Skip to Content

PRIVACY POLICY

Effective date: 14 July 2026

Last updated: 14 July 2026

1. Introduction

ABN Consulting Group (“ABN”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, disclose and protect personal data when you:

  • Visit our website at https://abn.consulting;

  • Contact us through WhatsApp, email, telephone, social media or another communication channel;

  • Request information, a quotation, demonstration or consultation;

  • Purchase, use or inquire about our services;

  • Participate in a project, implementation, support engagement, training session, event or business relationship with us;

  • Communicate with us through our WhatsApp Business account;

  • Interact with any application, integration or digital service operated by ABN, including integrations between WhatsApp and Odoo; or

  • Otherwise provide personal data to us.

This Privacy Policy applies to customers, potential customers, customer representatives, suppliers, partners, job applicants, website visitors and other individuals whose personal data we process.

2. Who We Are

ABN Consulting Group is a business consulting and software implementation company based in Kenya. We provide services that may include business process consulting, software implementation, Odoo implementation, system configuration, integration, training, support and related professional services.

For purposes of applicable data protection laws, ABN may act as:

  • A data controller where we determine why and how personal data is processed; or

  • A data processor where we process personal data on behalf of a customer and according to that customer’s instructions.

Where ABN processes personal data solely on behalf of a customer, the customer’s own privacy policy or privacy notice may also apply.

Our contact details are:

Business name: ABN Consulting Group

Physical address: [INSERT CURRENT BUSINESS ADDRESS]

Email address: [INSERT PRIVACY OR GENERAL CONTACT EMAIL]

Telephone/WhatsApp: [INSERT BUSINESS PHONE NUMBER]

Website: https://abn.consulting

3. Personal Data We Collect

The personal data we collect depends on how you interact with us and the services involved.

3.1 Identity and contact information

We may collect:

  • Full name;

  • WhatsApp profile name;

  • Telephone or mobile number;

  • Email address;

  • Postal or physical address;

  • Company or organisation name;

  • Job title or role;

  • Business contact details; and

  • Other information you provide when contacting us.

3.2 WhatsApp communication data

When you contact us through WhatsApp, we may receive and process:

  • Your WhatsApp telephone number;

  • Your WhatsApp profile name;

  • The date and time of your messages;

  • The content of messages sent to or received from you;

  • Images, documents, audio recordings, videos or other attachments you send;

  • Message delivery, read and status information;

  • Details of your interaction with our WhatsApp Business account; and

  • Other information you voluntarily provide during the conversation.

Messages may be received, displayed, assigned, managed and stored through our Odoo system or another authorised business communication platform.

Please avoid sending sensitive or confidential personal information through WhatsApp unless it is necessary and we have requested it for a legitimate purpose.

3.3 Customer and business relationship information

We may collect:

  • Information about your organisation and business activities;

  • Service requirements and project specifications;

  • Meeting notes and correspondence;

  • Quotations, proposals, contracts and statements of work;

  • Project tasks, support requests and implementation records;

  • User access and system configuration information;

  • Training attendance and feedback;

  • Customer relationship history;

  • Information about software subscriptions, licences or systems; and

  • Other information necessary to deliver our services.

3.4 Financial and transaction information

Where applicable, we may process:

  • Billing and invoicing details;

  • Tax information;

  • Payment references;

  • Purchase order details;

  • Transaction records;

  • Bank or mobile payment confirmation information; and

  • Information required to comply with accounting, audit and tax obligations.

We generally do not require customers to send full payment-card credentials through WhatsApp, email or other informal communication channels.

3.5 Website and technical information

When you use our website or digital services, we may automatically collect:

  • Internet Protocol address;

  • Browser type and version;

  • Device type;

  • Operating system;

  • Time zone and approximate location;

  • Website pages visited;

  • Date, time and duration of visits;

  • Referring website or source;

  • Cookie identifiers;

  • Error, security and diagnostic logs; and

  • Information about how you interact with our website.

3.6 Marketing and preference information

We may collect:

  • Your communication preferences;

  • Your interest in particular products or services;

  • Your response to marketing messages;

  • Your event or newsletter preferences; and

  • Records of consent, subscription, objection or withdrawal.

