Privacy Policy

Last Updated: June 22, 2025

The Ndege Group, Africa’s Sovereign Development Trust (ASDT), (“we,” “us,” or “our”), is profoundly committed to safeguarding your privacy and protecting your personal data. This commitment is underpinned by our strict adherence to leading Kenyan data protection laws, notably the Data Protection Act, 2019 of Kenya. This Privacy Policy comprehensively details how we collect, use, store, share, and protect your personal data when you visit or interact with our website, www.thendegegroup.com (the “Website”), and when you engage with our official social media channels, including through Direct Messages (DMs). By accessing or using the Website or engaging with our social media channels, you signify your explicit consent to the data practices described in this Privacy Policy.

1. Data Controller

The data controller responsible for the processing of personal data collected through this Website and our social media channels is:

Brand, People & Culture Desk.
The Ndege Group Nominees Limited for
Africa's Sovereign Development Trust℠ (ASDT)
Email: marketing@ndege.co.ke | hello@thendegegroup.com | +254 799 504 111
Address: 22 Murishu Road, Karen, P.O. Box 43112-00100, Nairobi County, Kenya.

2. Personal Data We Collect

We may collect various types of personal data when you interact with the Website or our social media channels:

  • Contact Information: This includes data such as your name, email address, telephone number, and mailing address, typically provided by you when you complete contact forms, subscribe to our newsletters, submit inquiries via the Website or through Direct Messages on social media.

  • Usage Data: Information about your interaction with and navigation of the Website, including your Internet Protocol (IP) address, browser type, device identifiers, operating system, referring URLs, pages viewed, and time spent on pages. This also includes aggregated, non-personally identifiable data from your interactions with our social media channels (e.g., likes, shares, comments, reach metrics) which is provided by the social media platforms. This data is collected through automated technologies like cookies and web analytics tools.

  • Correspondence Data: Details from emails, other communications you send to us, or information exchanged via Direct Messages on social media platforms.

  • Voluntarily Provided Data: Any additional information you choose to provide to us, such as feedback, survey responses, or details related to project inquiries or collaboration interests, whether submitted via the Website or social media platforms.

We do not knowingly collect personal data from individuals under the age of 16 without verifiable parental consent. If you believe that we may have inadvertently collected personal data from a child under 16, please contact us immediately at legal@ndege.co.ke so we can take appropriate steps to delete such data.

3. How We Collect Personal Data

We gather personal data through the following methods:

  • Direct Interactions: You provide data directly when you fill out forms on our Website (e.g., contact forms, newsletter sign-ups), engage in live chat, or communicate with us via email or phone. This includes personal data you submit directly to us through Direct Messages on our social media channels.

  • Automated Technologies or Interactions: As you navigate and interact with our Website, we may automatically collect Usage Data using technologies such as cookies, server logs, and analytics tools (e.g., Google Analytics).Please refer to our Cookie Policy for more detailed information on our use of cookies. We also collect aggregated usage data from social media platforms regarding interactions with our social media channels, subject to the privacy settings and policies of those platforms.

  • Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources, such as technical data from analytics providers (e.g., Google), advertising networks, and search information providers. This may include information from social media platforms if you have made it publicly available or granted permission for it to be shared.

4. Purposes and Legal Basis for Processing

We process your personal data for the following specific purposes and rely on the following legal bases under the Data Protection Act, 2019 of Kenya:

  • To Provide Services and Respond to Inquiries: To fulfil your requests, respond to your questions, and provide you with information about our initiatives, projects, or services, including those initiated via social media DMs or comments.

    • Legal Basis: Performance of a contract with you, or taking steps at your request prior to entering into a contract (Section 32(a) of the Data Protection Act, 2019), or our legitimate interests in communicating with you and managing our business (Section 32(f) of the Data Protection Act, 2019).

  • To Improve and Optimise the Website and Social Media Presence: To analyse Website and social media usage trends, identify technical issues, and enhance the functionality, user experience, and content relevance of our Website and social media engagement strategies.

    • Legal Basis: Our legitimate interests in understanding how our Website and social media are used to improve our services and offerings (Section 32(f) of the Data Protection Act, 2019).

  • To Communicate Marketing and Updates: To send you newsletters, updates, promotional materials, and other information about our activities, services, and events, where you have consented to receive such communications or where we have a legitimate interest to do so.

