Legal
Privacy Policy
Last updated: April 2026 · COMMUNE IDEE (CIDE) GROUPE LTD
1. Who We Are
This Privacy Policy is published by COMMUNE IDEE (CIDE) GROUPE LTD(“CIDE Group”, “we”, “us”, or “our”), a company registered in Kenya (Registration No. PVT-BB1OWQW3) with its principal office at P.O. Box 15040-00509, Nairobi, Kenya.
We operate the website at https://cidegroup.org (the “Site”). This Policy explains how we collect, use, store, and protect personal data in connection with the Site, in compliance with the Kenya Data Protection Act 2019 (KDPA 2019).
2. Personal Data We Collect
2.1 Information you provide to us
When you submit an enquiry through our contact form, we collect:
- Full name and organisation name
- Email address
- Phone number (optional)
- Country or region
- The content of your message or enquiry
- Whether you have opted in to receive updates and programme news from CIDE Group (opt-in only)
2.2 Analytics data (with your consent)
If you accept analytics cookies, we collect anonymised usage data through Google Analytics 4 (GA4), including pages visited, session duration, approximate geographic location (country/city only), device type, and interactions with page elements. Google Analytics data is anonymised — we do not have access to your IP address. Analytics cookies are only placed after you provide consent.
2.3 Essential cookies
We use essential cookies required for the Site to function correctly (form security tokens, session integrity). These do not track you across other sites and do not require your consent.
3. How We Use Your Data
| Purpose | Legal Basis (KDPA 2019) |
|---|---|
| Responding to your contact form enquiry | Consent — you initiate contact and consent is collected on the form |
| Sending programme updates and news | Explicit consent — only if you opted in via the subscribe checkbox |
| Analysing how visitors use the Site | Consent — analytics cookies are only set after you accept in the cookie banner |
| Protecting the Site from spam and automated abuse | Legitimate interest — we use rate limiting and Cloudflare Turnstile to prevent form abuse |
We do not use your data for advertising, profiling, or automated decision-making.
4. How Long We Keep Your Data
- Contact form submissions: Retained for up to 24 months from submission date, or longer if you enter an active working relationship with CIDE Group.
- Newsletter subscription: Retained until you unsubscribe. Each newsletter includes an unsubscribe link.
- Google Analytics data: Retained for 14 months within GA4 (Google's default analytics retention period).
5. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share data only with:
- Google LLC (Google Analytics): If you accept analytics cookies. Data is processed under Google's Privacy Policy.
- Email service providers: Used to route contact form submissions to CIDE Group staff. They process your name, email, and message solely to deliver the email.
- Cloudflare (Turnstile): Our contact form uses Cloudflare Turnstile for bot protection. Cloudflare may process browser signals and IP address to verify human submissions. See Cloudflare's Privacy Policy.
6. Your Rights Under the KDPA 2019
As a data subject under the Kenya Data Protection Act 2019, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data, unless we are required to retain it for legal reasons.
- Withdraw consent — at any time where processing is based on consent, without affecting prior lawful processing.
- Object — to processing based on legitimate interest.
- Portability — request your data in a structured, machine-readable format.
To exercise any right, email communications@cidegroup.org with the subject line “Data Subject Request”. We will respond within 21 days. If you are unsatisfied with our response, you may complain to the Office of the Data Protection Commissioner of Kenya at odpc.go.ke.
7. Cookies
| Category | Purpose | Consent |
|---|---|---|
| Essential | Form security, session integrity. Cannot be disabled. | Not required |
| Analytics (GA4) | Anonymised usage data — pages, sessions, referral source. | Yes — asked on first visit |
You can change your cookie preference by clearing your browser's local storage or by contacting us. We do not use advertising or social media tracking cookies.
8. Security
We take reasonable technical and organisational measures to protect your data, including HTTPS encryption, rate limiting on form endpoints, bot protection via Cloudflare Turnstile, and restricted access to form submissions.
No internet transmission is 100% secure. If you have security concerns, contact us immediately at communications@cidegroup.org.
9. Children's Privacy
This Site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data through this Site, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Policy from time to time. We will update the “Last updated” date when changes are made. Material changes will be noted on the Site homepage or communicated to newsletter subscribers by email.
11. Contact Us
P.O. Box 15040-00509, Nairobi, Kenya
communications@cidegroup.org
+254 745 704 580
COMMUNE IDEE (CIDE) GROUPE LTD · Reg. PVT-BB1OWQW3· Kenya