3.7 Recruitment information

Where you apply for employment or another opportunity with ABN, we may collect:

  • Curriculum vitae and application information;

  • Education and employment history;

  • Professional qualifications;

  • References;

  • Interview notes;

  • Salary expectations;

  • Identification information where legally required; and

  • Other information relevant to recruitment.

3.8 Information received from third parties

We may receive personal data from:

  • Your employer or organisation;

  • Existing customers;

  • Business partners and referral sources;

  • Meta or WhatsApp;

  • Odoo and other technology providers;

  • Publicly available business directories;

  • Professional networking platforms;

  • Government or regulatory bodies; and

  • Other parties authorised to provide information to us.

4. How We Use Personal Data

We may use personal data for the following purposes:

4.1 Responding to inquiries

We use your information to:

  • Receive and respond to WhatsApp messages, emails, telephone calls and inquiries;

  • Understand your requirements;

  • Schedule meetings or demonstrations;

  • Prepare quotations and proposals; and

  • Provide requested information.

4.2 Providing our services

We use personal data to:

  • Set up and manage customer relationships;

  • Perform software implementation and consulting services;

  • Configure, customise, integrate and support business systems;

  • Provide customer support and troubleshooting;

  • Conduct training;

  • Manage projects, tasks and deliverables;

  • Communicate project updates;

  • Manage access to systems and customer environments; and

  • Fulfil our contractual obligations.

4.3 Operating our WhatsApp integration

We may use WhatsApp-related data to:

  • Receive messages sent to our official WhatsApp Business number;

  • Route conversations to authorised ABN employees;

  • Respond to customer questions;

  • Create or update contacts, leads, opportunities, tickets or other business records in Odoo;

  • Maintain a history of customer communications;

  • Send service-related notifications;

  • Send approved WhatsApp message templates where permitted;

  • Manage follow-ups and customer service;

  • Monitor message delivery and status; and

  • Maintain the security and functionality of the integration.

We will not sell the content of your WhatsApp messages or use private conversations for unrelated purposes.

4.4 Administration, invoicing and recordkeeping

We use information to:

  • Prepare and process invoices;

  • Verify payments;

  • Maintain accounting and tax records;

  • Manage suppliers and business partners;

  • Enforce agreements;

  • Maintain internal business records; and

  • Meet audit, financial and regulatory requirements.

4.5 Improving our services

We may use information to:

  • Improve our services and customer experience;

  • Review the quality of customer support;

  • Develop internal procedures;

  • Train authorised personnel;

  • Analyse service performance;

  • Diagnose technical problems;

  • Improve system security; and

  • Develop new products, services or integrations.

Where practicable, we use aggregated or anonymised information for analysis.

4.6 Marketing and business development

Subject to applicable law, we may use contact and preference information to:

  • Inform you about relevant services;

  • Send newsletters, invitations or business updates;

  • Follow up on previous inquiries;

  • Promote related products or services; and

  • Maintain professional business relationships.

You may opt out of marketing communications at any time. Opting out of marketing will not prevent us from sending essential service, project, account, security or transaction-related communications.

4.7 Security and legal compliance

We may process personal data to:

  • Authenticate users;

  • Protect our systems, employees, customers and assets;

  • Detect and prevent fraud, misuse or security incidents;

  • Investigate complaints;

  • Exercise or defend legal claims;

  • Respond to lawful requests;

  • Comply with court orders, legislation and regulatory requirements; and

  • Enforce our contracts and policies.

5. Lawful Bases for Processing

Depending on the circumstances, we process personal data on one or more of the following grounds:

5.1 Consent

We may process information where you have freely given clear and informed consent.

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect processing that lawfully occurred before the withdrawal.

5.2 Performance of a contract

We may process personal data where it is necessary to:

  • Enter into a contract with you;

  • Take steps at your request before entering into a contract; or

  • Perform our obligations under a contract.

5.3 Legal obligations

We may process information where necessary to comply with obligations relating to taxation, accounting, employment, data protection, regulatory compliance, legal proceedings or other applicable laws.

5.4 Legitimate interests

We may process personal data where necessary for our legitimate business interests, provided those interests do not unjustifiably override your rights and freedoms.

These interests may include:

  • Operating and improving our business;

  • Providing customer support;

  • Maintaining business records;

  • Protecting systems and information;

  • Preventing fraud;

  • Managing professional relationships; and

  • Promoting relevant business services.

