Skip links
Let's talk
Explore Our Work
scroll
Untamed Agencies

Privacy Policy – Untamed Agencies

Effective Date: 07 January 2026
Last Updated: 07 January 2026

1. Introduction

  Untamed Agencies (”  Untamed Agencies”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, store, and protect personal data when you visit our website (the “Site”) at https://untamed.com/  Untamed Agencies/, communicate with us, participate in our below-the-line (BTL) and brand activation activities, or engage our creative and marketing services.

We aim to comply with applicable Kenyan laws and standards, including the Constitution of Kenya (right to privacy), the Data Protection Act, 2019, and related regulations and guidance issued by the Office of the Data Protection Commissioner (ODPC), as well as recognised industry practices.

By using the Site or engaging with us, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent for particular processing, we will request it separately and you may withdraw it as described below.

2. Who We Are (Controller/Processor Roles)

Controller details:

  • Name: Untamed Agencies  
  • Location: Nairobi, Kenya
  • Email:
  • Phone:
  • Physical address:

Depending on the engagement, Untamed Agencies may act as a Data Controller (deciding why and how personal data is processed), a Data Processor (processing personal data on a client’s instructions), or both. For example:

  • We act as a Controller for our website operations, marketing, vendor management, and recruitment.
  • We may act as a Processor when running a BTL activation, campaign, or event on behalf of a client that determines the purposes and means of processing.

If you interact with a campaign or activation delivered for a client, the client’s privacy notice may also apply. Where we act as a Processor, we process personal data in line with the client’s documented instructions and our data processing agreements.

3. Definitions

  • “Personal data”: information that identifies or relates to an identifiable natural person.
  • “Sensitive personal data”: includes data such as health information, biometrics, religious beliefs, or other special categories as defined under Kenyan law.
  • “Processing”: any operation performed on personal data (collection, use, storage, disclosure, deletion, etc.).
  • “Site”: our website at https://tuwele.com/ Untamed Agencies/.

4. The Personal Data We Collect

We may collect the following categories of personal data, depending on how you interact with us:

4.1 Identity and contact data

  • Full name
  • Email address
  • Phone number
  • Company/organisation name and role/title
  • Business address

4.2 Client/project and communications data

  • Project briefs, requirements, specifications, and timelines
  • Communications with us (email, phone, messaging platforms)
  • Feedback, approvals, and records relating to deliverables

4.3 Activation/event participant data (where applicable)

  • Registration details and attendance confirmation
  • Participant identifiers required for fulfilment (e.g., name, phone, email)
  • Delivery details for prizes/merchandise where necessary
  • Age verification or eligibility information where relevant (e.g., 18+ promotions)
  • Preferences and consent selections

4.4 Content captured during activations/events

  • Photographs, video, or audio recordings captured at activations, events, or productions
  • User-generated content you submit or tag us in (subject to platform rules and your settings)

4.5 Payment and billing data

  • Billing contact details
  • Invoices, payment confirmations, and transaction references
  • Tax/withholding details where applicable

4.6 Recruitment data

  • CV/resume, portfolio links, and cover letters
  • Interview notes and assessment outcomes
  • Referee details where you provide them

4.7 Device and usage data (online identifiers)

  • IP address
  • Browser type and version
  • Operating system
  • Device information (type/model)
  • Pages viewed, time spent, clicks, referring/exit pages
  • Approximate location inferred from IP address

5. How We Collect Personal Data

  • Directly from you when you submit forms, request services, or contact us.
  • Automatically through cookies and similar technologies when you use the Site.
  • From clients and partners when we deliver activations or services on their behalf.
  • From public sources (e.g., professional profiles) where relevant for business-to-business engagement.

6. Why We Use Personal Data (Purposes)

We use personal data for the following purposes:

  1. To respond to enquiries and provide information about our services.
  2. To deliver our services (including planning, staffing, logistics, production, execution, reporting, and client account management).
  3. To manage contracts, invoices, payments, and accounting.
  4. To maintain and improve the Site, its content, and user experience.
  5. To run communications, newsletters, and marketing (where permitted and/or with consent).
  6. To conduct analytics and measure performance of our Site and campaigns.
  7. To recruit, evaluate, and manage job applicants and contractors.
  8. To protect our rights, property, and safety, and prevent fraud or misuse.
  9. To comply with legal and regulatory obligations and respond to lawful requests.

7. Lawful Basis for Processing (Kenya)

We process personal data only where we have a lawful basis under Kenyan law. Depending on the context, our lawful bases may include:

  • Performance of a contract: where processing is necessary to provide services you request or to manage our client relationship.
  • Legitimate interests: where processing is necessary for our legitimate business interests (e.g., improving services, securing the Site, responding to enquiries), balanced against your rights.
  • Consent: where we ask for consent (e.g., certain marketing communications, non-essential cookies, or specific uses of event imagery). You may withdraw consent at any time.
  • Legal obligation: where processing is required to comply with applicable laws (e.g., tax/accounting, lawful requests).

