Data Trust Center

Privacy Policy

How we handle, protect, and process your data in strict compliance with the Kenya Data Protection Act, 2019.

Entity

Herman Tambo Law Advocates

Framework

Kenya Data Protection Act

Last Updated

8th March 2026

Policy Contents

Who we are

Herman Tambo Law Advocates (“we”, “us”) operates this website and provides legal services. Under the Kenya Data Protection Act, 2019, we act as the Data Controller for any personal data collected through this platform.

Location

Nairobi, Kenya.

Contact

herman@hermantambolaw.com
+254 702 858 990

1 What personal data we collect

We strictly adhere to the principle of Data Minimization. We only collect what is absolutely necessary.

  • Contact details you provide (name, email, phone, company) via forms, WhatsApp, or direct phone calls.

  • Matter information you choose to explicitly share to help us scope work and provide an accurate quote.

  • Usage data & cookies (pages viewed, device type, referrer) utilized strictly for security and analytics.

  • Files you upload (only when you deliberately choose to share them via our secure intake channels).

2 Why we collect it (Lawful Basis)

Pre-contract

To respond & quote

We use your data to answer enquiries and formulate legal strategy.

Contract

To perform our services

Processing necessary to deliver the legal work once you engage us.

Legal Obligation

To comply with the law

For example, KRA compliance or LSK/ARO mandatory record-keeping.

Legitimate Interests

Security & analytics

To improve site performance, analyze traffic, and prevent fraud.

3 Cookies & Automation

We use essential cookies for security and analytics cookies to understand traffic. You can manage cookies via your browser settings.

No Automated Profiling: We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you.

4 Processors & Sharing

We do not sell, rent, or trade your personal data. We only share data as strictly needed to run this site and deliver services. Trusted partners include:

Google Workspace WordPress Calendly WhatsApp

5 Int. Transfers

Some of our software providers store data on servers outside Kenya. We take reasonable steps to ensure appropriate safeguards exist, utilizing reputable vendors bound by strict contractual terms conforming to the DPA.

6 Retention

  • Enquiries / Leads Up to 24 mos
  • Client Files Typically 7 years (LSK)
  • Analytics 26 months

7 Your rights (Kenya DPA)

Under the Data Protection Act, you possess several fundamental rights regarding your personal information:

Access
Correct
Delete
Object
Restrict
Withdraw

To exercise your rights, email us directly. If unresolved, you hold the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya.

8. Children

Our site and services are for adults. If you believe a child has provided data, contact us to remove it immediately.

9. Security & Breaches

We use strict technical measures (HTTPS/SSL). Breach Policy: We will notify you and the ODPC within 72 hours as required by law.

10. Contact Us

For privacy-related inquiries, data access requests, or to withdraw consent, email us directly.

Email our team