Privacy & GDPR
Baker Tilly Kenya is committed to protecting the privacy, confidentiality, and security of personal data entrusted to us by our clients, employees, suppliers, business partners, and website users.
We process personal data in accordance with the requirements of the Kenya Data Protection Act, 2019, the Data Protection (General) Regulations, 2021, and, where applicable, the European Union General Data Protection Regulation (GDPR).
Personal Data We Collect
In the course of providing our professional services, we may collect and process personal data including:
- Names and contact information;
- Employment and professional information;
- Identification information;
- Financial and transactional information;
- Information required for regulatory, compliance, due diligence, and anti-money laundering purposes;
- Information submitted through our website, events, surveys, or direct communications;
- Any other information necessary for the provision of our services.
Where required by law or with appropriate consent, we may process special categories of personal data where necessary to fulfil our professional obligations.
How We Use Personal Data
We use personal data for legitimate business purposes, including:
- Delivering audit, tax, advisory, consulting, and other professional services;
- Managing client relationships and responding to enquiries;
- Meeting legal, regulatory, and professional obligations;
- Conducting risk management, quality assurance, and internal administration activities;
- Communicating service updates, thought leadership, event invitations, and other relevant information where permitted by law;
- Protecting the security and integrity of our systems and operations.
Legal Basis for Processing
Where applicable under GDPR, we process personal data on one or more of the following legal bases:
- Performance of a contract;
- Compliance with a legal obligation;
- Legitimate interests pursued by Baker Tilly Kenya;
- Consent, where required;
- Protection of vital interests; and
- Performance of a task carried out in the public interest.
Disclosure of Personal Data
We may share personal data with:
- Other Baker Tilly member firms where necessary to provide services;
- Professional advisers, regulators, and governmental authorities where legally required;
- Third-party service providers who support our business operations;
- Courts, law enforcement agencies, or regulatory bodies where disclosure is required by law.
All third parties receiving personal data are required to maintain appropriate confidentiality and security safeguards.
International Transfers
Where personal data is transferred outside Kenya, Baker Tilly Kenya will ensure that appropriate safeguards are implemented to protect the information and comply with applicable data protection laws.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, professional, accounting, and reporting requirements.
Data Security
We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. Access to personal data is restricted to authorised personnel who require such access for legitimate business purposes.
Your Rights
Subject to applicable law, individuals may have the right to:
- Access their personal data;
- Request correction of inaccurate or incomplete information;
- Request deletion of personal data in certain circumstances;
- Object to or restrict processing;
- Withdraw consent where processing is based on consent;
- Request data portability where applicable;
- Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) or another competent supervisory authority.
Contact Us
If you have any questions regarding this statement or how your personal data is processed, please contact privacy@bakertilly.ke