Kayole, Nairobi Kenya
0726523530
business@mpapsinternetsolutionltd.tech
Free Consulation
Free Consulation

Our Privacy Policy

  • Home
  • Our Privacy Policy
Our Privacy Policy

MPAPS Internet Solution Ltd
Effective Date: 2 April 2026

At MPAPS Internet Solution Ltd, we take privacy seriously. This Privacy Policy explains how we collect, use, store, share and protect personal data when you visit our website, ask for a quotation, subscribe to updates, contact our team, receive our services, or interact with us as a customer, supplier, reseller, hotspot operator, partner, applicant or other business contact.

We are in the business of connectivity, managed support and related digital services. That means we may handle personal data in different ways depending on the relationship involved. Sometimes we collect data directly from a visitor or customer. Sometimes a business customer or reseller gives us limited contact or technical information so that we can provision or support services. In some situations, we act as the party deciding why and how personal data is used. In others, we may process personal data on behalf of a business customer under their instructions.

We want this document to be easy to read and practical. If anything in it is unclear, please contact us using the details at the end of this Policy.

1. Who we are

MPAPS Internet Solution Ltd is a Kenya-based provider of business internet and related connectivity services. Our public website currently states that we support offices, branch networks, resellers and small ISPs, and it lists Kayole, Nairobi, a business contact email and a telephone contact.

For the purposes of this Privacy Policy, “MPAPS”, “we”, “us” and “our” mean MPAPS Internet Solution Ltd.

Depending on the situation, we may act as:

  • a data controller, where we decide why and how personal data is processed; or
  • a data processor, where we process personal data on behalf of a customer or partner under agreed instructions.

2. Our privacy commitment

We are committed to handling personal data in a lawful, fair and transparent manner. As a Kenyan business operating in the ICT space, we design this Policy around the principles and obligations set out under Kenya’s Data Protection Act and related regulations. Under that framework, personal data should be processed lawfully, fairly and transparently, collected for explicit and legitimate purposes, kept adequate and relevant, kept accurate and up to date, retained no longer than necessary, and not transferred outside Kenya unless adequate safeguards or another lawful basis applies.

Where the law requires registration, compliance reviews, complaint handling, breach reporting or cooperation with the Office of the Data Protection Commissioner, we intend to comply with those obligations as they apply to our operations. ODPC is the authority responsible for overseeing data protection in Kenya, including complaints, investigations, enforcement, inspections and audits.

3. Who this Policy applies to

This Policy applies to personal data relating to:

  • visitors to our website;
  • people who fill in our contact, quote, support or consultation forms;
  • subscribers to newsletters, product updates or service alerts;
  • directors, staff, agents and representatives of our corporate customers;
  • resellers, wholesalers, hotspot operators, small ISPs and downstream partners;
  • applicants for employment or contract work;
  • suppliers, contractors and professional advisers;
  • people who visit our offices, sites or installations;
  • individuals whose personal data is included in service tickets, fault reports, onboarding records, billing records or other business documents shared with us.

This Policy is primarily a public-facing policy for our website and our business operations. Where we have a separate signed agreement with a corporate customer, reseller or enterprise partner, that agreement may contain additional privacy, security or data processing terms that sit alongside this Policy.

4. The personal data we collect

The personal data we collect depends on the nature of the relationship. It may include the following:

4.1 Identity and contact information

We may collect your name, job title, company name, physical address, billing address, email address, mobile number, alternative contact details, and the names and roles of technical, commercial or accounts contacts.

4.2 Account and service information

We may collect customer account numbers, service location details, installation details, package selection, service order data, support plan information, account status, service history and records of service activation, suspension, migration or closure.

4.3 Quote and enquiry information

If you request a quotation or consultation, we may collect the location of your site, desired capacity, expected number of users, branch information, backup needs, reseller requirements, equipment requirements, and any other details needed to assess feasibility and recommend a solution. Your site currently invites customers to share location, required capacity, number of users or sites, and whether backup or partner bandwidth is needed.

4.4 Billing and payment information

We may collect invoice details, payment records, tax details, transaction references, account balances, credit or deposit information, and related finance records. We do not intend to store more payment data than is reasonably necessary for billing, reconciliation, fraud prevention and record-keeping.

4.5 Technical and network information

We may process technical data such as IP addresses, device identifiers, router or CPE identifiers, MAC addresses, timestamps, authentication records, traffic management records, incident logs, fault records, bandwidth usage metrics, service performance indicators, and security monitoring data needed to deliver, secure and troubleshoot services.

