Follow Us:

Privacy Policy

  • Home
  • Privacy Policy

Privacy Policy

At Grohney AAA LLP ("we", "us", "our", "Grohney"), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you interact with our website, services, or communications. We adhere to the Data Protection Act of Kenya and other applicable privacy laws to ensure your information is handled with the utmost care and respect.

This policy was last updated on July 28, 2025. We may update this policy periodically, so please review it regularly. If we make significant changes, we will notify you through our website or other appropriate means.

Information We Collect

We collect information to provide and improve our professional services, communicate with you, and comply with regulatory requirements. The types of information we collect include:

  • Personal Identification Information: Name, email address, phone number, postal address, job title, and company name.
  • Professional Information: Professional qualifications, employment history, and business relationships relevant to our services.
  • Financial Information: Bank account details, payment information, and tax identification numbers necessary for our services.
  • Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and other analytics data that help us improve our website experience.
  • Communications: Information provided in emails, forms, surveys, or other communications with us.
  • Recruitment Information: CVs, education and employment history, and other information provided when applying for a position with us.

We collect this information when you:

  • Visit our website or fill out forms on our site
  • Register for an event, webinar, or newsletter
  • Engage us for professional services
  • Apply for a job or internship with us
  • Communicate with us through email, phone, or other channels
  • Interact with our social media pages

How We Use Your Information

We use your information for the following purposes:

  • Providing Professional Services: To deliver the audit, accounting, tax, and advisory services you have engaged us to perform.
  • Communication: To respond to your inquiries, provide updates about our services, and send relevant newsletters or publications.
  • Improving Our Services: To analyze how our website and services are used so we can enhance functionality and user experience.
  • Marketing: To share information about services, events, or insights that may be of interest to you, always with an option to unsubscribe.
  • Recruitment: To process job applications and assess candidates for positions within our firm.
  • Legal and Regulatory Compliance: To meet our professional obligations, including anti-money laundering checks, conflict checks, and other regulatory requirements.
  • Security: To protect our systems, data, and professional services from unauthorized access or fraudulent activity.

We process your information based on one or more of the following legal grounds:

  • Your consent
  • Performance of a contract with you
  • Compliance with legal and regulatory obligations
  • Our legitimate business interests

Information Sharing and Disclosure

We respect the confidentiality of your information and do not sell or rent your personal data to third parties. We may share your information with:

  • Service Providers: Third-party vendors who assist us in providing our services, such as IT support, data storage, email delivery, and customer relationship management.
  • Professional Advisors: Other professional firms we collaborate with to provide comprehensive services, subject to confidentiality agreements.
  • Regulators and Authorities: Government agencies, regulatory bodies, or law enforcement when required by law or to protect our rights.
  • Potential Buyers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to appropriate safeguards.

All third parties with whom we share information are required to protect it in accordance with applicable laws and can only use it for specified purposes.

Data Security

Protecting your information is paramount to us. We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction. These security measures include:

  • Encryption of sensitive data and secure transmission protocols
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Staff training on data protection and confidentiality
  • Physical security measures at our offices
  • Regular backups and disaster recovery procedures

While we take all reasonable steps to protect your information, no internet transmission or electronic storage system is 100% secure. We encourage you to take precautions when sharing sensitive information online and to contact us immediately if you suspect any unauthorized access to your account or information.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Providing the services you have requested
  • Complying with legal, regulatory, and professional obligations
  • Resolving disputes or enforcing our agreements
  • Meeting legitimate business needs

Specific retention periods vary depending on the type of information and applicable legal requirements. For professional services, we typically retain client information for 7 years after the completion of an engagement to comply with tax, accounting, and legal requirements. For recruitment data, we retain information for up to 2 years for unsuccessful candidates, unless you request earlier deletion.

When your personal information is no longer needed, we securely delete or anonymize it.

Your Rights

Under applicable data protection laws, you have various rights regarding your personal information:

  • Access: You can request a copy of the personal information we hold about you.
  • Correction: You can ask us to correct inaccurate or incomplete information.
  • Erasure: In certain circumstances, you can ask us to delete your personal information.
  • Restriction: You can request that we limit how we use your personal information.
  • Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
  • Objection: You can object to our processing of your personal information for direct marketing or based on legitimate interests.
  • Withdrawal of Consent: Where we rely on your consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and personalize content. Cookies are small text files stored on your device that help us recognize your browser and remember certain information.

We use the following types of cookies:

  • Essential Cookies: Required for the website to function properly.
  • Analytical/Performance Cookies: Help us understand how visitors interact with our website.
  • Functionality Cookies: Remember your preferences and settings.
  • Targeting Cookies: Record your visit to our website, pages visited, and links followed.

You can control cookies through your browser settings. However, disabling certain cookies may affect your ability to use some features of our website. For more information, please refer to our Cookie Policy.

International Data Transfers

As a professional services firm with international connections, we may transfer your personal information to countries outside Kenya, including those that may not have the same level of data protection. When we do so, we ensure appropriate safeguards are in place to protect your information, such as:

  • Standard contractual clauses approved by relevant data protection authorities
  • Data transfer agreements with recipients
  • Selection of service providers in countries with adequate data protection laws
  • Obtaining your explicit consent for certain transfers

We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

Changes to This Policy

We review our Privacy Policy regularly and may update it to reflect changes in our practices, services, or applicable laws. The updated policy will be effective when posted on our website. We encourage you to check this page periodically for the latest information on our privacy practices.