If we process personal data as a Processor on behalf of a client, the client is typically the Controller and determines the lawful basis, and we process the data under the client’s instructions and contractual terms.

8. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Site, remember preferences, analyse traffic, and support security. Cookies are small files stored on your device.

8.1 Types of cookies we may use

  • Essential cookies: required for basic site functionality and security.
  • Performance/analytics cookies: help us understand how visitors use the Site.
  • Functionality cookies: remember your settings and preferences.
  • Marketing cookies: measure marketing effectiveness and deliver relevant content (where used).

You can control cookies through your browser settings. If you disable cookies, some Site features may not work as intended. If we implement a cookie banner, non-essential cookies will be used only where appropriate choices have been provided.

9. Sharing and Disclosure of Personal Data

We do not sell your personal data. We may share personal data in the following cases:

9.1 Service providers (processors)

We may share personal data with trusted third-party service providers who help us operate our business and deliver services, such as hosting providers, email/communications tools, analytics providers, cloud storage providers, event logistics partners, and professional advisers (legal/accounting). These providers are required to protect personal data and to use it only for the purposes we specify.

9.2 Clients (where applicable)

Where we run an activation, event, or campaign on behalf of a client, we may share participant data and reporting with that client as required for fulfilment, auditing, compliance, or campaign reporting.

9.3 Legal requirements

We may disclose personal data where required by law or in response to lawful requests, court orders, or to protect our rights and the safety of others.

9.4 Business transfers

If we undergo a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction subject to appropriate safeguards and notices as required by law.

9.5 With your instructions/consent

We may share personal data where you request us to do so or where you have provided consent.

10. Marketing Communications

If you subscribe to our marketing communications, we may send you updates, newsletters, invitations, and information about our services. You can opt out at any time by using the unsubscribe mechanism (where provided) or by contacting us at contact@tuwele.com.

Even if you opt out of marketing, we may still send you essential service-related messages (e.g., about ongoing projects or administrative notices).

11. International Data Transfers

We are based in Kenya, but some of our service providers and clients may be located in other countries. As a result, personal data may be transferred to, stored in, or processed outside Kenya.

Where cross-border transfers occur, we implement appropriate safeguards consistent with Kenyan law and ODPC guidance, which may include contractual safeguards, technical measures, and ensuring service providers maintain adequate security standards. Where required, we will obtain consent or use other lawful mechanisms.

12. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical retention periods (may vary by engagement):

  • Client/project records: duration of the relationship plus up to 7 years for legal/accounting purposes.
  • Marketing records: until you opt out or we remove inactive contacts in line with internal retention practices.
  • Website analytics: typically 26–38 months depending on configuration.
  • Recruitment applications: up to 12 months after closure of the recruitment process (unless you consent to longer retention).

When data is no longer needed, we securely delete, anonymise, or archive it with restricted access.

13. Your Rights (Kenya)

Subject to applicable law and certain exceptions, you may have rights to:

  • Be informed about how your personal data is used
  • Access your personal data and receive a copy
  • Request correction/rectification of inaccurate or incomplete data
  • Request deletion/erasure in appropriate circumstances
  • Object to processing (including direct marketing)
  • Request restriction of processing in certain cases
  • Request data portability where applicable
  • Withdraw consent where processing is based on consent

To exercise your rights, contact us using the details in Section 18. We may request verification to protect your data. We aim to respond within a reasonable timeframe and in accordance with applicable legal requirements.

14. Data Security

We implement appropriate technical and organisational security measures designed to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. Measures may include access controls, encryption, secure backups, monitoring, and staff training.

No method of transmission or storage is completely secure. If you believe your interaction with us is no longer secure, please notify us promptly.

15. Data Breach Management

If we become aware of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, we will take steps to contain and remediate it, and where required, notify the ODPC and affected individuals in line with Kenyan law and applicable guidance.

16. Children’s Privacy

Our Site and services are not intended for persons under 18 years of age. We do not knowingly collect personal data from children without appropriate authorisation. If you believe a child has provided us personal data, please contact us so we can take appropriate steps.

If we run a campaign or activation likely to involve minors (e.g., school events), we will provide a campaign-specific notice and implement suitable consent/authorisation measures.

17. Third-Party Websites and Social Media

The Site may contain links to third-party websites or services. We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.

We may maintain social media pages. Your interactions with those platforms are governed by the platform’s own policies and your account settings.

18. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, contact:

  • Untamed Agencies  , Nairobi, Kenya
  • Email: info@untamedltd.com
  • Phone:+254 797 213 415
  • Website: https://untamedltd.com/

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on the Site and update the “Last Updated” date. Material changes may also be communicated through additional notices where appropriate.

20. Acknowledgement

By using our Site or engaging our services, you acknowledge that you have read and understood this Privacy Policy.