Client Privacy Policy

Last updated: July 14, 2025

Introduction & Data Controller Information

This Client Privacy Policy describes how Andishi collects, uses, and shares personal and business information from our clients, in accordance with the Kenya Data Protection Act, 2019 and Legal Notice 263/2021.

Data Controller Details:

  • Company: Andishi Limited
  • Registration: Kenya Companies Registry
  • Office: Ruiru, Kiambu County, Kenya
  • Data Officer: Available upon request
  • ODPC Registration: Compliant with Section 25

Information We Collect

We collect only necessary information for the delivery of contracted services as per Section 26 of the Data Protection Act:

Contact Details

  • • Name, email address, phone number
  • • Office address

Business Information

  • • Company name, industry, project scope
  • • Payment details, invoices, purchase orders

Important Notice

All data is collected in compliance with the Kenya Data Protection Regulationsand only used for specified, explicit, and legitimate purposes.

Purpose of Processing

Your information is processed for the following purposes:

Primary Purposes

  • Fulfilling contractual obligations
  • Project tracking, support, and delivery
  • Accounting, invoicing, and audit compliance

Additional Purposes

  • Internal analysis for service improvement
  • Legal compliance and risk mitigation
  • Customer support and engagement

Data Sharing

We may share your data with:

Who We Share With

  • Internal staff under non-disclosure obligations
  • Service providers (e.g., hosting, payment processors) with proper data processing agreements
  • Regulatory or legal authorities when required

We do not sell your data. All third-party sharing is governed under Regulation 21 of Kenya's Data Protection Regulations (LN263/2021).

Data Retention & Security

We retain client data only as long as necessary for service and legal reasons. Retention schedules are documented, and expired data is anonymised or deleted. Encryption and access control policies are in place to prevent misuse.

Retention Details

  • Service-related data: Retained for 5 years
  • Billing records: Retained for 7 years compliant with tax laws

Regular audits and compliance checks ensure secure data management and storage practices.

Your Rights

Clients have the right to access, correct, or request deletion of their personal information. Requests will be fulfilled in accordance with Kenyan data law within statutory timelines.

How to Exercise Rights

Please contact our Data Protection Officer via the contact details provided below. We strive to respond within 21 days.

Contact Us

If you have any questions or requests, reach us at:

Contact Information

Email: info@andishi.dev

Office: Ruiru, Kiambu, Kenya