Privacy Policy (Controller Notice)
Effective date: 1 January 2026 | Version: 1.1
This Privacy Policy explains how we collect, use, share, store, and protect personal data when we act as a data controller. For a shorter overview, see our Website Privacy Notice.
Quick Reference
When we process personal data on behalf of a client as a data processor, the client's privacy notice and our Data Processing Agreement (DPA) apply.
1. Who we are
We are an AI consulting, integration, and product-development company headquartered in Nairobi, Kenya. We build and integrate AI-enabled systems for organizations and also develop consumer-facing applications.
Legal name: Lambda Softwares Limited (LSL)
Country: Kenya
City: Nairobi
Website: https://www.lambdasoftwares.tech
Email: lambda@denning.pro
Phone: +254 702 931 388
Postal address: Nairobi, Kenya
Privacy contact: Data Protection Officer / Privacy Lead – privacy@lambdasoftwares.tech (recommended)
2. Scope
This policy applies to:
- Our website and marketing pages
- Pre-contract engagements (sales, demos, proposals)
- Our internal operations (recruitment, HR, finance, vendor management)
- Our consumer applications and innovation-lab products (if and when launched)
- Events, webinars, and community programs we host or co-host
Client services note: When we provide services that involve client-controlled data (e.g., deploying models into a client system), the client is typically the data controller and we act as a data processor.
3. Key definitions
- Personal data: information relating to an identified or identifiable individual
- Sensitive personal data: special categories (e.g., health, biometrics) requiring heightened protection
- Controller: the party that determines the purposes and means of processing
- Processor: the party that processes personal data on behalf of the controller
4. Personal data we collect
Depending on how you interact with us, we may collect:
- Identity and contact data (name, email, phone, organization, job title)
- Account data (login identifiers, authentication tokens, user preferences) for our apps where applicable
- Communications (messages you send us, support tickets, call notes)
- Business and contract data (billing contacts, invoices, purchase orders)
- Recruitment data (CV, work history, education, references) if you apply for a role
- Technical data (IP address, device identifiers, browser type, log data, cookie identifiers)
- Event participation data (attendance, dietary preferences if voluntarily provided)
We do not intentionally collect children's data. If our products target minors in the future, we will implement age-gating and appropriate parental/guardian consent mechanisms.
5. Sources of personal data
- Directly from you (forms, emails, calls, meetings, events)
- From your organization (where your employer engages us)
- From publicly available sources (e.g., corporate websites, professional profiles) where lawful
- From cookies and similar technologies on our website (see Cookies section)
6. Why we process personal data and our legal bases
We process personal data for the purposes below. We rely on legal bases recognized under the Kenya Data Protection Act, 2019 and aligned with the GDPR:
| Purpose | Legal basis (Kenya DPA / GDPR) |
|---|---|
| Provide and improve our services | Contract; legitimate interests; and/or consent (where required) |
| Respond to inquiries and provide customer support | Legitimate interests; contract |
| Sales, marketing, and relationship management | Legitimate interests; consent for certain marketing/cookies |
| Operate our website and ensure security | Legitimate interests; legal obligation where applicable |
| Recruitment and hiring | Legitimate interests; steps prior to entering a contract |
| Compliance and legal requirements (tax, audit, dispute) | Legal obligation; legitimate interests |
| Research and product development for our own consumer apps (where applicable) | Legitimate interests; consent where required; contract for app users |
7. Cookies and similar technologies
We use cookies and similar technologies to operate our website, remember preferences, analyze traffic, and (where permitted) support marketing.
- Strictly necessary cookies: required for core site functionality and security
- Analytics cookies: help us understand site usage and improve performance
- Marketing cookies: used to measure and improve campaigns (used only with consent where required)
You can manage cookie preferences via your browser settings and, where implemented, our cookie banner/consent manager. For more details, see our Cookie Notice.
8. Sharing of personal data
We may share personal data with:
- Service providers (e.g., hosting, email, analytics, customer support tools) under contract and confidentiality
- Professional advisers (lawyers, auditors, insurers) where necessary
- Government or regulators where required by law or to protect rights
- Event partners where you register for a co-hosted event (we will disclose this at registration)
We do not sell personal data.
9. International transfers
Some of our service providers may process data outside Kenya or the EEA/UK. Where transfers occur, we implement appropriate safeguards, such as contractual protections, vendor due diligence, and, where applicable, Standard Contractual Clauses or equivalent mechanisms.
10. Data security
We implement technical and organizational measures appropriate to the risk, which may include access controls, encryption in transit, logging, backups, secure development practices, and least-privilege access management. No method of transmission or storage is 100% secure; however, we continually improve controls.
11. Data retention
We retain personal data only as long as necessary for the purposes described above, unless a longer period is required or permitted by law. We maintain a retention schedule and perform periodic reviews. When data is no longer required, we delete, anonymize, or securely archive it.
12. Automated decision-making and profiling
Where we use automated decision-making or profiling in our own products, we will provide clear notices and, where required, offer meaningful information about the logic involved and the expected consequences. You may object to certain types of profiling or request human review where applicable.
13. Your rights
Subject to applicable law, you have rights including:
- Access: request confirmation and a copy of your personal data
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion where grounds apply
- Objection: object to processing based on legitimate interests or for direct marketing
- Restriction: request limitation of processing in certain circumstances
- Portability: receive certain data in a structured, commonly used format (where applicable)
- Withdraw consent: where processing is based on consent, at any time
To exercise rights, contact us using the details in section 1. We may need to verify your identity.
14. Complaints
If you have concerns, contact us first so we can address them. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya and, where applicable, a supervisory authority in the EEA/UK.
15. Changes to this policy
We may update this Privacy Policy from time to time. We will post updates on our website and update the effective date. Material changes may be notified via email or in-product notices where appropriate.
16. Appendix: Client services (processor role) summary
When lsl processes personal data as a processor for a client, we do so under a written contract/DPA. In that context, the client controls the purposes and means of processing, and the client is responsible for providing notices to data subjects.
lsl is currently undergoing registration with the Office of the Data Protection Commissioner (ODPC) as a data processor.
Contact Us
For privacy-related inquiries, please contact:
- Email: privacy@lambdasoftwares.tech (recommended)
- General: lambda@denning.pro
- Phone: +254 702 931 388
- Location: Nairobi, Kenya