Privacy & GDPR

Baker Tilly Kenya is committed to protecting the privacy, confidentiality, and security of personal data entrusted to us by our clients, employees, suppliers, business partners, and website users.

We process personal data in accordance with the requirements of the Kenya Data Protection Act, 2019, the Data Protection (General) Regulations, 2021, and, where applicable, the European Union General Data Protection Regulation (GDPR).

Personal Data We Collect

In the course of providing our professional services, we may collect and process personal data including:

  • Names and contact information;
  • Employment and professional information;
  • Identification information;
  • Financial and transactional information;
  • Information required for regulatory, compliance, due diligence, and anti-money laundering purposes;
  • Information submitted through our website, events, surveys, or direct communications;
  • Any other information necessary for the provision of our services.

Where required by law or with appropriate consent, we may process special categories of personal data where necessary to fulfil our professional obligations.

How We Use Personal Data

We use personal data for legitimate business purposes, including:

  • Delivering audit, tax, advisory, consulting, and other professional services;
  • Managing client relationships and responding to enquiries;
  • Meeting legal, regulatory, and professional obligations;
  • Conducting risk management, quality assurance, and internal administration activities;
  • Communicating service updates, thought leadership, event invitations, and other relevant information where permitted by law;
  • Protecting the security and integrity of our systems and operations.

Legal Basis for Processing

Where applicable under GDPR, we process personal data on one or more of the following legal bases:

  • Performance of a contract;
  • Compliance with a legal obligation;
  • Legitimate interests pursued by Baker Tilly Kenya;
  • Consent, where required;
  • Protection of vital interests; and
  • Performance of a task carried out in the public interest.

Disclosure of Personal Data

We may share personal data with:

  • Other Baker Tilly member firms where necessary to provide services;
  • Professional advisers, regulators, and governmental authorities where legally required;
  • Third-party service providers who support our business operations;
  • Courts, law enforcement agencies, or regulatory bodies where disclosure is required by law.

All third parties receiving personal data are required to maintain appropriate confidentiality and security safeguards.

International Transfers

Where personal data is transferred outside Kenya, Baker Tilly Kenya will ensure that appropriate safeguards are implemented to protect the information and comply with applicable data protection laws.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, professional, accounting, and reporting requirements.

Data Security

We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. Access to personal data is restricted to authorised personnel who require such access for legitimate business purposes.

Your Rights

Subject to applicable law, individuals may have the right to:

  • Access their personal data;
  • Request correction of inaccurate or incomplete information;
  • Request deletion of personal data in certain circumstances;
  • Object to or restrict processing;
  • Withdraw consent where processing is based on consent;
  • Request data portability where applicable;
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) or another competent supervisory authority.

Contact Us

If you have any questions regarding this statement or how your personal data is processed, please contact privacy@bakertilly.ke