• 0118602113 | 0782968413
  • info@baadvocates.com
Book Appointment

Privacy Policy

Essential Legal Information

1. POLICY STATEMENT

  • Brian Asin & Co. Advocates LLP (hereinafter referred to as “the Firm”) is committed to processing personal data in a lawful, fair and transparent manner in accordance with the Data Protection Laws of Kenya.
  • This Privacy Policy outlines how we collect, use, disclose and protect personal information.

2. ABOUT US

  • Brian Asin & Co. Advocates LLP is a law firm incorporated and registered in Kenya as a Limited Liability Partnership.
  • The Firm was originally founded as Oluoch & Asin Legal Consultancy in the year 2018 under the Business Names Act, later transformed into Brian Asin & Co. Advocates in the year 2022 and subsequently registered as a Limited Liability Partnership in January 2026.
  • The Firm provides legal advisory and representation services across various areas of practice and is committed to professionalism, confidentiality and compliance with applicable laws.

3. WHO DOES THIS POLICY APPLY TO

  • This Policy applies to the personal data of:

Website visitors

Users who submit enquiries through the Firm’s website contact forms

  • By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy

4. WHAT IS PERSONAL DATA

  • In this Policy personal data means any information relating to an identified or identifiable natural person. This includes, but is not limited to, contact details, email addresses, telephone numbers, IP addresses and any information voluntarily submitted through website enquiry forms.
  • Personal data may also include sensitive data where applicable, including information relating to legal matters, disputes or circumstances disclosed through website communications.

5. TYPES OF INFORMATION COLLECTED ABOUT YOU

  • Identification details such as name
  • Contact details including email address and phone number
  • Information voluntarily submitted through website enquiry or contact forms
  • Online identifiers such as IP addresses and cookies

6. HOW AND FOR WHAT PURPOSE DO WE COLLECT YOUR PERSONAL DATA

How we collect your personal data
  • Directly from you when you submit an enquiry or contact form on our website.
  • Automatically through cookies and online identifiers when you browse our website
Purpose of collection
  • To respond to enquiries submitted through the website.
  • To communicate with you regarding legal services you have enquired about
  • To improve website functionality and user experience.
  • To maintain website security and prevent misuse.
Lawful basis of collection
  • Legitimate interests
  • Legal Obligation
  • Consent

7. CONSEQUENCES OF FAILING TO PROVIDE PERSONAL DATA

  • If you choose not to provide certain personal data requested through our website, we may be unable to respond to your enquiry or provide the information or services requested.
  • The specific consequences will depend on the nature of the information withheld and the purpose for which it is required.

8. DATA SHARING

  • We take care to ensure your personal data is only accessed by authorised individuals. We may share your personal data within the Firm to facilitate our internal operations and provide you with efficient services.
  • We may share your personal data with third parties in the following circumstances:
    • with IT and cloud service providers who support our website, email systems and document storage, including email hosting and cloud-based platforms

     

    • to disclose your personal data if required to do so by law or in response to a valid legal request, such as a court order or government inquiry.

     

    • where necessary for the establishment, exercise or defence of legal claims

     

    • to share your personal data with third parties if you have given us explicit consent to do so. You have the right to withdraw your consent at any time.
  • When sharing your personal data with third parties, we prioritise the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.

9. DATA SECURITY

  • We understand the importance of keeping your personal data secure and take appropriate measures to protect it against unauthorized access, loss, misuse or alteration. We have implemented robust security measures to ensure the confidentiality, integrity and availability of your information. These measures include:
    • Technology safeguards, such as use of anti-virus and endpoint protection software, passwords, encryption and monitoring of our systems to ensure compliance with our security policies.
    • Our commitment to data security extends to our employees and third-party service providers. Strict confidentiality agreements bind them, emphasizing the importance of maintaining the security and confidentiality of your personal data. Regular training programs are conducted to educate employees on data protection best practices, security protocols and their responsibilities. Access controls and authorization mechanisms ensure that only authorised personnel can access your data. We have established comprehensive data protection policies and procedures to guide the proper handling, storage, retention and disposal of personal data. In the event of any security incidents, our incident response plan enables swift identification, mitigation and notification, as well as measures to prevent future occurrences
    • While we continually enhance our security measures, it is important to note that no security measure can provide absolute protection. However, we are dedicated to maintaining the highest possible standards of data security and will continue to invest in measures to safeguard your information.
    • If you suspect any misuse, loss, or unauthorised access to your personal data, please let us know immediately by sending us an email on info@baadvocates.com

10. PERSONAL DATA RETENTION

  • We retain your personal data only for as long as necessary to fulfil the purposes outlined in our Privacy Policy, or as required by applicable laws and regulations.
  • Website enquiries and related correspondence are retained for a period not exceeding one (1) year, unless further retention is required for legal, regulatory or record-keeping purposes.
  • Once the retention period expires, personal data is securely deleted or anonymised.

11. YOUR RIGHTS OVER YOUR DATA

  • The data protection Act accords you several rights. However, these rights are not absolute and may be subject to some exceptions according to the data protection law.
    • right to information: you have a right to be informed of how the Firm will use your personal data.

     

    • right to access: you are entitled to access your personal data that is in our possession or custody.

     

    • right to object: you can object to the processing of all or part of your personal data, except when we can demonstrate a compelling legitimate interest for the processing which overrides your interests or for the establishment, exercise or defence of a legal claim.

     

    • right to rectification: you have the right to request the correction of inaccurate, outdated, incomplete or misleading personal data in our possession or under our control, without undue delay.