4.6 Communications and support records

We may keep records of emails, calls, WhatsApp messages, support tickets, complaints, engineer visit notes, meeting records and other correspondence with customers, resellers or prospective clients.

4.7 Website and cookie data

When you use our website, we may collect browser type, device type, pages visited, referral source, approximate location based on IP, session information, cookie preferences, analytics information and similar online identifiers. Your website currently displays cookie categories such as necessary, functional, analytical, advertisement and unclassified cookies.

4.8 Site access and security information

Where relevant, we may process visitor logs, appointment records, CCTV footage, photo identification records, access control records or contractor visit details for security, asset protection and operational purposes.

4.9 Recruitment and supplier information

If you apply for a role or supply services to us, we may process CVs, qualification records, references, identification data, banking details, tax information, company registration records and due diligence information.

4.10 Data received from customers or partners

Where a corporate customer, school, apartment manager, hotspot operator, reseller or small ISP shares personal data with us, that may include end-user support contacts, tenant contact details, site representatives, authorised users, escalation contacts, or information included in tickets, installation requests or service migration plans.

5. How we collect personal data

We collect personal data in different ways, including:

  • directly from you when you contact us, fill in a form, subscribe, request a quotation or buy a service;
  • from your employer or organisation where you are the relationship manager, technical contact, accounts contact or authorised representative;
  • from resellers, partners or managed service customers that engage us to provision or support a service;
  • automatically through website cookies, server logs and online analytics tools;
  • from devices, network equipment and service platforms used to deliver or secure our services;
  • from payment providers, credit reference sources, professional advisers and public registers where that is lawful and necessary;
  • from building managers, landlords, estate managers or contractors where needed for site access, installation or service recovery;
  • from publicly available sources, such as company websites, regulator lists or business directories, where we are building or verifying legitimate business contact records.

Under the Kenyan regulations, personal data may in some cases be collected indirectly, including from databases, web activity, surveillance systems or other sources, but the processing must still remain lawful, proportionate and transparent. Where required, the data subject should be informed of indirect collection within the timeframe provided by law.

6. Why we use personal data

We use personal data for legitimate business and service purposes, including:

6.1 To respond to enquiries

We use contact and enquiry data to answer questions, arrange consultations, run feasibility checks, issue quotations and follow up on sales conversations.

6.2 To onboard customers and partners

We use personal data to verify identity, confirm authority, open accounts, create service records, assign support contacts, coordinate installations and manage service activation.

6.3 To deliver services

We use personal data to provision internet connectivity, allocate resources, configure devices, manage technical support, monitor availability, respond to outages, coordinate field work and maintain service continuity.

6.4 To operate and protect our network

We use logs, identifiers and security records to prevent abuse, detect fraud, manage capacity, investigate incidents, protect infrastructure, troubleshoot technical faults and preserve the integrity of our services.

6.5 To bill and manage finances

We use personal data to issue invoices, collect payments, manage deposits, reconcile accounts, investigate disputed charges and enforce our commercial terms where necessary.

6.6 To manage partner and reseller relationships

We use data to administer wholesale and reseller accounts, verify authorised contacts, handle escalations, track service usage, manage support dependencies and control misuse or downstream risk.

6.7 To improve our website and customer experience

We use website and analytics data to understand how our site performs, what visitors are looking for, which pages are useful, and where we can improve user experience, forms and service information.

6.8 To send service and marketing communications

We may send account notices, installation updates, maintenance alerts, billing notices, commercial offers, newsletters and promotions, subject to your preferences and applicable law.

6.9 To comply with law and protect our rights

We may use personal data to comply with legal obligations, respond to lawful requests, protect our property and personnel, handle complaints, cooperate with regulators, manage disputes and maintain required records.

7. Our legal basis for processing

We process personal data on lawful grounds recognised by Kenyan data protection law. Depending on the context, that may include your consent, the need to take steps at your request, the performance of a contract, compliance with legal obligations, protection of network and business security, the exercise or defence of legal claims, or other lawful bases permitted under applicable law. Kenyan regulations require that the lawful basis relied on be identified before processing and be demonstrable. Where consent is withdrawn, the affected processing must be restricted to the extent required by law.

Where we rely on consent, you are free to withdraw it at any time. Withdrawal will not invalidate processing already carried out lawfully before the withdrawal took effect.

8. When we act as controller and when we act as processor

This is an important part of our business model.

8.1 When we are usually the controller

We are usually the controller when:

  • you visit our website;
  • you submit a quote, support or contact form;
  • you subscribe to marketing or updates;
  • you contract with us directly for services;
  • we manage our own billing, support, complaints, recruitment, supplier onboarding or internal operations.

