+254202602369 mbiyumuhiaassociates@yahoo.com Thika, Kenya

Privacy Policy

Last updated: April 1, 2026

1Introduction

Mbiyu Muhia & Associates ("the Firm", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and protect information obtained through our website and professional services.

We operate in compliance with the Kenya Data Protection Act, 2019, the ICPAK Code of Ethics, and the International Ethics Standards Board for Accountants (IESBA) Code regarding client confidentiality.

2Information We Collect

We may collect the following types of personal information when you interact with our website:

Data Type How It's Collected Purpose
Name & Email Contact form, Newsletter, Applications To respond to enquiries and communicate
Phone Number Contact form, Service requests To follow up on enquiries and engagements
CV / Documents Job application form To evaluate candidates for open positions
IP Address Automatically via server logs Security, abuse prevention, and analytics
Message Content Contact form, Service requests To understand and respond to your needs

3How We Use Your Information

We use the information we collect for the following purposes:

  • Responding to enquiries: To reply to messages submitted through our contact and service request forms
  • Service delivery: To provide professional audit, tax, and advisory services upon formal engagement
  • Recruitment: To review and process job applications submitted through our careers page
  • Newsletter communications: To send periodic updates on financial regulations, tax changes, and firm news (only if you have subscribed)
  • Website improvement: To understand how visitors use our website and enhance user experience
  • Legal compliance: To meet our obligations under Kenyan tax law, the Accountants Act, and anti-money laundering regulations

4Legal Basis for Processing

Under the Kenya Data Protection Act, 2019, we process your personal data based on:

  • Consent: When you submit a form, subscribe to our newsletter, or upload documents
  • Contractual necessity: When processing is necessary to fulfil a professional engagement
  • Legal obligation: When required by KRA, regulatory bodies, or the courts of Kenya
  • Legitimate interest: For website security, fraud prevention, and service improvement

5Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Regulatory bodies: When required by law, including KRA, ICPAK, or the Office of the Data Protection Commissioner (ODPC)
  • Professional obligations: When audit or regulatory standards require disclosure to relevant authorities
  • Service providers: With trusted hosting and email service providers who process data on our behalf, under strict confidentiality agreements
  • Legal proceedings: If required by a court order or subpoena under Kenyan law
As a professional accounting firm, we are bound by strict confidentiality standards under the ICPAK Code of Ethics and the IESBA Code. Client data obtained during professional engagements receives the highest level of protection.

6Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Secure, encrypted database storage
  • Access controls limiting data access to authorised personnel only
  • CSRF protection and input validation on all forms
  • Regular security reviews and updates
  • Secure file upload handling for CVs and documents

7Data Retention

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected:

  • Contact messages: Retained for up to 2 years, or until resolved
  • Job applications: Retained for 1 year after the recruitment process concludes
  • Newsletter subscriptions: Retained until you unsubscribe
  • Client engagement data: Retained in accordance with ICPAK professional standards and the Limitations of Actions Act (minimum 6 years)

8Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that inaccurate or incomplete data be corrected
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Object: Object to the processing of your personal data in certain circumstances
  • Withdraw consent: Withdraw your consent to newsletter subscriptions or data processing at any time
  • Portability: Request transfer of your data in a commonly used format

To exercise any of these rights, contact us at mbiyumuhiaassociates@yahoo.com. We will respond within 30 days as required by the Act.

9Cookies & Analytics

Our website may use essential cookies to ensure proper functionality (such as session management). We do not use tracking cookies or third-party advertising cookies. If we implement analytics in the future, we will update this policy accordingly.

10Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us immediately.

11Changes to This Policy

Mbiyu Muhia & Associates reserves the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated revision date. Continued use of the website after changes constitutes acceptance of the revised policy.

12Contact & Complaints

For privacy-related queries, data requests, or complaints, please contact us:

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at www.odpc.go.ke.

Also read our Terms & Conditions for the full terms of use.