PRIVACY NOTICE OF AMIT GADHIA ADVOCATE AND SOLICITOR
1.Notice Purpose
To inform individuals who use my website or engage my services how I use their personal data as a ‘Data Controller’ in line with the United Kingdom General Data Protection Regulation (UK GDPR) and the Kenya Data Protection Act, 2019 (KPDA) and supporting regulations under the KDPA.
2.I am a Sole Practitioner
I am a sole practitioner, an Advocate of the High Court of Kenya and a Solicitor of England and Wales. If you have any questions regarding how I use individual’s personal data, please contact me on any one of the following addresses:
- UK office – Amit Gadhia, Solicitor, 2nd Floor, Prama House – Podium, Summertown, Oxford
OX2 7HT, United Kingdom, Tel: +(44)1865703545, Email: info@amitgadhia.com
- Kenya office – Amit Gadhia Advocate, Indigo Cowork Space, Off General Mathenge road (Spring Valley end), P.O. Box 1075 – 00606, Nairobi Kenya, Tel: +(254)799402888, Email: info@amitgadhia.com
- I can also be contacted via my websites – www.amitgadhia.com (Kenya website) or amitgadhia.co.uk (UK website) (“Websites”).
3.How I process your personal data
The personal data I collect about you is kept to a minimum and I process individual’s personal data to:
- Meet regulatory and legal requirements under the UK GDPR and KDPA
- Provide my services to my clients
- Promote my services and to manage my relationship with clients, prospective clients and colleagues
- Manage and supervise employees
- Registration, delivery and participation of training courses and webinars
- Informing you of any upcoming regulations and services
- For purposes of communication and support
4.How I obtain your personal data
When you visit the Websites or use my service, I collect personal data. The ways I collect it can be categorised into the following:
a) Website – When individuals visit or use some parts of my Websites and/or services I might ask you to provide personal data to me.
b) Clients and individuals – Personal data is obtained through email, telephone, post and any similar mode of communication
c) Publicly accessible personal data – This data can be available through public institutions or public bodies for example, the company’s registry and lands registry
5.My lawful basis for using personal data
All personal data will be used:
a) to perform my service contract with you, or
b) where I have legitimate interest to process personal data and that they not overridden by individual’s rights, or
c) in accordance with a legal obligation, or
d) where I have your consent.
If you are an individual who doesn’t have a client relationship with me, but believe that someone has entered your personal data into my Websites or sent your personal data to me, you’ll need to contact me asap for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
6.Principles of data protection
As a data protection champion, my approach to data protection is built around four key principles which are provided under the UK GDPR and KDPA. They’re at the heart of everything I do relating to personal data.
a) Transparency: I take a human approach to how I process personal data by being open, honest and transparent.
b) Enablement: I enable connections and efficient use of personal data to empower productivity and growth.
c) Security: I champion industry leading approaches to securing the personal data entrusted to me.
d) Stewardship: I accept the responsibility that comes with processing personal data.
7.I may share personal data
I may share personal data with third parties:
a) For purposes of fulfilling my contractual obligations to my clients – for example releasing information to lands office or companies registrar
b) To professional advisers – for example our auditors, bankers and insurers
c) To regulatory authorities, courts, tribunals and law enforcement agencies – for example our regulator the Solicitors Regulatory Authority in the United Kingdom or the Law Society of Kenya in the Republic of Kenya.
Third parties to whom I transfer personal information are required to respect the security of the information and treat it in accordance with the law. I do not sell personal data to third parties.
8.Cross Broder Data transfers
International Data Transfers
While providing my services I may need to transfer personal data to countries outside of the UK or the Republic of Kenya. When such data transfer is needed, I will consider:
- Where the data transfer is a ‘restricted data transfer’, in which case I will find out whether I can make the transfer subject to ‘appropriate safeguards’
- I will satisfy that the individuals whose data is transferred have a level of protection commensurate with the level of protection under the UK GDPR or KDPA or if there are any exceptions applicable under the UK GDPR or KPDA
- If there are not appropriate safeguards then I will take additional steps, such as binding contracts or corporate rules with the recipient of the individual’s data.
9. Security
Security is a priority for me when it comes to an individual’s personal data.I am absolutely committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
10.Retention
The length of time I keep your personal data depends on what it is and whether I have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
I will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with my data retention policies and practices. Following that period, I will make sure it’s deleted or anonymised.
11. Individual rights
Individuals have certain rights relating to personal data. These rights are to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to the relevant email address as part 2 of this notice.
12. Complaints
Individuals have a right to make a complaint at any time as follows:
- For individuals who are covered by the UK GDPR, to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.co.uk)
- For individuals who are covered by the KDPA to the Office of the Data Protection Commissioner (ODPC), the Kenya supervisory authority for data protection issues (www.odpc.go.ke)
In case of any issues, and in the first instance, I request you to give me a chance to deal with any concerns before the ICO or ODPC is approached so kindly contact me, using the contact details given above.
Last updated: 29 July 2024