WEBSITE PRIVACY NOTICE CONTENTS
1.............................................................. POLICY STATEMENT. 3
2.............................................. WHO IS MUTIE ADVOCATES?. 3
3.................................. WHO DOES THIS POLICY APPLY TO?. 3
4................................................. WHAT IS PERSONAL DATA?. 3
7............ HOW DO WE COLLECT YOUR PERSONAL DATA?. 5
8...................................................................... DATA SHARING.. 5
9..................................................................... DATA SECURITY.. 6
  1. PERSONAL DATA RETENTION.. 7
  2. COOKIES. 7
12 WHAT RIGHTS DO YOU HAVE OVER YOUR DATA?. 8
13 INTERNATIONAL DATA TRANSFERS. 9
  1. YOUR RESPONSIBILITIES. 10
  2. CHANGES TO THIS POLICY.. 10

1. POLICY STATEMENT

  • Mutie Advocates (“Firm” “We” “Us”) values your privacy and is committed to processing your personal data in a lawful fair and transparent manner in accordance with data protection laws applicable in Kenya.
  • This Privacy Policy explains how we collect, use or otherwise process your Personal Date in connection with our services.
  • Please take time to read this Privacy Policy to understand how and why we collect and use your information in connection with our services.

2. WHO IS MUTIE ADVOCATES?

  • Mutie Advocates is a boutique and rapidly growing law firm based in Nairobi, Kenya. We are dedicated to helping businesses navigate the complex landscape of regulations and statutory requirements, ensuring they operate ethically and in accordance with the law.
  • We are located at Assi Centre, 50 School Lane, Westlands, Nairobi Kenya.

3. WHO DOES THIS POLICY APPLY TO?

  • This Website Privacy Notice applies to all our Suppliers, Office Visitors and Website Users who may access this website.

4. WHAT IS PERSONAL DATA?

 

  • In this Privacy Policy, "personal data" refers to any information that relates to an identified or identifiable individual. This includes, but is not limited to, identification details, contact details, payment details, cookies and other online identifiers when you access our website and any other data that can be used to directly or indirectly identify an individual.
  • Personal data may also include sensitive information, such as family information including children’s information, property records, financial information, transaction records, where applicable and subject to applicable laws and regulations.
  1. TYPES OF INFORMATION COLLECTED PURPOSE AND LAWFUL OBLIGATION
 
  • We collect Personal Data directly from you as well as from other available sources to the extent permitted by law. We endeavour to only collect Personal Data that is necessary for the purpose(s) for which it is collected and to retain such data for no longer than necessary for such purpose(s). Subject to applicable law and practice, the categories of Personal Data that are typically collected and processed are:
 
Data subject Type of personal data collected Purpose of Collection Lawful Basis
Suppliers Identification details: name, ID/passport, KRA PIN ▪ Contact details: phone number, email address. ▪ Contract detailsPayment details: bank account details, M-Pesa number ▪ Complaints/requestsOnline identifiers such as cookies and IP address ▪ Supplier management and communication. ▪ Process payments ▪ Contract ▪ Legal Obligation ▪ Consent
Office Visitors Identification details: name, ID/passportContact details: phone number, email address ▪ Any document you may provide us containing personal data ▪ Payment details: M-Pesa number, bank details, KRA PIIN ▪ Complaints/requests ▪ Offer sought legal advice ▪ Respond to your complaints or queries ▪ Communication and follow up ▪ To maintain the security of our offices. ▪ Contract ▪ Legal Obligation ▪ Legitimate interests
Website Visitors Contact details: name, phone number/email address. ▪ Your message/complaint/request ▪ Online identifiers such as cookies and related tags, IP addresses ▪ Communication & follow up ▪ Customer user preferences and experiences. ▪ Legitimate Interests ▪ Consent
 
  1. CONSEQUENCES OF FAILING TO PROVIDE PERSONAL DATA
 
  • In some cases, if you choose not to provide certain personal data requested by us, it may impact our ability to fully provide you with the requested services, or information. The specific consequences of not providing personal data will depend on the context and the purpose for which the data is requested.
  • We encourage you to carefully consider the personal data requested and its importance for the intended purposes. If you have concerns about providing certain information, please contact us to discuss your specific circumstances and requirements. We will endeavor to find alternative solutions or assess if there are any legal or contractual obligations that require the provision of the requested data.

7. HOW DO WE COLLECT YOUR PERSONAL DATA?

We may collect your personal information from various sources including: -
  • Directly from you when you fill in our data collection forms, call or email us and visit our offices.
  • Indirectly when you interact with our website or other social media platforms such as LinkedIn, Twitter and YouTube (in this case we collect cookies and online identifiers).

