Privacy Policy

1. Introduction

Bossorec Solutions Ltd ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Employer of Record (EoR) and Professional Employer Organization (PEO) services.

By using our services, you consent to the data practices described in this policy. This policy complies with Kenya's Data Protection Act, 2019, and other applicable data protection regulations.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Full name, contact information (email address, phone number, physical address)
• Employment information (job title, department, start date, salary details)
• Identification documents (national ID, passport, tax identification number)
• Bank account details for payroll processing
• Emergency contact information
• Educational and professional qualifications

2.2 Company Information

For client companies, we collect:

• Company name, registration details, and business information
• Contact information for authorized representatives
• Payment and billing information
• Service preferences and requirements

2.3 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address, browser type, and operating system
• Pages viewed and time spent on our website
• Referring website addresses
• Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide EoR and PEO services, including payroll processing, benefits administration, and compliance management
• Employment Management: To facilitate employment contracts, onboarding, and offboarding processes
• Legal Compliance: To comply with Kenya Revenue Authority (KRA) tax obligations, NSSF, SHIF, and other statutory requirements
• Communication: To respond to inquiries, provide customer support, and send service-related notifications
• Improvement: To analyze and improve our services, website functionality, and user experience
• Security: To protect against fraud, unauthorized access, and other security threats

4. Data Protection and Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Employee training on data protection and confidentiality
• Secure data storage facilities and backup systems

5. Information Sharing and Disclosure

We may share your information with:

• Client Companies: Your employer or the company that engaged our services on your behalf
• Government Authorities: KRA, NSSF, SHIF, and other regulatory bodies as required by law
• Service Providers: Third-party vendors who assist us in providing services (e.g., payroll software providers, banking institutions)
• Legal Obligations: When required to comply with legal processes, court orders, or government requests

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Employment records are typically retained for five (5) years following the end of employment, in accordance with Kenyan labor and tax regulations.

7. Your Rights

Under Kenya's Data Protection Act, 2019, you have the right to:

• Information: Be informed about how and why your personal data is collected, used, and shared
• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Restriction: Request that we limit the processing of your personal data in certain circumstances
• Object: Object to the processing of your personal information in certain circumstances
• Data Portability: Request transfer of your information to another service provider
• Withdraw Consent: Withdraw consent for processing where consent was the legal basis

To exercise any of these rights, please contact us using the details provided in Section 10.

8. International Data Transfers

We primarily process and store data within Kenya. However, some of our service providers may be located outside Kenya. In such cases, we ensure that adequate safeguards are in place to protect your information in accordance with applicable data protection laws.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya if you believe your data protection rights have been violated.