Privacy Policy

HostJaer values its customers’ privacy, which explains how we treat the information we collect from you. The company respects the Data Protection Act of 2019 and other relevant information management laws defined in the Kenya 2010 Consitution. This privacy policy outlines the regulatory process of the data we collect from the customer. HostJaer affirms the use of customer data as guided by the Office of the Data Protection Commission of Kenya.

Guiding Legislation

Data protection policies by HostJaer ensure that customers’ data subscribes to the privacy legislation, as outlined in Kenya’s Data Laws. Besides the Kenya Data Laws, this privacy policy also utilises Directive 95/46/EF from the European Parliament. It protects the processing and use of personal data and the movement of such data across different parties without the data owner’s permission.

Other applicable laws include the Danish Law on Personal Data and the European Parliament Laws of 2000 on the Act of Processing of Personal Data. Regulation 2016/679 from the European Parliament offers the guideline on data processing from a person and its free movement within the confines of its laws. It came into effect on the 25th of May 2018 and enforces data protection of European residents globally.

Processing of Personal Data

The Data Commissioner of Kenya allows to look into specific data categories on their behalf. It includes the identification information of the service user as explained in the GDPR article 4 (1) subsection 1 and listed under Appendix A.

The Data Commissioner can update the information from time to time, mirroring the improvement and activities, as per the GDPR article 32 section 2. However, is overseen by the Data Commissioner, including their employees.

The processor can only use the data for marketing and product development. Any other use must go through the Data Commissioner and okayed by the data owner. For more information on data processing, go through the policy on the Office of the Data Commission website.

Use Under Instruction can only use or process personal data as set by the Data Commissioner. The only allowed use of personal data is when the processor wants to improve the service, as established in the terms and conditions. keeps all user data on behalf of the Data Commissioner in accordance with statutory data on Data Privacy and Protection. Any amendment or processing must go through the Parliament. In case of any conflict of interest or confusion, the Data Commissioner will give direction, including the timelines and instructions on what should happen as they await clarity from applicable laws.

The’s Obligations shall treat every data in their possession with the strictest confidentiality. It cannot be copied, transferred or utilised unless with special permission from the Data Commissioner or data owner. The law applies to all employees and any person who comes into contact with it.

Security is an essential factor in data processing. The processor should follow the institutional and technical organisation guidelines as set in the applicable law. Most importantly, commits to keeping the data away from the reach of non-technical staff. This makes it accessible to only relevant staff, improving its safety. employees who have access to the data can only work on it based on their needs and contract terms. The Data Commissioner must access the data security measures on the processor’s servers and data banks to affirm its ability to keep customers’ data safe. When needed, the Data Commissioner does a data impact assessment to ascertain the viability of handling data security and its effects in case of a data leak. In essence, any data-related issue from the processor must be adequately answered in due time. The Data Commissioner can request specific data from the roll, subject to protection policies and applicable laws of Kenya. If the issue significantly impacts national security, is obliged to provide the data and any other documentation as instructed. There is a timeline for data provision from the processor. If it is urgent, will issue it immediately, subject to the requirement on data protection laws. will immediately alert the Data Commissioner for any breaches within the data bank. If the violation resulted from unlawful dissemination and unauthorised information disclosure, the victim would face the full force of the law. As for breaches resulting from accidents or other unplanned ways, efforts to curb further destruction will be accorded.

As per the submission, should document any form of data breach with intricate details. The list should have information concerning the nature of the breach, the data bank affected and the amount of data exposed. If there were any attempts to hack or breach online security, such details should also be presented whenever asked.

The processor should also prepare notes on successful blockage of data leaks, their origin and measures effected to prevent such occurrences from happening in the future. The Data Commissioner will forward all the online security assessments for appropriate action and further policy initiatives to the relevant bodies. The submission includes, but is not limited to:

  • com must comply with all data requested as per the terms, conditions and regulatory conduct.
  • com should abide by the Data Commissioner’s request on data processing, especially personal data.
  • com’s compliance with the Data Commissioner directive should be effected within the stipulated time.

Upon request, will transfer and store user data outside EEA’s jurisdiction to wherever they operate. They have the authority to move it to anywhere they feel comfortable providing their Main Services. For transfers outside the primary hosting server, they are subject to all applicable laws of the host country. This applies to any third-party country or autonomous organisation seeking to move its base to other countries. As the data law develops, they automatically apply to the host country. However, the new country’s applicable laws also apply if has clients in its jurisdiction.

