Privacy Policy

This privacy notice sets out information about Netpap Global Limited’s privacy practices and your rights

  1. Introduction

Netpap Global Limited is a software as a service billing platform committed to safeguarding your personal information. The entity is referred to as “Netpap Global” “Netpap”, “we” and “us in this Privacy Notice. This Privacy Notice explains Netpap Global Limited ‘s privacy policies as well as your rights. We reserve the right to make changes to this Privacy Notice at any time and for any reason. The revised version will be available at our office and/or at

 Netpap Global Limited a software as a service company that offers a  management platform for internet service provicers operating in Nairobi(Delta corner annex and  and chuka. We respect your privacy and are committed to managing your trust, as we collect and manage user data according to this Privacy Policy. The goal is to incorporate our company values of: transparency, accessibility,intergrity, sanity and usability. 

This document forms  part of Netpap’s Terms of Service and by using and any of its sub domains or domains point to it (the “Website”), you agree to the terms of this Privacy Policy and the Terms of Service. Please read carefully the Terms of Service in their entirety.

  1. Data protection laws
  • We are bound by The Data Protection Act 2019 (Act No. 24 of 2019) and adhere to related legislation and best practices referenced in the European Union (“EU”) General Data Protection Regulation 2016/679 (“GDPR”). 
  • In this Privacy Notice, the terms personal data, controller, processor, data subject, consent, third party, processing and profiling have the meanings given to them in The Data Protection Act 2019 (Act No. 24 of 2019)
  1. Controller contact details

The controller for the processing of personal data under this Privacy Notice is:

Netpap Global Limited,

P.O. Box  60400,35 Chogoria

Telephone: +254 741 835078

Email: [email protected]


  1. Data Protection Officer contact details

If you have any questions about this Privacy Notice or about our personal data processing practices, or if you wish to exercise any of your rights as a data subject, you may contact Netpap Global Limited’s Data Protection Officer as follows:

Netpap Global Limited,

Denis Miwiti

P.O. Box  60400,35 Chogoria

Telephone: +254 741 835078

Email: [email protected]


  1. supervisory authority contact details

If you have a complaint about our personal data processing practices, you should first contact Netpap Global Limited s’ Data Protection Officer. If you are not satisfied with our response, you have the right to lodge your complaint with the following supervisory authority:

Office of the Data Protection Commissioner-Kenya

CA Centre, Waiyaki Way,


P.O Box 30920 – 00100

Tel: 0796954269/0703042000/0778048164

E-mail: [email protected]

  1. Data Collected

Netpap Global Limited processes personal data in a number of different situations in order to provide the requested services to you. Here is how we processes, your personal data. We collect and process certain personal data from and about: 

  1. Clients;
  2.  Officers, employees;
  3. Wifi ,Internet Users via our clients;
  4. Wifi and website visitors.;

Types of personal data we collect

We collect information like web requests, the data sent in response to such requests, the Internet Protocol (IP) address,mac address the browser language and a timestamp for the request

We ask you to log in and provide certain personal information (such as your username,password and phone number) in order to be able to save your profile ,and purchases associated with it.

To the client,we require 2 company emails, 2 phone numbers and company physical location so as to generate and send invoices originating from Netpap.

In order to enable these or any other login based features, we use cookies to store session information for your convenience. You can block or delete cookies and still be able to use Netpap Global  although if you do you will then be asked for your phone or username and password combination every time you log in to the website.

You may also choose to provide us with other personal information, such as,location,bank account,KRA PIN,VAT Number, to uniquely identify the company but it is your decision to provide such data will always be voluntary and will not affect how the system operates.

We further collect further information on the end users of our platform, particular customers that receive internet access services from ISPs that are our clients. The information that we get include transactional data such as end user’s first name second name and middle name, phone number, town,building,room no and purchase history, money transacted via the MPESA API  and other service related data such as statistics.All this data is used by the ISP to identify a client installation and monitoring purposes.

We collect router traffic data e.g interface name,router name,download speed,upload speed,uptime,hard disk performance,CPU load and router queue name.

The hotspot landing page and the url from which an internet customer access the network is the express property of the network provider licensed by netpap to the network provider.It is managed and hosted by netpap.

Changes are made by netpap at the request of the network provider

We also collect mac address,ip address indirectly through session requests sent by the internet routers.

You are able to view, change and remove your data associated with your profile. Should you choose to delete your account, please contact us at [email protected] , and we will follow up with such request as soon as possible.

