Privacy Policy

Metanet Technologies Limited ("Metanet", "we", "us", "our") is committed to protecting the privacy and personal data of our customers, website visitors, and users of our services. This Privacy Policy explains how we collect, use, store, share, and protect your personal information in compliance with the Kenya Data Protection Act, 2019 (the "Act"), and other applicable data protection laws.

This Policy applies to all individuals who interact with Metanet, whether through our website (metanettechnologies.co.ke), our fiber internet services, customer support channels, or any other means.

The data controller responsible for your personal data is:

Metanet Technologies Limited Nairobi, Kenya Email: [email protected] Phone: 0718 491 084

Our Data Protection Officer can be reached at [email protected].

• Full name, email address, phone number
• Physical address / installation address
• National ID or passport number (for identity verification)
• Payment information (M-Pesa number, bank details)
• Company name and registration details (for business accounts)
• Communications with our support team (calls, emails, chats)

Information collected automatically:

• IP addresses assigned to your connection
• Bandwidth usage statistics (aggregate volume, not content)
• Connection logs (timestamps, session duration)
• Device information used to contact support
• Browser type, operating system, referrer URL (website visitors)
• Cookies and similar technologies (see our Cookie Policy)

Information from third parties:

• Credit reference information (where applicable)
• Information from property managers or landlords regarding installation access

What we do NOT collect: We do not perform deep packet inspection, log your browsing history, monitor the content of your internet traffic, or track which websites you visit. We do not collect data through any form of surveillance of your online activities.

We process your personal data for the following purposes:

• Service delivery: To provide, maintain, and improve our internet services
• Account management: To create and manage your account, process payments, and communicate billing information
• Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance
• Service communications: To send maintenance notifications, service updates, and security alerts
• Network management: To monitor and optimise network performance, plan capacity, and ensure service quality
• Fraud prevention: To detect, prevent, and investigate fraud, abuse, and security threats
• Legal compliance: To comply with applicable laws, regulations, and legal processes
• Business operations: To conduct internal analysis, auditing, and reporting
• Marketing: To send promotional communications (only with your explicit consent, and you may opt out at any time)

We process your personal data based on the following legal grounds under the Kenya Data Protection Act, 2019:

• Contractual necessity: Processing necessary to perform the contract for Services you have subscribed to (e.g., installation, billing, support)
• Legitimate interest: Processing necessary for our legitimate business interests (e.g., network management, fraud prevention, service improvement), balanced against your rights
• Legal obligation: Processing necessary to comply with Kenyan law (e.g., telecommunications regulations, tax obligations, law enforcement requests)
• Consent: Processing based on your explicit consent (e.g., marketing communications). You may withdraw consent at any time without affecting the lawfulness of prior processing

Our website uses cookies and similar technologies to enhance your browsing experience, analyse website usage, and support our customer service chat. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

We use Google Analytics to collect anonymous usage data about our website. This data is used solely to improve our website and does not identify individual users.

We may share your personal data with the following categories of recipients, only to the extent necessary:

• Payment processors: M-Pesa (Safaricom), banks, and card payment processors — to process your payments
• Infrastructure partners: Network equipment vendors and maintenance contractors — under strict confidentiality agreements
• Regulatory authorities: Communications Authority of Kenya, Kenya Revenue Authority — as required by law
• Law enforcement: Kenya Police, DCI, or other authorities — only when legally compelled by court order or statutory obligation
• Professional advisors: Legal, accounting, and auditing firms — under professional confidentiality obligations
• Service providers: Customer support tools, email services, analytics — under data processing agreements that require them to protect your data

All third-party recipients are contractually required to process your data only for the specified purposes and in accordance with applicable data protection laws.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Active account data: For the duration of your service subscription
• Post-termination data: For 2 years after service termination (to handle disputes, re-activation requests, and legal obligations)
• Billing and financial records: For 7 years (as required by Kenyan tax law)
• Communication records: For 2 years (for quality assurance and dispute resolution)
• Network logs: For 12 months (for network management and security)
• Marketing consent records: For 3 years after consent withdrawal (to demonstrate compliance)

After the retention period expires, personal data is securely deleted or anonymised.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls with role-based permissions and multi-factor authentication
• Regular security assessments and penetration testing
• Employee training on data protection and information security
• Physical security controls at our facilities
• Incident response procedures for data breaches
• Regular backup and disaster recovery procedures

While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Under the Kenya Data Protection Act, 2019, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you
• Right to rectification: You may request correction of inaccurate or incomplete personal data
• Right to erasure: You may request deletion of your personal data (subject to legal retention requirements)
• Right to restriction: You may request that we restrict processing of your data in certain circumstances
• Right to data portability: You may request your data in a structured, commonly used, machine-readable format
• Right to object: You may object to processing based on legitimate interest or for direct marketing purposes
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
• Right to lodge a complaint: You may lodge a complaint with the Office of the Data Protection Commissioner of Kenya

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days. We may require identity verification before processing your request.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such data. If you believe we have collected data from a child, please contact us immediately at [email protected].

Your personal data is primarily stored and processed within Kenya. In certain circumstances, we may transfer data to service providers located outside Kenya (e.g., cloud infrastructure providers). Any such transfer will be subject to appropriate safeguards, including:

• Standard contractual clauses approved by the Data Protection Commissioner
• Verification that the recipient jurisdiction provides adequate data protection
• Binding corporate rules where applicable

We will not transfer your data to any jurisdiction that does not provide adequate protection for personal data without implementing appropriate safeguards.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Office of the Data Protection Commissioner within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights
• Document the breach, its effects, and the remedial actions taken

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email and/or prominent notice on our website at least 30 days before taking effect.

The "Last Updated" date at the top of this Policy indicates when it was last revised. Your continued use of the Services after the effective date of any changes constitutes acceptance of the updated Policy.

Data Protection Officer: [email protected]

Phone: 0718 491 084

Postal address: Metanet Technologies Limited, Nairobi, Kenya

Supervisory authority: Office of the Data Protection Commissioner, Kenya — www.odpc.go.ke