5.5 Protection of vital interests or other lawful grounds

In limited circumstances, we may process personal data to protect an individual’s vital interests, perform a task in the public interest, establish or defend legal claims, or rely on another lawful ground recognised by applicable law.

6. WhatsApp, Meta and Odoo

Our WhatsApp Business communication service may involve the use of products and infrastructure provided by:

  • Meta Platforms, Inc. and its affiliates, including WhatsApp;

  • Odoo S.A. and its affiliates or hosting providers; and

  • Other authorised hosting, telecommunications, integration or technology providers.

When you send a message to our WhatsApp Business number:

  1. Your message is transmitted through WhatsApp and Meta infrastructure;

  2. Meta may send the message and associated metadata to our configured business application through an application programming interface or webhook;

  3. The message may be received and stored in our Odoo database;

  4. Authorised ABN personnel may view and respond to the message; and

  5. Related information may be used to create or update business records required to serve you.

Meta, WhatsApp, Odoo and other providers may process information under their own terms, privacy policies and legal obligations. We encourage you to review the privacy information provided by those service providers.

Use of WhatsApp is also subject to WhatsApp’s own terms and privacy policy.

7. When We Share Personal Data

We do not sell or rent personal data.

We may disclose personal data to the following categories of recipients where reasonably necessary and lawful.

7.1 ABN personnel

Personal data may be accessed by authorised employees, consultants or contractors who require it to perform their duties. Access is limited according to role and business need.

7.2 Technology and service providers

We may share or make information accessible to providers of:

  • Enterprise resource planning and customer relationship management systems;

  • WhatsApp and business messaging infrastructure;

  • Cloud hosting and data storage;

  • Email and communication services;

  • Website hosting and analytics;

  • Cybersecurity and technical support;

  • Accounting and payment services;

  • Document management;

  • Project management;

  • Backup and disaster recovery; and

  • Other services necessary to operate our business.

These providers are expected to process personal data only for authorised purposes and subject to appropriate contractual, confidentiality and security obligations.

7.3 Customers for whom we act as a processor

Where ABN provides services on behalf of a customer, relevant information may be disclosed to that customer or processed within the customer’s systems according to the customer’s instructions.

7.4 Professional advisers

We may disclose information to professional advisers such as lawyers, auditors, accountants, insurers and consultants where necessary.

7.5 Authorities and legal recipients

We may disclose personal data to courts, regulators, law enforcement agencies, tax authorities or other public bodies where:

  • Required by law;

  • Necessary to respond to a lawful request;

  • Necessary to protect rights, property or safety; or

  • Necessary to establish, exercise or defend a legal claim.

7.6 Business transactions

If ABN is involved in a merger, acquisition, restructuring, financing, sale of assets or similar transaction, personal data may be disclosed to relevant advisers and prospective parties, subject to appropriate confidentiality and legal safeguards.

8. International Transfers

Some of the technology providers we use, including Meta, WhatsApp, Odoo, cloud-hosting providers and related service providers, may process or store information outside Kenya.

Where personal data is transferred outside Kenya, we take reasonable steps to ensure that the transfer is lawful and that appropriate safeguards are in place. Depending on the circumstances, these safeguards may include:

  • Contractual data-protection obligations;

  • Security and confidentiality commitments;

  • Transfer to a jurisdiction with appropriate data-protection standards;

  • Your consent where required;

  • Transfers necessary to perform a contract; or

  • Another lawful transfer mechanism.

9. Data Retention

We retain personal data only for as long as reasonably necessary for the purpose for which it was collected, including the provision of services and compliance with legal, contractual, accounting, tax, regulatory and reporting obligations.

Retention periods may depend on:

  • The type and sensitivity of the information;

  • The purpose for which it was collected;

  • The duration of our relationship with you;

  • Contractual requirements;

  • Applicable legal limitation periods;

  • Tax, accounting or regulatory requirements;

  • The existence of a complaint or dispute;

  • Security and fraud-prevention needs; and

  • Whether the information is contained in backups or archived systems.

In general:

  • Inquiry and sales information may be retained while an inquiry remains active and for a reasonable follow-up period;

  • WhatsApp and customer-support messages may be retained as part of our customer-service, project or business records;

  • Contract, project, billing and transaction records may be retained for the applicable statutory or contractual recordkeeping period;

  • Marketing information is retained until you withdraw consent, object or unsubscribe, after which we may retain limited suppression information to respect your preference;

  • Recruitment information may be retained for the duration of the recruitment process and a reasonable period afterwards; and

  • Technical logs and backups are retained according to our operational and security requirements.

