CARITAS MICROFINANCE BANK PRIVACY STATEMENT

Caritas Micro-finance Bank respects your privacy, and we are committed to keeping your personal information and other data confidential and secure.

When you provide us with your personal data, we are legally obliged to use the personal data in line with all applicable laws on the protection of personal data, including the Data Protection Act 2019 (the “Data Protection Act” or the “DPA”).

This Privacy Statement explains the approach taken by Caritas Microfinance Bank Limited and the affiliates of Caritas Microfinance Bank Limited(“Caritas”, “Bank”, “we” or “us”) toward the personal information and data that we collect about you (“Your Information”) when you visit this Website, electronically respond to our online advertisements or when you send us communications via any computer, mobile or other similar electronic devices (“Device”).

Please read this Data Privacy Statement carefully to understand our personal data management practices.

This Data Privacy Statement explains:

a) When does this Privacy Statement apply;

b) What personal data we process;

c) How we use the personal data;

d) Why we need the personal data;

e) Who we will share your personal data with;

f) Your rights and how to exercise them;

g) When we will use your personal data to contact you;

h) Right to amend this privacy statement and

i) How to contact us.

 

a) When does this Privacy Statement apply and consent

This Privacy Statement explains the approach Caritas Microfinance bank Limited and its affiliates has taken (“Caritas”, “we” or “us”) towards the personal information and data that we collect about you (“Your Information”) when you consume our services including but not limited to visiting this Website, electronically responding to our online advertisements or when you send us communications via any computer, mobile or other similar electronic devices (“Device”).

By using this Website, responding to our online advertisements and/or providing Your Information you consent to: use of Cookies (see section 3 below) and our use of Your Information as described in this Privacy Statement; and (b) the terms and conditions of this Privacy Statement. If you do not consent, then please do not proceed further and do not provide Your Information.

 

b) What personal data we process

– Identification Information- This includes national identity card details, passport details, driving license details, Kenya Revenue Authority PIN, Birth certificate details, identities of the shareholders, beneficiaries, partners, trustees and directors of an entity.

– Contact details- This includes your postal address, phone number, email address or mobile number. If you enter your contact details in any of the Bank’s forms, the Bank will use this information to contact you.

– Surveillance Data- This includes –CCTV information, for security and investigation services and phone calls for quality control and training

– Transaction Information your bank account number, credit or debit card number, financial history, payments you make and receive, instructions relating to payment-initiation services etc. information about any other Bank products and services you currently have or have had in the past.

– Credit Information –this includes credit information from licensed credit rating bureau.

– Digital Information –This includes your IP address, the device type used to access the service and the duration for which your session lasted when you use our digital services. Such digital information will be collected by our systems and processed in line with our IT Policy and our Cookie Policy. We shall, however, ask for your consent prior to placing cookies on your devices.

 

c) How we use your personal data

We will always treat Your Information as confidential. We will use good practices to keep it secure and will otherwise abide by the relevant data protection and privacy laws.

We will use your information to:

– Follow up on any product or service application which you have shown interest in.

– Update our records about you.

– Understand your financial needs.

– Conduct credit checks and assist other financial institutions to conduct credit checks.

– Crime or fraud detection, prevention and prosecution.

– Debt collection.

– Comply with laws or regulations.

– Research and statistical analysis with the aim of improving our products and services.

– Handle queries and complaints.

Please ensure you also read the Terms and Conditions applicable to these products and services.

 

Marketing- Caritas will only contact you for marketing purposes where you have provided us with your consent to do so. We may market our services through post, telephone, text message and any other digital methods that may become available in the future. Consent will be sought before any such marketing applications commence.

 

d) How long will we retain your personal data?

This will be in line with the banking laws, policies and regulations on data retention which currently stands at seven years and in the event of a contract between yourself and us, this will be in accordance with the time limit set in that particular contract.

The Bank may, however, retain any derivative information (such as statistical data and analytics) for an indefinite amount of time on the condition that such data will have all personal markers removed and your personal data will be unidentifiable.

 

e) Your rights and how to exercise them

Subject to the Kenya Data Protection Act and Regulations, you have the following rights:

– Request for restriction or objection to the processing of personal data-In some circumstances you may have the right to restrict how your personal data is processed such as when the accuracy of your Personal Data is contested. If you have any concerns about how we process your Personal Data, please discuss this at your branch or with your Relationship Manager.

In some circumstances you may have the right to object to how we process your personal data, but this does not mean you can decide or choose how we process your personal data other than in relation to marketing. If you have any concerns about how we process your personal data, please discuss this with your Relationship officer. We may not be able to offer the services if you do not want us to process the personal data, we consider it necessary to provide the services.

– Request for access to personal data-You have the right to request a copy of your personal data processed in relation to you.

– Request for rectification- You can request at any time that we correct your personal data at your branch or through your relationship officer.

– Request for data portability-To request a copy of the personal data you have given to us in a machine-readable format.

– Request for erasure of personal data- In some circumstances you have the right to ask us to delete your personal data, for example if we no longer have a valid reason to process it.

You can exercise your rights by making a written request to us. Your request will be promptly attended to. Where we are unable to honor your request due to the nature of the processing or to protect our own legitimate interests, we shall inform you of the reason for our denial of your request.

 

Will you be subject to any automated decision making

We may use automated decision-making to evaluate certain aspects relating to you, in particular to analyze or predict aspects concerning your economic situation, credit limits, money laundering involvement, political exposure, payment reliability, behavior and dormant account status. Any decision we make based on automated processing will be reviewed by a Bank official in order to avoid algorithm bias and similar loopholes. We will let you know of this and will give you an opportunity to request for a review of any decision made by automated means. We may also use automated decision making for marketing purposes to choose personalized offers, discounts or recommendations to send you.

 

Will the bank share personal data with any third parties?

The Bank may, from time to time, share your personal data with the following third parties and such disclosures will be done in accordance with the law and, where necessary, with your consent:

– The Government (and Government Agencies): Your personal data may be shared with law enforcement agencies, revenue collection agencies and other regulatory bodies where such disclosure is mandated by the law.

– Credit Rating Bureaus: Your credit information may be shared with licensed Credit Rating Bureaux.

– Other Financial Institutions: Your personal data may be shared with other financial institutions for the purposes of performing certain transactions in which you are involved.

– Court Orders: Your personal data may be shared in the event that a court order is obtained requiring that such information be shared.

– Service Providers: Your personal information may be disclosed to our service providers where necessary to provide certain services to you or to protect the legitimate interests of the Bank (including in the enforcement of a legal claim).

 

The Bank will not, under any circumstances share with, or sell your personal data to, any third party for marketing purposes and you will not receive offers from other companies or organizations as a result of sharing your personal data with us.

 

Contacting us

If you wish to exercise any of your rights under the Data Protection

Act, please contact us. You may:

• Call us on: 0205151500, 0729986331or

• Email us at: [email protected] CC:

[email protected].

 

Changes to our Privacy Statement

We reserve the right to amend this privacy statement at any time. All amendments to this privacy statement will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this privacy.