DATA PROTECTION POLICY
Article 1: Aim of the Data Protection Policy
OMNI MARCHÉ SÉCURITÉ (OMS) Afica (Hereinafter referred to as ‘OMS’) acknowledges that information technology should be at the service of every citizen.
OMS is committed to protecting and respecting your privacy in compliance with data protection laws and regulations both locally and internationally. This data protection Policy (Hereinafter referred to as ‘policy’) applies worldwide to OMS and is based on globally accepted, basic principles on data protection and ensuring data protection is the foundation of trustworthy relationships and the reputation of OMS as a credible organisation. This policy also outlines how we collect, use, store, disclose, and protect your personal data when you interact with our website, products, services, and communications.
Article 2: Scope of Policy
This policy applies to all entities of OMS including subsidiaries in all countries of operation.
Below are covered by this policy:
- All OMS staff and governance members
- Any person employed by an entity that carries out missions for OMS
- Clients and potential clients of all OMS entities
- Visitors to any OMS entity
- Fund contributors, partners, and institutional investors
- Any individuals whose personal data we process in the course of our business operations
It is intended to comply with applicable data protection legislation including, where applicable, the Data Protection Act of Kenya, the Uganda Data Protection and Privacy Act, and the UK General Data Protection Regulation (UK GDPR).
Article 3: Data We Collect
This Policy applies to all sets of personal data, currently stored, maintained and handled by OMS and more specifically to the following identified sets of personal data:
- OMS’ personnel, including national and international staff, and interns
- OMS’ direct and indirect beneficiaries, including interviewees
- OMS’ donors and sympathisers
- OMS contractors, suppliers, consultants, and implementing partners currently under contract with OMS
Personal data, herein referred to, means any information relating to a natural person who is or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. This can include, in particular:
a) Information You Provide Directly
- Names of individuals
- Postal or living addresses
- Email addresses
- Telephone numbers
- Identity card and passport
- Date and place of birth
- Job title and employer/business details
- Investment-related queries or application details
- Identification of relatives
- Business reference
- Geo-referencing
b) Information Collected Automatically
- IP address, browser type, and device information
- Usage data and website interaction patterns
- Cookies and similar tracking technologies
Processing of personal data means any operation or set of operations in relation to such data, whatever the mechanism used, especially the obtaining, recording, organisation, retention, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, deletion or destruction.
Article 4: Application of National Laws and Sources of Authority
OMS is headquartered in Kenya and observes the laws of Kenya (The Data Protection Act No 24 of 2019)
This Data Protection Policy comprises the internationally accepted data privacy principles without replacing the existing national laws. It supplements the national data privacy laws. The relevant national law will take precedence in the event that it conflicts with this Data Protection Policy or it has stricter requirements than this Policy. The content of this Data Protection Policy must also be observed in the absence of corresponding national legislation.
The reporting requirements for data processing under national laws must be observed. Each entity of OMS including network and branch offices, is responsible for compliance with this Data Protection Policy and the legal obligations. At the same time, OMS has rules and standards that seek to create a consistent approach and which, in some cases, may be stricter than national or local laws. This Policy must, therefore, be followed in addition to the relevant national and local laws on data protection. In the event of conflicts between national legislation and the Policy, OMS will work with the relevant country offices to find a practical solution that meets the purpose of the Policy.
Article 5: Purpose and Legal Basis for Processing
We process personal data for the following purposes and based on the legal grounds below:
| Purpose | Legal Basis |
|---|---|
| To respond to inquiries and provide requested services | Performance of a contract / Legitimate interest |
| To maintain investor and contributor records | Legal obligation / Legitimate interest |
| To manage communications, newsletters, and updates | Consent / Legitimate interest |
| To improve website functionality and user experience | Legitimate interest |
| To comply with legal, regulatory, and risk management obligations | Legal obligation |
Article 6: Data Sharing and Disclosure
We may share your personal data with:
- Internal teams and departments of OMS
- Our service providers, legal and financial advisors, and IT consultants
- Regulators, law enforcement bodies, or public authorities when required by law
- Partners or counterparties in relation to mergers, acquisitions, or fund-related transactions, subject to confidentiality obligations
We ensure that any third party with whom we share data processes it in accordance with applicable laws and maintains appropriate security measures.
Article 7 : Data Transfers
Where personal data is transferred across borders (for example, to cloud service providers or affiliates in other jurisdictions), we implement adequate safeguards such as:
- Standard Contractual Clauses (SCCs)
- Data processing agreements
- Compliance with applicable data transfer laws
Article 8: Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. Once the retention period expires, data is securely deleted or anonymised
Article 9: Data Security
We have implemented suitable technical and organisational measures to protect your personal data, including:
- Encrypted communications
- Restricted data access
- Secure storage systems
- Periodic data audits and risk assessments
Despite these measures, no method of transmission over the internet is 100% secure. Therefore, we cannot guarantee absolute security.
Article 10: Your Data Protection Rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Object to or restrict our use of your data
- Withdraw your consent at any time (where applicable)
- Lodge a complaint with a data protection authority
To exercise any of these rights, please contact us at [insert contact email].
Article 11: Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in technology, legislation, or our business practices. Any changes will be posted on this page with a revised “Effective Date.” We encourage you to periodically review this page to stay informed of how we protect your data.
Article 12: Contact Us
If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us on the contact provided in the website.
Effective Date
29th September 2025