Data Handling Statement
A detailed look at how your embassy service request data moves through KCK — from submission to completion.
How Your Embassy Request Data Is Handled
When you submit a request for an embassy service through KCK (visa, passport renewal, certification, etc.), your data moves through a clearly defined pipeline. Every step is logged, access-controlled, and time-bound. Here's what happens:
You Submit a Request
Form fields and any uploaded documents are transmitted over TLS/HTTPS and stored encrypted in the KCK database. A unique request ID is generated for tracking.
KCK Officer Reviews
An assigned KCK officer reviews your request for completeness. Access is internal and logged — every view, edit, and comment is recorded with the officer's identity and timestamp.
Forwarded to the Embassy
Only after you give explicit consent, the relevant documents and information are forwarded to the Embassy of Kenya in Seoul through secure channels. You'll see a clear record of what was forwarded, when, and to whom.
Embassy Processes
The Embassy of Kenya handles the official processing. This step is outside KCK's control and governed by the embassy's own data practices.
Result & Collection
Once the embassy returns a decision or completed documents, your status is updated in your dashboard. Physical documents are collected from the embassy and securely held until handed over to you.
What Goes to the Embassy vs. Stays with KCK
- Application forms you completed
- Required supporting documents (passport scans, photos, etc.)
- Your contact details needed for processing
- KCK cover note / endorsement (if applicable)
- Account credentials (password hash, session tokens)
- Internal notes, comments, officer assignments
- Access and audit logs
- Event registrations and community activity
- Newsletter preferences
Who Can See What
KCK operates a strict role-based access control model. Each role has clearly defined visibility:
| Role | Can See |
|---|---|
| Member | Only your own requests, documents, and profile. You control your own data at all times. |
| KCK Officer | Only requests assigned to them. Officers cannot browse other members' requests. |
| President / Admin | All requests, for oversight and escalation. All actions are logged and auditable. |
Document Security
- Uploaded files are stored in secure, encrypted storage with access restricted to assigned officers.
- Every document view, download, or share action is logged with user ID, timestamp, and IP.
- Files are served behind authenticated, signed URLs that expire — no public links.
- Documents are automatically purged after the retention period (5 years after request completion) unless you request earlier deletion.
- Backups containing documents are encrypted and held only as long as operationally necessary.
Your Controls
You remain in control of your data throughout its lifecycle:
View
Access all your requests, statuses, and uploaded documents from your dashboard at any time.
Cancel
Withdraw or cancel an active request before it is forwarded to the embassy.
Request Deletion
Ask for your data to be deleted (subject to legal retention rules for completed records).
Breach Notification Policy
72-Hour Notification
In the unlikely event of a data breach that may affect your personal information, we will:
- Notify affected users within 72 hours of discovery.
- Explain what happened, what data was affected, and the steps we are taking.
- Provide guidance on what you can do to protect yourself.
- Report to relevant authorities where required by law.
KCK's Commitments and Limitations
- Handle your data with confidentiality and care.
- Use your data only for the purpose you provided it.
- Honor your rights (access, correction, deletion).
- Log and audit every sensitive action.
- Minimize what we collect and what we share.
- Guarantee outcomes of embassy decisions.
- Control the embassy's internal data handling.
- Recover data once lawfully deleted.
- Prevent 100% of risks inherent in online systems.
- Act as a legal representative or government agent.
Questions?
For any data handling question, contact our Data Protection Officer:
Or use our contact form.