Business Setup

Privacy Policy

A Privacy Policy discloses how your business collects, uses, and protects personal data. Required under the Kenya Data Protection Act 2019 for any website or app handling user data.

Generate this document

Legally sound

Drafted to comply with Kenyan law and international common law standards.

Ready in seconds

Fill in your details and get a complete, professional document instantly.

Fully customisable

Every clause is tailored to your specific situation and requirements.

What this document covers

Data controller details
Types of personal data collected
Purpose and legal basis for processing
Data retention periods
Third-party data sharing
User rights (access, correction, deletion)
Cookie policy
Cross-border data transfers if any
Contact details for data requests
Compliance with Kenya Data Protection Act 2019

Frequently Asked Questions

Is a privacy policy legally required in Kenya?
Yes. The Kenya Data Protection Act 2019 requires any person or organisation that collects, processes, or stores personal data to have a privacy notice explaining what data is collected, why, how it is used, how long it is retained, and what rights data subjects have. Failure to comply can result in penalties from the Office of the Data Protection Commissioner.
Does Kenya's Data Protection Act apply to international websites with Kenyan users?
Yes. The KDPA applies to any processing of personal data of Kenyan residents, regardless of where the data processor is based. An international website targeting Kenyan users must comply with the KDPA, similar to how GDPR applies to any site processing EU users' data.
Is a privacy policy required in common law countries?
Most common law countries have data protection or privacy legislation requiring a privacy policy: the UK GDPR (post-Brexit), Australia's Privacy Act, India's Digital Personal Data Protection Act 2023, and Nigeria's NDPR. A well-drafted privacy policy addressing these frameworks reduces compliance risk across multiple jurisdictions.