United Women's Council · Nairobi, Kenya
Privacy Policy
We keep your information private, safe, and in your hands.
Contents
1 Who We Are
United Women's Council ("UWC," "we," "us," or "our") is a women's development organisation founded by Njeri Kiereini and based in Nairobi, Kenya. Our programmes — webinars, summits, coaching resources, and member content — support women in building clarity, emotional maturity, and self-directed lives.
This Privacy Policy explains how we collect, use, store, and protect personal information when you visit unitedwomenscouncil.org ("the Site"), register for our events, purchase a programme, subscribe to our newsletter, or otherwise engage with UWC.
2 Information We Collect
2.1 Information you provide directly
| When | Data collected |
|---|---|
| Event / programme registration | First name, last name, email address, phone number, gender (optional), and selected pricing tier |
| WooCommerce purchase / checkout | Billing name, email address, billing address, payment reference number (card or M-Pesa) |
| Newsletter subscription | Email address, first name |
| Contact / enquiry form | Name, email address, and the content of your message |
| Members' area access | Purchase email address (used to verify access; no separate account password is created) |
| Zoom attendance | Name and email address as entered when joining a session; session attendance data held by Zoom |
2.2 Information collected automatically
When you visit the Site, certain technical information is collected automatically by our hosting infrastructure and analytics tools, including:
- IP address and approximate geographic location
- Browser type and operating system
- Pages visited, time on page, and referring URL
- Device identifiers and screen resolution
This information is used in aggregate form to understand how the Site is used and to improve it. It is not linked to your name or email address without your consent.
2.3 Payment information
We do not store full payment card details. All card and M-Pesa payments are processed through Pesapal, a licensed payment service provider. UWC receives only a transaction reference and confirmation of payment status. Our M-Pesa Till Number is 5663554 for any direct mobile payments.
3 How We Use Your Information
We use the personal information we collect for the following purposes, each of which has a lawful basis under the Kenya Data Protection Act:
| Purpose | Lawful basis |
|---|---|
| Sending you a registration confirmation and joining instructions for events and summits you have signed up for | Performance of a contract (service delivery) |
| Processing your payment and issuing receipts | Performance of a contract |
| Granting access to members' replay pages and gated content you have purchased | Performance of a contract |
| Sending programme follow-up emails, session replays, and resource links | Performance of a contract / legitimate interest |
| Sending our newsletter and periodic programme announcements (where you have subscribed) | Consent (you may unsubscribe at any time) |
| Tagging your Mailchimp subscriber profile to the programme(s) you have attended, so we only contact you with relevant updates | Legitimate interest |
| Maintaining an internal record of registrations and purchases for programme administration and CSV reporting | Legitimate interest |
| Improving the Site and our programmes through aggregate analytics | Legitimate interest |
| Responding to your enquiries and support requests | Legitimate interest / performance of a contract |
| Complying with legal obligations (e.g. financial record-keeping) | Legal obligation |
We will never use your information for automated profiling, scoring, or decision-making that produces legal or significant effects on you.
4 How We Share Your Information
We do not sell, rent, or trade your personal information to any third party, ever.
We share information only in the following limited circumstances:
- Service providers acting on our behalf — the third-party platforms listed in Section 5 below receive only the data they need to deliver the relevant service (e.g. Mailchimp receives your email address to send you messages; Zoom receives your name and email when you join a session).
- Payment processing — Pesapal receives your payment details to authorise and complete a transaction. They are bound by PCI-DSS standards and their own privacy policy.
- Legal requirements — we may disclose information if required by Kenyan law, a court order, or a legitimate request from a law-enforcement authority, and only to the extent legally required.
- Protecting rights — we may disclose information where necessary to protect the safety, rights, or property of UWC, our community members, or the public.
All third-party service providers we work with are required to handle your data securely and in accordance with their own privacy policies.
5 Third-Party Services We Use
The following services power key parts of our operations. Each link leads to that company's privacy policy so you can understand how they handle data independently.
