Data Privacy Statement

Data Collection
The Department of Refugee Services(DRS) hereby stipulates that personal data shall be collected under the following circumstances, pursuant to lawful and legitimate purposes:

• Physical Attendance: Upon presentation of an individual at DRS centers for the purpose of seeking asylum or related services
• Online Applications: Submission of applications for services, including but not limited to camp visits and exemptions from designated residential areas via our website 
• Program Registration: Registration for any programs or services offered by DRS shall require the collection of personal data for the proper administration and delivery of said programs and services.
• Application and Inquiry Submissions: The submission of applications or inquiries, whether through our website, electronic mail or in person
• Communication: Any communication initiated by an individual through our communication channels

Types of personal data collected include:

• Personal data may include names, date of birth, nationality, copy of passport/identification document, reason for visit, reason for exemption, Contact Information e.g. phone numbers, email addresses, and physical addresses; Date of arrival, Place of entry into the country, Education level, Individual number, Occupation, profession, trade or employment and such other particulars as may be prescribed by the Commissioner 
• Sensitive data may include ethnicity, health status, biometric data, skills, marital status, family composition including names of the person’s children, parents, spouse, relatives, gender, former residence, reason for flight, place of residence, specific needs if any, among others as may be prescribed by the Commissioner

3.  Purpose of Data Collection & Processing
We collect personal information basically for the below reasons:

• Regulatory Compliance: To comply with national and international laws
• To facilitate continuous registrations and process applications i.e. exemption cases processing, exit visa processing
• Documentation purposes: To issue legal documentation for identification purposes, issue recommendation letters to access services, camp visit authorizations 
• Identification/Verification: To serve the correct individual through biometrics 
• To provide updates to data subjects on the progress of their applications
• Planning & Service Delivery: To facilitate access to essential services i.e. healthcare, education and housing
• Protection purposes: To ensure the safety of both refugees and the host community
• Monitoring purposes: To understand the activities data subjects are involved in
• Family re-unification: Re-uniting families after separation 
• Refugee Status Determination (RSD): To enable the RSD unit to undertake the necessary assessments to determine whether to grant status or not
• Reporting purposes: To provide relevant periodical reports

4. Legal Basis for Processing
We process personal data pursuant to the following legally established bases:

• Statutory Obligation: The processing of personal data is undertaken to fulfill mandatory legal obligations imposed upon DRS by applicable laws and regulations governing refugee services.
• Performance of a Public Duty: The processing of personal data is necessary for the performance of functions vested in DRS as a governmental body, thereby serving the public interest.
• Legitimate Interest: The processing of personal data is conducted in furtherance of the legitimate interests of DRS in ensuring the efficient and effective delivery of mandated services.
• Informed Consent: Where required by law or deemed appropriate, DRS shall obtain the explicit and informed consent of the data subject prior to processing personal data, including that of their dependents.

5. Data Sharing & Disclosure
The Department of Refugee Services hereby affirms that it does not engage in the sale or rental of personal data. However, under strictly controlled data sharing agreements, DRS may disclose personal data under the following legally permissible circumstances:

• Mandatory Disclosure to Governmental Entities: Disclosure of personal data to government authorities and agencies shall be undertaken as required by applicable laws and regulations, for the purpose of enabling data subjects to access legally mandated services.
• Collaboration with International Organizations or other partners: Disclosure of personal data to international refugee and humanitarian organizations or other partners shall be conducted to facilitate the provision of refugee protection, resettlement, and support services, in accordance with international legal obligations and established agreements. 
• Engagement of Third-Party Service Providers: Disclosure of personal data to third-party service providers, engaged to assist with IT systems and data processing, shall be permissible, provided that such disclosure is governed by legally binding confidentiality agreements that ensure the protection of personal data.

• Legal Compliance and Protection of Rights: Disclosure of personal data may be undertaken for legal purposes, including, but not limited to, responding to court orders, legal processes, law enforcement requests, and legal claims, as well as to protect and defend the rights, interests, health, safety, and security of our clients, users, or the general public, in compliance with applicable laws and regulations.

  Interactions with Third-Party Platforms
  By accessing third-party services, such as Facebook or Twitter to share information about your experience with others, these third-party services may be able to collect sensitive personal information about you and handle in accordance with their own privacy policies.  
  You are hereby advised to exercise due diligence and caution when disclosing personal information within these public domains. DRS expressly disclaims any and all liability for information voluntarily submitted within such third-party platforms. We shall not be held responsible for the privacy practices or data handling procedures employed by these external entities.

6. Data Security Measures
We hereby assert our commitment to the implementation of strict security measures designed to protect personal data from loss, theft, misuse and unauthorized access, disclosure, destruction and alteration. 
These measures include, but are not limited to:

• Data Encryption and Secure Storage: Sensitive personal data shall be encrypted and stored in secure repositories to ensure confidentiality and integrity.
• Access Control Mechanisms: Access to personal data shall be restricted through the implementation of robust access control mechanisms, limiting authorization to designated personnel with a legitimate need to access such data.
• Periodic Security Audits and Compliance Monitoring: DRS shall conduct regular security audits and compliance monitoring activities to assess the effectiveness of implemented security measures and ensure adherence to applicable legal and regulatory requirements.

Note that no data storage system or transmission of data over the Internet or any other public network can guarantee 100 percent safety, and that information collected by third parties may not have the same security protection as information you submit to us, and we are not responsible for protecting the security of such information.

7. Data Retention
We retain personal data only as long as necessary for the purposes outlined, or as required by law. Upon the expiration of the applicable retention period, personal data is securely deleted or anonymized in accordance with the established data disposal protocols.

8. Jurisdictional Considerations & Data Transfer 
We maintain information within the Republic of Kenya and in accordance with the laws and regulations of the of the Kenyan government, which may not provide the same level of protection as the laws in your jurisdiction.  
By accessing our website and providing us with information, you understand and consent that your information may be transferred and stored on servers located outside your country of jurisdiction, and that you consent to processing such data by DRS in accordance with this Data Privacy Statement.  

9. Data Privacy for Minors
We do not knowingly collect any personal information from children without parental/guardian consent, unless permitted by law.  If we learn that a child has provided us with personal information, we will delete it in accordance with applicable law.

10. Your Rights
Under the Data Protection Act, 2019, you have the right to:
•    The right to be informed about the processing of your personal data;
•    The right to access your personal data;
•    The right to rectification of your personal data;
•    The right to erasure of your personal data;
•    The right to data portability;
•    The right to object to processing of your personal data; and
•    The right to restrict processing of your personal data.
To exercise these rights, or if you have any complaint please write to complaints@refugee.go.ke or our Helpdesk at info@refugee.go.ke.  According to the Refugee Act 2021 and the internal operating procedures, this information is transparently communicated verbally before registration, RSD or protection interviews conducted. 

9. Cookies & Website Tracking
Our website may use cookies and tracking technologies to enhance user experience. You can control cookie preferences in your browser settings.

10. Changes to This Statement
We may update this statement periodically. Any changes will be posted on this page with an updated revision date.

11. Contact Information
For any questions regarding this statement or your personal data, contact:
Department of Refugee Services (DRS)
Corporate Place,
Kiambere Road, Upper Hill
P.O Box 42227-00100, Nairobi.
Telephone: +254 020 440 5057
Email: info@refugee.go.ke,
Twitter handle: @refugeeaffairs
Facebook:Department of Refugee Services-DRS, Kenya
By using our website and other social media pages, you consent to the terms outlined in this Data Privacy Statement.