8. DATA SHARING

  • We may share your personal data within the Firm to facilitate our internal operations and provide you with efficient services.
  • We may share your personal data with third parties in the following circumstances:
  • Service Providers: We may engage third-party service providers to perform various services on our behalf, such as IT service providers. These service providers will have access to your personal data as necessary to perform their functions but are strictly prohibited from using your personal data for any other purposes.
  • Business Partners: We may share your personal data with trusted business partners who collaborate with us to provide products or services to you. These partners may use your personal data only for the purposes specified in our agreement with them.
  • Legal Obligations: We may disclose your personal data if required to do so by law or in response to a valid legal request, such as a court order or government inquiry.
  • Corporate Transactions: In the event of a merger, acquisition, or any form of corporate restructuring, we may transfer your personal data to the involved parties, if they agree to treat your personal data in accordance with this privacy policy.
  • Consent: We may share your personal data with third parties if you have given us explicit consent to do so. You have the right to withdraw your consent at any time.
  • When sharing your personal data with third parties, we prioritise the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.
  • We carefully select and evaluate third-party service providers, business partners, and other recipients of your personal data. We enter into contractual agreements with these parties, imposing obligations to protect your personal data and restricting their use of the information solely for the specified purposes outlined in our agreement. Furthermore, we require these third parties to implement appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction of your personal data.

9. DATA SECURITY

  • We understand the importance of keeping your personal data secure and take appropriate measures to protect it against unauthorized access, loss, misuse, or alteration. We have implemented robust security measures to ensure the confidentiality, integrity, and availability of your information, including: -
  • Technical Safeguards: To protect your information during transmission, we utilize industry-standard encryption protocols, ensuring the confidentiality of your data. Our secure network infrastructure incorporates firewalls, intrusion detection systems, and other security measures to prevent unauthorised access and mitigate external threats. Additionally, access controls are in place, restricting data access to authorised individuals through unique user credentials, strong passwords, and role-based privileges. Regular data backups and recovery processes are performed to maintain data integrity and availability.
  • Organisational Safeguards: Our commitment to data security extends to our employees and third-party service providers. Strict confidentiality agreements bind them, emphasizing the importance of maintaining the security and confidentiality of your personal data. Regular training programs are conducted to educate employees on data protection best practices, security protocols, and their responsibilities. Access controls and authorization mechanisms ensure that only authorised personnel can access your data. We have established comprehensive data protection policies and procedures to guide the proper handling, storage, retention, and disposal of personal data. In the event of any security incidents, our incident response plan enables swift identification, mitigation, and notification, as well as measures to prevent future occurrences.
  • While we continually enhance our security measures, it is important to note that no security measure can provide absolute protection. However, we are dedicated to maintaining the highest possible standards of data security and will continue to invest in measures to safeguard your information.
  • If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by sending us an email at info@mutieadvocates.co.ke or call/SMS us at 0768042180

10.  PERSONAL DATA RETENTION

  • We retain your personal data for as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by applicable laws and regulations.
  • Once the retention period expires, we shall securely delete or anonymise your data in accordance with our Data Retention and Disposal Policy.

11.  COOKIES

  • We use cookies and similar technologies on our website to enhance your browsing experience, personalize content, analyse website traffic, and track user interactions. A cookie is a small text file that is stored on your device when you visit our website.
  • We use different types of cookies on our website:
    • Essential Cookies: These cookies are necessary for the functioning of our website and enable you to navigate through the site and use its features. They are essential for providing services that you have requested, such as accessing secure areas of the site or making use of online forms.
    • Analytical and Performance Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most frequently or if any error messages occur. We use this information to analyse and improve the performance and functionality of our website.
    • Marketing and Advertising Cookies: These cookies are used to deliver targeted advertisements and promotions that may be of interest to you. They are placed by third-party advertising networks with our permission. These cookies may track your browsing activities across different websites.
  • Cookie Consent: By using our website, you consent to the placement of cookies on your device as described in our Cookie Policy. You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may impact the functionality and performance of our website.
  • Third-Party Cookies: We may allow certain third-party service providers to place cookies on our website for advertising, analytics, or other purposes. These third parties have their own privacy policies and may collect information about your browsing activities on our website and other websites.
  • Data Collected by Cookies: The information collected by cookies may include your IP address, browser type, device information, and browsing behaviour. We take appropriate measures to protect the security and confidentiality of cookie data. We ensure that any third parties that have access to cookies comply with strict data protection standards and process the information in accordance with our instructions.

