University of Nairobi Students Privacy Notice

The University of Nairobi provides access to services and information online in a manner that respects and protects your privacy. This statement describes the information-collection practices and explains how it uses and protects your personal information. This Privacy Policy describes the University’s practices in connection with information that it collects through;

  • websites operated by the University from which you are accessing this Privacy Policy (the “Websites”)
  • the management information systems made available and accessible by the University through electronic systems, computers and mobile devices (the “Systems”),
  • University social media sites
  • emails and electronic messages
  • offline activities as defined in the University policies, procedures and guidelines
  • “Services” refers to the Websites, MIS Systems and Social Media sites.

Personal Data

Personal data” identifies you as an individual or relates to information relating to an identifiable natural person, including, but not limited to:

  • Name
  • Postal address
  • Telephone number
  • Email address
  • National ID Number
  • Signatures
  • Biological identifiers
  • Personal data images
  • Biometric details
  • Through information you voluntarily provide through use of University Services, and may include sensitive information, such as health, financial, racial and ethnic origin information.

Collection of Personal Data

The university collects Personal data in a variety of ways, including:

Through University Services when you access or use University Services, register to access Services, make payments, biometric registration or through engaging in any other University activities that invoke the policies, procedures and guidelines.

The University collects personal data from you offline, e.g., when you visit our campuses or other facilities, attend one of our seminars, place a request over the phone, or contact the University.

  • Other Sources

The University may receive your personal data from other sources, for example publicly available databases or interacting with University social media sites.

  • Other partners when they share the information with the University;

If you disclose any personal data relating to other people to the University or to our third-party service providers in connection with the Services, you represent that you have the authority to do so, and that you undertake to indemnify and keep us indemnified against all liability arising out of the disclosure or use of such information including all actions, suits, proceedings, claims, costs and expenses that may be taken against us as a consequence of such information having been in our possession and use.

Use of Personal Data

The University will use or share with third parties personal data as prescribed in the Act for legitimate business purposes including:

  • Providing the functionality of the Services and fulfilling your requests. To provide the Services’ functionality to you, such as providing access to your student portal account as well as a University email account, and providing you with related services or communications. If you do not provide the information requested, we may not be able to provide the Services’ functionality.
  • Responding to your inquiries and fulfilling your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request other information.
  • Completing your transactions, to provide you with related services or communications.
  • Sending administrative information to you, such as changes to our offerings, terms, conditions and policies.
  • Allowing you to send messages to another person if you choose to do so. The University will engage in these activities to manage our relationship with you and/or to comply with any legal obligation.
  • Providing you with our newsletters and/or other promotional materials and facilitating social sharing
  • Sending you promotional-related emails, with information about University services, offerings, new initiatives and other news about the University.
  • Facilitating social sharing functionality that you choose to use.

The University will engage in the under-noted activities with your consent or where we have a legitimate interest.

  • Analysis of Personal Information for reporting and providing personalized services.

To analyze or predict its users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so it can improve University Services.

To better understand you, so that the University can personalize our interactions with you and provide you with information and/or offers tailored to your interests.

To better understand your preferences so that the University can deliver content via University Services that it believes will be relevant and interesting to you.

  • Aggregating and/or anonymizing Personal Data.

The University may aggregate and/or anonymize personal data so that it will no longer be considered personal data. It does so to generate other data for its use, which it may use and disclose for any purpose.

  • Subject to your consent or in instances where it is permitted by written law, the University may use your personal data for its business and operational purposes as stated below;

For data analysis, for example, to improve the efficiency of University Services;

For audits, to verify that University internal processes function as intended and are compliant with legal, regulatory or contractual requirements;

For fraud and security monitoring purposes, for example, to detect and prevent cyber attacks or attempts to commit identity theft;

For developing new offerings, initiatives and services;

For enhancing, improving, or modifying University current offerings, initiatives and services;

For identifying usage trends, for example, understanding which parts of University Services are of most interest to users;

For determining the effectiveness of University promotional and informational campaigns, so that we can adapt our campaigns to the needs and interests of University users.

Disclosure of Personal Information

The University may disclose Personal Information to third parties to facilitate the services they provide to the University, which are necessary for the performance of the contract between the University and the students;

These can include providers of services such as data analysis, payment processing, event registration, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.

  • By using the University Services, you may elect to disclose personal data

On message boards, chat, profile pages, blogs and other sites to which you are able to post information and content (including, without limitation, University Social Media Sites).

