1. Introduction

Welcome to the Technical University of Mombasa (TUM) Privacy Policy. TUM is committed to protecting the privacy and security of personal information collected from students, staff, faculty, visitors, and other stakeholders.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our services.

About TUM

The Technical University of Mombasa is a public university established under the Universities Act 2012 of the Laws of Kenya. As a public institution, we are committed to transparency and accountability in handling personal data.

2. Information We Collect

We collect various types of information in connection with the services we provide:

2.1 Personal Information

  • Full name and identification details
  • Contact information (address, email, phone number)
  • Date of birth and nationality
  • Academic records and qualifications
  • Employment history and professional credentials
  • Financial information for fee payment
  • Photographs and biometric data (where applicable)

2.2 Automatically Collected Information

  • IP addresses and device information
  • Browser type and version
  • Pages visited and time spent on our website
  • Referring website addresses
  • Operating system information

2.3 Academic and Research Information

  • Course enrollment and attendance records
  • Examination results and transcripts
  • Research projects and publications
  • Library usage and resource access

3. How We Use Your Information

TUM uses collected information for the following purposes:

  1. Educational Services: To provide academic programs, courses, and related services
  2. Administration: To manage student and staff records, enrollment, and graduation processes
  3. Communication: To send important notices, updates, and announcements
  4. Research: To facilitate research activities and academic collaborations
  5. Financial Management: To process fees, scholarships, and financial aid
  6. Legal Compliance: To comply with legal obligations and regulatory requirements
  7. Security: To maintain the safety and security of our campus and systems
  8. Quality Improvement: To improve our services and educational offerings

Legal Basis for Processing

We process personal data based on: (a) contractual necessity for providing educational services, (b) legal obligations under Kenyan law, (c) legitimate interests in conducting university operations, and (d) consent where explicitly obtained.

4. Data Sharing and Disclosure

TUM may share your personal information with:

4.1 Within the University

  • Academic departments and administrative offices
  • Faculty and teaching staff (as necessary for educational purposes)
  • IT services for system maintenance and support

4.2 External Parties

  • Regulatory Bodies: Commission for University Education (CUE) and other regulatory authorities
  • Government Agencies: When required by law or official request
  • Partner Institutions: For exchange programs and collaborative research
  • Service Providers: Third-party vendors providing services on our behalf
  • Accreditation Bodies: For quality assurance and accreditation purposes

Important Note

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Any sharing is done strictly for legitimate educational and administrative purposes.

5. Data Security

TUM implements appropriate technical and organizational measures to protect your personal data:

  • Encryption: We use SSL/TLS encryption for data transmission
  • Access Controls: Role-based access to limit data access to authorized personnel only
  • Physical Security: Secure facilities with controlled access for data storage
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Staff Training: Regular training on data protection and privacy practices
  • Backup Systems: Regular data backups to prevent data loss
  • Incident Response: Established procedures for handling security breaches

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to using industry best practices.

6. Your Rights

Under Kenyan Data Protection Act 2019, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal requirements)
  • Right to Restrict Processing: Request limitation on how we use your data
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to certain processing activities
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent
  • Right to Complain: Lodge a complaint with the Office of the Data Protection Commissioner

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided at the end of this policy.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic.

Types of Cookies We Use:

  • Essential Cookies: Necessary for website functionality and security
  • Performance Cookies: Help us understand how visitors use our website
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Collect information about website usage patterns

You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect website functionality.

8. Data Retention

TUM retains personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

  • Student Records: Retained permanently for academic verification and alumni relations
  • Staff Records: Retained for the duration of employment plus 7 years
  • Financial Records: Retained for 7 years as per legal requirements
  • Research Data: Retained according to research protocols and funding requirements
  • Website Logs: Retained for 12 months for security purposes

After the retention period expires, personal data will be securely deleted or anonymized.

9. International Data Transfers

In some cases, your personal data may be transferred to, stored, or processed outside Kenya, particularly for:

  • International student exchange programs
  • Research collaborations with foreign institutions
  • Use of cloud-based services hosted internationally
  • Academic conferences and publications

When transferring data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the Data Protection Commissioner
  • Standard contractual clauses
  • Binding corporate rules
  • Your explicit consent where required

10. Children's Privacy

While our primary audience consists of adults, we recognize that some prospective students may be under 18 years of age. For individuals under 18:

  • Parental or guardian consent is required for data processing
  • We take extra precautions to protect children's personal information
  • Access to certain services may be restricted
  • Enhanced security measures are applied

11. Changes to This Privacy Policy

TUM reserves the right to update this Privacy Policy at any time. Changes will be effective immediately upon posting on our website. We will notify you of any material changes through:

  • Email notification to registered users
  • Prominent notice on our website
  • Updates to the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer

Technical University of Mombasa

Tom Mboya Street, P.O. Box 90420-80100, Mombasa, Kenya

Email: dpo@tum.ac.ke

Phone: +254 41 2492222

Website: www.tum.ac.ke

Office of the Data Protection Commissioner

P.O. Box 63319-00619, Nairobi, Kenya

Email: info@odpc.go.ke

Website: www.odpc.go.ke

Acknowledgment

By using TUM's services, accessing our website, or providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.