PRIVACY POLICY

Last Updated: 19th January 2026

Introduction

Meritad Law Africa LLP (“we“, “us“, “our“, or “the Firm“) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website [www.meritadlaw.com] (the “Website“), interact with us online, or become a client or potential client.

We are a “data controller” for the purposes of applicable data protection laws, including the Data Protection Act, 2019 of Kenya and other relevant regional regulations. This means we are responsible for deciding how we hold and use your personal information.

By using our Website or providing your information to us, you acknowledge the practices described in this policy. If you do not agree, please do not use our Website or provide us with your personal data.

Information We Collect

We may collect and process the following categories of personal data:

  1. Data You Provide Voluntarily
  • Contact Information: Name, email address, telephone number, postal address, job title, and company name.
  • Client Service Data: Information necessary for providing legal services, which may include identity documents, financial information, case details, and any other personal data relevant to your legal matter.
  • Communications: Records of your correspondence with us (e.g., emails, contact form submissions, chat logs).
  • Subscription Data: Preferences for receiving newsletters, legal updates, or event invitations.
  1. Data Collected Automatically (via Cookies and Similar Technologies)
    When you visit our Website, we may automatically collect technical information, as detailed in our Cookie Policy. This may include:
  • Usage Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
  • Website Interaction Data: Pages you visit, time spent on pages, clickstream data, and other diagnostic data.
  1. Data from Third Parties or Public Sources
    We may receive information about you from publicly accessible sources (e.g., company registries, court records) or from third parties such as intermediaries, other professional advisors (with your consent), or regulatory bodies, where necessary for the provision of our services.

How We Use Your Information (Purposes & Legal Basis)

We will only use your personal data lawfully. Our primary legal bases for processing are: (a) the performance of a contract with you; (b) compliance with a legal obligation; (c) your consent; and (d) our legitimate interests, provided your interests and fundamental rights do not override those interests.

 Purpose of Processing

Legal Basis

To provide you with legal services and advice, manage your client account, and administer fees.

Performance of a contract. Compliance with legal obligations.

To communicate with you regarding your inquiries, our services, or updates to your matter.

Performance of a contract. Legitimate interests (to respond to inquiries and administer client relationships).

To manage our relationship with you, including seeking feedback.

Legitimate interests (to grow our business, improve services, and maintain records).

To send you legal updates, newsletters, and marketing communications (where you have consented).

Consent. You can withdraw consent at any time.

To operate, secure, and improve our Website (e.g., via analytics).

Legitimate interests (to understand how our Website is used, ensure network security, and improve user experience).

To comply with professional, regulatory, and legal obligations (e.g., conflict checks, fraud prevention).

Compliance with a legal obligation. Legitimate interests (to protect the Firm and our clients).

 

How We Share Your Information

We treat client confidentiality with the utmost seriousness. We will only share your personal data:

  • Within the Firm: With our lawyers and staff on a need-to-know basis.
  • With Service Providers: With trusted third parties who provide essential services under strict confidentiality agreements (e.g., IT support, cloud storage providers, document review platforms).
  • For Legal & Professional Reasons: Where required by law, regulation, or court order; to enforce our agreements; or to defend our legal rights. This includes sharing with our professional indemnity insurers, auditors, or other professional advisors.
  • With Your Consent: In specific circumstances where you have given us explicit permission.

We DO NOT sell, trade, or rent your personal data to third parties for marketing purposes.

 Data Security

We have implemented appropriate technical and organizational security measures designed to protect your personal data from accidental loss, unauthorized access, alteration, or disclosure. Our security measures include secure servers, encryption, access controls, and secure office premises. However, no method of transmission over the Internet or electronic storage is 100% secure.

Data Retention

We will retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. Our retention periods are determined by the nature of the data and our legal/ professional obligations. Typically, client files are retained for a minimum period required by law (e.g., several years after the conclusion of a matter) before secure deletion or anonymization.

Your Data Protection Rights

Depending on your jurisdiction, you may have rights under data protection laws, which may include:

  • Right of Access: To request copies of your personal data.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): To request deletion of your data under certain conditions.
  • Right to Restrict Processing: To request we suspend processing of your data.
  • Right to Data Portability: To request transfer of your data to another organization.
  • Right to Object: To object to processing based on our legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent.

To exercise any of these rights, please contact us using the details in we have included in our ‘Contact Us’ Clause. We may need to verify your identity before proceeding.

Links to Other Websites and Social Media Sites

Our Website may contain links to other websites (e.g., social media platforms, legal resources, regulatory bodies). This Privacy Policy applies only to our Website. We are not responsible for the privacy practices or content of third-party sites. We encourage you to read the privacy policy of any site you visit.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or the law. The “Last Updated” date at the top will indicate when revisions were made. We will post the updated policy on our Website. Significant changes may be notified to you by email where appropriate.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact our designated point of contact:

Data Protection Contact
Meritad Law Africa Limited Liability Partnership.
Located At: [AppleWood Adams, Ngong Road]
Email: [info@meritadlaw.com]
Phone: [+2547 25 032 287]