logo-img
Sign In Join Us
Join Us

Privacy Policy

Img Img

BLACKWELL KENYA DATA PRIVACY POLICY
Last Updated: 4th March 2026

1. Introduction
Blackwell Kenya (“we,” “us,” “our”) is committed to protecting the privacy and security of your personal data. This Data Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform to access professional services. We process your data in compliance with the Kenya Data Protection Act, 2019 (the “Act”) .

2. Who We Are
Blackwell Kenya is a marketplace platform that connects Customers with vetted professional Service Providers. For the purposes of the Data Protection Act, Blackwell Kenya is a Data Controller. This means we determine the purposes and means of processing your personal data . Our contact details are provided at the end of this policy.

3. What Personal Data We Collect
We may collect the following categories of personal data from you:

  • Identity Information: Name, username, or similar identifier.

  • Contact Data: Email address, postal address, and telephone numbers.

  • Professional Details: Job title, company name, and professional credentials.

  • Transactional Data: Details about payments for services and your interaction with Service Providers.

  • Technical Data: Internet Protocol (IP) address, login data, browser type, and version, time zone setting, and platform usage statistics.

  • Communications: Records of your correspondence with us or with Service Providers through our platform.

We do not typically collect sensitive personal data (such as health status, religion, or biometric data) unless you voluntarily provide it to a Service Provider or it is essential for a specific professional service you have requested. If we do, we will obtain your explicit consent .

4. How We Collect Your Data
We collect data through:

  • Direct interactions: When you create an account, search for providers, or contact us.

  • Automated technologies: As you navigate our platform, we may use cookies and similar technologies to collect technical data.

  • Third parties: We may receive data from payment processors or from Service Providers confirming service delivery.

5. Lawful Basis for Processing
We will only process your personal data where we have a lawful basis to do so under the Act, including :

  • Consent: Where you have given us explicit permission (e.g., for marketing communications).

  • Contractual Necessity: To facilitate the connection between you and a Service Provider, or to perform our contract with you.

  • Legal Obligation: To comply with laws or regulatory requests (e.g., the Office of the Data Protection Commissioner).

  • Legitimate Interests: To improve our platform, ensure network security, and for administrative purposes, provided your rights do not override these interests.

6. Purpose of Processing
We use your data to :

  • Register you as a new customer.

  • Facilitate your requests for professional services and connect you with Service Providers.

  • Process payments securely.

  • Maintain and improve our platform, including troubleshooting and data analysis.

  • Communicate with you about your account or changes to our terms.

  • Administer our vetting processes for Service Providers.

  • Comply with legal and regulatory requirements.

7. Data Sharing and Disclosure
We may share your personal data with:

  • Service Providers: We share your information with the vetted professionals you choose to contact, enabling them to provide the services you request.

  • Payment Processors: To facilitate transactions, we share necessary details with third-party payment gateways. These processors have their own privacy policies governing your data.

  • Service Partners: We may engage third parties to help us run our business (e.g., cloud storage, customer support software). These Data Processors act on our instructions and are bound by contract to protect your data .

  • Legal and Regulatory Bodies: We may disclose data to comply with a legal obligation, a court order, or a request from the Office of the Data Protection Commissioner .

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

8. Data Security
We have put in place appropriate technical and organizational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way . These include encryption, access controls, and secure servers. We also have procedures to deal with any suspected personal data breach and will notify you and the ODPC where legally required .

9. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements . When you delete your account, we will anonymize or securely delete your data, unless we need to retain it for legitimate business or legal reasons.

10. Your Data Subject Rights
Under the Kenya Data Protection Act, you have the following rights regarding your personal data :

  • Right to be Informed: To know how your data is being used (this policy fulfills that duty).

  • Right of Access: To request a copy of the personal data we hold about you.

  • Right to Rectification: To ask us to correct inaccurate or incomplete data.

  • Right to Erasure (Right to be Forgotten): To request the deletion of your data where there is no compelling reason for its continued processing.

  • Right to Restriction: To ask us to suspend the processing of your data.

  • Right to Data Portability: To request a transfer of your data to another party in a structured, commonly used format.

  • Right to Object: To object to the processing of your data for direct marketing or on grounds relating to your particular situation.

  • Right to Withdraw Consent: If processing is based on consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us at the details below. We will respond to your request within the statutory timeframe .

11. Third-Party Links
Our platform may contain links to websites or services of our Service Providers or other third parties. This privacy policy does not cover those external sites, and we are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party sites you visit.

12. Children’s Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information .

13. International Data Transfers
We primarily store your data within Kenya. However, some of our external third-party service providers (e.g., cloud computing services) may be based outside Kenya. Whenever we transfer your personal data out of the country, we ensure a similar degree of protection is afforded to it by implementing safeguards required by the Data Protection Act .

14. Changes to This Policy
We keep this privacy policy under regular review and may update it at any time. Any changes we make will be posted on this page, and where appropriate, notified to you via email or platform notification. The “Last Updated” date at the top of this policy will reflect the most recent changes.

15. Contact Us and Complaints
If you have any questions about this privacy policy or wish to exercise your rights, please contact our Data Protection Officer (DPO):

  • Email: info@blackwellke.co.ke

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at any time. The ODPC is the supervisory authority for data protection issues in Kenya . Contact details for the ODPC can be found on their official website (www.odpc.go.ke).