Legal

Privacy Policy

Last updated: 10 April 2026

Keldine & Co. LLP (“Keldine”, “we”, “us”) respects your privacy. This policy describes how we handle personal information when you visit our public website, submit an enquiry, or otherwise interact with us online. It is intended to support transparency under the Kenya Data Protection Act, 2019 and good practice — it is not legal advice.

Our site is primarily informational: we publish insights on tax, audit, assurance, consulting, and related topics, and we invite you to contact us about professional services. We do not operate a self‑service client portal through this public website.

Interpretation and Definitions

Who this policy covers

This policy applies to visitors to the Website, individuals who submit forms or otherwise contact us through the site, and anyone whose personal data we process in connection with operating the Website. Capitalised terms used below have the meanings set out in the definitions list.

Definitions

For the purposes of this Privacy Policy:

Personal Data
Information that identifies or can reasonably be associated with an identifiable individual, such as a name, email address, or phone number.
Keldine / we / us / our
Keldine & Co. LLP, a limited liability partnership based in Kenya and referred to on this site as Keldine. Our principal contact details are on the contact page of this Website.
Website
The public site operated by Keldine, primarily at https://www.keldine.co.ke (and any successor domain we use for the same purpose).
Processing
Any operation performed on personal data — including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, or deletion.
Processor
A person or organisation that processes personal data on our instructions (for example, a hosting provider, email delivery service, or form workflow tool).
You
The person browsing the Website, or the organisation on whose behalf that person is acting when they submit an enquiry.

Collecting and Using Your Personal Data

Information you give us

We collect personal data when you choose to interact with us, including when you:

  • Contact us through our contact form (name, email, phone, organisation, subject, message, and how you heard about us, together with optional context fields we may add from time to time).
  • Request a consultation or introduction through our “Get started” flow (for example: name, email, phone, company, country, company size, service interests, free‑text context, and similar fields as presented on the form).
  • Correspond with us by email, phone, or other channels initiated from the Website (we retain what you send us as needed to reply and to manage the relationship).

Our forms may also record technical context that helps us route and triage enquiries fairly — for example the page you submitted from, timestamps, basic campaign parameters where you arrived via a tracked link, and similar metadata. We use this to improve responsiveness and to understand which content is most useful — not to sell data or to build unrelated commercial profiles.

Information collected automatically

When you browse the Website, our servers and security infrastructure automatically receive standard technical information, such as your IP address, approximate location derived from IP, browser type and version, device type, referring URL, and time of access. We use this information to secure the site, troubleshoot performance, and understand aggregate traffic trends.

We may use fonts or other assets loaded from third‑party domains; those requests are handled by the relevant provider under their own policies.

Tracking Technologies and Cookies

We use cookies and similar technologies only as appropriate for a modern marketing and enquiry site. You can control cookies through your browser settings; blocking certain cookies may limit how well some features work.

  • Cookies. Small text files stored on your device. We may use session cookies (deleted when you close the browser) and, where justified, persistent cookies (which remain for a defined period).
  • Local storage and similar. We may store small amounts of data in the browser where it helps the site function (for example, remembering that you dismissed a notice). We do not use these technologies to replace honest disclosure in this policy.

Cookies may be strictly necessary (required for security or core operation) or non‑essential (for example analytics). Where the law requires consent before non‑essential cookies are set or read, we will obtain that consent and keep records accordingly.

Strictly necessary

Type
Session / first-party (as applicable)
Administered by
Keldine & selected infrastructure partners
Purpose
Required to deliver the Website securely and reliably — for example, to resist abuse, maintain availability through our hosting stack, and remember choices that are essential to using the site. This public site does not offer logged‑in client accounts; these cookies are not used to profile you for advertising.

Functional, analytics, and improvement

Type
First- or third‑party (if enabled)
Administered by
Keldine and, where used, our analytics providers
Purpose
We aim to keep non‑essential technologies to a minimum. If we enable optional tools (such as aggregate traffic analytics, performance measurement, or preference storage), we use them to understand how the site is used and to improve content and usability. Where Kenyan law requires consent for non‑essential technologies, we will obtain valid consent before loading them and update this section to name specific tools.

