Data Protection & Privacy Compliance
Infinite Insight is committed to safeguarding the privacy and confidentiality of all research participants, clients, and partners.
Infinite Insight operates through a research permit issued annually by NACOSTI.
At Infinite Insight, we are committed to safeguarding the privacy and confidentiality of all research participants, clients, and partners. Members of the public will only share their opinions if they can be certain that no breach of confidentiality will occur.
From its inception in 2010, we have been firmly committed to complying with the ICC/ESOMAR Code of Practice, the Marketing & Social Research Association’s (MSRA) Code of Ethics, and the General Data Protection Regulation (GDPR).
Our data collection and processing practices comply with the Data Protection Act, 2019 (Kenya).
Infinite Insight is registered as a Data Controller and a Data Processor with the Office of the Data Protection Commissioner (ODPC), Kenya.
↓ Download Our Data Privacy Statement as PDF
In our research practice, we ensure that:
- →Participation in all studies is voluntary and based on informed consent
- →Personal data is collected only for specific research purposes and not used for marketing or sales
- →Responses are anonymised and reported in aggregate, ensuring individuals cannot be identified
- →Data is stored securely using robust technical and organisational safeguards
- →Access to data is restricted to authorised personnel only
- →Data is retained only for as long as necessary for research and compliance purposes
All respondents are asked to sign Informed Consent Forms before any data is collected. Consent is freely given, specific, informed, and unambiguous.
Should data be made available to Third Parties (parties other than the main commissioning client), a second separate consent form is obtained from the respondent before any data is shared. Respondents may revoke consent at any point — all data will be deleted with immediate effect.
Our compliance procedure ensures that respondents’ rights are upheld at every stage — from initial consent through to data deletion after fieldwork is complete.
- Contact identifiers separated from survey responses and deleted after quality control verification
- Anonymised aggregated data retained for minimum 1 year for longitudinal purposes
- Reports and presentations archived permanently but never contain identifiers
In Kenya, the Data Protection Act of 2019 is in force. Infinite Insight is registered with the ODPC as both a Data Controller and Data Processor and is fully compliant with all requirements, including:
- Registration of Data Controllers and Data Processors with the ODPC
- Obtaining lawful basis and informed consent before collecting personal data
- Implementing appropriate technical and organisational security measures
- Respecting data subject rights — access, rectification, erasure, and objection
- Reporting personal data breaches to the ODPC within 72 hours of discovery
- Appointing a Data Protection Officer for organisations processing personal data at scale
- Data is stored on password-protected, offline systems — not on cloud servers
- Only the Data Processing Manager has access to raw field data
- Data files are compressed and locked with strong passwords before transfer to clients
- Individual systems are protected by firewalls and anti-malware software, kept fully up-to-date
- On infiniteinsight.net, no cookies are used for tracking or page analytics
- In online surveys, cookies are deployed only to prevent multiple entries
Contact our Data Protection Officer
The Mirage, Tower 2, Pent Floor, Room 32
Chiromo Road, P.O. Box 1324, 00606 Nairobi, Kenya
Questions about data protection or privacy?
Contact our Data Protection Officer — we respond to all queries promptly.