Skip to main content

Privacy Policy for Jam Raye Agro Holdings Ltd

Privacy Policy & Data Governance Framework


Effective Date: August 1, 2025 Compliance Standard: Data Protection Act, 2019 (Kenya) & GDPR Alignment


1. Governance Statement Jam Raye Agro Holdings Ltd. ("The Data Controller") operates as a registered social enterprise in Kenya. We are committed to the highest standards of data integrity and privacy. This policy outlines our protocols for collecting, processing, and securing data via jamrayefarms.com in accordance with the Data Protection Act, 2019.


2. Data Collection Protocols We collect data under the legal basis of Legitimate Interest and Contractual Performance. Categories include:



  • Identity Data: Full name, email address, and contact coordinates submitted via newsletter subscription, inquiry forms, or donor portals.
  • Financial Transaction Logs: For donors, we record transaction reference codes (e.g., M-Pesa Codes) and donation values for audit transparency. Note: We do not store credit card numbers. All card processing is encrypted via Stripe.
  • Agro-Metric Data (Partners): Data submitted by partner farmers regarding livestock health, crop yields, and operational status for Monitoring & Evaluation (M&E) purposes.
  • Technical Telemetry: IP addresses, browser agents, and session duration logs to maintain site security and performance.


3. Usage of Information Your data is utilized strictly for the following operational mandates:


    • Operational Communication: To facilitate project updates, partnership inquiries, and donor reporting.
    • Impact Auditing: Processing agro-metric data to generate mpact reports for stakeholders.
    • Regulatory Compliance: Meeting reporting obligations under Kenyan tax and enterprise laws.
    • System Integrity: Monitoring for fraudulent activity or cybersecurity threats.










4. Third-Party Data Processors We do not sell data. We share data only with authorized Data Processors bound by confidentiality agreements:


    • Payment Gateways: Stripe and Safaricom (M-Pesa) for financial settlement.
    • Infrastructure Providers: Secure cloud hosting and email delivery services.
    • Regulatory Bodies: When legally mandated by a court order or the Office of the Data Protection Commissioner (ODPC).


5. Security Architecture We employ enterprise-grade security measures to protect your information:


    • Encryption: All data in transit is secured via SSL/TLS encryption (HTTPS).
    • Access Control: Sensitive donor and farmer data is restricted to authorized personnel only.
    • Data Minimization: We only retain data necessary for the duration of the operational relationship or legal requirement.
    • Breach Notification Protocol: In the event of a compromised system, we will notify affected parties and the ODPC within 72 hours of discovery.


6. Your Rights (Data Protection Act, 2019) Under Section 26 of the Kenyan Data Protection Act, you maintain the right to:


    • Access: Request copies of personal data held by Jam Raye Agro Holdings.
    • Rectification: Request correction of inaccurate or incomplete data.
    • Erasure (Right to be Forgotten): Request deletion of data, subject to legal retention periods (e.g., tax records).
    • Objection: Opt-out of direct marketing communications at any time.
    • To exercise these rights, submit a formal request to our Data Protection Officer at: admin@jamrayefarms.com


7. Cross-Border Data Transfer As a bi-continental entity, data may be processed in Kenya and Canada. We ensure that all cross-border transfers adhere to adequate data protection safeguards compatible with international standards.


8. Contact Information Jam Raye Agro Holdings Ltd. Attn: Data Compliance Officer Nairobi, Kenya Email: admin@jamrayefarms.com