MENU
  •   +254-725-811794
  •   info@consulttaxaccounting.com
Interact with us:
Privacy Policy

Your privacy is our concern, and we are serious about it. This Privacy Policy explains what type of information we may collect, hold and process in connection with provision of any products, services, content, applications, or websites (referred to collectively as the “Services”), and how that information is used and protected. It also sets out how you can contact us if you have any queries or concerns regarding your personal data.

We reserve the right to make changes to this Privacy Policy at any time. Please check the Privacy Policy periodically for changes, although, if you are our customer, we may also notify you via email of any changes that, in our sole discretion, materially impact your use of the Services or the way we process your personal data. Your continued use of our Services covered by this Privacy Policy will signify your acceptance of any and all changes to this Privacy Policy made by us from time to time.

Data we collect or receive

We collect personal data from our customers and users of the Services (which includes employees of our corporate or institutional customers) for our own purposes, such as to provide and administer the Services. We are the data controller in respect of this personal data.

In order to provide our Services, we analyse user profiles and other information that we receive directly from the social media platforms such as Facebook, Twitter, LinkedIn and other, via these platforms' APIs. Such data include both non-personal data such as various statistics and metrics and personal data of the platforms' users. Where we source the data directly from the relevant platforms, via these platforms' public APIs, we determine the purpose of processing, which is developing and constantly enhancing our Services and offering them to our customers on a world-wide basis, via our web platform. In such cases, we are the data controller with respect to such data.

We also process personal data on behalf of our customers as a data processor; this is when the provision of certain Service or specific feature requires that our customers give us a permission (such as, for example, an access token or other administrative permission), within the Service, to access and manage any information that our customers monitor or collect from social media sites; this may include information that is not publicly available. When we access customer's data with respect to which the customers are the data controllers, we act in accordance with the instructions of our customers (which they give us through the Services) as their data processor. This will be, for example, when we access Facebook Insights or facilitate and organize the communication (e.g. Facebook messages) between the customer and its end users within our customer care feature of the Community Service. We always keep personal data that we process on behalf of our customers and pursuant to their instructions separate from our other customers' data and keep them strictly confidential.

Data of customers and users of our Services

We collect your personal data when:

  • You register or use registration for our Services, by completing a web registration form;
  • You log to our Service, either by entering your username (email) and password, or using a social login such as Facebook Login or Sign In with Twitter, or by any other similar authentication means that we may make available to you;
  • You use our Services or otherwise interact with Consult Tax and Accounting Services (CTAS), for example when you publish any images, content or other files or data on social media via our Services;
  • You otherwise voluntarily provide such data, e.g. by filling out and submitting any forms made available to you through Consult Tax and Accounting Services (CTAS) website or the Services or through websites or services of our business partners.

When you create an account with Consult Tax and Accounting Services (CTAS), we will ask you to complete a registration form indicating your first name, surname, email, company, and job title. You can also choose to add a phone number to your account.

You can log in to the Services with your username. In such case, you provide to us your username (email) and password. The password is hashed and Consult Tax and Accounting Services (CTAS) does not see it. If you log in to our Services using your social network account, we receive basic personal details from your social network profile. The scope of details we receive depends on your social network account privacy settings and on your settings when logging into our Services; they might include your social network ID, public profile information (such as name, profile picture, gender, age range, or country) and e-mail address. We may also receive additional information from your profile if you give us permission to access it. If you wish to change the scope of your social network profile information that we receive upon your registration, you should review the privacy policy or other guidance available on your social network's website and change your privacy settings.

For purposes of analysis and improvement of our Services, our servers may automatically record information when you visit our website or use some of our Services, including:

  • URL;
  • IP address;
  • Browser type and language; and
  • Date and time of your request or action, including your actions within the Services such as history of how you use our Services.

If our Services are purchased by an entity, it is the individual users within such an organization who log into our Services platform and whose personal data are collected, as described above. Where such entity provides us directly with any personal data of its employees or other individual users that it authorized to access the Services, it must have all necessary consents, permissions or registrations to process and to provide to us its employees' or users' personal data.

Social network user data

The type and scope of personal data obtained from social media platforms depends on the type of the APIs and permissions set out by the respective platforms, and on the administrative permissions granted to us by our customers, where applicable.

Below are the most typical examples of data collected about social media platform users:

  • Basic user profile information (such as the username, user photo);
  • User generated content (such as posts, comments, pages, profiles, images or feeds) including its metadata (such as time and location of a post or comment);
  • Contact details (such as name, email address, telephone number) if made public by the user;
  • Additional individual information (such as age, gender, employer, profession, geographic location, education information, financial status, habits, and preferences) published by the user.

We only process data that the social network users made available to general public, pursuant to the relevant platform terms, and that are generally accessible via the social network APIs, or data that our customers grant us permission to access.