When personal data is no longer required, we will delete, anonymise or securely dispose of it, subject to any lawful reason requiring continued retention.

10. Data Security

We use reasonable technical and organisational measures designed to protect personal data from:

  • Unauthorised access;

  • Unlawful processing;

  • Accidental loss;

  • Disclosure;

  • Alteration;

  • Misuse;

  • Destruction; and

  • Damage.

These measures may include, where appropriate:

  • Access controls and role-based permissions;

  • Password protections and multi-factor authentication;

  • Employee confidentiality obligations;

  • Secure system configuration;

  • Encryption in transit or at rest where supported and appropriate;

  • Software updates and security monitoring;

  • Backup and recovery procedures;

  • Limiting access to personnel with a legitimate business need;

  • Reviewing third-party service providers; and

  • Procedures for responding to suspected data breaches.

No internet transmission or electronic storage system is completely secure. We therefore cannot guarantee absolute security, but we continually seek to maintain safeguards appropriate to the nature and risk of the information processed.

If we become aware of a personal-data breach that creates a real risk of harm, we will take appropriate steps in accordance with applicable law, including notification to affected individuals and the relevant authority where required.

11. Your Data Protection Rights

Subject to applicable law and any lawful limitations, you may have the right to:

11.1 Be informed

You have the right to be informed about how and why your personal data is collected and used.

11.2 Access your data

You may ask whether we hold personal data about you and request access to that information.

11.3 Correct inaccurate information

You may request correction of personal data that is inaccurate, incomplete, outdated or misleading.

11.4 Request deletion

You may request deletion or destruction of personal data that:

  • Is no longer necessary;

  • Was unlawfully obtained or processed;

  • Is irrelevant or excessive; or

  • We are no longer authorised to retain.

Deletion may be limited where information must be retained to comply with a legal obligation, complete a transaction, resolve a dispute, maintain security records or establish, exercise or defend a legal claim.

11.5 Object to processing

You may object to the processing of all or part of your personal data, including processing for direct marketing.

11.6 Restrict processing

You may ask us to restrict processing while the accuracy, lawfulness or necessity of processing is being considered.

11.7 Withdraw consent

Where processing is based on consent, you may withdraw that consent at any time.

11.8 Data portability

Where applicable, you may request personal data you provided to us in a structured, commonly used and machine-readable format or request that it be transmitted to another service provider where technically feasible.

11.9 Rights relating to automated decisions

You may have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

ABN does not ordinarily make decisions producing legal or similarly significant effects about individuals solely through automated processing.

11.10 Lodge a complaint

You may raise a concern directly with us using the contact information in this Policy.

You may also lodge a complaint with the Office of the Data Protection Commissioner of Kenya or another competent data-protection authority.

12. How to Submit a Data Request

To exercise your rights, contact us using:

Email: [INSERT PRIVACY OR GENERAL CONTACT EMAIL]

WhatsApp/telephone: [INSERT BUSINESS PHONE NUMBER]

Address: [INSERT CURRENT BUSINESS ADDRESS]

Please use the subject line:

Data Protection Request

Your request should include:

  • Your full name;

  • The telephone number or email address you used to communicate with us;

  • A clear description of your request; and

  • Any information reasonably necessary to help us locate the relevant records.

We may request reasonable proof of identity before disclosing, correcting or deleting personal data. This is intended to protect information from unauthorised access.

We will respond within the time required by applicable law. Where a request is unusually complex, involves a large amount of information or affects the rights of another person, additional time or clarification may be required.

13. Data Deletion Instructions

You may request deletion of personal data associated with your interactions with ABN, including information received through our WhatsApp integration.

To submit a deletion request:

  1. Send an email to [INSERT PRIVACY OR GENERAL CONTACT EMAIL] with the subject “Data Deletion Request”; or

  2. Send a message to our official WhatsApp number at [INSERT BUSINESS PHONE NUMBER] stating “I would like to request deletion of my personal data.”

Include:

  • Your full name;

  • Your WhatsApp telephone number or email address;

  • A description of the information you want deleted; and

  • Any relevant project, inquiry or account details.