12.  WHAT RIGHTS DO YOU HAVE OVER YOUR DATA?

  • Under the Data Protection Act, 2019, you have several rights regarding your personal data: -
  • right to information: you have a right to be informed how the Firm will use your personal data.
  • right of access: you are entitled to access your personal data that is in our possession or custody.
  • right to object: you can object to the processing of all part of your personal data, except when we can demonstrate a compelling legitimate interest for the processing which overrides your interests or for the establishment, exercise or defence of a legal claim.
  • right to rectification: you have the right to request the correction of inaccurate, outdated, incomplete or misleading personal data in our possession or under our control, without undue delay.
  • right to erasure: you have the right to request deletion or destruction, without undue delay, of personal data that we are no longer authorised to retain, or that is irrelevant, excessive, or obtained unlawfully.
  • right to data portability: you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit the data to another data controller without hindrance. Where technically feasible, you may also request direct transmission of your personal data from us to another data controller or data processor.
  • automated decision making you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects affects you. If we make automated decisions based on your personal data, you will be notified in writing. You can also request us to reconsider any decisions made solely through automated processing or to make a new decision that is not solely automated.
  • right of restriction: You can request the restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of the data, it is no longer needed for processing, it was processed unlawfully, or you have objected to the processing pending verification of our legitimate interests.
  • Right to withdraw consent: you have a right to withdraw consent where the lawful basis for processing your personal data is based on consent.
  • Right to lodge a complaint to the Office of the Data Protection Commissioner (ODPC): you have a right to lodge a complaint to the ODPC if you are aggrieved by a decision regarding the processing of your personal data.
  • If you wish to exercise any of the rights outlined above, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180.
  • We will make every effort to address your inquiries and requests via email within the timelines specified by applicable data protection laws and regulations.
  • To ensure the security and accuracy of the personal data we provide, we may request additional information and verification of your identity. This is necessary to confirm that we are releasing the data to the rightful owner.
  • While we strive to fulfill all valid requests, there may be cases where we are unable to comply. If such a situation arises, we will inform you of the reasons for our inability to fulfill your request.

13.  INTERNATIONAL DATA TRANSFERS

  • As part of our business operations, we may your transfer personal data to recipients located in countries outside Kenya.
  • We are committed to ensuring that any transfer of personal data outside of Kenya complies with the provisions set forth in the Data Protection Act, 2019. We prioritise the privacy and security of your personal data throughout the transfer process.
  • If you have any questions or concerns regarding our international data transfer practices, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180 We will strive to address your inquiries and provide you with transparent information regarding the transfer of your personal data outside of Kenya.

14.  YOUR RESPONSIBILITIES

  • By providing your personal data to Mutie Advocates, you agree to adhere to the following responsibilities:
  • Accuracy and Updates: You are responsible for providing accurate and up-to-date personal data to the Firm. Please inform us promptly of any changes or updates to your contact details or other relevant information.
  • Third-Party Data: If you give us personal data of third parties, it is your responsibility to ensure that you have obtained necessary consent or authority to share their information. Inform these individuals about the processing activities and possible international transfers of their data.
  • Reporting Concerns: If you have any concerns or complaints regarding the processing or transfer of your personal data, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180. We appreciate your feedback and will promptly address any issues raised.

15.  CHANGES TO THIS POLICY

  • We may periodically revise this Policy to ensure compliance with applicable legal requirements and our evolving business practices.
  • We will promptly inform you of any material changes to this Policy by posting a pop-up notification or sending you direct communication.
  • Your continued use of our services after the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy. We recommend that you regularly check this Privacy Policy to stay updated on any changes. If you disagree with any modifications to this Policy, you should discontinue using our services and contact us to exercise your rights or request the removal of your personal data, as outlined in this Policy.
WEBSITE PRIVACY NOTICE

1. POLICY STATEMENT

  • Mutie Advocates (“Firm” “We” “Us”) values your privacy and is committed to processing your personal data in a lawful fair and transparent manner in accordance with data protection laws applicable in Kenya.
  • This Privacy Policy explains how we collect, use or otherwise process your Personal Date in connection with our services.
  • Please take time to read this Privacy Policy to understand how and why we collect and use your information in connection with our services.

2. WHO IS MUTIE ADVOCATES?

  • Mutie Advocates is a boutique and rapidly growing law firm based in Nairobi, Kenya. We are dedicated to helping businesses navigate the complex landscape of regulations and statutory requirements, ensuring they operate ethically and in accordance with the law.
  • We are located at Assi Centre, 50 School Lane, Westlands, Nairobi Kenya.

