Kepler College Privacy Notice

Effective December 01, 2024

Kepler College (“us”, “we”, or “our”), is committed to protecting the privacy and personal data of all individuals who engage with us, including students, employees, and visitors to our website under the Kepler College domain keplercollege.ac.rw and other websites that link to this Privacy Policy (collectively “the services”). 

This Privacy notice explains the kinds of personal data we collect, how we utilize it, who we might share it with, the measures we take to safeguard it, and the options you have regarding how we handle your information.

Kindly review the information below to understand our approach and practices concerning your data and how we handle it. By accessing keplercollege.ac.rw, you acknowledge and agree to the procedures outlined in this policy.

• Who We Are

Kepler College offers high-quality, affordable, and employment-driven higher education at the intersection of management and technology.
Academic programs at Kepler College are designed to equip students with foundational attitudes and skills, subject matter expertise, and direct entry into employment or self-employment. 
Kepler College’s vision is to offer transformative opportunities and economic mobility to African youth by leading Africa’s transition to competency-based education.
Its mission is to equip young Africans with global competencies and the mindset to solve local challenges.

• Scope of this privacy notice

This Privacy Notice applies to individuals or entities with whom we have business relationships, where data is collected for operational purposes; individuals involved in our educational services, with data processed to support legal compliance and campus services; and all users of our digital platforms, where personal data is processed to enhance user experience and security.

Additionally, it covers individuals applying for job and internship opportunities, ensuring the secure and compliant handling of personal data throughout recruitment and internship processes. This notice also extends to staff and alumni, highlighting our commitment to the responsible collection, processing, and protection of personal data in alignment with applicable laws.

• What Laws Govern Our Data Processing Activities.

The applicable laws governing our data processing activities are primarily dictated by the jurisdiction of Rwanda, where Kepler College is located. This includes adherence to Rwanda’s Data Protection and Privacy Law Nº 058/2021 of 13/10/2021, which sets out guidelines for the collection, use, and protection of personal data. Additionally, we ensure compliance with relevant international regulations when providing services, such as the General Data Protection Regulation (GDPR) for any data processing activities since some of our data is stored in data centers located in countries where processing activities are governed by the General Data Protection Regulation (GDPR).

By aligning our practices with these legal frameworks, we aim to uphold the highest standards of data protection and privacy for our stakeholders.

• What Data We Collect and How We Collect It

When you visit our website or engage with our services, we may collect the following personal data:

4.1. Personal Information you provide:

If you subscribe to our newsletter via our site, we collect your name and email address. 

We also collect the same information when you fill our “contact us” form to have more information about our programs and services.

When you apply to be admitted as a student, we gather the necessary personal information to process your application and assess eligibility. This may include your name, contact details, address, academic history, assessment and examination results and other personal identifiers such as disability and refugee status.

After you have been admitted as a student, we collect from you next of kin details such as name, contact details, and address. 

When you apply for a job or internship with us, we collect your personal data such as your name, contact details, address, your employment history, resume, references, education level, and other information as part of the recruitment process. 

After you are employed with us, we collect from you your Identification details (Name, ID card no or passport no, Gender), Date of Birth, RSSB no, Contact details (Email address + Phone Number), Dependants’ details (Names, Relationship, Date of Birth), Marital status and Next of Kin information. 

When you register for an event, or become a visitor to our campus, we may ask you to provide personal data such as name, job title, company name, and company address.

When you register for a certification program we provide, we ask you to provide us with your name, email address and phone number

When you are a vendor or supplier entering, or already in, a business relationship with us, we collect your personal and business data. This data includes contact information (such as name, email address, and phone number), business registration details, tax identification numbers, bank account information for processing payments. We gather this data directly from you to establish contractual agreements, and to facilitate communication during the procurement process.

We may ask you to participate in a survey or study; and may request information from you. Participation is voluntary, and you have the choice of whether to disclose any requested information.

4.2. Personal Information We Collect Automatically

Cookies

We use cookies (small, often encrypted text files stored on your computer or mobile device) and similar technologies to collect information about your device, browsing activity, and habits. This helps us enhance your user experience and enable website functionality. Information is collected upon your initial visit to our website and as you navigate from one page to another.

You can adjust your browser settings to manage cookies.

Analytics

We use analytics tools, like Google Analytics, to understand how users interact with our services. With Google analytics we are able to collect your location and device information.