How we use the data

We use your personal data for the following purposes:

To provide the Services

We may process your personal data in the scope specified in Section 2.1 of this Privacy Policy to identify you when you login to your account and use our Services, to enable us to operate the Services and provide them to you. This may include verification of your payments, purchase orders and billing information. It may also include verification to determine free trial eligibility.

Analysis of data from social networks, which may include personal data in the scope specified in Section 2.2 of this Privacy Policy, is the core of our Services. We analyse this data to provide our Services to our customers in the scope and manner set out by the social platform terms for developers.

To communicate with you

We may process data of our customers or their individual users in the scope specified in Section 2.1 of this Privacy Policy, in particular email or other contact data, to communicate with our customers and users, for example, when we assist them with setting up or administering their account, when we provide customer care and support, send technical notices, updates of upcoming changes or improvements to the Services, reminders, security alerts and other support and administrative messages.

To provide a better user experience

We may process your personal data in the scope specified in Section 2.1 to learn how you use our Services to be able to continuously enhance user experience as well as provide our customers seamless customer support. We may process such personal data also to improve and enhance our existing Services and develop new offerings. This includes product and market statistics, research and analytics, benchmarks and other analyses to better understand your needs and the needs of users in the aggregate, diagnose problems and analyse trends. See Section 7 below for more details.

To protect our Services and secure our or third party rights

We process your personal data in the scope specified in Section 2.1 to keep the Service safe, secure and reliable. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm Consult Tax and Accounting Services (CTAS), our customers and users.

We may process some of data specified in Section 2.1 when required by law or to establish, exercise or defend our legal claims or, where necessary, protect rights of Consult Tax and Accounting Services (CTAS). For example, we may store data about how you use our Services, including payments for Services, to prove or otherwise support our rights.

For marketing and sales purposes

We may process your contact personal data, in particular email, name, company and job title to offer you our new Services. For more details please see Section 8 below.

Lawful basis

For the purposes specified above, we process your personal data based on our contract with you (if you are our direct customer and an individual) or based on our legitimate interest to provide our Services to our customers (where our customer is your company or organisation and you are an authorized user designated by your company or organization, or if you are social network user whose data are analysed as described in Section 2.2 above).

  • We process your personal data based on our legitimate interest to develop and improve our Services.
  • We process your personal data based on our legitimate interest to protect and secure our rights or claims or the rights of our customers or users.
  • We process your personal data based on your voluntary consent where you have given us such consent. In a limited scope permissible under applicable law, we may also use your electronic contact details to inform you about our Services without your explicit consent, based on our legitimate interest, as described in more detail in Section 8 below.

Where we use your personal data for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don't automatically override yours and we won't use your information if we believe your interests should override ours unless we have other grounds to do so (such as performance of contract, your consent or a legal obligation). If you have any concerns about our processing, please refer to details of “Your rights” in Section 11 below.

Retention periods

Where we process personal data as data controller, we retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy and/or any Services agreement, unless a longer retention is required by law (e.g. for tax or accounting purposes or due to other legal requirements) or storing of the data is needed for the establishment, exercise or defence of Consult Tax and Accounting Services (CTAS) legal claims; in such case, we will store only the data necessary for the enforcement of our claims or our defence for the period necessary in the given case and not exceeding the statutory limitation periods.

Where we process personal data on behalf of our customers as a data processor, we retain such data for the duration of our agreement with such customers and delete them in accordance with our retention and backup processes automatically within 90 after termination of the agreement, unless the customers ask us to erase them earlier.

Sharing your personal data for legal and business purposes

We may use and/or disclose to third parties (including government bodies and law enforcement authorities, our affiliates, professional advisors and our vendors or subcontractors) information about you when:

  • Complying with legal process; 
  • Enforcing or defending the legal rights of Consult Tax and Accounting Services (CTAS), and in connection with a corporate restructuring such as a merger, business acquisition or insolvency situations
  • Preventing fraud or imminent harm; and
  • Ensuring the security and operability of our network and services.
  • This information will be shared provided that, in all such circumstances, we will only share the limited personal information that is required to be shared in the unique situation.

We share your data with our trusted business partners or individuals who process your data as our data processors on our behalf and pursuant to our instructions, in accordance with this Privacy Policy. We select our vendors very carefully and always ensure that they provide adequate data protection and security safeguards. To this effect, we have bound our data processors with data processing agreements concluded pursuant to Article 28 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and, where such processor reside outside of the European Economic Area (EEA), we have concluded Standard Contractual Clauses (model clauses) approved by the European Commission (2010/87/EU) with such processors. The data processing agreements with our processors provide for, inter alia, audit rights, detail minimum security standards and measures that each our processor must maintain as well as their obligation to submit copies of their security audits and certificates (e.g. SOC2, ISO 27001). We also contractually require our processors to provide us with a prompt notice of any data breach or security incident concerning processed data. We continue to monitor for further guidance from the EU supervisory authorities, including on any additional supplementary measures that we may undertake and additional safeguards that we may require from our non-EU vendors to meet our obligations under EU data protection law.