8.2 When we may act as a processor or service provider

In some enterprise, reseller or managed deployments, a corporate customer may determine the purpose for which personal data is used, while we only process that data to deliver a defined service. In such a case, we may act as a processor or technical service provider under the customer’s instructions.

8.3 Customer and reseller responsibilities

If a corporate customer, school, apartment operator, hotspot operator, reseller or ISP shares personal data with us, that party must ensure it has a lawful basis to collect and share that data and that it has given any required notices to the people concerned. We are entitled to rely on the customer’s representation that the sharing is lawful unless we have reason to believe otherwise.

Where needed, we may require a separate data processing agreement, service order or security schedule to define responsibilities more precisely.

9. Sensitive and special categories of data

We do not intend to collect sensitive personal data unless there is a clear lawful reason to do so and we can justify the need. In ordinary business operations, we do not ask for health, biometric, religious, political or other highly sensitive data unless the context makes it necessary, such as employment administration, secure access control, formal compliance checks or incident investigations.

If sensitive data is provided to us without a clear need, we may delete, redact or restrict it unless we are required to keep it by law.

10. Cookies and similar technologies

Our website may use cookies and similar technologies to:

  • keep the site functioning properly;
  • remember your settings and cookie preferences;
  • understand how visitors use the site;
  • improve forms, content and navigation;
  • measure campaign effectiveness; and
  • support embedded third-party tools or services.

At the moment, your website publicly displays cookie categories for necessary, functional, analytical, advertisement and unclassified cookies, and it appears to be using a cookie management interface.

Where required, we will ask for consent before placing non-essential cookies. You can also manage cookies through your browser settings, although disabling some cookies may affect how the site works.

If we later introduce additional analytics, chat tools, marketing pixels or embedded third-party services, this section should be updated to reflect those tools clearly and specifically.

11. Marketing communications

We may use your name, company name, email address, phone number and service interest information to send:

  • newsletters;
  • product or package updates;
  • promotions;
  • invitations to demos or consultations;
  • new service announcements; and
  • other relevant business communications.

We do not want to spam anyone. We aim to keep our marketing relevant, occasional and easy to opt out of. You may unsubscribe from marketing messages at any time through the method provided in the message or by contacting us directly.

Even if you opt out of marketing, we may still send service-related communications such as invoices, outage notices, installation updates, contract notices and security alerts.

12. Sharing personal data

We do not sell personal data. We may share personal data only where there is a proper business, contractual or legal reason to do so.

We may share personal data with:

  • employees, engineers and authorised internal teams on a need-to-know basis;
  • group affiliates or related business units, where applicable;
  • installation contractors, field technicians and support vendors;
  • data centre, cloud, hosting, ticketing, CRM and communication service providers;
  • payment processors, banks and financial service providers;
  • insurers, auditors, accountants, lawyers and other professional advisers;
  • upstream carriers, infrastructure providers, peering or transit partners, where technically required;
  • landlords, building managers or security teams, where access coordination is necessary;
  • law enforcement agencies, courts, regulators or public authorities, where required by law or lawful order;
  • a buyer, investor or transaction adviser, if all or part of our business is restructured, financed, merged or transferred.

Whenever we share personal data with service providers, we expect them to handle it securely, confidentially and only for the agreed purpose.

13. Cross-border transfers

Some of our systems, software tools, cloud services, communications platforms or backup environments may store or process personal data outside Kenya. Where that happens, we will take reasonable steps to ensure the transfer is lawful and appropriately protected.

Kenyan data protection principles require that personal data should not be transferred outside Kenya unless there is proof of adequate safeguards or another lawful basis, including valid consent where appropriate.

Where practical, we will use contractual protections, access controls, vendor assessments, encryption and data minimisation measures to reduce risk in cross-border processing arrangements.

14. Security of personal data

We take security seriously, particularly because we operate in a communications and network environment. We use reasonable technical and organisational measures designed to protect personal data against loss, misuse, unauthorised access, disclosure, alteration and destruction.

These measures may include:

  • role-based access controls;
  • password and authentication controls;
  • encryption where appropriate;
  • network monitoring and logging;
  • backup and recovery processes;
  • patching and system hardening;
  • security reviews of vendors and tools;
  • restricted access to billing and account records;
  • confidentiality obligations for staff and contractors;
  • secure disposal or deletion processes.

At the same time, no website, network, platform or transmission method is completely risk-free. For that reason, security is a shared responsibility. Customers and partners are expected to protect their own internal systems, devices, passwords, Wi-Fi networks, endpoint security and user access controls.

