforms where you have made your personal data publicly available
  4. through any of our contracted agents, intermediaries, merchants, or dealers to whom you have disclosed your personal data
  5. from government and regulatory bodies, to fulfil our legal obligations and for investigative purposes

We do not collect any personal data or sensitive personal data from minors (any person under 18 years of age), except where this information has been provided by the authorized guardian or representative, and they have consented to the collection and processing of the personal data. Moreover, All Saints’ Cathedral will only deal with the authorized guardians and representatives for all matters related to the personal data and sensitive personal data of the respective minors.

  • What Information is collected?

The information we collect and store about you includes, but is not limited to the following:

  1. Your full names
  2. Your age
  3. Your gender
  4. Your email address
  5. Your phone number
  6. Your physical address
  7. Your postal address
  8. Your ID number
  9. Copies of your identification documents (ID, Passport, Driver’s License}
  10. Passport photos
  11. Your signature specimen
  12. Your photos and videos captured by CCTV cameras within our physical premises
  13. Your vehicle/motorcycle number plates when you use any of our parking facilities
  14. Information about your bank account numbers, SWIFT codes, or other banking information.
  15. Your transaction information when you use third-party payment platforms
  16. Your device IP address and MAC address when you use any of our corporate or guest networks, both wired and wireless
  17. Tracking cookies when you use our website
  18. Your family details provided to us by you
  19. Your medical history
  20. Profiling information such as your level of education, financial status, professional details, collected as part of our research and surveys
  21. A record of your conversations when you call or message our customer care line.
  • Purpose of data collection

The personal data and sensitive personal data that we collect about you, is used for any of the following purposes:

  1. Entering into contractual of professional agreements with you
  2. Providing the products and services requested by you
  3. Invoicing you for the use of any of our products and services
  4. Confirmation and verification of payments made by you to us
  5. Responding to any of your queries or concerns regarding our services
  6. Verifying your identity information through publicly available and/or restricted government databases in order to comply with applicable regulatory requirements
  7. Keeping you informed about new services and events offered by us
  8. Contacting you to communicate offers or promotions based on how you use our services, unless you opt out of receiving such marketing and promotional messages
  9. To comply with any legal, governmental or regulatory requirements
  10. To aid in investigations or legal proceedings
  11. To perform quality assurance in order to improve our services
  12. For research, statistical, survey and other scientific or business purposes
  13. To efficiently administer any of our online platforms and websites.
  14. To assess the purpose and nature of your business or principal activity, your financial status and the capacity in which you are entering into a business relationship with us.
  15. To verify the age of minors and obtain appropriate consent
  16. Identifying you and verifying your physical address
  17. Identifying your source of income and other similar financial information
  18. Responding to any of your queries or concerns
  19. Carrying out credit checks and credit scoring
  20. To comply with any legal, governmental, or regulatory requirement or for use by our lawyers in connection with any legal proceedings
  21. To perform background checks and screening where you have applied to be employed by us
  22. To perform employee monitoring and performance evaluation where you have been employed by us
  23. To perform due diligence for contracted third parties
  24. To perform security monitoring and administration in our buildings and physical premises

We shall notify you whenever there are changes to any of the above processing activities, or when we introduce new processing activities that are not part of the ones listed above.

  • Your rights as a data subject

Subject to legal and contractual exceptions, you have the following rights as a data subject, as per the Data Protection Act, in relation to the personal data and sensitive personal data that we collect and process:

  1. Right to be informed of the purposes for which we collect and process your personal data
  2. Right to access the personal data that we keep about you
  3. Right to object to the processing of your personal data, which includes withdrawing consent at any time before, during, and after the processing activity for which consent had been obtained
  4. Right to correct any false or misleading personal data that we hold about you
  5. Right to request the deletion of false or misleading personal data that we hold about you

You may exercise any of the above rights by downloading the data subject request forms from our website, and submitting them through our official customer care email address or physically presenting them at our office locations. You may also direct them to our Data Protection Officer using the following email address: jmuthee@allsaintsnairobi.org

All requests will be reviewed, actioned upon, and our response will be communicated to you using the email address that you have provided to us, within 14 calendar days.

  • Disclosure of personal data

In order to fulfil our legal obligations, contractual obligations, and pursue our legitimate interests, we may occasionally disclose your personal data to related churches, third party individuals and companies, and government bodies.

We may also disclose your personal data to investigative authorities, courts, and arbitrators to aid in the investigation process and furnish evidence in legal proceedings.

All transfers to third party data controllers and data processors will be notified to you, where it is reasonably practical to do so. We shall endeavour to ensure that the respective third parties have adequate data protection measures in compliance with the Data Protection Act.

  • Transfer of personal data

Where it is determined that there is a necessity to transfer personal data outside Kenya, we shall take appropriate measures to ensure compliance with the transfer safeguards that have been stipulated in the Data Protection Act 2019. This will include the following:

  1. Notifying you about the need for the transfer, and the intended recipient country or entity
  2. Conducting a data protection impact assessment prior to the transfer
  3. Obtaining an opinion from the Office of the Data Protection Commissioner in relation to the transfer
  4. Obtaining proof of adequate safeguards from the recipient country and/or entity
  5. Encrypting personal data before, during, and after transfer
  6. Maintaining an inventory of your personal data that has been transferred, and making it available to you upon request
  • Security of personal data

We shall ensure that access to electronic and physical repositories containing your personal data and sensitive personal data is restricted and monitored, based on reasonable and appropriate administrative, physical, and technical safeguards.

