NAIROBI SECURITIES EXCHANGE
PLC
PRIVACY
AND COOKIE POLICY

Privacy Policy

1. INTRODUCTION

1.1.  This Privacy Policy explains how the Nairobi Securities Exchange
Plc (“NSE Plc”) collects information from you when you:

1.1.1.
use our products or services
including NSE Mobile Application;

1.1.2.
 download documents from us or subscribe for
alerts or newsletters;

1.1.3.
attend one of our events, or an event
hosted at our premises;

1.1.4.
visit or register to use (the “
NSE Websites”)

·
www.nse.co.ke and all other web resources hosted under the nse.co.ke
public domain

·
www.m-akiba.go.ke

·
www.m-akiba.co.ke

1.2.  The Website uses cookies and other tracking technologies to
improve and tailor your browsing experience. Please read our Cookies Policy
below for more information.

1.3.  Please read this Privacy Policy carefully and re-visit this page
from time to time to review any changes that may have been made.

1.4.  Your data controller will be the NSE Plc entity which collected
your personal data. In relation to the Website, that entity is Nairobi
Securities Exchange plc. We will process any personal information we collect
about you in accordance with applicable data protection laws, and where
required, we will maintain appropriate registrations as data controllers with
the local regulatory bodies.

1.5.  In the event of any conflict between this Privacy Policy and the
terms of a contract you have with us, the relevant provision of that contract
shall prevail. Nothing in this Privacy Policy shall apply to the extent that it
is incompatible with applicable data protection laws.

1.6.  Whilst your data controller may be the NSE, your details may be
held in our contact database which can be accessed and used by other entities within
the NSE Plc, which may be located outside Kenya. For more information on data
sharing and transfers of data outside of the Kenya, please see section 5 below.

1.7.  Effective Date: 15 April 2020

2.     WHAT PERSONAL INFORMATION DO WE COLLECT

 

2.1.  “Personal Information” refers to information which
does or is capable of identifying you as an individual. The types of Personal
Information that we process will depend largely on the service you receive from
us (and may also vary by country, and according to applicable law). However,
the following is an overview of the types of Personal Information which we
process:

2.1.1.
your name;

2.1.2.
email address;

2.1.3.
other personal contact details
(including telephone number and postal address);

2.1.4.
job title;

2.1.5.
employer;

2.1.6.
corporate contact details (including
business “direct dial” or office address);

2.1.7.
date of birth (for instance, where we
need to verify age);

2.1.8.
financial information (where necessary
to conclude services contracts with you);

2.1.9.
your photograph (for instance, where
you utilize the NSE Academy);

2.1.10.
career history, professional
background and other CV related information (for example, where you provide
this to us in connection with a job application);

2.2.  Your use of the Websites and related online services involves
the automated collection of certain types of information, some of which may be
considered Personal Information under applicable laws or in specific
circumstances. This information includes:

2.2.1.
IP address;

2.2.2.
browser type; and

2.2.3.
Operating system.

2.3.  In addition, the Websites use a range of cookies to improve and personalize
your experience. More information about these can be found in the Cookies
Policy below.

2.4.  We may in limited circumstances collect certain types of
sensitive Personal Information which are protected more strictly by law. These
include:

2.4.1.
Disability information (where you
choose to share this with us in relation to accessing to our services or our
physical premises); and

2.4.2.
Religious affiliation (for example,
where this relates to your dietary requirements for an NSE Plc hosted event).

2.5.  We will only collect information that is necessary for us to
provide you with the product or service that you have requested. The type of
information that we may collect will depend upon the nature of that service or
product.

3. HOW WILL WE USE ANY PERSONAL INFORMATION THAT WE COLLECT?

3. 

3.1.  It will often be apparent from the context how we intend to use
that Personal Information.

3.2.  The following is an overview of NSE Plc’s purposes for
processing Personal Information. Please remember that additional information
may be provided to you in a separate notice, or in our terms and conditions. In
addition to 1.5, in the event of any conflict between any separate notice and
our terms and conditions, our terms and conditions shall take precedence.

