privacy policy
MSF Eastern Africa

Privacy Policy

1.  About this Privacy Notice

Médecins Sans Frontières/Doctors Without Borders Eastern Africa (MSF EA)  respects the privacy of our users, donors and website visitors and we take care to protect your personal information. For purposes of the Kenya Data Protection Act and the General Data Protection Regulation (the “GDPR”), we are the data controller in respect to the collection and use of your personal information. This is because we dictate the purpose for which your personal information is used and how we use your personal information.

By providing MSF EA with your personal information, you consent to the collection, use, disclosure, and retention of that information by MSF EA in accordance with this privacy notice and as otherwise permitted by applicable law. You may withdraw your consent at any time, subject to legal or contractual restrictions and on reasonable notice to MSF EA, but then you might not be able to proceed with your intended interactions or transactions with MSF EA or otherwise receive the full benefit of MSF EA’s services.

This privacy notice explains how we collect, use, disclose, and safeguard your personal information when you visit our websites.

In this privacy notice, “personal information” means information about you and which identifies you, such as your name and email address, but does not include (to the extent permitted by law) information that is publicly available in a telephone directory or that is the business contact information that enables an individual to be contacted at a place of business.

This privacy notice is written in accordance with the regulations of the Kenya Data Protection Act and the General Data Protection Regulation. Please read it carefully. You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of the site.

We reserve the right to make changes to this privacy notice at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this privacy notice. Any changes or modifications will be effective immediately upon posting the updated privacy notice on the site. You are thus encouraged to periodically review this privacy notice to stay informed of updates.

Please note that this privacy notice only applies to the website and not to websites of other organizations that we may be associated with or that may be associated with us. Additionally, this privacy notice does not apply to any offline communication between you and Médecins Sans Frontières/Doctors Without Borders (MSF).

If you have any questions please contact our Data Protection Officer at [[email protected]]

2. Collection of your information 

MSF EA collects information from you in various ways when you use our website:

  • when you give it to us directly
  • when you give it to us indirectly
  • when you give it to us via social media
  • through cookies

Active Information Collection:

You directly give us personal information when you donate, sign up for one of our events, communicate with us, sign up for email newsletters and leave a comment on our social media accounts, provide us feedback, contact us via e-mail, respond to an employment opportunity posted on our website.  Actively we specifically collect:

1. Personal data

We will specifically collect your name, phone number and e-mail address, demographic information, location, and other information you give us when you register with the site as well as any other content included in the e-mail and any information that you submit to us.

2. Financial data

Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you chose to donate to our services from the site. We do not store any, financial information that we collect. All payment information is stored by our payment processors, and you are encouraged to review their privacy notice and contact them directly for responses to your questions.

3. Data from surveys

Personal and other information you may provide when responding to surveys.

Passive Information Collection:

Derivative data:

As you navigate through our website, certain anonymous information and non-anonymous information is passively collected (that is, gathered without your actively providing the information) using various technologies, such as cookies, Internet tags or web beacons, and navigational data collection (log files, server logs, click-stream). Your internet browser automatically transmits to the website some of this anonymous Information, such as the URL of the website you just came from and the Internet Protocol (IP) address and the browser version your computer is currently using, your access times, pages you have viewed and location.

3. How we use your information 

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience.  As a general rule, your personal data will not be used for any other purpose than that for which they were voluntarily provided to us.

Depending on how you manage your privacy controls, we may use your information for various purposes such as to manage your account, email you about our activities, provide you with and request feedback, hiring purposes, statistical purposes, improvement in customer service, customize your experience when using the website, increase the efficiency and operation of the site,

We may use publicly available information from your social media profile to target you with specific posts that may interest you. We’ll never ask for personal or sensitive information on social media. We may respond to questions, queries or comments left on our social media channels. We'll also send you direct marketing by e-mail and phone if you've consented to hear from us this way.

Our email direct marketing has ways to opt-out or update your preferences in the footer of each email. You can opt-out at any time. If you don’t want to hear from us, that’s fine. Just let us know at [[email protected]


Legal Basis

To administer your relationship with MSF EA, including to contact and correspond with you regarding those matters

For our legitimate business interests (i.e. the provision of the websites and services)

To facilitate your interactions and transactions with MSF EA

For our legitimate business interests (i.e. the provision of the websites, products, and services)

To provide you with services

For our legitimate business and depending on the circumstances, to perform a contract between you and us

To process your donations

For our legitimate business interests (i.e. the provision of humanitarian services)

To process and respond to your inquiries, requests, and other communications

For our legitimate business and depending on the circumstances, to perform a contract between you and us

To notify you about changes to the websites or the products and services

For our legitimate business interests

To audit and monitor the use of the websites

For our legitimate business interests (i.e. the provision of services, as well as to improve and monitor the security of the websites) or we may request your consent in certain circumstances where we are required to do so by law (e.g., in relation to our use of certain cookies)

To maintain, protect and improve MSF EA services and to develop new products and services

For our legitimate business interests (i.e. the provision and improvement of the products and our services)

To manage complaints, feedback, and queries

For our legitimate business interests (i.e. the provision and improvement of the websites, products, and services)