Third‑party content (e.g. fonts)

Type
Third‑party request
Administered by
Third‑party providers (e.g. Google Fonts)
Purpose
Some design elements may load resources from third‑party domains (such as web fonts). Those providers may receive technical data typical of a standard HTTP request (for example, IP address and user agent). Please read their privacy notices for details.

For practical choices about cookies in your browser, see your browser’s help documentation. You can also contact us using the details at the end of this policy.

Use of Your Personal Data

We process personal data for clear, legitimate purposes connected to our practice and this Website, including to:

  • Respond to enquiries — evaluate your needs, route your request to the right team, and follow up by email, phone, or meeting as you expect from a professional services firm.
  • Provide and improve the Website — maintain availability, fix errors, understand what content is read, and refine how we present our services (always proportionate and respectful of privacy).
  • Protect security and integrity — detect abuse, fraud, or unauthorised access attempts affecting our site or systems.
  • Comply with law and professional obligations — including record‑keeping, regulatory requirements, and responding to lawful requests from competent authorities.
  • Manage supplier and subcontractor relationships — where our Processors assist with hosting, productivity, client intake, email delivery, or similar functions, strictly under contract and instruction.

We do not sell your personal data. We do not allow unrelated third parties to use our enquiry data for their own marketing. If we ever wished to use your details to tell you about seminars, briefings, or similar professional updates beyond your immediate request, we would rely on a lawful basis under the Data Protection Act (for example consent or legitimate interest, assessed carefully) and give you a clear chance to object or unsubscribe.

Retention of Your Personal Data

We keep personal data only as long as needed for the purposes above, unless a longer period is required by law, professional standards, or litigation. Enquiry records are typically retained for a limited number of years after the last meaningful contact, unless a matter requires longer retention (for example ongoing work, a dispute, or regulatory audit).

Aggregated or de‑identified statistics derived from site usage may be kept longer where they no longer identify you.

Transfer of Your Personal Data

Our practice is based in Kenya and most processing happens within Kenya or the wider East Africa region. Some Processors may store or process data in other countries (for example the United States or the European Economic Area) where standard contractual clauses or other appropriate safeguards recognised under Kenyan law are used where required.

By submitting your information through this Website, you understand that limited technical routing across jurisdictions may occur as part of normal internet operation and cloud services, and we will take reasonable steps to ensure continued protection consistent with this policy and applicable law.

Your Rights and Choices

Under the Kenya Data Protection Act, 2019, you may have rights to access, rectify, erase, restrict processing, object, and withdraw consent where processing is based on consent — subject to legal and professional exceptions (for example where we must retain a file for regulatory reasons). Because this Website does not provide a self‑service account, please contact us directly to exercise your rights.

We may ask reasonable questions to confirm your identity before disclosing or changing records. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner (Kenya).

Disclosure of Your Personal Data

Professional advisers and corporate events

If we engage in a merger, restructuring, or sale of business assets, personal data held in connection with the Website may transfer to a successor, subject to confidentiality commitments and notice where practicable.

Law enforcement and legal process

We may disclose personal data when required by law, court order, or a competent regulator, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Keldine, our clients, staff, or the public.

Other legal requirements

We may disclose personal data where we reasonably believe it is necessary to:

  • Comply with a legal obligation
  • Protect or defend our rights or property
  • Investigate wrongdoing in connection with the Website
  • Protect the personal safety of individuals
  • Defend against legal claims

Security of Your Personal Data

We implement reasonable technical and organisational measures appropriate to the sensitivity of the information we handle — including secure hosting practices, access controls for staff, and guarded forms of communication. No website or email transmission is perfectly secure; if you have highly sensitive instructions, we may suggest secure channels outside generic web forms.

Children’s Privacy

Our Website and services are directed at businesses, organisations, and adult professionals. We do not knowingly collect personal data from children. If you believe a child has provided us information without appropriate authority, please contact us and we will take steps to delete it where required by law.

Our site may link to regulators, networks, or partner organisations for your convenience. Those sites operate under their own privacy notices. We encourage you to read them before submitting personal data elsewhere.

Changes to this Privacy Policy

We may update this policy from time to time to reflect changes in law, our practice, or the Website. The “Last updated” date at the top will change when we publish a revised version. For material changes, we may also use a short notice on high‑traffic pages or, where appropriate, contact individuals directly.

Contact Us

Questions about this policy or our handling of personal data should be directed to Keldine using the details on our contact page or by email to info@keldinellp.com.