๐ŸŒฑ New: Biotech Field Trial Results 2025 โ€” East Africa Maize Drought Tolerance Study Read Report โ†’

Legal

Privacy Policy

Last updated: 1 March 2026 ยท Effective: 1 March 2026

Summary: Let's Talk GMO collects only the data necessary to operate this platform. We do not sell your data. We comply with Kenya's Data Protection Act 2019 and GDPR principles.

1. Who We Are

Let's Talk GMO ("we", "us", "our") is an independent initiative dedicated to evidence-based agricultural biotechnology communication across Sub-Saharan Africa. We operate the website letstalkgmo.org.

Data Controller contact: privacy@letstalkgmo.org

2. Data We Collect

Information you provide:
  • Account registration: name, email address, institution, country, role
  • Research submissions: document metadata and uploaded files
  • Newsletter sign-up: email address and optional topic interests
  • Contact form submissions: name, email, message
Information collected automatically:
  • Server logs: IP address, browser type, pages visited, referrer URL
  • Session cookies: required for secure login and CSRF protection
  • Analytics: page views and download counts (aggregated, not personal)

3. How We Use Your Data

  • Account management: authenticating users and managing access roles
  • Research publishing: processing and publishing submitted documents
  • Newsletter: sending policy and research updates you subscribed to
  • Platform security: detecting abuse, fraud, and unauthorised access
  • Analytics: understanding how the platform is used to improve it
  • Legal compliance: meeting obligations under applicable law
We do not use your data for advertising, profiling, or sale to third parties.

4. Legal Basis for Processing

  • Consent โ€” newsletter subscriptions and optional analytics
  • Contract โ€” operating your registered account and processing submissions
  • Legitimate interests โ€” platform security and fraud prevention
  • Legal obligation โ€” compliance with Kenyan and applicable international law

5. Data Sharing

We do not sell or rent your personal data. We may share data with:
  • Service providers: hosting (server infrastructure), email delivery (transactional only) โ€” bound by data processing agreements
  • Law enforcement: only when legally required by a valid court order or regulatory authority
All third-party processors are contractually bound to handle data in accordance with this policy.

6. Data Retention

  • Account data: retained while your account is active + 2 years after closure
  • Published research: retained indefinitely as part of the public record
  • Newsletter subscriptions: until you unsubscribe
  • Server logs: 90 days rolling retention
  • Contact form data: 12 months from submission

7. Your Rights

Under Kenya's Data Protection Act 2019 and GDPR, you have the right to:
  • Access โ€” request a copy of the data we hold about you
  • Rectification โ€” correct inaccurate or incomplete data
  • Erasure โ€” request deletion of your personal data ("right to be forgotten")
  • Restriction โ€” request we limit processing of your data
  • Portability โ€” receive your data in a machine-readable format
  • Objection โ€” object to processing based on legitimate interests
  • Withdraw consent โ€” at any time, without affecting prior processing
To exercise any right, email privacy@letstalkgmo.org. We respond within 30 days.

8. Cookies

We use only essential cookies:
  • PHPSESSID โ€” session management and secure login (expires on browser close)
  • csrf_token โ€” cross-site request forgery protection (session-scoped)
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required for essential cookies only.

9. Security

We implement appropriate technical and organisational measures including:
  • TLS 1.2+ encryption for all data in transit
  • Bcrypt password hashing
  • CSRF token validation on all forms
  • Role-based access control
  • File upload malware scanning
  • Daily encrypted backups with 30-day retention
No system is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by law.

10. International Transfers

Our servers are located within the East Africa region. If data is transferred outside Kenya, we ensure adequate protection through standard contractual clauses or equivalent safeguards in accordance with the Data Protection Act 2019.

11. Children's Privacy

This platform is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data, please contact us at privacy@letstalkgmo.org for immediate removal.

12. Changes to This Policy

We may update this policy periodically. Material changes will be notified via a site notice and, where appropriate, by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the platform constitutes acceptance of the updated policy.

13. Contact & Complaints

For privacy questions or to exercise your rights:

Email: privacy@letstalkgmo.org
Response time: Within 30 days

If you are unsatisfied with our response, you have the right to lodge a complaint with Kenya's Office of the Data Protection Commissioner (ODPC).