Sheria Digital — Generate Your Privacy Policy

Your business

Basic details about your organization. These appear in the header of your privacy policy.

Company / organization name *

Entity type

Registration number

Registered address *

Website

Data Protection Officer / contact person *

DPO contact email *

Data you collect

What personal data does your business collect? Select all that apply. This determines Sections 2 and 3 of your privacy policy.

How do you collect personal data?

✓

Directly from users (forms, registration)

✓

From third parties

✓

From public records

✓

Automated (cookies, tracking, analytics)

Who are your data subjects?

✓

Customers / users

✓

Employees

✓

Website visitors

✓

Suppliers / vendors

✓

Job applicants

How you use it

What are your purposes for processing personal data? The DPA 2019 requires you to state these explicitly (Section 25(c), Section 29(c)).

Purposes of processing *

✓

Providing our services

✓

Processing payments

✓

Communicating with users

✓

Marketing & promotions

✓

Legal / regulatory compliance

✓

Employment administration

✓

Research & analytics

✓

Fraud prevention & security

Legal basis for processing (Section 30)

✓

Consent of the data subject

✓

Performance of a contract

✓

Legal obligation

✓

Vital interests

✓

Public interest

✓

Legitimate interests

Sharing & transfers

Who do you share data with, and does any data leave Kenya? Section 48 of the DPA 2019 governs cross-border transfers.

Do you share personal data with third parties?

Yes

No

Who do you share with?

✓

Payment processors (M-Pesa, Stripe, etc.)

✓

Cloud / hosting providers

✓

Marketing platforms

✓

Government / regulators

✓

Professional advisors (lawyers, accountants)

Do you transfer personal data outside Kenya?

Yes

No — all data stays in Kenya

Where is data transferred to?

Security & retention

Section 41 of the DPA 2019 requires data protection by design. Tell us about your security measures.

Security measures in place

✓

Encryption (at rest and/or in transit)

✓

Access controls & authentication

✓

Regular security audits

✓

Staff data protection training

✓

Incident response plan

✓

Pseudonymisation / anonymisation

Data retention approach

Retained only as long as necessary for the purpose

Specific retention periods per data type

As required by applicable Kenyan law

Do you use cookies on your website?

Yes

No

Are you registered with the ODPC?

Yes

No / Not yet

ODPC registration number