Additionally, we shall institute measures to ensure that all of our subsidiaries and contracted third parties adhere to the same security requirements whenever we share or transfer your personal data to them.

We shall inform you about any data breaches and privacy-related incidents that may impact you directly or indirectly, within 72 hours of becoming aware of the breach/incident. However, this shall only be done in cases where there is a high risk of harm to you and your rights, and where we have not been able to adequately mitigate the breach in a timely manner.

  • Retention of personal data

We shall retain your personal data and sensitive personal data for the duration necessary to fulfil the purposes for which we have collected it, and to fulfil our legal obligations as a religious institution.

 To determine the appropriate retention period, we consider the size, nature and sensitivity of the personal data, the purposes for which we process the data, the need to comply with internal policies, and the applicable legal requirements.

However, we may retain your personal data indefinitely in accordance with the applicable lawful bases for which we intend to process and store the data.

You may request for the deletion of your personal data at any time before, during, or after the associated processing activities. However, we shall review such requests and make the appropriate decisions based on the requirements of the Data Protection Act 2019, and shall inform you about our decisions.

  • Use of personal data for Direct Marketing

We may occasionally disseminate marketing and promotional messages to you via the communication channels (email, phone number, postal address) that you have provided to us.

This will only be done if you have consented to it as part of the aforementioned processing activities in this privacy statement. Consent in this case refers to you explicitly opting in to receive promotions, offers, discounts, newsletters, etc., from us.

We will include opt-out mechanisms on each medium that has been used to disseminate the marketing information (email, SMS). You can request us to stop sharing such marketing information by opting out using the mechanism that we have provided, or by submitting a request to our Data Protection Officer at jmuthee@allsaintsnairobi.org. Requests for opt-outs shall be facilitated within 24 hours of being submitted.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service already taken up, warranty registration, or other transactions.

  • Cookie policy

Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser.

The cookies that are collected when you visit our website are categorized as follows:

  1. Session cookies: these last only for the duration of a user’s visit to the website. Once the web browser is closed, these cookies are automatically deleted. They help the website to track user activity during a session, such as keeping a user logged in.
  2. Persistent cookies: these remain on a user’s device even after the browser closes. They have an expiration date set by the website, and their primary role is to remember user settings and preferences across sessions. Persistent cookies can last from a few days to several months depending on their configuration.
  3. Strictly necessary cookies: these are critical for the basic functionality of the website. They help to manage essential tasks like session management, authentication, and security. Because they are fundamental to the website’s operation, they typically do not require user consent under most privacy regulations and deleting them may break the website.
  4. Analytics cookies: thesegather data on how users interact with the website, such as how much time they spend on a web page, what elements they interact with the most, or how they navigate through different sections. They are often used for website optimisation and help us to improve the overall performance of the website.
  5. Marketing cookies: these cookies are used to personalize the advertisements that we show to you on our website, so that they are meaningful to you. They also help us to keep track of the effectiveness of our advertisement campaigns. The information stored in these cookies may also be used by third-party advertisement providers to show you advertisements on other websites.
  6. Performance cookies: these track how well the website is functioning, by measuring factors like page load times and user interactions. They help us to detect and fix issues to improve the overall user experience.
  7. Functional cookies: these enhance website functionality by enabling non-essential but helpful features. These cookies remember user preferences and provide tailored content based on the user’s past interactions with the website. Unlike necessary cookies, functional cookies improve the site experience but are not necessary for the website to work.

You can accept or decline these cookies, or customize your cookie preferences. A cookie banner is visible when you first access our website, and it includes customization options for each of the categories of cookies that we collect.

Your cookie preferences will be saved during your active session, until you leave our website. You will have to customize your cookie preferences each time you access our website afresh. Depending on your customization selections, the appearance and several functionalities of our website may be affected, and this will be made clear on each cookie category that is displayed on our cookie banner.

Within our website, there are embedded links, plug-ins, and widgets that may direct you to external websites and applications that are not managed or administered by us. These sites have their own privacy statements and cookie policies and operate independently from our website. When you visit these sites, you will no longer be subject to our privacy statement and the associated protections.

  • Changes to the privacy statement

The effective date of this privacy statement is 1st July 2025.

We reserve the right to amend this privacy statement at any time, to ensure alignment with our operations and to comply with data privacy laws and regulations.

All amendments to this privacy statement will be posted on this website and the date of the most recent update will be indicated at the top of the Privacy Statement. Unless otherwise stated, the most current version shall supersede and replace all previous versions of the privacy statement.

  • Contact information of our Data Protection Officer

We endeavour to uphold your rights and the rights of all data subjects, and as such, we have a designated Data Protection Officer (DPO) who is tasked with overseeing all matters related to data privacy and protection.

If you would like to contact us with any queries, complaints, feedback, disputes, or clarifications with regard to the collection and processing of your personal data, you may do so by using our DPO’s details, which are as follows:

Name: Joshua Muthee

Designation: Data Protection Officer

Email: jmuthee@allsaintsnairobi.org

Telephone: 0713944606