    • Legal Basis: Your explicit consent (Section 32(b) of the Data Protection Act, 2019) or our legitimate interests in promoting our activities to relevant audiences (Section 32(f) of the Data Protection Act, 2019). You have the right to withdraw your consent at any time.

  • To Comply with Legal Obligations: To meet our regulatory and legal obligations under Kenyan law (e.g., tax, anti-money laundering regulations).

    • Legal Basis: Compliance with a legal obligation to which we are subject (Section 32(c) of the Data Protection Act, 2019).

  • To Protect Our Rights and Interests: To prevent fraud, enforce our Terms of Use, protect our intellectual property, and defend against legal claims.

    • Legal Basis: Our legitimate interests in protecting our business, rights, and assets (Section 32(f) of the Data Protection Act, 2019).

5. Data Sharing and International Transfers

We may share your personal data with the following categories of recipients:

  • Service Providers: Trusted third-party service providers who perform functions on our behalf, such as website hosting, data analytics, email delivery, CRM services, and IT support. This may include social media management tools or customer service platforms that process data from your social media interactions.These providers are contractually obligated to process your data only as instructed by us and in compliance with the Data Protection Act, 2019 of Kenya.

  • Legal Authorities: When required by law, court order, or governmental request, we may disclose your personal data to law enforcement, regulatory bodies, or other public authorities.

  • Business Transfers: In the event of a merger, acquisition, sale of assets, or other corporate restructuring, your personal data may be transferred to the new entity, subject to equivalent data protection standards.

As Africa’s Sovereign Development Trust (ASDT) has operational bases, including in Seychelles and a primary contact in the UK, some data processing activities may occur outside Kenya. When transferring your personal data outside Kenya, we ensure that such transfers comply with the Data Protection Act, 2019 of Kenya by implementing appropriate safeguards, which may include:

  • Transferring data to a country with an adequate level of data protection as determined by the Office of the Data Protection Commissioner (ODPC) in Kenya.

  • Implementing appropriate safeguards such as standard contractual clauses or binding corporate rules approved by the ODPC, or through explicit consent from the data subject.

  • Ensuring that any transfers to entities in the UK comply with the UK GDPR and that transfers to Seychelles comply with the Seychelles Data Protection Act 2021.

We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy and Kenyan data protection law.

6. Data Security

We have implemented robust technical and organisational measures designed to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. These measures include, but are not limited to, encryption, pseudonymisation, access controls, secure network configurations, and regular security assessments. We adhere strictly to the principles of security by design and by default, in full compliance with the Data Protection Act, 2019 of Kenya.

Despite our stringent security measures, the transmission of information via the internet is not entirely secure. Whilst we strive to protect your personal data, we cannot guarantee the absolute security of data transmitted to our Website or through social media platforms. Any transmission is at your own risk.

7. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention periods depend on the type of data and the purpose of processing. For example:

  • Contact and Inquiry Data (including social media DMs): Retained for the duration necessary to resolve your inquiry or until you opt-out of communications, plus a reasonable period for administrative purposes.

  • Usage Data: Typically retained for a maximum of 12 months for analytical purposes, unless a longer period is required for specific investigations or legal obligations.

  • Legal Compliance Data: Retained for periods mandated by applicable Kenyan laws and regulations.

Once personal data is no longer required, it is securely deleted or anonymised in a manner that prevents its re-identification.

8. Your Data Protection Rights

Under the Data Protection Act, 2019 of Kenya, you have the following significant rights concerning your personal data:

  • Right to be Informed: The right to receive clear, transparent, and easily understandable information about how we use your personal data and your rights.

  • Right of Access: The right to obtain confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data and certain information regarding its processing.

  • Right to Rectification: The right to request the correction of inaccurate or incomplete personal data concerning you.

  • Right to Erasure (the ‘Right to be Forgotten’): The right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing, subject to legal exceptions.

  • Right to Restriction of Processing: The right to request that we limit the way we use your personal data in certain circumstances.

  • Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller.

  • Right to Object: The right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) or for direct marketing.

  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer at legal@ndege.co.ke. We will respond to your request within a reasonable timeframe as stipulated by the Data Protection Act, 2019 of Kenya.

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya, the supervisory authority for data protection issues in Kenya. Their website is www.odpc.go.ke.

9. Cookies and Tracking Technologies

The Website utilises cookies and similar tracking technologies to enhance your Browse experience, analyse Website usage patterns, and provide personalised content. Cookies are small text files that are downloaded and stored on your computer or mobile device when you visit a website. They serve various functions, such as remembering your preferences, enabling website functionality, and providing website owners with insights into user behaviour.