3.3.  All processing of Personal Information which we undertake is
justified by a “condition” for processing. In addition, processing of
sensitive Personal Information is always justified by a secondary condition. In
the majority of cases, processing will be justified on the basis that:

3.3.1.
you have consented to the processing;

3.3.2.
the processing is necessary to
perform a contract or to take steps to enter into a contract;

3.3.3.
the processing is necessary for us to
comply with a relevant legal obligation; or

3.3.4.
the processing is in our legitimate
commercial interests, subject to your interests and fundamental rights.

3.4.  The purposes for which we process your Personal Information are
to:

3.4.1.
 provide you with specific services in
accordance with a contract you are entering, or have entered into with us;

3.4.2.
register you for client services, and
to create user accounts (for instance, online trading services https://onlinetrading.nse.co.ke/ );

3.4.3.
onboard you as a client and to carry
out background and screening checks (for instance, where your firm applies for
membership of IBUKA);

3.4.4.
compile and maintain files on
prospective and current directors and qualified advisors, and to carry out
background and screening checks on the same, in order to comply with regulatory
requirements;

3.4.5.
carry out regulatory reporting (for
instance, in accordance with the Capital Markets Authority regulations in Kenya);

3.4.6.
provide you with newsletters or
alerts where you have signed-up for these on the Websites;

3.4.7.
conduct market research surveys,
where you choose to participate in these;

3.4.8.
run competitions;

3.4.9.
analyze usage of the Websites (see
more information in relation to our use of analytics tools below);

3.4.10.
arrange events hosted at our
premises, where you are either an organizer or an attendee; and

3.4.11.
Control access to our premises.

Your personal data
may be processed either electronically or in hard copy form, both inside and
outside Kenya, in accordance with paragraph 6.

3.5.
We may send you direct marketing
communications. Where these are electronic communications (email or telephone)
we will have obtained your prior consent. In limited circumstances, where we
have obtained your explicit prior consent, we may send you marketing
communications in relation to carefully selected and relevant third party
partners, whose products and services may be of interest to you. You may opt
out of certain kinds of marketing, or all forms of marketing, emailing us at
the following address: info@nse.co.ke. Alternatively, you can click on the “opt-out” link
provided in all our marketing emails.

4. ANALYTICS

4. 

4.1.  We use analytics tools on the Website to provide the service you
request, identify service issues to us, improve our services, provide content
tailored to your personal preferences, and to monitor the Website’s traffic and
usage.

4.2.  When we send you marketing emails, we may use email tracking
technology, such as dynamic links and image files, to monitor engagement and to
understand the relevance and effectiveness of our communications to you.

4.3.  When you fill in forms or download files from the Websites, we
may use technologies to distinguish known from unknown Website visitors, and to
monitor customer engagement with our services.

4.4.  We may use IP lookup technology to determine your general
location so that we can customize the Website for you. We may also use IP
lookup to determine how our known clients engage with different parts of the
Website.

4.5.  All of these tools may be provided by third-party service
providers and may include the collection and tracking of certain data and
information regarding the characteristics and activities of visitors to the
Website. We may disclose data, including Personal Information, to certain such
third-party services providers in order to obtain such services.

4.6.  One of our providers is Google Analytics and more information
about the ways in which they collect and process your Personal Information can
be found here: https://www.google.com/policies/privacy/partners.

5. DISCLOSURE OF YOUR PERSONAL INFORMATION

5. 

5.1.  We may share your personal information within the NSE Plc in
order to provide you with our services. Access to your Personal Information is
limited to those employees, agents and contractors of the NSE Plc who need
access to it in order to provide you with our services; to communicate with you
(including, with your consent, to send you marketing communications); and to
carry out legal or regulatory obligations.