ODPC’s compliance framework includes inspections, audits and DPIA-related oversight, and Kenya’s cybercrime law also forms part of the wider security environment in which digital service providers operate.

15. Data breaches

If we become aware of a personal data breach affecting information under our control, we will assess the incident promptly, take steps to contain and mitigate risk, document the event and make any notifications required by law.

ODPC provides formal channels for reporting personal data breaches and for filing complaints relating to data protection failures.

If a breach originates from a customer-controlled system, reseller environment or third-party platform connected to our services, we may still need to cooperate in incident handling, but the party controlling that environment remains responsible for its own compliance duties unless the facts show otherwise.

16. How long we keep personal data

We keep personal data only for as long as it is reasonably needed for the purpose for which it was collected, or for as long as we are required to retain it under law, regulation, contract, tax, audit, evidence preservation or dispute management requirements.

In practice:

  • enquiry and marketing records may be kept for a reasonable period after last engagement;
  • contract, billing and account records may be retained for the life of the relationship and for a further period afterwards;
  • network logs and security records may be retained for operational, fraud prevention and security purposes;
  • complaint, legal and enforcement records may be retained for as long as necessary to resolve the issue and preserve evidence;
  • suppression or unsubscribe records may be kept so that we can respect opt-out preferences.

When personal data is no longer needed, we will delete it, anonymise it, redact it or securely archive it in line with our retention practices.

17. Your rights

Under Kenya’s data protection framework, data subjects have important rights. These include the right to be informed about the use of their personal data, the right to access personal data held about them, the right to object to processing, the right to correction of false or misleading data, and the right to deletion of false or misleading data. The regulations also address restriction and portability requests in certain circumstances.

If you want to exercise your rights, please contact us using the details at the end of this Policy. To protect privacy and security, we may ask you to verify your identity and provide enough information for us to locate the relevant records.

We may refuse or limit a request where the law allows us to do so, including where the request is manifestly unfounded, would adversely affect the rights of others, conflicts with a legal retention duty, or cannot be implemented without disproportionate technical or legal difficulty. Where we lawfully decline a request, we will explain our position as far as we reasonably can.

18. Complaints

If you are unhappy with how we have handled your personal data, we encourage you to contact us first so that we can review and resolve the issue quickly and fairly.

If the matter is not resolved, you may lodge a complaint with the Office of the Data Protection Commissioner. Kenya’s Complaints Handling and Enforcement Regulations are designed to support fair, impartial, proportionate and affordable determination of complaints, and ODPC publishes complaint channels for data subjects.

19. Third-party websites and services

Our website may contain links to third-party websites, platforms, forms, videos, social media pages, payment channels or partner tools. We do not control the privacy practices of those third parties. Once you leave our website or interact with an external service, that third party’s own terms and privacy policy will apply.

We recommend reviewing the privacy notices of any external site or platform before sharing personal data there.

20. Children’s data

Our website and services are primarily intended for businesses, institutions, partners and adults acting on behalf of organisations. We do not knowingly market our core services directly to children.

If we learn that personal data of a child has been provided to us without appropriate authority or lawful basis, we may delete, restrict or regularise that data as required. Under ODPC guidance, rights relating to a child’s data may be exercised by a parent, guardian or other duly authorised person.

21. Business transitions

If we undergo a reorganisation, financing, merger, acquisition, business transfer or sale of assets, personal data may be disclosed to advisers and transaction parties as part of due diligence and completion, subject to confidentiality and lawful handling requirements.

22. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, our services, our website, or our operational practices.

When we make material changes, we will update the effective date and, where appropriate, provide a more prominent notice on our website or through another suitable communication channel.

23. How to contact us

For privacy questions, access requests, correction requests, deletion requests, complaints or general data protection concerns, please contact us using the contact details currently published on our website:

MPAPS Internet Solution Ltd
Kayole, Nairobi, Kenya
Phone: 0726523530
Email: business@mpapsinternetsolutionltd.tech

When writing to us about privacy, it helps to use a subject line such as “Privacy Request” or “Data Protection Complaint” so that your request can be handled faster. The business email address and contact details above are currently displayed on your website.

24. Regulator contact

If you believe your data protection concern has not been handled properly, you may contact the Office of the Data Protection Commissioner through its official complaint and information channels. ODPC publishes complaint, breach-reporting and general contact channels on its official website.

Accept
We use cookies to make our website work properly, improve your browsing experience, and understand how our site is used. Some cookies are necessary, while others help us enhance performance and provide more relevant content. Accept