Privacy Policy.
Effective · TBD · Version 0.1 · Scaffold pending counsel review
This page is the structural scaffold for Navon World Ltd's privacy policy. The headings below mirror the sections we expect the published policy to contain. Each section's body is currently a placeholder — Navon's data protection counsel is preparing the final text against Kenya DPA 2019, GDPR alignment requirements, and the operating realities of our sovereign-compute platform.
If you're a customer, partner, or regulator with an immediate question about how Navon handles personal data, contact privacy@navonworld.com.
01 What we collect
Counsel to provide. Section will list categories of personal data Navon collects (identifiers, contact information, business affiliations, log data from the sovereign cloud platform), the legal basis for each, and the retention period.
02 How we use it
Counsel to provide. Section will describe the purposes for which personal data is processed: contract performance, customer support, security monitoring, regulatory reporting, marketing communications (opt-in only).
03 Where data lives
Counsel to provide. Section will describe Navon's sovereignty model: by default, customer data resides on hardware operated by Navon inside the customer's jurisdiction. Cross-border transfers occur only when explicitly authorised by contract or required by law. Encryption keys are held in-country via sovereign HSMs.
04 Sharing & disclosure
Counsel to provide. Section will list categories of third parties to whom personal data may be disclosed (sub-processors, equipment vendors under DPA, regulators on lawful request) and the safeguards in place for each.
05 Your rights
Counsel to provide. Section will summarise data subject rights under Kenya DPA 2019 (access, rectification, erasure, objection, portability) and GDPR equivalents where applicable, with the procedure for exercising each.
06 Security
Counsel to provide. Section will describe technical and organisational measures protecting personal data: encryption at rest (AES-256), encryption in transit (TLS 1.3 with PQC roadmap), access controls, audit logging, incident response.
07 International transfers
Counsel to provide. Section will describe the basis on which any cross-border transfers occur (standard contractual clauses, adequacy decisions, customer consent), and what safeguards apply.
08 Changes to this policy
Counsel to provide. Section will describe notification procedure for material changes to this policy, retention of prior versions, and effective-date logic.
09 Contact
Data protection enquiries, requests, and complaints should be directed to:
Data Protection Officer
Navon World Ltd
privacy@navonworld.com
Customers in jurisdictions with their own supervisory authority retain the right to lodge complaints directly with that authority. In Kenya, that is the Office of the Data Protection Commissioner.