10. Third-Party Links

Our Website and our social media channels may, from time to time, contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit. Please note that your interactions on social media platforms are also governed by the terms of service and privacy policies of those specific platforms.

11. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy periodically to reflect changes in our data processing practices or evolving legal and regulatory requirements. Any revisions will be effective immediately upon posting the updated Privacy Policy on the Website, with the “Last Updated” date at the top of the policy being revised accordingly. We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your information. Your continued use of the Website or engagement with our social media channels after any changes indicates your acceptance of the revised Privacy Policy.

12. Contact Information

For any questions, comments, or requests regarding this Privacy Policy or to exercise your data protection rights, please contact our Data Protection Officer:

Legal Desk
The Ndege Group Nominees Limited for
Africa's Sovereign Development Trust℠ (ASDT)
Email: legal@ndege.co.ke | hello@thendegegroup.com | +254 799 504 111
Address: 22 Murishu Road, Karen, P.O. Box 43112-00100, Nairobi County, Kenya.

Cookie Policy

Last Updated: June 22, 2025

The Ndege Group utilises cookies and similar tracking technologies on www.thendegegroup.com to enhance your user experience, analyse Website usage, and provide personalised content. This Cookie Policy provides clear and detailed information about what cookies are, how we employ them, and the choices available to you regarding their use.

1. What Are Cookies?

Cookies are small text files that are downloaded and stored on your computer or mobile device when you visit a website. They help websites function, remember preferences, and provide insights into usage.

2. Types of Cookies We Use

We use the following categories of cookies on our Website:

  • Essential/Strictly Necessary Cookies: These cookies are fundamental for the Website to perform its basic functions. They enable core functionalities such as secure login, shopping cart management, and remembering your cookie consent preferences. The Website cannot function properly without these cookies, and they do not require your explicit consent under Kenyan data protection laws.

  • Analytics/Performance Cookies: These cookies collect anonymised information about how visitors use our Website (e.g., pages visited, time spent), helping us understand and improve Website performance. We use tools like Google Analytics for this purpose. Your consent is required for these cookies.

  • Marketing/Targeting Cookies: These cookies are used to track your Browse habits across different websites to build a profile of your interests. They are then used to deliver more tailored content or advertisements to you. These cookies are set by us or by third-party advertising networks with our permission. Your explicit consent is required for these cookies.

3. How We Use Cookies

Cookies play a crucial role in improving your interaction with our Website by helping us to:

  • Ensure the smooth and efficient operation of the Website.

  • Analyse usage trends to continuously enhance our Website's functionality and content.

  • Provide personalised content, where you have granted consent.

  • Monitor and enhance the security of our Website and prevent fraudulent activity.

4. Managing Your Cookie Preferences

You have full control over your cookie preferences. You can manage them through:

  • Our Cookie Consent Tool: Upon your first visit to the Website, a cookie banner may appear, allowing you to customise your cookie preferences. You can also revisit your preferences at any time by clicking on the designated cookie settings link, usually found in the footer of the Website should your browser meet our security protocol minimum requirements.

  • Your Web Browser Settings: Most web browsers allow you to control cookies through their settings. You can configure your browser to block all cookies, block specific types of cookies, or alert you when a cookie is being sent. Please note that blocking certain types of cookies, especially essential cookies, may impact the functionality and performance of the Website.

  • Third-Party Opt-Out Tools: For some analytics and advertising cookies, you may be able to opt-out directly through third-party services, such as the Google Analytics Opt-out Browser Add-on.

5. Third-Party Cookies

In addition to our own cookies, some cookies may be set by third-party services whose functionalities we integrate into our Website (e.g., social media plug-ins, embedded content from video platforms, or analytics providers). These third-party cookies are governed by the respective privacy and cookie policies of those third parties, which we encourage you to review.

6. Contact Information

For any questions, comments, or requests regarding this Privacy Policy or to exercise your data protection rights, please contact our Data Protection Officer:

Legal Desk
The Ndege Group Nominees Limited for
Africa's Sovereign Development Trust℠ (ASDT)
Email: legal@ndege.co.ke | hello@thendegegroup.com | +254 799 504 111
Address: 22 Murishu Road, Karen, P.O. Box 43112-00100, Nairobi County, Kenya.