This Privacy Policy outlines the way in which Pumapa Capital Limited and its affiliated companies worldwide (“Pumapa”) will use the private information that is shared by members of the public and investors with Pumapa, its suppliers or other business partners and the safeguards in place to protect such private information from unauthorized dissemination. This Policy explains how we collect, use, and protect your personal information in accordance with the Kenya Data Protection Act (2019) and General Data Protection Regulation (GDPR).

This policy governs all private information shared by investors and members of the public during their interactions with Pumapa.

We ask that you read this privacy policy carefully and our contact information is provided in Section 12 of this policy if you have any questions.


At Pumapa Capital, we seek to protect the “non-public personal information” of natural person consumers, customers and members of the public. Non-public personal information includes non-public “personally identifiable financial information” plus any list, description, contact information or grouping of customers that is derived from non-public personally identifiable financial information. This Policy explains the types of information that we collect from our investors and members of the public, how we use and discloses that information and the measures in which Pumapa takes to safeguard that information.


We may collect personal information such as your name, address, email address, phone number, and payment information and other details when you use our website, engage with our social media or with our other services. We also collect information about your IP address, device information, and browsing history. We collect this information to provide and improve our services, to communicate with you, and to comply with legal obligations.


We use your personal information to provide you with our services, process your payments, and communicate with you regarding our existing and upcoming services. We also use your information for marketing and promotional purposes unless you opt-out of such communications. We may use your personal information to comply with legal obligations or protect our legal rights. Specific purposes are laid out below:

  • to operate, manage, develop and promote our business and our relationship with the organisation you represent (if any) and related transactions – this includes, for example, marketing and billing/payment purposes;

  • to operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations;

  • to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes; and

  • to comply with our legal and regulatory obligations and bring and defend legal claims.


We take reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. We restrict access to your personal data to only those employees and contractors who require it to perform their duties. We ensure that any third parties we engage with comply with the Data Protection Act and GDPR and have appropriate safeguards in place to protect your personal information.


We may share your personal information with third parties, including service providers and regulatory authorities. We ensure that any third parties we engage with comply with the Data Protection Act and GDPR and have appropriate safeguards in place to protect your personal information.

7. rights of data subjects

You have the right to access, correct, and delete your personal information. You may also have the right to restrict the processing of your personal information and to receive a copy of your personal data. If you have any concerns about the processing of your personal information, please contact us. We will respond to your request within 30 days.

8. legal basis for processing personal information

We process your personal information on the legal basis of consent, performance of a contract, compliance with legal obligations, and legitimate interests. We ensure that any processing of personal information is necessary and proportionate.

9. transfer of personal information

We may transfer your personal information to countries outside of the European Economic Area (EEA). We ensure that any transfer of personal information outside of the EEA is necessary, proportionate, and meets the requirements of GDPR.

10. data retention

We retain your personal information for as long as necessary to provide our services to you and to comply with legal obligations. We will delete your personal information when it is no longer necessary to retain it.

11. changes to this policy

We may update this privacy policy from time to time. We will notify you of any material changes to this policy and seek your consent if required by law.

12. contact us

If you have any questions or concerns about this policy or our privacy practices, please contact us at

By using our services or accessing our website, you consent to the collection and use of your personal information as outlined in this policy.