Privacy Policy

Privacy Policy

We (Kitchen21) strive to ensure that the privacy of the users of our Site is recognized and protected at all times by our institution. This is because we attach great importance to the privacy of the users of our Site. 

This privacy policy seeks to highlight the following things: 

  • The way personal information is collected and utilized;
  • Your rights regarding the personal information;
  • Who is responsible for processing of the collected and processed information.


The following information will be collected from individuals that visit our sites, and/ or utilize our programmes and services.

  • First Name 
  • Surname 
  • Phone Number
  • Email Address
  • Other programme/project specific information.

Forms and methods of data collection

We collect personal information through the following ways: 

  • Programme registration forms 
  • Survey forms
  • Web inquiry

Purpose for which we collect 

Your personal information collected we use it for the following purposes: 

  • Statistical evaluation
  • Contact: We may use your Personal Information to contact you with newsletters, marketing or promotional materials. 
  • Managing the website


  1. a) Controller

The “Controller” is Kitchen21’s Impact Department. The Controller is in charge of determining the purposes for which personal information is processed and the means at the service of such processing.

  1. b) Obligations of the Controller

The Controller is committed to protecting the personal information collected, to not transmit it to third parties without informing you, and to respect the purposes for which personal information was collected. In the event that the integrity, confidentiality or security of your personal information is compromised, the Controller is committed to notifying you within 72 hours of noticing the security breach.

Right of access, of rectification and of removal

You have the right to consult, update, modify or request the removal of your personal information. The user can request for any of what has been mentioned in the foregoing statement by following the procedure as have been described hereinafter: the user must submit a request through email:

Sharing of Personal Information

The personal information we collect (through Programme registration forms, survey forms and web inquiry) is not transmitted to any third party (Unless in specific circumstances as required by law) and is processed only by us.

Storage period of Personal Information

The controller will keep in its computer systems, in reasonable security conditions, the entirety of the personal information collected for the following duration: 10 years.

General Principles Relating to The Collection and Processing of Personal Data Under European Regulation 2016/679

In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of your personal data comply with the following principles:

  • Lawfulness, fairness and transparency: your personal data may only be collected and processed with your consent. Every time your personal data is collected, you will be informed that your personal data is collected and for which reasons your personal data is collected;
  • Limits purposes: the data is collected and processed for one or more purposes set out in this Privacy Policy;
  • Data minimization: only personal data necessary for the purpose to which it is necessary is collected;
  • Storage limited in time: personal data is stored for a limited time; of which you are notified;
  • Integrity and confidentiality of collected and processed personal data: The Controller is committed to guaranteeing the integrity and confidentiality of the collected personal data.

In order to be lawful and to comply with Article 6 of European Regulation 2016/679, collection and processing will only occur if one of the following applies:

  • You have given your express consent;
  • Processing is necessary for compliance with a legal obligation; Processing is necessary in order to protect your vital interests or those of another physical person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;

Additional Rights Pursuant to European Regulation 2016/679

  1. a) Right to submit a complaint to the competent authority

In the event that the Controller does not answer your request, you wish to challenge his or her decision or you believe one of your rights has been infringed upon, you have the right to submit a complaint to the competent authority.


The security of your Personal Information is important to us, that is why we ensure it is stored in a secure environment. Further, to ensure that your privacy is protected only the controller has access to your personal information. However, it is worth remembering that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. 

Changes to our Privacy Policy

We reserve the right to modify our Privacy Policy in order to guarantee its compliance with the applicable law. Therefore, it is the responsibility of the user to regularly consult our Privacy Policy to be informed of the latest changes. However, in the event of a substantial change to our Privacy Policy, we will notify you through the email address associated with the user’s account or by placing a prominent notice on our website. If you have any questions about this Privacy Policy, please contact us at:

Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy. 

Acceptance of our Privacy Policy

By using our Website, you certify that you have read and understood this Privacy Policy and accept its conditions, more specific conditions relating to the collection and processing of personal information.

Applicable Laws

We are committed to respecting the legislative provisions as specified in:

  • The Data Protection Act No. 3 of 2021 (‘The Data Protection Act’) | National Assembly of Zambia; and
  • General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Last updated: 04 April 2022