• How We Use Your Data

We will only use your personal data for various lawful purposes, including but not limited to the following:

• • Consent – Where we receive your consent
  • Pre-contractual or contractual obligation – Where we need such information to perform the contract we are about to enter into or have entered into with you
  • Legal obligation – Where we need to comply with a legal or regulatory obligation
  • Vital interest – Processing of Personal Data is needed in order to protect and save someone’s life.
  • Legitimate Interest – Where it is necessary for our legitimate interests (or those of a third party) and your interests and where fundamental rights do not override those interests
  • Statistical and/or academic research – Personal data from students or staff can be used for academic research purposes

Most commonly, we will use your personal data:

• • To review your qualifications and assessing suitability for roles (Legitimate interest)
  • To evaluate you for admission to enroll you as a student at Kepler College (Legitimate interest)
  • To enroll you in a training certification program/course. (Legitimate interest)

• • To contact family members, guardians, next of kin  in emergency situations (Vital interest) 
  • To register you for an event (Legitimate interest)
  • To send you regular newsletters covering our latest achievements, campus life and other latest news. (Legitimate interest, Consent)
  • To respond to inquiries and provide information about our courses, programs, and events  (Legitimate interest, Consent)
  • To provide enhanced campus life support (Legitimate interest)
  • To ensure smooth HR operations, compliance with national laws, and effective management of employee welfare programs. (Legitimate interest, Legal obligation)
  • To check the legitimacy of your business, and for processing payments (Legitimate interest, contractual obligation)
  • To conduct research with objectives to improve learning methods or analyzing educational outcomes. (Legitimate interest, Statistical research, Consent)
  • To ensure the security and proper functioning of our website and services (Legitimate Interest)

• How We Protect Your Data

Kepler College takes data security seriously, and implements technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. We use secure systems for data storage, encrypted communication channels, and access controls to limit who can access your personal data.

Since the internet is a public network, transmitting information over it cannot be entirely secure. While we take every reasonable precaution to protect your personal data, we cannot guarantee its safety during transmission. Any data you send to us over the internet is at your own risk, and it is your responsibility to ensure that your personal information is transmitted securely.

• How We Handle Your Data: Sharing, Transfers, and Storage

We do not share your personal data with third parties except with Kepler College stakeholders involved in advancing the institution’s mission. Data sharing may also occur if it is essential for the delivery of our services or if required by law

 For instance, we may share data with:

• • Legal and regulatory authorities upon request and when required to comply with legal obligations
  • Our partner higher learning institutions
  • Auditors, lawyers and other external professional advisors.
  • Third party Processors processing personal data on our behalf such as insurance companies, IT service providers, marketing and/or event agencies.
  • Partner organizations that facilitate employment for students
  • Any relevant party for the purposes of conducting research 

We also store personal data with cloud hosting providers located outside of Rwanda.

If your personal data is stored or transferred to a third party processor located outside of Rwanda, we ensure that such processing activities are conducted in accordance with applicable legal frameworks to protect data during these cross-border transfers and data storage activities. 

When we work with a third-party processor to handle your personal Data, they are required under binding contractual agreements to: (i) process the Personal Data solely according to our written instructions, and (ii) implement safeguards to maintain the confidentiality and security of the data, in addition to meeting any other applicable legal standards.  

• How you can exercise your rights

Under applicable data protection laws, you have the following rights regarding your personal data:
Right to Access: You have the right to request and receive a copy of the personal data we hold about you, allowing you to understand what information we have collected and how we process it.

• • Right to correct inaccurate or incomplete data: If you find any inaccuracies or if your data is incomplete, you have the right to ask us to update or correct it to ensure your information is accurate.
  • Right to Request Deletion: In certain circumstances, you may request the deletion of your personal data. This right applies when data is no longer necessary for the purposes for which it was collected, and if there is no lawful reason for us to keep processing it. This right might not apply where legal obligations require us to retain the data, such as in compliance with record-keeping laws.
  • Right to Object or Restrict Processing: You can object to or request restriction of our processing of your data, particularly in cases where data is processed for non-essential purposes. However, this right may not apply if we can demonstrate compelling legitimate grounds for processing that override your interests, or if processing is necessary for legal claims.
  • Right to Withdraw Consent: If our data processing activities are based on your consent, you have the right to withdraw that consent at any time, noting that withdrawing your consent will not impact the legality of any data processing conducted before we receive your withdrawal request, nor will it prevent us from processing your data based on other lawful grounds available to us. Additionally, please be aware that exercising this right may restrict your access to certain features or services.
  • Right to protection from automated decision-making: You have the right to protection from decisions based solely on automated processing, including profiling, where such decisions could have legal or similarly significant effects on you. Kepler College ensures that any decision with a significant impact involves meaningful human review. You may request an explanation of the decision, challenge the outcome, or ask for a reassessment. While automated tools may be used to support decision-making, they will not be the final determining factor. 

If you want to exercise any of the rights above, please fill this form out.

• For how long will we retain your data

We retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice or as required by law. Kepler College keeps personal data identifiable while it is essential for providing our services and supporting other core business activities. This includes meeting legal obligations, and enforcing contractual agreements. We will retain your data during your engagement with us and, where necessary, even after our relationship ends to comply with legal and regulatory requirements. 

• How you can contact us

If you have any questions or concerns about how we handle your data, or if you wish to exercise any of your rights, please contact our Data Protection Officer (DPO) at dpo@keplercollege.ac.rw

• Updates to This Privacy Notice

We may update this Privacy Notice occasionally to reflect changes in our data processing activities or legal requirements, and updates will be made without prior notice. Any significant changes will be highlighted on the Site, and the “last updated” date at the top of this Policy will reflect the latest revision. We encourage you to review this Privacy Policy regularly to stay informed of any updates.