3. WHO DOES THIS POLICY APPLY TO?

  • This Website Privacy Notice applies to all our Suppliers, Office Visitors and Website Users who may access this website.

4. WHAT IS PERSONAL DATA?

 

  • In this Privacy Policy, "personal data" refers to any information that relates to an identified or identifiable individual. This includes, but is not limited to, identification details, contact details, payment details, cookies and other online identifiers when you access our website and any other data that can be used to directly or indirectly identify an individual.
  • Personal data may also include sensitive information, such as family information including children’s information, property records, financial information, transaction records, where applicable and subject to applicable laws and regulations.
  1. TYPES OF INFORMATION COLLECTED PURPOSE AND LAWFUL OBLIGATION
 
  • We collect Personal Data directly from you as well as from other available sources to the extent permitted by law. We endeavour to only collect Personal Data that is necessary for the purpose(s) for which it is collected and to retain such data for no longer than necessary for such purpose(s). Subject to applicable law and practice, the categories of Personal Data that are typically collected and processed are:
 
Data subject Type of personal data collected Purpose of Collection Lawful Basis
Suppliers Identification details: name, ID/passport, KRA PIN ▪ Contact details: phone number, email address. ▪ Contract detailsPayment details: bank account details, M-Pesa number ▪ Complaints/requestsOnline identifiers such as cookies and IP address ▪ Supplier management and communication. ▪ Process payments ▪ Contract ▪ Legal Obligation ▪ Consent
Office Visitors Identification details: name, ID/passportContact details: phone number, email address ▪ Any document you may provide us containing personal data ▪ Payment details: M-Pesa number, bank details, KRA PIIN ▪ Complaints/requests ▪ Offer sought legal advice ▪ Respond to your complaints or queries ▪ Communication and follow up ▪ To maintain the security of our offices. ▪ Contract ▪ Legal Obligation ▪ Legitimate interests
Website Visitors Contact details: name, phone number/email address. ▪ Your message/complaint/request ▪ Online identifiers such as cookies and related tags, IP addresses ▪ Communication & follow up ▪ Customer user preferences and experiences. ▪ Legitimate Interests ▪ Consent
 
  1. CONSEQUENCES OF FAILING TO PROVIDE PERSONAL DATA
 
  • In some cases, if you choose not to provide certain personal data requested by us, it may impact our ability to fully provide you with the requested services, or information. The specific consequences of not providing personal data will depend on the context and the purpose for which the data is requested.
  • We encourage you to carefully consider the personal data requested and its importance for the intended purposes. If you have concerns about providing certain information, please contact us to discuss your specific circumstances and requirements. We will endeavor to find alternative solutions or assess if there are any legal or contractual obligations that require the provision of the requested data.

7. HOW DO WE COLLECT YOUR PERSONAL DATA?

We may collect your personal information from various sources including: -
  • Directly from you when you fill in our data collection forms, call or email us and visit our offices.
  • Indirectly when you interact with our website or other social media platforms such as LinkedIn, Twitter and YouTube (in this case we collect cookies and online identifiers).

8. DATA SHARING

  • We may share your personal data within the Firm to facilitate our internal operations and provide you with efficient services.
  • We may share your personal data with third parties in the following circumstances:
  • Service Providers: We may engage third-party service providers to perform various services on our behalf, such as IT service providers. These service providers will have access to your personal data as necessary to perform their functions but are strictly prohibited from using your personal data for any other purposes.
  • Business Partners: We may share your personal data with trusted business partners who collaborate with us to provide products or services to you. These partners may use your personal data only for the purposes specified in our agreement with them.
  • Legal Obligations: We may disclose your personal data if required to do so by law or in response to a valid legal request, such as a court order or government inquiry.
  • Corporate Transactions: In the event of a merger, acquisition, or any form of corporate restructuring, we may transfer your personal data to the involved parties, if they agree to treat your personal data in accordance with this privacy policy.
  • Consent: We may share your personal data with third parties if you have given us explicit consent to do so. You have the right to withdraw your consent at any time.
  • When sharing your personal data with third parties, we prioritise the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.
  • We carefully select and evaluate third-party service providers, business partners, and other recipients of your personal data. We enter into contractual agreements with these parties, imposing obligations to protect your personal data and restricting their use of the information solely for the specified purposes outlined in our agreement. Furthermore, we require these third parties to implement appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction of your personal data.