If you disclose any Personal Information relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

Minors and Children should not use Netpap. By using the website you represent that you have the legal capacity to enter into a binding agreement

  1. Purposes of processing and legal basis for processing

Your personal data will be processed for the reasons listed in the left column. In the right hand column, you’ll find the legal basis for processing under the Data Protection Act 2019 (Act No. 24 of 2019) and best practices specified in the General Data Protection Regulation 2016/679 (“GDPR”).

Purpose of processingLegal basis for processing
To create and administer accounts, fulfill and record transactions and provide you with related assistance (e.g technical help, answers to queries.)Necessary for performance of our duties and function, or to take steps prior to entering into a contract.
To comply with applicable laws Necessary to comply with legal obligations to which we are subject.
To manage and develop our relationship with you and to send you communications about our services Necessary for the purposes of our’ legitimate interests in business development developing and growing its business. 
For trending and statistics, and to improve our products and services.Necessary for performance of our duties and function, or to take steps prior to entering into a contract.
For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements.Necessary for performance of our duties and function,  or comply with legal obligations to which we are subject or to take steps prior to entering into a contract.
For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theftNecessary for performance of our duties and function, or to take steps prior to entering into a contract.

We employ industry standard techniques to protect against unauthorized access of your data that we store, including personal information. We process your personal information based on your consent.

  1. Sharing of data
  • We may disclose your personal data to third parties who provide administrative, due diligence, storage, telecommunications, and information technology and other services to us in support of our business. 
  • However, we will ensure that all such suppliers are subject to obligations not to use or disclose that data.
  •  In some instances, we are required and permitted by law to provide your personal data to government authorities. 
  • For the purposes of your matter, we may disclose your personal data to third parties who provide services which assist us with your matter and to third parties who are involved in the matter 
  1. We also make use of social media buttons supplied by Twitter, Google+, LinkedIn, and Facebook. It is totally up to you whether or not you utilize these third-party services. We are not responsible for the privacy policies and/or practices of these third-party services, and it is your responsibility to read and comprehend their privacy policies. Third party payment processors

For internet-based payment services, we now employ third-party payment processors as a Third Party Offering. If you use the Services to make a payment, your Personal Information may be collected directly by such processors rather than by us, and will be subject to their privacy policies. We have no control over how third parties acquire, use, or disclose your Personal Information, and our responsibility and obligation is limited to payment purposes. 

  1. Data retention

We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you(for example, for as long as you have an account with us or keep using the Services);
  • Whether there is a legal obligation to which we are subject(for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations);
  • Once we have no legal or commercial reasons to retain personal data, it will be securely deleted or destroyed.
  1. Transfers
  • We may transfer your personal data overseas. We are in the process of moving our primary servers to a cloud-based information system that may be located in another country. Any personal data we hold on our systems may be transferred to such a place in accordance with Kenya’s Data Protection Act, Part VI (Transfer of Personal Data Outside Kenya);
  • We will require that any overseas third party to which it discloses your personal data to: (a) only use that personal data for the purposes for which it was disclosed; (b) use all technical and organisational measures which are reasonable in the circumstances to secure that personal data; (c) delete that personal data when it is no longer required; and (d) treat that personal data in accordance with this Privacy Notice and their local data privacy law; 
  1. Automated decision-making including profiling

Netpap Global Limited does not engage in any automated decision-making or profiling. 

  1. Your rights

As per section 26 of the Data Protection Act 2019 you have certain rights in relation to your personal data as follows:

  • Access: You have the right to obtain access to and a copy of any personal data we hold about you. You also have the right to find out whether your personal data has been transferred and any safeguards relating to this transfer.
  • Rectification: If you consider that any personal data we hold about you is incorrect or incomplete, you have the right to ask us to correct or complete that personal data.
  • Erasure: In certain circumstances, you have the right to ask us to erase any personal data we hold about you.
  • Restriction of processing: In certain circumstances, you have the right to ask us not to process your personal data for certain purposes.
  • Objection to processing: In certain circumstances, you have the right to object to us processing your personal data for certain purposes.
  • Data portability: In certain circumstances, you have the right to request a copy of your personal data in a structured, commonly used and machine-readable format.
  • Withdrawing consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.

To make a request pursuant to these rights, contact Netpap Global Limited Data Protection Officer 

  1. Changes to this privacy policy

We make changes to this Privacy Policy from time to time. Any changes we make will become effective when we post a modified version of the Privacy Policy to We therefore encourage you to be constantly on the look and stay informed of how we are using personal data.

Contact us

If you have any questions regarding this Privacy Policy you can contact us via email at [email protected]