Privacy

Last updated: 14th October 2025

1. Introduction


WPfoss Limited (“we”, “us”, “our”) is committed to protecting your privacy and complying with the Kenya Data Protection Act 2019 (“DPA 2019”). This policy explains how we collect, use, share, and protect your personal data when you use EA directory services or visit our website.


2. Data Controller / Processor

We are the Data Controller for all personal data collected in relation to our services. For certain sub-services (e.g. third-party tools, analytics), third parties act as processors under our control.


3. Data We Collect

We collect:

  • Personal Data: Name, email address, phone number, business registration number, certification/licensing documents for CPAs, address.
  • Service Data: Uploaded documents, scope of work, communication logs, project status.
  • Usage Information: IP address, browser type, cookies, analytics, date/time of visits.


4. Purpose of Processing


We process your data for:

  • Providing, maintaining, and improving our Service.
  • Matching SMEs with CPAs.
  • Administering accounts, payments, invoices.
  • Ensuring compliance (legal, tax, verification).
  • Sending communications about service updates, promotions (if consent given).
  • Internal research and analytics.


5. Legal Basis

Under the Data Protection Act, processing is based on:

  • Consent (where applicable).
  • Contractual necessity.
  • Legitimate interests (e.g. fraud prevention, internal analytics).
  • Legal obligations (e.g. KRA or data protection law requirements).

6. Sharing & Disclosure

We may share your personal data with:

  • Verified CPAs for the purpose of delivering requested services.
  • Service providers (payment processors, cloud hosting, email tools) under strict agreements.
  • Legal or regulatory authorities when required by law.

We do not sell your personal data.

7. Data Retention

We retain personal data only as long as necessary to fulfil the purposes above, including legal, tax, or accounting obligations. After that, data will be deleted or anonymized.

8. Data Subject Rights

Under Kenya’s DPA, you have rights to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request erasure (delete) of your data.
  • Object to or restrict processing.
  • Data portability.
  • Withdraw consent where consent is basis of processing.


9. Cookies & Tracking

  • We use cookies and similar technologies for site functionality, analytics, and improving Service.
  • Non-essential cookies are used only with your consent.
  • You may disable non-essential cookies via your browser settings (subject to some Service limitations).


10. Security Measures

We implement organizational, technical, and physical measures to protect data (e.g. encryption, access controls, secure servers). We regularly review our security.

11. Data Breaches


In case of a data breach, we will:

  • Notify the ODPC and affected users within the time frame required by law.
  • Take steps to mitigate harm.
  • Conduct review and improve our systems.


12. Cross-Border Transfers

If we transfer personal data outside Kenya, we will ensure that the recipient provides adequate protection (law, contract, or user consent) for the data, in compliance with DPA 2019.


13. Children’s Data

If we collect data from anyone under 18, we will require parental or guardian consent, and special protections apply.


14. Changes to this Policy


We may update this policy when necessary (legal changes, Service changes). We’ll notify users via prominent site notice. The revised policy will have a new “Last updated” date.


15. Contact & DPO

If you have questions, complaints, or exercise your data rights, contact:


Data Protection Officer / Legal Team


Email: emma@EAdirectory.com

ea logo
Get Started
Scroll to Top