5.2.  We may also employ the services of third party service providers
to help us in certain areas, such as website hosting, physical security,
marketing and market research. Where third party service providers receive your
information we will remain responsible for the use of your Personal
Information. We take appropriate steps to ensure that such third parties treat
your Personal Information with the same consideration that we do.

5.3.  We may from time to time be required to disclose your Personal
Information to law enforcement bodies, regulators, agencies or third parties
under a legal requirement or court order. We act responsibly and take account
of your interests when responding to any such requests.

6. CROSS-BORDER
TRANSFERS OF YOUR PERSONAL INFORMATION

6. 

6.1.  NSE Plc is a Kenyan based organization with an international reach.
Third party service providers who handle data on our behalf may be based in
locations around the world, and we may also be subject to scrutiny from courts
or regulators in a number of different jurisdictions. For these reasons, your
Personal Information may be transferred to other countries both inside and
outside of Kenya. As privacy laws in other countries may not be equivalent to
those in your home country, we only make arrangements to transfer data overseas
where we are satisfied that adequate levels of protection are in place to
protect any information held in that country or that the service provider acts
at all times in compliance with applicable privacy laws. Where required under
applicable laws we will take measures to ensure that Personal Information
handled in other countries will receive at least the same level of protection
as it is given in your home country, for instance by entering into contracts
incorporating the Data Protection Act 2019 Kenya, which can be found here (http://kenyalaw.org/kl/fileadmin/pdfdownloads/Acts/2019/TheDataProtectionAct__No24of2019.pdf).

6.2.  By providing us with your personal information, you expressly
consent to our transferring your Personal Information to countries or
jurisdictions which may not provide the same level of data protection as your
home country, including without limitation countries or jurisdictions outside Kenya.

7. RETENTION OF YOUR PERSONAL INFORMATION

7. 

7.1.  We apply a general rule of keeping your Personal Information for
as long as required to fulfil the purposes for which it was collected. However,
in some circumstances we may retain Personal Information for longer periods of
time, for instance where we are required to do so in accordance with legal, tax
or accounting obligations.

7.2.  In specific circumstances we may also retain your Personal
Information for longer periods of time so that we have an accurate record of
your dealings with us in the event of any complaints or challenges.

7.3.  We maintain a retention procedure which we apply to records in
our care. In all cases, where your information is no longer required we will
ensure it is disposed of in a secure manner and, where required by applicable
law, we will notify you when such information has been disposed of.

8. PROTECTION OF YOUR PERSONAL INFORMATION

8. 

8.1.  We will hold your Personal Information securely whilst it is
under our control, including where it is processed by third party service
providers on our behalf. We train our employees in respect of their obligations
under data protection laws, and we ensure that only relevant NSE Plc employees,
contractors and agents have access to your personal information.

8.2.  We take the security of our physical premises, our servers and
the Websites seriously and we will take all appropriate technical measures
using recognized security procedures and tools in accordance with good industry
practice to protect your personal information across all of these platforms.

8.3.  Whilst we use all reasonable endeavors to protect your security
in the manner described above, we consider that it is only appropriate to
advise you that data transmission over the Internet and the World Wide Web
cannot always be guaranteed as 100% secure, and therefore that you use the
Websites at your own risk.

9. OUR USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

9. 

9.1.  The Websites use cookies and other technologies to improve and
tailor your browsing experience as set forth in this Policy and in our Cookie
Policy. Please visit our Cookies Policy below for more information.

9.2.  Do-Not-Track. Currently, our systems do not recognize browser
“do-not-track” requests. You may, however, disable certain tracking
as discussed in our Cookie Policy.

10. YOUR RIGHTS

10.

