Privacy Policy

This policy applies to all users of the NextGen Platform, including candidates, company representatives, and administrators. By using the Platform, you consent to the data practices described in this policy.

For the purposes of Kenya's Data Protection Act, 2019, the joint data controllers are:

• UNDP Kenya, UN Complex, Gigiri, Nairobi
• KEPSA, KEPSA Building, 5th Floor, Muthaiga, Nairobi

When you create an account or apply to the programme, you may provide:

• Identity Data: Full name, national ID number, date of birth, gender
• Contact Data: Email address, phone number, county of residence, emergency contact details
• Educational Data: Institution name, degree, field of study, graduation year, GPA
• Professional Data: Work experience, skills, certifications
• Disability Information: If voluntarily disclosed, for accommodation purposes
• Documents: Academic transcripts, national ID copies, professional certifications

When you use the Platform, we automatically collect:

• Usage Data: Pages visited, features used, time spent on Platform
• Device Data: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, performance metrics

Certain information we collect may be considered "sensitive" under Kenyan law, including:

• National ID number
• Disability status and accommodation needs
• Biometric data (if ID verification is implemented)

We collect sensitive data only with your explicit consent and use it solely for the purposes disclosed.

We use automated scoring algorithms to evaluate applications based on:

• Academic performance relative to institution and field
• Relevance and depth of skills and experience
• Application completeness and quality

You have the right to request human review of any automated decision. See Section 8 (Your Rights) for details.

Your data is shared with:

• UNDP Kenya: Programme administration, verification, oversight
• KEPSA: Employer coordination, matching, placement management
• Partner Companies: When your application is forwarded for placement consideration. Companies receive only information necessary for evaluation.

We engage trusted third-party service providers who assist with:

• Cloud hosting and data storage
• Email and notification delivery
• Document verification services
• Analytics and performance monitoring

All service providers are bound by strict data processing agreements and may not use your data for their own purposes.

We may disclose your data if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect the rights, property, or safety of NextGen, our users, or the public.

Uploaded documents receive additional protection:

• Virus scanning upon upload
• Access restricted to authorized verification personnel only
• Documents are never publicly accessible
• Secure, time-limited viewing URLs for verification

You are responsible for maintaining the confidentiality of your account credentials. Notify us immediately if you suspect unauthorized access to your account.

After the retention period expires, we securely delete or anonymize your personal data. You may also request earlier deletion (see Section 8).

To exercise any of these rights, contact our Data Protection Officer at dpo@nextgen.ke. We will respond within 30 days as required by law.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya:

ODPC Kenya, Britam Centre, 8th Floor, Hospital Road, Upper Hill, Nairobi
Email: info@odpc.go.ke | Website: www.odpc.go.ke

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain Platform features.

We do not currently respond to "Do Not Track" signals. However, we do not track users across third-party websites for advertising purposes.

We verify age through national ID and date of birth information. Applications from individuals under 18 are automatically rejected.

If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@nextgen.ke. We will promptly delete such information.

When we transfer data internationally, we ensure adequate protection through:

• Standard contractual clauses approved by the ODPC
• UNDP's internal data protection policies and procedures
• Data processing agreements with strict confidentiality requirements

When we make material changes, we will:

• Post the updated policy on this page with a new "Effective" date
• Send an email notification to registered users
• Display a notice on the Platform for at least 30 days

Your continued use of the Platform after changes become effective constitutes your acceptance of the revised Privacy Policy. If you disagree with the changes, you must stop using the Platform and may request deletion of your data.