Through your social sharing activity. When you connect your Services account with your social media account, you will share information with your friends associated with your social media account, with other users, and with your social media account provider. By doing so, you authorize the University to facilitate this sharing of information, and you understand that the use of shared information will be governed by the social media provider’s privacy policy.

Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.

Other Uses and Disclosures

The University may use and disclose your personal data when it has a legal obligation or legitimate interest to do so. This may include:-

  • To comply with applicable law and regulations within its jurisdiction or comply with a contractual obligation to which the students are parties. Disclosure of data outside the country is subject to Section 25 (f) of the Data Protection Act. Either consent from the data subject should be availed or there should be proof of adequate data protection safeguards.
  • To cooperate with the government and its agencies
  • To cooperate with any other law enforcement agency within its jurisdiction
  • For compliance with any legal obligation to which the University is a party

Other Information

Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual

  • Browser and device information
  • System usage data
  • Information collected through cookies and other technologies
  • Demographic information and other information provided by you that does not reveal your specific identity
  • Information that has been aggregated in a manner such that it no longer reveals your specific identity

If the University is required to treat Other Information as Personal Information under applicable law, then it may use and disclose the information for the purposes for which it uses and discloses Personal Information as detailed in this Policy.

Collection of Other Information

The University may collect other information in a variety of ways, including;

  • Through your browser or device:

Certain information is collected by most browsers or automatically through your device. The University may use this information to ensure that the Services function properly.

  • Through your use of the Systems

When you use the Systems, The University may track and collect system usage data.

  • Using cookies

Cookies are pieces of information stored directly on the computer that you are using. Cookies allow the collection of information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data. The University may use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience.

  • Using technology to track the use of services and improve the services
  • Analytics. In some instances, the University may use Google Analytics, which uses cookies and similar technologies to collect and analyze information about the use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources.
  • IP Address

Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. IP addresses are used for purposes such as calculating usage levels, diagnosing server problems and administering Services. Your approximate location may also be derived from your IP address.

Uses and Disclosures of Other Information

The University may use and disclose Other Information for specific purposes, (Pursuant to Data Protection Act,2019) except where it is required to do otherwise under applicable law.


The University seeks to use reasonable organizational, technical and administrative measures to protect personal data within the University. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with the University is no longer secure, please immediately notify it in accordance with the “Contacting Us” section below.

Choices and Access

Your choices regarding the University’s use and disclosure of your personal data. The University will seek your consent regarding our use and disclosure of your personal data for promotional purposes in accordance with our Data Privacy policy. You may opt-out of receiving electronic communications from us. If you no longer want to receive promotional-related emails from the University on a going-forward basis, you may opt-out according to instructions in such communications.

The University will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails from the University, we may still send you important administrative messages, from which you cannot opt out.

Access to change or deletion of your Personal Data

To the extent these rights are provided to you by applicable law, if you would like to request to review, correct, update, suppress, restrict or delete personal data that you have previously provided to the University, object to the processing of personal data or if you would like to request to receive an electronic copy of your personal data for purposes of transmitting it to another entity, please contact the University at We will respond to your request consistent with applicable law.

Retention Period

The University will retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with the University or keep using the Services);
  • Whether there is a legal obligation to which the University is subject to (for example, certain laws require the University to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Jurisdiction and Cross-Border

Transfer Your personal data will be stored and processed in Kenya and will not be transferred outside Kenya unless the provision of Section 25 (f) of the Data Protection Act is complied with i.e your consent is obtained or there is proof of adequate data protection safeguards and that the country whose data is to be transferred to has data protection laws equal to the Data Protection Act 2019 and authorization is obtained from the Office of the Data Protection Commissioner. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data subject to compliance with the provisions of treaties and conventions ratified by Kenya on Data Protection as well as the Data Protection Act, 2019.

Third-Party Payment Service

The University may use a third-party payment service to process payments made through the Services. If you wish to make a payment through the University Services, your personal data will be collected by such a third party and not by the University and will be subject to the third party’s privacy policy, rather than this Privacy Policy. We have no control over and are not responsible for this third party’s collection, use and disclosure of your Personal Information.

Contacting Us

The University of Nairobi is responsible for the collection, use and disclosure of personal data under this Privacy Statement. If you have any questions about this Privacy Statement, please contact us at or:

Vice Chancellor

P.O. Box 30197-00100

Main Campus, Nairobi

Tel: +254 20 491 3614

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

Additional Information

In accordance with applicable law, you may lodge a complaint with the Data Protection Commissioner’s office.

Last Updated: January 2024