After receiving the request, we may verify your identity and determine which records can lawfully be deleted.

Where the request is valid, we will delete, anonymise or restrict the relevant personal data within the period required by applicable law.

We may retain limited information where necessary to:

  • Comply with legal, tax, accounting or regulatory obligations;

  • Complete an existing transaction or contractual obligation;

  • Resolve disputes;

  • Prevent fraud or maintain security;

  • Establish, exercise or defend legal claims;

  • Respect an opt-out or suppression preference; or

  • Protect the rights and safety of ABN, our customers or another person.

Where information has been lawfully shared with a service provider for processing, we will take reasonable steps to communicate a valid deletion request to the relevant provider where required and technically feasible.

Deleting information from ABN systems does not automatically delete information independently held by WhatsApp, Meta, Odoo or another third party under its own terms and privacy policy. You may need to contact those providers separately regarding data they control independently.

14. Marketing Communications

We may send marketing communications where:

  • You have requested information;

  • You have provided consent;

  • You are an existing or prospective business customer and the communication is relevant to your professional interests; or

  • Another lawful basis permits the communication.

Every electronic marketing message will provide a reasonable method of opting out where required.

You may unsubscribe by:

  • Using the unsubscribe option in the communication;

  • Replying “STOP” or requesting removal;

  • Sending us a WhatsApp message; or

  • Contacting us using the details in this Policy.

We may continue sending non-marketing communications concerning active projects, contracts, invoices, service notices, account administration, security or legal matters.

15. Cookies and Website Analytics

Our website may use cookies and similar technologies to:

  • Enable essential website functions;

  • Remember user preferences;

  • Maintain security;

  • Understand website usage;

  • Diagnose technical problems; and

  • Improve content and performance.

Cookies may be placed by us or by authorised third-party service providers.

You can manage cookies through your browser settings and, where available, through our website’s cookie-consent controls. Disabling some cookies may affect website functionality.

16. Confidential and Sensitive Information

Please do not send highly sensitive personal data through WhatsApp, ordinary email or website forms unless:

  • It is genuinely necessary for the requested service;

  • We have specifically asked you to provide it; and

  • An appropriate and secure method of transmission has been agreed.

Where we receive sensitive personal data, we will process it only where a lawful basis exists and appropriate safeguards are applied.

17. Children’s Privacy

Our services are intended primarily for businesses and adults and are not directed at children.

We do not knowingly collect personal data from children through our website or WhatsApp Business account without appropriate authorisation.

If you believe that a child has provided personal data to us without appropriate parental or guardian consent, contact us so that we can review and, where appropriate, delete or restrict the information.

18. Third-Party Websites and Services

Our website, messages or services may contain links to third-party websites, applications or services.

We do not control the privacy practices of those third parties. This Privacy Policy does not apply to information that third parties collect independently.

You should review the privacy policy of each third-party service before providing personal data.

19. Our Role When Providing Services to Customers

During software implementation, support, integration or consulting engagements, ABN may access personal data controlled by a customer.

In such cases:

  • The customer ordinarily determines the purposes for which the information is processed;

  • ABN processes the information according to the customer’s documented instructions;

  • Access is limited to what is reasonably necessary to provide the service;

  • The customer is responsible for ensuring that it has a lawful basis for the processing; and

  • Requests relating to such information may need to be directed to the relevant customer.

Where we receive a request concerning data controlled by one of our customers, we may refer the request to that customer or assist the customer in responding.

20. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in our services;

  • New technology or integrations;

  • Changes in our processing activities;

  • Legal or regulatory developments; or

  • Improvements to our privacy practices.

The updated version will be published at the same location with a revised “Last updated” date.

Where changes materially affect how we use personal data, we may provide additional notice through our website, WhatsApp, email or another appropriate communication channel.

21. Contact Us

For questions, concerns, complaints or requests relating to this Privacy Policy or our processing of personal data, contact:

ABN Consulting Group

Address: [INSERT CURRENT BUSINESS ADDRESS]

Email: [INSERT PRIVACY OR GENERAL CONTACT EMAIL]

Telephone/WhatsApp: [INSERT BUSINESS PHONE NUMBER]

Website: https://abn.consulting

You may also contact the:

Office of the Data Protection Commissioner of Kenya

P.O. Box 30920-00100

Nairobi, Kenya

Website: https://www.odpc.go.ke