Notice: This is a community platform for Kenyans living in South Korea — not the official Kenya Embassy. For official embassy/consular services, please visit the Embassy of Kenya in Seoul. Visit official embassy · Learn more
info@kenyakorea.com +82-2-XXXX-XXXX Sote Pamoja
Login Register

Data Handling Statement

A detailed look at how your embassy service request data moves through KCK — from submission to completion.

This page complements our Privacy Policy with technical details about embassy service requests. Last Updated: April 19, 2026.

How Your Embassy Request Data Is Handled

When you submit a request for an embassy service through KCK (visa, passport renewal, certification, etc.), your data moves through a clearly defined pipeline. Every step is logged, access-controlled, and time-bound. Here's what happens:

1
You Submit a Request

Form fields and any uploaded documents are transmitted over TLS/HTTPS and stored encrypted in the KCK database. A unique request ID is generated for tracking.

2
KCK Officer Reviews

An assigned KCK officer reviews your request for completeness. Access is internal and logged — every view, edit, and comment is recorded with the officer's identity and timestamp.

3
Forwarded to the Embassy

Only after you give explicit consent, the relevant documents and information are forwarded to the Embassy of Kenya in Seoul through secure channels. You'll see a clear record of what was forwarded, when, and to whom.

4
Embassy Processes

The Embassy of Kenya handles the official processing. This step is outside KCK's control and governed by the embassy's own data practices.

5
Result & Collection

Once the embassy returns a decision or completed documents, your status is updated in your dashboard. Physical documents are collected from the embassy and securely held until handed over to you.

What Goes to the Embassy vs. Stays with KCK

Forwarded to Embassy
  • Application forms you completed
  • Required supporting documents (passport scans, photos, etc.)
  • Your contact details needed for processing
  • KCK cover note / endorsement (if applicable)
Stays Within KCK
  • Account credentials (password hash, session tokens)
  • Internal notes, comments, officer assignments
  • Access and audit logs
  • Event registrations and community activity
  • Newsletter preferences

Who Can See What

KCK operates a strict role-based access control model. Each role has clearly defined visibility:

Role Can See
Member Only your own requests, documents, and profile. You control your own data at all times.
KCK Officer Only requests assigned to them. Officers cannot browse other members' requests.
President / Admin All requests, for oversight and escalation. All actions are logged and auditable.

Document Security

  • Uploaded files are stored in secure, encrypted storage with access restricted to assigned officers.
  • Every document view, download, or share action is logged with user ID, timestamp, and IP.
  • Files are served behind authenticated, signed URLs that expire — no public links.
  • Documents are automatically purged after the retention period (5 years after request completion) unless you request earlier deletion.
  • Backups containing documents are encrypted and held only as long as operationally necessary.

Your Controls

You remain in control of your data throughout its lifecycle:

View

Access all your requests, statuses, and uploaded documents from your dashboard at any time.

Cancel

Withdraw or cancel an active request before it is forwarded to the embassy.

Request Deletion

Ask for your data to be deleted (subject to legal retention rules for completed records).

Breach Notification Policy

72-Hour Notification

In the unlikely event of a data breach that may affect your personal information, we will:

  • Notify affected users within 72 hours of discovery.
  • Explain what happened, what data was affected, and the steps we are taking.
  • Provide guidance on what you can do to protect yourself.
  • Report to relevant authorities where required by law.

KCK's Commitments and Limitations

What We Commit To
  • Handle your data with confidentiality and care.
  • Use your data only for the purpose you provided it.
  • Honor your rights (access, correction, deletion).
  • Log and audit every sensitive action.
  • Minimize what we collect and what we share.
What We Cannot Do
  • Guarantee outcomes of embassy decisions.
  • Control the embassy's internal data handling.
  • Recover data once lawfully deleted.
  • Prevent 100% of risks inherent in online systems.
  • Act as a legal representative or government agent.

Questions?

For any data handling question, contact our Data Protection Officer:

dpo@kckorea.org

Or use our contact form.