9. DATA SECURITY

  • We understand the importance of keeping your personal data secure and take appropriate measures to protect it against unauthorized access, loss, misuse, or alteration. We have implemented robust security measures to ensure the confidentiality, integrity, and availability of your information, including: -
  • Technical Safeguards: To protect your information during transmission, we utilize industry-standard encryption protocols, ensuring the confidentiality of your data. Our secure network infrastructure incorporates firewalls, intrusion detection systems, and other security measures to prevent unauthorised access and mitigate external threats. Additionally, access controls are in place, restricting data access to authorised individuals through unique user credentials, strong passwords, and role-based privileges. Regular data backups and recovery processes are performed to maintain data integrity and availability.
  • Organisational Safeguards: Our commitment to data security extends to our employees and third-party service providers. Strict confidentiality agreements bind them, emphasizing the importance of maintaining the security and confidentiality of your personal data. Regular training programs are conducted to educate employees on data protection best practices, security protocols, and their responsibilities. Access controls and authorization mechanisms ensure that only authorised personnel can access your data. We have established comprehensive data protection policies and procedures to guide the proper handling, storage, retention, and disposal of personal data. In the event of any security incidents, our incident response plan enables swift identification, mitigation, and notification, as well as measures to prevent future occurrences.
  • While we continually enhance our security measures, it is important to note that no security measure can provide absolute protection. However, we are dedicated to maintaining the highest possible standards of data security and will continue to invest in measures to safeguard your information.
  • If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by sending us an email at info@mutieadvocates.co.ke or call/SMS us at 0768042180

10.  PERSONAL DATA RETENTION

  • We retain your personal data for as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by applicable laws and regulations.
  • Once the retention period expires, we shall securely delete or anonymise your data in accordance with our Data Retention and Disposal Policy.

11.  COOKIES

  • We use cookies and similar technologies on our website to enhance your browsing experience, personalize content, analyse website traffic, and track user interactions. A cookie is a small text file that is stored on your device when you visit our website.
  • We use different types of cookies on our website:
    • Essential Cookies: These cookies are necessary for the functioning of our website and enable you to navigate through the site and use its features. They are essential for providing services that you have requested, such as accessing secure areas of the site or making use of online forms.
    • Analytical and Performance Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most frequently or if any error messages occur. We use this information to analyse and improve the performance and functionality of our website.
    • Marketing and Advertising Cookies: These cookies are used to deliver targeted advertisements and promotions that may be of interest to you. They are placed by third-party advertising networks with our permission. These cookies may track your browsing activities across different websites.
  • Cookie Consent: By using our website, you consent to the placement of cookies on your device as described in our Cookie Policy. You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may impact the functionality and performance of our website.
  • Third-Party Cookies: We may allow certain third-party service providers to place cookies on our website for advertising, analytics, or other purposes. These third parties have their own privacy policies and may collect information about your browsing activities on our website and other websites.
  • Data Collected by Cookies: The information collected by cookies may include your IP address, browser type, device information, and browsing behaviour. We take appropriate measures to protect the security and confidentiality of cookie data. We ensure that any third parties that have access to cookies comply with strict data protection standards and process the information in accordance with our instructions.

12.  WHAT RIGHTS DO YOU HAVE OVER YOUR DATA?

  • Under the Data Protection Act, 2019, you have several rights regarding your personal data: -
  • right to information: you have a right to be informed how the Firm will use your personal data.
  • right of access: you are entitled to access your personal data that is in our possession or custody.
  • right to object: you can object to the processing of all part of your personal data, except when we can demonstrate a compelling legitimate interest for the processing which overrides your interests or for the establishment, exercise or defence of a legal claim.
  • right to rectification: you have the right to request the correction of inaccurate, outdated, incomplete or misleading personal data in our possession or under our control, without undue delay.
  • right to erasure: you have the right to request deletion or destruction, without undue delay, of personal data that we are no longer authorised to retain, or that is irrelevant, excessive, or obtained unlawfully.
  • right to data portability: you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit the data to another data controller without hindrance. Where technically feasible, you may also request direct transmission of your personal data from us to another data controller or data processor.
  • automated decision making you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects affects you. If we make automated decisions based on your personal data, you will be notified in writing. You can also request us to reconsider any decisions made solely through automated processing or to make a new decision that is not solely automated.
  • right of restriction: You can request the restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of the data, it is no longer needed for processing, it was processed unlawfully, or you have objected to the processing pending verification of our legitimate interests.
  • Right to withdraw consent: you have a right to withdraw consent where the lawful basis for processing your personal data is based on consent.
  • Right to lodge a complaint to the Office of the Data Protection Commissioner (ODPC): you have a right to lodge a complaint to the ODPC if you are aggrieved by a decision regarding the processing of your personal data.
  • If you wish to exercise any of the rights outlined above, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180.
  • We will make every effort to address your inquiries and requests via email within the timelines specified by applicable data protection laws and regulations.
  • To ensure the security and accuracy of the personal data we provide, we may request additional information and verification of your identity. This is necessary to confirm that we are releasing the data to the rightful owner.
  • While we strive to fulfill all valid requests, there may be cases where we are unable to comply. If such a situation arises, we will inform you of the reasons for our inability to fulfill your request.

