Legal

Privacy Policy

Last updated: 23rd April 2026

1. Introduction

This Privacy Policy explains how Paula Creations (“we”, “us”, “our”) collects, uses, stores, shares, and protects your personal data. We are committed to handling your data lawfully, transparently, and in line with the Kenya Data Protection Act, 2019 (KDPA).

2. Who we are (the data controller)

Paula Creations is the data controller for personal data collected via this website.

• Email: training@paulacreations.co.ke
• Phone: +254 706 611 500

3. What personal data we collect

• Contact details: name, email address, phone number, LinkedIn profile URL.
• CV / résumé: the document you upload, which may contain additional personal data (employment history, education, references).
• Availability and context: preferred times to talk and what you share about your career goals.
• Technical data: IP address and basic request metadata captured automatically by our hosting provider (Cloudflare) for security purposes.

4. How we collect it

Directly from you when you complete the contact form on this website. We do not buy lists, scrape data, or receive your information from third-party brokers.

5. Why we process your data (purposes)

• Responding to your enquiry and scheduling a discovery call.
• Delivering the coaching services you engage us for.
• Keeping an audit trail of consent and service delivery as required by law.
• Securing the website against abuse (rate-limiting, spam prevention).

6. Lawful basis

We rely primarily on your explicit consent (KDPA s.32), given when you tick the consent boxes on the contact form. Where you subsequently engage us for paid services, we also rely on performance of a contract.

7. Who we share your data with

We keep your data private. We use a small number of trusted processors to run the service:

• Google (Sheets, Drive, Apps Script, Gmail): stores your submission and CV.
• Cloudflare: hosts the website and provides basic security.

We do not sell, rent, or trade your data. We only disclose it to a third party when legally compelled to do so.

8. International transfers

Our processors (Google, Cloudflare) may store data outside Kenya. Where this happens, we rely on their contractual safeguards and industry-standard security controls, in line with KDPA Part VI.

9. How long we keep your data

• Contact-form enquiries you do not follow up on: up to 12 months, then deleted.
• Active client records (including CVs): for the duration of our engagement plus 7 years, to meet Kenya’s tax and record-keeping requirements.
• Consent logs: retained for the same period as the underlying record, as evidence of lawful processing.

10. Your rights under KDPA

You have the right to:

• Be informed about how we use your data.
• Access a copy of the data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data (subject to our legal retention obligations).
• Object to, or restrict, processing.
• Withdraw consent at any time — this does not affect the lawfulness of processing before withdrawal.
• Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at odpc.go.ke.

To exercise any of these rights, email privacy@paulacreations.co.ke. We respond within 7 days.

11. Security

We protect your data with access-restricted storage (your CV sits in a private Drive folder only Paula can open), HTTPS encryption, server-side validation, rate limiting, and periodic security-header audits.

12. Changes to this policy

We update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be announced prominently on this page.

13. Contact

Questions or complaints about privacy: privacy@paulacreations.co.ke.