Privacy Policy

Effective: January 1, 2025

This Privacy Policy describes how BioTrack Tech Limited ("BioTrack", "we", "us", or "our") collects, uses, stores, and protects personal information when you use BioTrack Payroll ("the Service"). We are committed to protecting your privacy and complying with the Kenya Data Protection Act, 2019 and its regulations.

1. Who We Are

BioTrack Tech Limited is a company registered in Kenya. We operate BioTrack Payroll, a web-based payroll management system for Kenyan businesses.

• Email: payroll@biotrack.co.ke
• Phone: +254-103-852840
• Website: https://www.biotrackpayroll.com

2. Information We Collect

2.1 Account and Company Data

When you register an organisation on BioTrack Payroll, we collect:

• Company name, registration number, and KRA PIN
• Administrator name, email address, and phone number
• Billing information (where applicable)

2.2 Employee Payroll Data

To process payroll, we collect and store employee data that you input into the system:

• Full name, national ID number, KRA PIN
• Bank account details for salary payment
• NSSF and NHIF/SHA membership numbers
• Salary details, allowances, and deduction configurations
• Tax relief claims (personal, insurance, mortgage)
• Leave records and entitlements

2.3 Usage Data

We automatically collect certain technical data when you use the Service, including IP address, browser type, pages visited, and timestamps. This data is used for security monitoring and improving the Service.

3. How We Use Your Data

We use the information we collect to:

• Process payroll and calculate statutory deductions (PAYE, NSSF, SHIF, NITA, Housing Levy)
• Generate payslips, P9A, P10A, and statutory submission files
• Provide the Employee Self Service portal
• Communicate account updates, compliance changes, and support responses
• Comply with Kenyan tax and labour laws
• Detect and prevent fraud or unauthorised access

4. Legal Basis for Processing

We process personal data on the following legal bases under the Kenya Data Protection Act, 2019:

• Contract performance: Processing is necessary to deliver the payroll service you have contracted us to provide.
• Legal obligation: Payroll processing involves statutory obligations under the Income Tax Act, NSSF Act, and SHA Act.
• Legitimate interests: For security monitoring, fraud prevention, and service improvement.
• Consent: For optional communications such as product updates and newsletters.

5. Data Storage and Security

All data is stored on servers protected with 256-bit SSL encryption. We implement industry-standard technical and organisational measures to protect your data against unauthorised access, loss, or disclosure, including:

• Encrypted data storage and transmission
• Role-based access controls
• Regular security monitoring and auditing
• Restricted access to payroll data on a need-to-know basis

6. Data Sharing

We do not sell your personal data to third parties. We may share data with:

• KRA (Kenya Revenue Authority): When you export iTax files for PAYE submission — this is initiated by you, not transmitted automatically.
• Service providers: Cloud hosting and infrastructure providers operating under data processing agreements.
• Legal authorities: If required by Kenyan law or a valid court order.

7. Data Retention

We retain payroll records for a minimum of 7 years from the end of the tax year, in line with KRA requirements under the Income Tax Act. You may request deletion of non-statutory data at any time by contacting us.

8. Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your data (subject to statutory retention requirements)
• Object to processing based on legitimate interests
• Data portability — receive your data in a structured, machine-readable format
• Lodge a complaint with the Office of the Data Protection Commissioner (ODPC)

To exercise these rights, contact us at payroll@biotrack.co.ke.

9. Cookies

BioTrack Payroll uses session cookies necessary for authentication and security (CSRF protection). We do not use third-party advertising or tracking cookies. Google Fonts may set performance-related cookies. You can disable cookies in your browser settings, but this will affect your ability to log in.

10. Children's Privacy

BioTrack Payroll is a business service and is not intended for use by persons under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or Kenyan law. We will notify registered account holders of material changes by email. The effective date at the top of this page will always reflect the most recent update.

12. Contact Us

For privacy-related inquiries, data access requests, or complaints:

• Email: payroll@biotrack.co.ke
• Phone: +254-103-852840
• Address: BioTrack Tech Limited, Nairobi, Kenya