13.  INTERNATIONAL DATA TRANSFERS

  • As part of our business operations, we may your transfer personal data to recipients located in countries outside Kenya.
  • We are committed to ensuring that any transfer of personal data outside of Kenya complies with the provisions set forth in the Data Protection Act, 2019. We prioritise the privacy and security of your personal data throughout the transfer process.
  • If you have any questions or concerns regarding our international data transfer practices, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180 We will strive to address your inquiries and provide you with transparent information regarding the transfer of your personal data outside of Kenya.

14.  YOUR RESPONSIBILITIES

  • By providing your personal data to Mutie Advocates, you agree to adhere to the following responsibilities:
  • Accuracy and Updates: You are responsible for providing accurate and up-to-date personal data to the Firm. Please inform us promptly of any changes or updates to your contact details or other relevant information.
  • Third-Party Data: If you give us personal data of third parties, it is your responsibility to ensure that you have obtained necessary consent or authority to share their information. Inform these individuals about the processing activities and possible international transfers of their data.
  • Reporting Concerns: If you have any concerns or complaints regarding the processing or transfer of your personal data, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180. We appreciate your feedback and will promptly address any issues raised.

15.  CHANGES TO THIS POLICY

  • We may periodically revise this Policy to ensure compliance with applicable legal requirements and our evolving business practices.
  • We will promptly inform you of any material changes to this Policy by posting a pop-up notification or sending you direct communication.
  • Your continued use of our services after the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy. We recommend that you regularly check this Privacy Policy to stay updated on any changes. If you disagree with any modifications to this Policy, you should discontinue using our services and contact us to exercise your rights or request the removal of your personal data, as outlined in this Policy.