10.1.
Subject to applicable law, you may
have some or all of the following rights in respect of your personal
information:

10.1.1.
to obtain a copy of your personal
information together with information about how and on what basis that Personal
Information is processed;

10.1.2.
to rectify inaccurate Personal
Information (including the right to have incomplete Personal Information
completed);

10.1.3.
 to erase your Personal Information (in limited
circumstances, where it is no longer necessary in relation to the purposes for
which it was collected or processed);

10.1.4.
 to restrict processing of your personal
information where:

10.1.4.1.     the accuracy of the Personal Information is contested;

10.1.4.2.     the processing is unlawful but you object to the erasure of the Personal
Information;

10.1.4.3.     we no longer require the Personal Information but it is still
required for the establishment, exercise or defense of a legal claim

10.1.5.
to challenge processing which we have
justified on the basis of a legitimate interest (as opposed to your consent, or
to perform a contract with you);

10.1.6.
 to prevent us from sending you direct
marketing;

10.1.7.
to withdraw your consent to our
processing of your personal information (where that processing is based on your
consent);

10.1.8.
to object to decisions which are
based solely on automated processing or profiling.

10.1.9.
In addition to the above, you have
the right to lodge a complaint with the supervisory authority. In Kenya there
will be established the office of the Data Commissioner.

10.1.10.      If you wish to
investigate the exercising of any of these rights, please contact us using the
details set out below.

11. CHANGES TO THIS PRIVACY POLICY

 

11.1.
Any changes we make to this Privacy Policy
will be detailed on this page in order to ensure that you are fully aware of
what Personal Information is collected, how it is used and under what
circumstances it will be disclosed.

12. LINKS

12.

12.1.
This Privacy Policy applies only to
information collected by this Website. The Website may contain links to other
websites. Please be aware that we are not responsible for the privacy policies
of such other sites and we would advise you to read the privacy statements of
those sites.

13. INFORMATION
ABOUT THE DATA CONTROLLER AND CONTACT DETAILS

13.

13.1.
In relation to this Website, your
data controller will be NSE Plc. However, if your data controller is another entity,
we will make that information clear to you at the time your Personal
Information is collected.

13.2.
In all cases, if you have any
complaints or queries relating to the processing of your Personal Information
by NSE Plc, or to exercise any rights in respect of your Personal Information,
you should contact us in one of the following ways:

By post: 55
Westlands Road, P O Box 43633, Nairobi, 00100, KENYA
By email: info@nse.co.ke

Cookie Policy

1.     INTRODUCTION

Nairobi Securities Exchange plc (“we” or
“us”) uses cookies on https://www.insert relevant nse site.co.ke
 (the “Website”). The information set out in this policy is
provided in addition to our privacy policy, and should be read alongside our
privacy policy.

1.1.  Cookies are small text files that are placed on your computer or
mobile device by websites that you visit. They are widely used in order to make
websites work, or work more efficiently, as well as to provide web services and
functionalities for users. For example, they enable you to improve your
experience on the Website and enable the Website to remember your actions and
preferences (such as login, language, font size and other display preferences)
over a period of time, so you don’t have to keep re-entering them whenever you
come back to the Website or browse from one page to another.

1.2.  You do not need to have cookies turned on to visit most of the
Website. However, having cookies switched on should allow for a smoother and
more tailored browsing experience, and is required for certain parts of the
Website’s functionality. In the majority of cases, a cookie does not provide us
with any personal information.

1.2.1.
Types of Cookies

Cookies may be either “persistent” cookies or “session”
cookies. The Website uses both persistent and session cookies.

persistent cookie consists of a text file
sent by a web server to a web browser, which allows us to collect and analyze
(on an anonymous basis) traffic and use of the Website, monitor the system and
improve operating performance, for example, store your preferences to enhance
your subsequent visits. It will not be automatically deleted when the browser
is closed but is stored by the browser and will remain valid until its set
expiry date (unless deleted by the user before the expiry date).

session cookie is essential to ensure the
correct functioning of the Website and is used to manage registration/login and
access to reserved features. It is stored temporarily during a browsing session
will expire at the end of the user session, when the web browser is closed.
This Website uses both persistent and session cookies.

A complete list of the cookies we use is set out in the table at
the end of this policy. This list (together with the rest of this policy) is
subject to change from time to time.