     

    • right to erasure: you have the right to request deletion or destruction, without undue delay, of personal data that we are no longer authorised to retain or that is irrelevant, excessive or obtained unlawfully.

     

    • right to data portability: you have the right to receive personal data concerning you in a structured, commonly used and machine-readable format and to transmit the data to another data controller without hindrance. Where technically feasible, you may also request direct transmission of your personal data from us to another data controller or data processor.

     

    • automated decision making: you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that affects you. If we make automated decisions based on your personal data, you will be notified in writing. You can also request us to reconsider any decisions made solely through automated processing or to make a new decision that is not solely automated

     

    • right of restriction: you can request the restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of the data, it is no longer needed for processing, it was processed unlawfully or you have objected to the processing pending verification of our legitimate interests.

     

    • right to raise a complaint: you can raise a complaint about our processing with the Regulator i.e. the Data Commissioner in Kenya. You may also be able to seek a remedy through the courts if you believe that your rights have been breached.

12. HOW TO EXERCISE YOUR RIGHTS

  • If you wish to exercise any of the rights outlined above, please write an email to info@baadvocates.com
  • We will make every effort to address your inquiries and requests via email within the timelines specified by applicable data protection laws and regulations.
  • To ensure the security and accuracy of the personal data we provide, we may request additional information and verification of your identity. This is necessary to confirm that we are releasing the data to the rightful owner.
  • While we strive to fulfil all valid requests, there may be cases where we are unable to comply. If such a situation arises, we will inform you of the reasons for our inability to fulfil your request.

13. YOUR RESPONSIBILITIES

  • As a data subject, it is important that you understand and fulfil certain responsibilities to ensure the protection and privacy of your personal data. By providing your personal data to the Firm, you agree to adhere to the following responsibilities:
    • Accuracy and Updates: You are responsible for providing accurate and up-to date personal data to the Firm. Please inform us promptly of any changes or updates to your contact details or other relevant information.
    • Third-Party Data: If you give us personal data of third parties, such as family members or associates, next of kin or your dependents, it is your responsibility to ensure that you have obtained the necessary consent or authority to share their information. Inform these individuals about the processing activities and possible international transfers of their data.
    • Exercise of Rights:If you wish to exercise your rights with respect to your personal data, including the rights of access, rectification, erasure, objection or data portability, please follow the procedures outlined in our Privacy Policy. We may require additional information or verification to process your request and ensure the security and confidentiality of your data.
    • Reporting Concerns:If you have any concerns or complaints regarding the processing or transfer of your personal data, please contact info@baadvocates.com. We appreciate your feedback and will promptly address any issues raised.

14. INTERNATIONAL DATA TRANSFERS

  • Personal data collected through our website may be stored or processed using cloud-based platforms or service providers located outside Kenya.
  • We are committed to ensuring that any transfer of personal data outside of Kenya complies with the provisions set forth by the Data Protection Act, 2019.
  • We prioritise the security and protection of your personal data throughout the transfer process. Therefore, we have implemented the following policy regarding international data transfers:
    • Appropriate SafeguardsBefore transferring personal data to another country, we ensure that we have appropriate safeguards in place to ensure the security and protection of your data. These safeguards may include technical, organisational and legal measures to uphold data privacy standards. We will document these safeguards and provide proof to the Data Commissioner as and when required.
    • Legal Grounds: We will only transfer personal data outside of Kenya when it is necessary and lawful. This includes situations where the transfer is required for the performance of a contract between you and the Firm, exercise or defense of legal claims, the protection of vital interests, matters of public interest, or compelling legitimate interests that are not overridden by your rights and freedoms.
    • Consent and Sensitive Data: If the transfer involves sensitive personal data, we will obtain your explicit consent and confirmation of appropriate safeguards before processing such data outside of Kenya.
    • Data Commissioner Oversight: We acknowledge the authority of the Data Commissioner to request demonstrations of the effectiveness of security safeguards or the existence of compelling legitimate interests prior to the transfer of personal data. We will cooperate with the Data Commissioner and comply with any conditions or restrictions imposed to protect the rights and fundamental freedoms of data subjects.
  • We are committed to maintaining the privacy and security of your personal data, regardless of its location. If you have any questions or concerns regarding our international data transfer practices, please contact us at info@baadvocates.com. We will strive to address your inquiries and provide you with transparent information regarding the transfer of your personal data outside of Kenya.

15. WHAT ARE COOKIES AND HOW DO WE USE THEM

  • A “cookie” is a bite-sized piece of data that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system. We use them to track your activity to help ensure you get the smoothest possible experience when visiting our website. We can use the information from cookies to ensure we present you with options tailored to your preferences on your next visit. We can also use cookies to analyse traffic and for advertising purposes.

 

  • If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings. However, rejecting all cookies through your browser’s privacy settings means that you may not be able to take full advantage of all our website’s features.

 

  • For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.

16. CHANGES TO THIS POLICY

  • We may periodically update or revise this Privacy Policy to ensure its alignment with legal requirements and our evolving business practices. We encourage you to review this Policy periodically to stay informed about how we handle your personal data.

 

  • If we make any material changes to this Policy, we will notify you through appropriate means, such as by posting a notice on our website or sending a direct communication. Your continued use of our services after the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy.

 

  • We recommend that you regularly check this Privacy Policy to stay updated on any changes. If you disagree with any modifications to this Policy, you should discontinue using our services and contact us to exercise your rights or request the removal of your personal data, as outlined in this Policy.