Privacy Notice
DEFINITIONS AND INTERPRETATION
For the purposes of this Privacy Notice, the following definitions apply:
This Privacy Notice explains what Personal Data we, ACM, a multi-family firm dedicated to providing wealth management and wealth administration solutions to protect and grow clients’ wealth over generations, with its registered office at The Promenade, 5th Floor, General Mathenge Drive, Westlands, Nairobi, collects about you, what we use it for, who we share it with and how we protect it. It also sets out your rights and who you can contact for more information or queries.
This Privacy Notice may change from time to time. We reserve the right to amend the Privacy Notice at any time, for any reason. The date of the last revision to the Privacy Notice will be indicated by the “Last Updated” date.
In the course of your use of this website or your interaction with us through this website, we may collect Personal Data directly from you save for instances where the law permits us to collect your Personal Data from other sources.
We collect a broad range of Personal Data including but without limitation:
Identity information which includes names, copies of identity documentation (for example, national ID or passport), dates of birth, and locations/addresses;
Contact information which includes phone numbers and email addresses;
Device identifier information which includes internet protocol address, browser type and other similar information from our website users;
Financial information which includes bank account details in case we need to process any payments;
Details on remuneration where, for example, we may act for an employer or a party to a merger and acquisition;
Photographs of our clients for various processes with government registries and other public authorities.
We may also collect other Personal Data directly from you (save for instances where the law permits us to collect your Personal Data from other sources) in the course of providing any of the company secretarial services to you or your employer, or to someone else based on subsequent interactions with you.
We collect this Personal Data directly when clients engage us. We may also indirectly collect Personal Data from other professional service providers who are working with us to render services or from our corporate clients in relation to individuals employed or contracted by them. In such cases, we rely on these third parties to inform the individuals in question that they will be sharing their Personal Data with us, and we only use that Personal Data for the stated purposes.
We collect Personal Data when we are (or propose to be) dealing with, or providing or marketing our services to you, a client, or someone employing or engaging you. In accordance with our legal obligations, we inform you of the following:
your rights as the subject of the Personal Data which we collect from you;
the fact that we are collecting your Personal Data from you;
the purpose for which we intend to collect your Personal Data including why we are collecting your Personal Data and how we plan to use it;
the third parties to whom your Personal Data will be shared or transferred, including details of safeguards adopted;
the contacts of the Data Controller or Data Processor who will process your Personal Data;
a description of the technical and organizational security measures taken to ensure the integrity and confidentiality of your Personal Data;
whether the Personal Data is being collected pursuant to any law and whether such collection is voluntary or mandatory; and
the consequences where the Data Subject fails to provide all or any part of the requested Personal Data.
Should we ever collect your Personal Data from sources other than you, in any other context besides where you have applied for employment with us, we will, in so far as it is practicable, notify you before we collect such Personal Data from such other sources.
WWe only collect Personal Data from this website when you voluntarily provide it – for example, when you fill in a form on the careers section or subscribe to our publications. If the Personal Data is intended to be collected pursuant to any law or where the collection of such Personal Data is mandatorily required, we will notify you of this directly prior to collecting such Personal Data.
We also obtain Personal Data from your IP address, operating system and web browser that you use to access our website. We use cookies on our website.
When you visit our website, our server will record your IP address together with the date, time and duration of your visit. An IP address is an assigned number, similar to a telephone number, which allows your computer to communicate over the Internet. It enables us to identify which organizations have visited this website. We use this information to compile statistical data on the use of our website to track how users navigate through our site in order to enable us to evaluate and improve our site.
Please note that the provision of your Personal Data to us may be necessary for enabling the use or functioning of certain features of this website or the provision of certain services through this website. To that extent, any such features or services may not be functional or available for use or capable of being used in the absence of the provision of your Personal Data.
Once collected, we may use your Personal Data in a variety of ways including, but not limited to:
providing you with service communications such as bill reminders, order confirmations, programme registrations and client service messages;
responding to your emails or online requests for products, services or information;
delivering and processing surveys;
personalizing and improving the usability of this website;
fulfilling and/or delivering our products and services;
tailoring content, advertising, and marketing to you;
sharing your Personal Data with certain third parties to fulfil any express service requests which you make to us. We may also share such information with service providers that perform business functions for us.
We may on occasion be required to share your information with ACM members, officers and affiliates and any third parties who provide services on our behalf. In relation to any such disclosure of your Personal Data, we will only disclose your Personal Data where you have given your consent or where we are required or otherwise permitted to do so by any applicable law, or where it is necessary for the purpose of, or in connection with, legal proceedings or to exercise or defend legal rights.
We may also share e-mail addresses with third parties as necessary for them to perform certain services on our behalf, such as packaging, mailing, and delivering products to you and responding to your service requests.
Some of your Personal Data may be stored in a cloud located within or outside Kenya and managed by a third-party service provider. Where we transfer your Personal Data outside Kenya, we will take reasonable steps to ensure that your Personal Data is treated securely and that the means of transfer provides adequate safeguards.
We implement commercially reasonable security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of Personal Data.
We use up to date data storage and security systems to hold your Personal Data securely in electronic and physical form to protect your personal information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss. Our IT usage and security policy is supported by various security standards, processes, and procedures. Our premises are access controlled and our electronic databases require logins and password authentication.
All our partners, staff and third-party service providers who have access to confidential information (including Personal Data) are subject to confidentiality obligations.
As a Data Subject, you have the right to:
be informed of the use to which your Personal Data is to be put;
access your Personal Data which we hold;
request that we make your Personal Data available to you in a portable format and transmit it to another Data Controller, Data Processor or a third party;
the right to the rectification of any inaccurate, outdated, incomplete or misleading portions or parts of your Personal Data and to the erasure or destruction of any portions or parts of your Personal Data that are irrelevant, excessive, unlawfully obtained or that we are no longer authorized to retain.
In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time. Once the firm has received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
request for your Personal Data to be deleted, provided that the DPA may allow us to retain your Personal Data in certain circumstances;
request us to suspend the processing of your Personal Data for various reasons provided for in the DPA such as where your Personal Data is incorrect;
object to the processing of all or part of your Personal Data; and
request that we process your Personal Data anonymously or pseudonymously.
To exercise any of these rights, please reach out to us through the contact page on our website.