The Data Commissioner’s Obligations

The Data Commissioner agrees that their Office shall abide by their obligations as a Data Controller under the Data Protection Laws and other applicable laws. This declaration applies when processing Personal Data and any information processing instructions as obliged at Any notice obtained, consents and rights necessary under the Data Protection Laws of Kenya allow to process Personal Data and provide the Main Services according to the Agreement and this DPA.

Sub-Processors has general authorisation to engage third parties to process the customer Data (‘Sub-Processors’) without necessarily obtaining written, specific approval from the Data Commissioner. The company can enter into a sub-processor agreement with any data sub-Processors, provided the act and deed align with the data protection act of 2019. shall monitor, control and oversee the Sub-Processors’ compliance with the Applicable data Law.

Remuneration and Costs has the right to remuneration for the time used, services rendered and material used to process data management activities related to any change as requested by the Data Commissioner. These payable activities include service implementation and additional costs needed to deliver the Main Services as per the changes in instructions. will not bare liability for non-performance of the Agreement if the obligations under the terms and conditions conflict due to changes in instruction.

Such changes in instruction cannot technically, practically or legally be implemented if the Data Commissioner explicitly requires that the changes to the original instructions can apply before the changes can be fully implemented. In this uncertainty period, before the original terms and conditions are fully operational, the status quo applies, with data management guidelines applying uniformly across the board. If there are changes to the Data Protection Act of 2019, the new guidance, including legal practice, may result in additional costs to The Data Commissioner shall indemnify of such documented and extra charges.

Breach of Agreement and Liability

If there is a security leak or data leak, shall notify the Data Commissioner immediately. The Data Commissioner will determine whether or not to inform the data owners and the relevant regulatory authority. The process applies irrespective of the magnitude of the leak. will give the complete information on the data breach, correct and accurate. shall cooperate by notifying the regulator and/or data owners if required by law.

The Data Commissioner holds the overall responsibility for any statutory obligations with respect to the breach. The commitment to report the breach includes the duty to report the facts, including details regarding:

  • The cause of the leak
  • The consequences
  • The (proposed) solution
  • The measures that have already been taken.

Liability as a result of the breach does not apply if the loss is due to the other party’s gross negligence or preventable misconduct. Expenses and resources used to carry out the other party’s obligations, including payment, go to the data protection agency or any other competent authority.

Duration of the Privacy Policy

These privacy policies shall remain in force until the terms and conditions are terminated.

Personal Data processes customers’ data in relation to the delivery of the Main Services:

  • Ordinary contact information on relevant employees from the Data Commissioner
  • Users of the Main Services: names, telephone numbers, emails, addresses and IPs.
  • Personal data given by users which directly and indirectly apply to the Main Services

Categories of data subjects processes customers’ end-users data on behalf of the Data Commissioner:

Legal Disclaimer reserve the right to disclose the user’s personally identifiable information within the confines of the law. It can be done when we believe that its disclosure is essential to protect their rights and/or to abide with judicial proceedings, court order, or any other legal processes relating to

Online Security

Personal information security is vital to HostJaer. The company follows industry best practices and standards to protect client information, both when processing and once they receive it. No internet transmission or storage method is 100% secure. Nevertheless, the company takes every step possible to make customer information safe. This website uses Secure Sockets Layer (SSL) to protect customer information. Essentially, while strives to use technically acceptable means to protect the user’s personal information, the company cannot fully guarantee absolute data security.

Privacy PolicyTermination

Authorisation to process customer Data on behalf of the Data Commissioner shall cease with the termination of this Agreement. shall only continue to process customer Data after the termination of this Agreement within the confines of the data protection law. can include the customers’ data on its backup. At the termination of this Agreement, and its Sub-Processors shall return the user data processed under this Agreement to the Data Commissioner, as long as the Data Commissioner doesn’t have the user data.

Changes To This Privacy Statement

In case decide to change this privacy policy, the company will post the changes to this privacy statement and other places we deem appropriate. It is done to make customers aware of the information collects, how they use it, and under what circumstances they disclose it. The company reserve the right to modify, amend or delete sections of this privacy statement at any time. From time to time, customers are urged to review it frequently. If make material changes to this policy, they will notify the customers here.


For more information, please do not hesitate to send your questions via our contact form.

Open chat
How can we help you today?