To administer and facilitate your participation in contests and promotions related to MSF EA

For our legitimate business interests (i.e. the promotion of the websites, products, and services), and depending on the circumstances, to perform a contract between you and us

To carry out market research and analysis

For our legitimate business interests (i.e. the provision, improvement, and promotion of the websites, products, and our services)

To carry out satisfaction surveys and analysis

For our legitimate business interests (i.e. the provision, improvement, and promotion of the websites, products, and our services)

To provide you with information (including by email and other electronic messages) regarding MSF EA and its business, products, and services and products and services offered by other businesses, to the extent permitted by applicable law and in accordance with your preferences as indicated when you entered into any agreement with us, including any marketing consent preferences

Depending on the method of communication, this processing may be carried out with your consent or in accordance with our legitimate business interests to process your information for direct marketing purposes

To comply with any legal or regulatory obligations (including in connection with a court order) and to protect and enforce EA’s legal rights, interests and remedies to protect the business operations and customers of MSF EA or other persons

For our legitimate business interests and for compliance with legal obligations to which we are subject

To enforce or apply the agreements concerning you (including agreements between you and us)

For our legitimate business interests and for compliance with legal obligations to which we are subject

4. Data access, sharing and transfer 

MSF EA discloses your personal information for purposes relating to or arising from your relationship and transactions with MSF EA and as otherwise set out in this Privacy notice or permitted by applicable law. 

Trained staff

Your information is processed by trained staff. We regularly review who has access to your information. As a general rule, your personal data will only be accessible insofar as it is necessary to fulfill the purpose for which it was collected. For instance, the data you provide for donations will be accessible to our donations department, our fundraising and marketing team and to service providers, if any, for the purpose of processing your donation.

Third parties and data processors

MSF EA may share Information or session data with third parties for provisioning of the website service, donation billing, verification of your identity, an email service provider to send out emails on our behalf, maintenance and support, and fraud detection and prevention. We will share your personal information only as necessary for the third party to provide that service.

We sometimes engage third party processors such as individual contractors and service vendors such as lawyers, auditors and other professional advisors to help us manage and store personal data and to carry out certain activities on our behalf. It means that we may share your personal data with service providers, who help assist us in fulfilling our purposes. We do comprehensive checks on any contractors and vendors before we work with them. We always put a contract in place that sets out how they manage the personal data they collect or have access to. Personal data may also be shared with third parties when required by law or by a court order.

International data transfers

We operate globally and may have a need to transfer certain data to countries outside of Kenya. In the event the country where the data is transferred does not provide an adequate level of protection, we make sure to implement technical and organizational measures to protect your data.

5. Protecting your data 

Keeping information about you secure is very important to MSF EA. To this end, we use commercially reasonable protection technology such as encryption to protect sensitive information such as login credentials and donation transactions. We also use firewalls and other security procedures to help protect the accuracy and security of your Information and session data and to help prevent unauthorized access or improper use

While MSF EA strives to protect the information it gathers, it is good to note that no data transmission over the internet can be guaranteed to be totally secure and therefore MSF EA cannot ensure or warrant the security of any information or session data obtained. You therefore provide that data at your own risk. 

6. How long do we keep your information 

We keep your information for as long as it is necessary in connection with the purposes defined above in “How we use your information?” and for the purpose of providing you with your tax receipt. For instance, and as a general rule, we keep your email for the purpose of sending you a newsletter until you unsubscribe.

If you request to receive no further contact from us, we'll keep only the basic information about you on our suppression list in order to avoid sending you unwanted materials in the future, for the duration allowed by the application legislation.

7. Our legal basis for processing personal data 

The Kenya Data Protection Law and the GDPR allow for six ways to process personal data. Four of these are relevant to the types of processing that MSF EA carries out:

  • A person’s consent (e.g. to send you direct marketing by e-mail or SMS);
  • Processing that is necessary for contracting purposes
  • Processing that is necessary for compliance with a legal requirement; and 
  • Our legitimate interests (please see below for more information).

Our legitimate interests include:

  • Charity governance; including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes;
  • Administration and operational management; including responding to solicited enquires, providing information and services, research, events management, the administration of volunteers and employment and recruitment requirements. 
  • Fundraising and campaigning; including administering campaigns and donations, and sending direct marketing and thank you letters by email.

If you'd like to change our use of your personal data in this manner, please get in touch with us through [[email protected]]

8. How can you change your information and what are your rights? 

You have a number of rights under data protection legislations:

  • You can request any information we hold on you.
  • You have the right to ask us to stop using or to restrict the processing of your personal data.
  • You can withdraw your consent to us processing your data at any time (where such processing is based on consent e.g. to send you electronic direct marketing).
  • If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated.
  • In accordance with the provisions of the General Data Protection Regulation, you have a right to erasure (“to be forgotten” i.e. to have your personal data deleted from our database), or transferred to another organisation (“data portability”). 
  • You're also entitled to make a complaint to the office of the data commissioner at

Contact us at [[email protected]] if you  have any concerns about the way your data is being used, if you'd like to change or update your personal information or would like to make a complaint. Kindly note that you may be asked for proof of identity.