WEBSITE PRIVACY NOTICE

Mutie Advocates (“Firm” “We” “Us”) values your privacy and is committed to processing your personal data in a lawful fair and transparent manner in accordance with data protection laws applicable in Kenya.
This Privacy Policy explains how we collect, use or otherwise process your Personal Date in connection with our services.
Please take time to read this Privacy Policy to understand how and why we collect and use your information in connection with our services.
Mutie Advocates is a boutique and rapidly growing law firm based in Nairobi, Kenya. We are dedicated to helping businesses navigate the complex landscape of regulations and statutory requirements, ensuring they operate ethically and in accordance with the law.
We are located at Assi Centre, 50 School Lane, Westlands, Nairobi Kenya.
This Website Privacy Notice applies to all our Suppliers, Office Visitors and Website Users who may access this website. By accessing https://www.mutie-advocates.com/ you acknowledge that you have read and understood this Privacy Policy.
In this Privacy Policy, “personal data” refers to any information that relates to an identified or identifiable individual. This includes, but is not limited to, identification details, contact details, payment details, cookies and other online identifiers when you access our website and any other data that can be used to directly or indirectly identify an individual.
Personal data may also include sensitive information, such as family information including children’s information, property records, financial information, transaction records, where applicable and subject to applicable laws and regulations.
We collect Personal Data directly from you as well as from other available sources to the extent permitted by law. We endeavour to only collect Personal Data that is necessary for the purpose(s) for which it is collected and to retain such data for no longer than necessary for such purpose(s). Subject to applicable law and practice, the categories of Personal Data that are typically collected and processed are:
Data subject Type of personal data collected Purpose of Collection Lawful Basis
Suppliers ▪          Identification details: name, ID/passport, KRA PIN ▪          Contact details: phone number, email address. ▪          Contract details ▪          Payment details: bank account details, M-Pesa number ▪          Complaints/requests ▪          Online identifiers such as cookies and IP address ▪          Supplier management and communication. ▪          Process payments ▪          Contract ▪          Legal Obligation ▪          Consent  
Office Visitors ▪          Identification details: name, ID/passport ▪          Contact details: phone number, email address ▪          Any document you may provide us containing personal data ▪          Payment details: M-Pesa number, bank details, KRA PIIN ▪          Complaints/requests ▪          Offer sought legal advice ▪          Respond to your complaints or queries ▪          Communication and follow up ▪          To maintain the security of our offices. ▪          Contract ▪          Legal Obligation ▪          Legitimate interests
Website Visitors ▪          Contact details: name, phone number/email address. ▪          Your message/complaint/request ▪          Online identifiers such as cookies and related tags, IP addresses ▪          Communication & follow up ▪          Customer user preferences and experiences. ▪          Legitimate Interests ▪          Consent  
  • In some cases, if you choose not to provide certain personal data requested by us, it may impact our ability to fully provide you with the requested services, or information. The specific consequences of not providing personal data will depend on the context and the purpose for which the data is requested.
  • We encourage you to carefully consider the personal data requested and its importance for the intended purposes. If you have concerns about providing certain information, please contact us to discuss your specific circumstances and requirements. We will endeavor to find alternative solutions or assess if there are any legal or contractual obligations that require the provision of the requested data.
We may collect your personal information from various sources including: –
  • Directly from you when you fill in our data collection forms, call or email us and visit our offices.
  • Indirectly when you interact with our website or other social media platforms such as LinkedIn, Twitter and YouTube (in this case we collect cookies and online identifiers).
We may share your personal data within the Firm to facilitate our internal operations and provide you with efficient services.
  • We may share your personal data with third parties in the following circumstances:
  • Service Providers: We may engage third-party service providers to perform various services on our behalf, such as IT service providers. These service providers will have access to your personal data as necessary to perform their functions but are strictly prohibited from using your personal data for any other purposes.
  • Business Partners: We may share your personal data with trusted business partners who collaborate with us to provide products or services to you. These partners may use your personal data only for the purposes specified in our agreement with them.
  • Legal Obligations: We may disclose your personal data if required to do so by law or in response to a valid legal request, such as a court order or government inquiry.
  • Corporate Transactions: In the event of a merger, acquisition, or any form of corporate restructuring, we may transfer your personal data to the involved parties, if they agree to treat your personal data in accordance with this privacy policy.
  • Consent: We may share your personal data with third parties if you have given us explicit consent to do so. You have the right to withdraw your consent at any time.
When sharing your personal data with third parties, we prioritise the security and confidentiality of your information. We take stringent measures to ensure that these parties comply with strict data protection standards and handle your personal data in accordance with our instructions.
We carefully select and evaluate third-party service providers, business partners, and other recipients of your personal data. We enter into contractual agreements with these parties, imposing obligations to protect your personal data and restricting their use of the information solely for the specified purposes outlined in our agreement. Furthermore, we require these third parties to implement appropriate technical and organisational measures to prevent unauthorised access, disclosure, alteration, or destruction of your personal data.

We understand the importance of keeping your personal data secure and take appropriate measures to protect it against unauthorized access, loss, misuse, or alteration. We have implemented robust security measures to ensure the confidentiality, integrity, and availability of your information, including: –

  • Technical Safeguards: To protect your information during transmission, we utilize industry-standard encryption protocols, ensuring the confidentiality of your data. Our secure network infrastructure incorporates firewalls, intrusion detection systems, and other security measures to prevent unauthorised access and mitigate external threats. Additionally, access controls are in place, restricting data access to authorised individuals through unique user credentials, strong passwords, and role-based privileges. Regular data backups and recovery processes are performed to maintain data integrity and availability.
  • Organisational Safeguards: Our commitment to data security extends to our employees and third-party service providers. Strict confidentiality agreements bind them, emphasizing the importance of maintaining the security and confidentiality of your personal data. Regular training programs are conducted to educate employees on data protection best practices, security protocols, and their responsibilities. Access controls and authorization mechanisms ensure that only authorised personnel can access your data. We have established comprehensive data protection policies and procedures to guide the proper handling, storage, retention, and disposal of personal data. In the event of any security incidents, our incident response plan enables swift identification, mitigation, and notification, as well as measures to prevent future occurrences.

While we continually enhance our security measures, it is important to note that no security measure can provide absolute protection. However, we are dedicated to maintaining the highest possible standards of data security and will continue to invest in measures to safeguard your information.

