Privacy Policy

Maasai Mara University (“the University”) is committed to protecting the privacy and personal data of all students, staff, partners, and stakeholders. This Privacy Policy outlines how we collect, use, share, and safeguard your personal information across all University systems and services.

This policy applies to:

  • The University’s official website (https://www.mmarau.ac.ke)
  • Student Information and Management Systems (including portals and ERP)
  •  E-learning platforms and library systems
  • Staff and faculty information systems
  • University email services
  • ICT infrastructure and communication platforms
  • Any other digital or physical data processing system operated by the University.

Information We Collect

We may collect the following types of information:

  • Personal identification data: names, ID/passport numbers, admission numbers, staff numbers, addresses, phone numbers, and emails.
  • Academic records: applications, enrolments, grades, transcripts, and certifications.
  • Employment and HR records: recruitment data, payroll details, performance records, and professional profiles.
  • Financial data: tuition fees, salaries, allowances, and other financial transactions with the University.
  • Technical data: IP addresses, device information, login credentials, and usage logs across University systems.
  • Research and collaboration data: information submitted in projects, grants, and partnerships.
  • Security data: CCTV footage, access logs, and visitor records.

How We Use Your Data

The University processes personal data for the following purposes:

  • Academic administration: admissions, registration, learning management, examinations, and graduation.
  • Human resource management: recruitment, payroll, performance evaluation, and staff welfare.
  • Financial management: billing, payments, budgeting, and auditing.
  • Research and innovation: managing research activities, collaborations, and publications.
  • ICT and security: safeguarding University systems, ensuring system performance, and preventing unauthorized access.
  • Legal and statutory compliance: fulfilling obligations under the Kenya Data Protection Act, 2019 and other applicable laws.
  • Communication: sending official notices, updates, and correspondence to stakeholders.

Data Sharing

Your personal data may be shared only when necessary and in line with legal requirements:

  • With regulatory and government bodies (e.g., Ministry of Education, HELB, KRA).
  • With accredited partners, collaborators, and service providers bound by confidentiality agreements.
  • With law enforcement agencies when required by law.
  • Within University departments for legitimate academic, administrative, or operational purposes.
  • The University does not sell personal data to third parties.

Data Retention

  • Student and staff records are retained in accordance with statutory, academic, and administrative requirements.
  • Comments, logs, and system metadata may be retained to ensure integrity, security, and compliance.
  • Data will be kept only for as long as is necessary to meet the purpose for which it was collected, after which it will be securely disposed of or anonymized.

Your Rights

In line with the Kenya Data Protection Act, 2019, you have the right to:

  • Be informed about how your personal data is used.
  • Access personal data the University holds about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of data under certain circumstances.
  • Object to or restrict processing of your data where applicable.
  • Data portability (request transfer of your data in a usable format, where feasible).

Requests can be made formally through the University’s Data Protection Office.

Data Security

The University employs a range of measures to protect your data, including:

  • Secure servers, firewalls, and encryption technologies.
  • Role-based access controls for staff and administrators.
  • Regular audits, monitoring, and compliance checks.
  • Physical security for records and ICT infrastructure.

International Transfers

Where data must be shared with institutions or service providers outside Kenya (e.g., in collaborations, cloud services, or international partnerships), such transfers will comply with the requirements of the Kenya Data Protection Act, 2019 and relevant international standards.

Contact Information (Data Protection Office)

For inquiries, concerns, or to exercise your data protection rights, please contact:

Data Protection Officer (DPO)

Maasai Mara University

P.O. Box 861 – 20500, Narok, Kenya

📧 Email: [dpo@mmarau.ac.ke]

Policy Review

This Privacy Policy will be reviewed regularly to ensure compliance with evolving legal requirements, ICT practices, and University policies. Updates will be communicated via the University website and official communication channels.