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Mailchimp (Intuit Inc., USA) | Email marketing, newsletter, and event notifications | Name, email address, programme tags | mailchimp.com/legal/privacy |
| Pesapal (Pesapal Ltd., Kenya) | Card and M-Pesa payment processing | Payment details, billing name, email, transaction amount | pesapal.com/privacy |
| WooCommerce / WordPress (Automattic Inc., USA) | E-commerce platform powering our programme purchases | Order and customer data stored on our own server | automattic.com/privacy |
| Zoom (Zoom Video Communications, USA) | Live webinar and summit sessions | Name and email on joining; attendance data held by Zoom | zoom.us/privacy |
| Google Drive (Google LLC, USA) | Hosting session recordings and member resources | Access via share link; Google may log access metadata | policies.google.com/privacy |
| Google Calendar (Google LLC, USA) | One-click "Add to Calendar" links for events | Event details pre-filled; requires your Google account if you click Add | policies.google.com/privacy |
Some of these services are based outside Kenya (United States). Where data is transferred internationally, we rely on the contractual safeguards and adequacy determinations provided by those platforms' standard agreements and applicable data-protection frameworks.
6 Cookies & Tracking
Our Site uses cookies and similar technologies. A cookie is a small text file placed on your device by your browser.
Cookies we use
| Cookie type | Purpose | Duration |
|---|---|---|
| Essential / functional | WordPress session cookies, WooCommerce cart and checkout state, members' area access verification | Session or up to 7 days |
| Analytics | Aggregate page-view and visitor statistics to help us understand site usage | Up to 13 months |
| Third-party embeds | Google (Drive embeds, Calendar links) and Mailchimp subscription forms may set their own cookies | Varies by provider |
You can control or disable cookies through your browser settings. Disabling essential cookies may prevent some features of the Site — such as the members' area or checkout — from working correctly.
7 Data Retention
We keep your personal data only for as long as necessary for the purpose for which it was collected, or as required by law.
| Data type | Retention period |
|---|---|
| Event registration records (name, email, programme attended) | 3 years from the date of the event |
| WooCommerce order records | 7 years (Kenya financial record-keeping requirements) |
| Mailchimp subscriber data | For as long as you remain subscribed, plus 30 days after unsubscribing |
| Contact form enquiries | 2 years, unless the enquiry relates to an ongoing matter |
| Access-verification cookies | 7 days from issue (browser-side) |
| Anonymous site analytics | Up to 26 months in aggregate form |
After the applicable retention period, records are deleted or anonymised. You may request earlier deletion — see Section 8 below.
8 Your Rights
Under the Kenya Data Protection Act 2019, you have the following rights regarding your personal information:
- Right to be informed — to know what personal data we hold about you and how we use it (this policy fulfils that right).
- Right of access — to request a copy of the personal data we hold about you.
- Right to rectification — to ask us to correct inaccurate or incomplete personal data.
- Right to erasure ("right to be forgotten") — to request deletion of your personal data, where we are not required by law to retain it.
- Right to restrict processing — to ask us to pause using your data while accuracy or legal questions are resolved.
- Right to data portability — to receive a copy of your data in a machine-readable format where technically feasible.
- Right to object — to object to processing based on legitimate interests (e.g. direct marketing).
- Right to withdraw consent — where processing is based on consent (e.g. our newsletter), you may withdraw consent at any time by clicking Unsubscribe in any email, or by writing to us.
To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya: odpc.go.ke.
9 Children's Privacy
Our programmes and website are directed at adults (persons 18 years of age and older). We do not knowingly collect personal information from children under 18.
Our Parenting Through the Milestones summit is for parents and caregivers — it does not collect data from the children being discussed. If you believe a child's data has been submitted to us, please contact us immediately and we will delete it promptly.
10 Security
We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These include:
- HTTPS encryption across the entire Site (SSL/TLS)
- Restricted admin access to our WordPress and WooCommerce databases
- No storage of full payment card details — handled entirely by Pesapal
- Regular software and plugin updates to address security vulnerabilities
- Access controls limiting who on the UWC team can view registration and order data
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you suspect a security issue, please notify us at connect@unitedwomenscouncil.org immediately.
11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or best practices. When we make material changes, we will update the Last updated date at the top of this page and, where appropriate, notify active subscribers by email.
We encourage you to review this policy periodically. Continued use of our Site or services after a change constitutes acceptance of the updated policy.
12 How to Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out to us:
We aim to respond to all privacy-related enquiries within 30 days of receipt.