  • If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately by sending us an email at info@mutieadvocates.co.ke or call/SMS us at 0768042180
  • We retain your personal data for as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by applicable laws and regulations.
  • Once the retention period expires, we shall securely delete or anonymise your data in accordance with our Data Retention and Disposal Policy.
  • We use cookies and similar technologies on our website to enhance your browsing experience, personalize content, analyse website traffic, and track user interactions. A cookie is a small text file that is stored on your device when you visit our website.
  • We use different types of cookies on our website:
    • Essential Cookies: These cookies are necessary for the functioning of our website and enable you to navigate through the site and use its features. They are essential for providing services that you have requested, such as accessing secure areas of the site or making use of online forms.
    • Analytical and Performance Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most frequently or if any error messages occur. We use this information to analyse and improve the performance and functionality of our website.
    • Marketing and Advertising Cookies: These cookies are used to deliver targeted advertisements and promotions that may be of interest to you. They are placed by third-party advertising networks with our permission. These cookies may track your browsing activities across different websites.
  • Cookie Consent: By using our website, you consent to the placement of cookies on your device as described in our Cookie Policy. You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may impact the functionality and performance of our website.
  • Third-Party Cookies: We may allow certain third-party service providers to place cookies on our website for advertising, analytics, or other purposes. These third parties have their own privacy policies and may collect information about your browsing activities on our website and other websites.
  • Data Collected by Cookies: The information collected by cookies may include your IP address, browser type, device information, and browsing behaviour. We take appropriate measures to protect the security and confidentiality of cookie data. We ensure that any third parties that have access to cookies comply with strict data protection standards and process the information in accordance with our instructions.

Under the Data Protection Act, 2019, you have several rights regarding your personal data:

  • right to information: you have a right to be informed how the Firm will use your personal data.
  • right of access: you are entitled to access your personal data that is in our possession or custody.
  • right to object: you can object to the processing of all part of your personal data, except when we can demonstrate a compelling legitimate interest for the processing which overrides your interests or for the establishment, exercise or defence of a legal claim.
  • right to rectification: you have the right to request the correction of inaccurate, outdated, incomplete or misleading personal data in our possession or under our control, without undue delay.
  • right to erasure: you have the right to request deletion or destruction, without undue delay, of personal data that we are no longer authorised to retain, or that is irrelevant, excessive, or obtained unlawfully.
  • right to data portability: you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit the data to another data controller without hindrance. Where technically feasible, you may also request direct transmission of your personal data from us to another data controller or data processor.
  • automated decision making you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects affects you. If we make automated decisions based on your personal data, you will be notified in writing. You can also request us to reconsider any decisions made solely through automated processing or to make a new decision that is not solely automated.
  • right of restriction: You can request the restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of the data, it is no longer needed for processing, it was processed unlawfully, or you have objected to the processing pending verification of our legitimate interests.
  • Right to withdraw consent: you have a right to withdraw consent where the lawful basis for processing your personal data is based on consent.
  • Right to lodge a complaint to the Office of the Data Protection Commissioner (ODPC): you have a right to lodge a complaint to the ODPC if you are aggrieved by a decision regarding the processing of your personal data.
  • If you wish to exercise any of the rights outlined above, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180.
  • We will make every effort to address your inquiries and requests via email within the timelines specified by applicable data protection laws and regulations.
  • To ensure the security and accuracy of the personal data we provide, we may request additional information and verification of your identity. This is necessary to confirm that we are releasing the data to the rightful owner.
  • While we strive to fulfill all valid requests, there may be cases where we are unable to comply. If such a situation arises, we will inform you of the reasons for our inability to fulfill your request.
As part of our business operations, we may your transfer personal data to recipients located in countries outside Kenya. We are committed to ensuring that any transfer of personal data outside of Kenya complies with the provisions set forth in the Data Protection Act, 2019. We prioritise the privacy and security of your personal data throughout the transfer process. If you have any questions or concerns regarding our international data transfer practices, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180 We will strive to address your inquiries and provide you with transparent information regarding the transfer of your personal data outside of Kenya.

By providing your personal data to Mutie Advocates, you agree to adhere to the following responsibilities:

  • Accuracy and Updates: You are responsible for providing accurate and up-to-date personal data to the Firm. Please inform us promptly of any changes or updates to your contact details or other relevant information.
  • Third-Party Data: If you give us personal data of third parties, it is your responsibility to ensure that you have obtained necessary consent or authority to share their information. Inform these individuals about the processing activities and possible international transfers of their data.
  • Reporting Concerns: If you have any concerns or complaints regarding the processing or transfer of your personal data, please contact us at info@mutieadvocates.co.ke or call/SMS us at 0768042180. We appreciate your feedback and will promptly address any issues raised.
  • We may periodically revise this Policy to ensure compliance with applicable legal requirements and our evolving business practices.
  • We will promptly inform you of any material changes to this Policy by posting a pop-up notification or sending you direct communication.
  • Your continued use of our services after the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy. We recommend that you regularly check this Privacy Policy to stay updated on any changes. If you disagree with any modifications to this Policy, you should discontinue using our services and contact us to exercise your rights or request the removal of your personal data, as outlined in this Policy.