ALN Kenya|Anjarwalla & Khanna LLP (ALN Kenya) is committed to safeguarding the privacy of those we interact with, and we recognize the need to respect and protect personal data that is collected or disclosed to us. For purposes of this Data Protection Policy (Policy), personal data means any information relating to an identified or identifiable natural person. This Policy explains when and why we collect personal data (including sensitive personal data) belonging to the individuals who obtain services from us, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. This Policy also explains the rights of these individuals in relation to their personal data and how they may exercise them.
We are committed to processing your personal data in accordance with our responsibilities under Kenya’s Data Protection Act, 2019 (the DPA) and we take our responsibilities in this regard very seriously. We ensure the personal data we obtain is held, used, and otherwise processed in accordance with the DPA and all other applicable laws and regulations.
ALN Kenya is a full-service law firm incorporated in the Republic of Kenya as a limited liability partnership. ALN Kenya is a member of ALN, an alliance of leading law firms currently spanning 14 jurisdictions in Africa. We provide our clients with a range of legal and business solutions. We, as the data controller, are responsible for the personal data we collect.
In the course of rendering services to our clients, we collect a broad range of personal data including but without limitation:
We collect this personal data directly when clients engage us. We may also indirectly collect personal data from other professional service providers who are working with us to render services or from our corporate clients in relation to individuals employed or contracted by them. In such cases, we rely on these third parties to inform the individuals in question that they will be sharing their personal data with us, and we only use that personal data for the stated purpose.
We primarily use the personal data we collect to render services and to comply with various legal obligations. Some of the specific processing activities we may be involved in are:
We may also use personal data to keep our stakeholders up to date on legal developments, invite them to events we host, and provide them with information on our services. However, we only do this if we have obtained consent from the individuals involved.
We appreciate that some of the personal data we collect, such as financial information, is sensitive personal data. We ensure that we process such sensitive personal data in accordance with the DPA.
As a data subject, you have the right to:
To exercise any of these rights, please reach out to us through the contact page on our website.
Our primary use of personal data is to render services. We do not sell any personal data to third parties. However, we do share personal data with some third parties who assist us in rendering services, such as government and regulatory authorities, registry service providers, and our bankers. When sharing this personal data, we ensure that we comply with the provisions of the DPA.
We use cloud service providers to store the personal data we collect. These service providers host their servers outside Kenya and therefore, we do transfer personal data outside Kenya. We do this to provide better services and to secure the personal data we hold. We do not transfer any sensitive personal data outside Kenya without first seeking consent of the individuals in question. Our cloud service provider primarily hosts their servers in France, Ireland, South Africa, Austria, Finland, and the Netherlands.
We generally store personal data for as long as we need to render legal services. We may retain some personal data for longer periods to the extent we are permitted to do so under the DPA and other applicable laws. Where we do so, we will ensure that we either anonymise or pseudonymise the personal data if retaining it in an identifiable form is not necessary for the reasons we are holding it.
We review the personal data which we hold periodically and assess whether we need to keep holding it. Where we no longer need it, we permanently delete it.
We take your privacy seriously and are committed to ensuring that we are compliant with the DPA and any other applicable law. Should you have a complaint with how we process your personal data, please reach out to us through the contact page on our website and we will do our best to address your concerns.
We will be updating this Policy from time to time, so kindly check this page regularly and let us know here if you have any questions. All changes we make are, unless stated otherwise, effective immediately upon notice, which we may give by any means, including but not limited to, by posting the updated version of the Policy on our website or within our application. If the changes are material, we may also post a notice on our website drawing your attention to it.