The contractual terms under which Kikavu Tech Solutions processes personal data on behalf of business, school, NGO, and government clients.
This Data Processing Agreement ("DPA") forms part of the Agreement between the client ("Controller") and Kikavu Tech Solutions ("Processor") wherever Kikavu Tech Solutions processes personal data on the Controller's behalf in the course of providing hosting, software, GPS tracking, School Management System, AI automation, or related Services.
This DPA applies for the duration of the underlying Agreement and continues to apply to any residual personal data until it is deleted or returned in accordance with Section 6.
Processing consists of hosting, storage, transmission, backup, and technical support of personal data submitted by the Controller for the purpose of operating the contracted software, platform, or service — including websites, ERP/CRM systems, GPS tracking platforms, School Management Systems, and AI-enabled tools.
Depending on the Service, personal data may include: names and contact details of employees, customers, students, parents/guardians, or drivers; login credentials; payment and billing information; location/GPS data; academic and attendance records; and content uploaded by the Controller.
The Controller authorises Kikavu Tech Solutions to engage sub-processors necessary for Service delivery, which may include cloud/hosting infrastructure providers, payment gateways, SMS/email delivery services, and AI infrastructure providers. Kikavu Tech Solutions will impose data protection obligations on sub-processors materially equivalent to those in this DPA and will notify the Controller of material changes to sub-processors where reasonably practicable.
Where personal data is transferred outside Tanzania, Kikavu Tech Solutions will ensure appropriate safeguards are in place, such as contractual data protection obligations with the receiving provider consistent with the Tanzania Personal Data Protection Act and, where applicable, GDPR-recognised transfer mechanisms.
Kikavu Tech Solutions maintains security measures including encryption in transit, access controls, regular backups, vulnerability monitoring, and incident response procedures, as further detailed in our Information Security Policy.
In the event of a confirmed personal data breach affecting Controller data, Kikavu Tech Solutions will notify the Controller without undue delay and, where feasible, within 72 hours of becoming aware, providing available details of the nature of the breach, affected data categories, and mitigation steps taken.
Upon reasonable written notice, the Controller may request information demonstrating Kikavu Tech Solutions' compliance with this DPA, which may be satisfied through security documentation, certifications, or a mutually scheduled review.
Liability under this DPA is subject to the limitation of liability provisions set out in the Terms & Conditions and the underlying Agreement.
This DPA remains in effect for as long as Kikavu Tech Solutions processes personal data on behalf of the Controller under the Agreement.
This DPA is governed by the laws of the United Republic of Tanzania.