1.2.2.
Other Tracking Technologies

Clear GIFs, pixel tags and other technologies. Clear GIFs are
tiny graphics with a unique identifier, similar in function to cookies. In
contrast to cookies, which are stored on your computer’s hard drive, clear GIFs
are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons,
web bugs or pixel tags), in connection with our Website and services to, among
other things, track the activities of Website visitors and users, help us
manage content, and compile statistics about Website usage. We and our third
party service providers also use clear GIFs in HTML emails to our customers, to
help us track email response rates, identify when our emails are viewed, and
track whether our emails are forwarded.

Local Storage Objects. We may use
Flash Local Storage Objects (“Flash LSOs”) to store your Website
preferences and to personalize your visit. Flash LSOs are different from
browser cookies because of the amount and type of data stored. Typically, you
cannot control, delete, or disable the acceptance of Flash LSOs through your
web browser. For more information on Flash LSOs, or to learn how to manage your
settings for Flash LSOs, go to the Adobe Flash Player Help Page, choose
“Global Storage Settings Panel” and follow the instructions. To see
the Flash LSOs currently on your computer, choose “Website Storage
Settings Panel” and follow the instructions to review and, if you choose,
to delete any specific Flash LSO.

Third Party Ad Networks. We use third
parties such as network advertisers to serve advertisements on our Website,
third-party websites or other media (e.g., social networking platforms). This
enables us and these third parties to target advertisements to you for products
and services in which you might be interested. Third-party ad network
providers, advertisers, sponsors and/or traffic measurement services may use
cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other
tracking technologies to measure the effectiveness of their ads and to personalize
advertising content to you. These third-party cookies and other technologies
are governed by each third party’s specific privacy or cookies policy, not this
one.

1.2.3.
Our Use of Cookies

We do not automatically capture or store personal information from browsers to
the Website, other than to log your IP address (which in certain circumstances
will be your personal data) and session information such as the duration of the
visit to our site and the nature of the browser used. This information is used
only for administration of the Website and in the compilation of statistics
which we use for analysis in order to improve the Website and understand in
general terms who uses our Website.

Cookies may be required to allow you to access and participate
in certain areas of the Website. Once you have closed your browser, this type
of cookie is deactivated. Like all cookies, you are able to remove or block
particular cookies at any time (see below).

1.2.4.
Your Cookie Choices

The majority of browsers will allow you to alter the settings used for cookies
and to disable and enable them as you require.

You can reject all cookies (except strictly necessary cookies)
in case you prefer not to receive them, and you can have your computer warn you
whenever cookies are being used. You can delete the cookies that are already on
your computer and you can set your browser to prevent them from being placed.
Disabling cookies may, however, prevent some web services (including on this
Website) from working correctly. Please be aware that when you have set your
computer to reject cookies, it can limit the functionality of the Website and
it is possible then that you will not have access to some of the features on
the Website.

To disable cookies, or to receive a warning whenever cookies are
being used, you have to adjust your browser settings. You can adjust your
browser settings to delete certain cookies. Visit the “help” section
of your browser for how to manage your cookie settings, or follow the links
below:

·
Internet Explorer: http://support.microsoft.com/gp/cookies/en

·
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies

·
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647

·
Safari: http://support.apple.com/kb/PH5042

·
Opera: http://www.opera.com/browser/tutorials/security/privacy/

For further general information on cookies and more detailed
advice on how to disable and enable them please go to http://www.allaboutcookies.org.

LIST OF COOKIES USED

Below is a list of cookies set on our website and the purpose of
each:

Includes WordPress Cookies: https://wordpress.org/about/privacy/cookies/

Name

Purpose

wp-settings-{user_id}

Used to persist a user’s configuration.

wporg_logged_in
wporg_sec

Used to check whether the current visitor is a logged-in WordPress.org user.

wp-settings-time-{user} Time at which wp-settings-{user} was set
nse_{time}

wordpress_logged_in_{hash}

Used to persist a user’s session.
tk_ai Used for tracking