1. Who we are/ Background
1.1 Victor Lee Legal is a legal practice/firm duly registered and based in Nairobi. We are committed to safeguarding the privacy of all visitors to our websites as well as the security of any Personal Data (as defined below) that you share with us through this website. All processing of such Personal Data shall be carried out in full compliance with the requirements of the Data Protection Act No. 24 of 2019 of the Laws of the Republic of Kenya (DPA) and all other applicable laws.
1.2 For this policy, any reference to the terms “practice” and “firm” shall mean the practice of Victor Lee Legal. Any reference to “partner” means the partner, member, consultant or employee with equivalent standing and qualifications within the practice. Any reference to a Victor Lee legal “location” means the office or facility, associated with the practice.
1.3 Personal Data shall mean any information relating to:
i. an identified natural person; or
ii. an identifiable natural person, that is, a natural person who can be identified directly or indirectly, by reference to an identifier that relates to them such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
1.4 This Privacy Policy explains that the practice herein referred to as ‘we’ or ‘us’ may collect, use, share, safeguard and/or otherwise process information (including Personal Data) provided to the firm including through our website.
1.5 The Privacy Policy may change from time to time and we shall reserve the right to amend the
Privacy Policy at any time, for any reason. The date of the last revision to the Privacy Policy will be
indicated by the “Last Updated” date. Access to the latest available copy of the policy shall be
made available on this website.
2. Data collection
2.1 While you use this website or interact with us through this website, we may collect Personal Data directly from you save for instances where the law permits us to collect your Personal Data from other sources.
2.2 We shall collect the following data;
i. Contact information: your name, position, role, company or organisation, telephone (including a mobile phone number where provided) as well as email and postal address;
ii. Business Information: data identifying you about matters on which you instruct us or in which you are involved;
iii. Information from public sources: e.g. LinkedIn and similar professional networks, directories, internet publication and various government registries;
iv. Attendance records: to record you’re an attendance at our offices for security purposes;
v. Subscriptions/ preferences: when you subscribe to receive legal briefings, updates or newsletters as well as consent preferences to help us identify which materials you are interested in receiving;
vi. Events data: attendance and provision of feedback forms about our events;
vii. Supplier data: contact details and other information about you or your company or organization where you provide services to the firm;
viii. Social Media: posts, likes, tweets, retweets and other interactions with our social media presence;
ix. Technical information; when you access this website and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari etc.), time zone setting, browser plug-in types and versions, the operating system you are using (e.g. Vista, Windows XP, MacOS, etc.), device type, hardware model, MAC address, unique identifiers and mobile network information;
x. Online Data: when you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links
or open our emails.
3. Use your Personal data
3.1 We use your Personal Data for the following purposes:
i. Service provision: providing legal advice and consultancy services;
ii. Business relationship: managing and administering our relationship with you, your company or organization including record-keeping for business contacts, services and payments s we can customize our services while developing our relationship. Also for targeted marketing and promotional campaigns;
iii. Communication: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and od of our services;
iv. Events: running legal briefings, roundtables, webinars and other events;
v. Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
vi. Client legal compliance; client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime and we may not be able to take instructions if you do not provide the information we need to do these checks;
vii. Website monitoring: to check the website and our other technology services are being used appropriately and to optimise their functionality;
viii. Security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
ix. Online Security: protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
x. Regulatory: compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements;
4. Sharing of your data
4.1 We may on occasion be required to share your information with our affiliate service providers and any associated third-party firms to provide services on our behalf. In relation to any such disclosure of your Personal Data, we will only disclose your Personal Data where you have given your consent or where we are required or otherwise permitted to do so by any applicable law, or where it is necessary for the purpose of, or in connection with, legal proceedings or to exercise or defend legal rights.
4.2 Some of your Personal Data may be stored in a cloud located within or outside Kenya and managed by a third-party service provider. Where we transfer your Personal Data outside Kenya we will take reasonable steps to ensure that your Personal Data is treated securely and that the means of transfer provides adequate safeguards as required by the applicable law.
4.3 We implement commercially reasonable security measures to help protect against unauthorised access to or unauthorised alteration, disclosure, or destruction of data. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. Accordingly, and despite our efforts, we cannot guarantee or warrant the security of any information you transmit to us, or to or from our online products or services.
5. Personal data about others
5.1 In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.
6. How long do we keep your data
6.1 We generally keep your information as needed to provide our legal services and to deal with claims. This will depend on several factors such as whether you or your company or organisation are an existing client or have interacted with recent client mailings or bulletins or attended recent events. We will retain your information as necessary to comply with legal, accounting or regulatory requirements.
7. Your Rights
7.1 In regards to the collection and processing of your Personal Data you have the following rights;
i. the right to be informed of the use to which your Personal Data is to be put;
ii. the right to access your Personal Data;
iii. the right to object to the processing of all or part of your Personal Data;
iv. the right to the correction of any false or misleading parts of your Personal Data; and
v. the right to the deletion of any false or misleading parts of your Personal Data.
vi. the right to receive your Personal Data in a structured, commonly used and machine-readable format and to transmit it from us to another data controller or data processor without hindrance (the right to data portability);
vii. the right not to be subjected to a decision based solely on automated processing which produces legal effects that concern or significantly affect you; and
viii. the right to the rectification of any inaccurate, outdated, incomplete or misleading portions or parts of your Personal Data and to the erasure or destruction of any portions or parts of your Personal Data that are irrelevant, excessive, unlawfully obtained or that we are no longer authorised to retain.
7.2 At all times, you have the right to withdraw your consent to the collection, processing and transfer of your Personal Data. Once the firm has received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
8. Cookies
8.1 We use cookies that identify your browser. They collect and store information when you visit our website about how you use it through which it is possible to record your use of the website, as well as provide you with a better service and experience when browsing and for analytics. The personal data we collect through these technologies will also be used to manage your session.
9. Security
9.1 We use up to date data storage and security systems to hold your Personal Data securely in electronic and physical form to protect your personal information from unauthorized access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our IT usage and security policy is supported by various security standards, processes and procedures. Our premises are access controlled and our electronic databases require logins and password authentication.
9.2 All our partners, staff and third-party service providers who have access to confidential
information (including Personal Data) are subject to confidentiality obligations.
10. Links to third-party websites
10.1Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal data that you provide through these websites is not subject to this privacy notice and the treatment of your personal data by such websites is not our responsibility.
10.2 If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
11. Children
11.1 Collection of children’s personal information shall be guided by the provisions of the DPA. If you are below the age of 18, you may not submit any personal information unless through the help and consent of your parent and guardian.
12. How to contact us
If you wish to contact us for further clarification, complaints and inquiries, please find our contact
details:
Victor Lee Legal
Unit G-05, Dari Business Park 165
Ngong Road, Karen
Nairobi, Kenya
info@victorlee.legal
Last updated: 1 October 2020