1.0 Introduction
1.1. We are devoted to complying with all significant Kenyan legislation and international legislations. We are aware that protecting individuals through lawful, appropriate, and responsible processing and use of their personal data is a fundamental human right.
1.2. We will safeguard rights of data subjects and ensure the process is done in line with the required legislation.
1.3 The Data Protection policy guides us on how we ought to handle the data we collect. The policy helps us comply with the data protection laws, protect the rights of the data subjects and protect us from risks related to breaches of data protection.
1.4 Our Data Protection Policy helps explain our information, practices, including the information we process to support our Services.
2.0 Collection of Personal Information
2.1 We mainly collect personal information from details you provide to us either from the account opening forms, or from our social media forums.
3.0 Use of Personal Information
3.1 Under data protection laws, we need a legal ground for using and processing personal information. Below are the main reasons why we process personal information and the legal basis for doing so.
| Use of Personal Information | Legal Ground | Data Collected |
| 3.2 To provide our services | Where necessary for the performance of our agreement or to take steps to enter into an agreement with you.
|
Name
ID number Email address Mobile number |
| 3.3 Manage client’s accounts and our relationship with you | Where it’s in our lawful interests to ensure that our client accounts are well- managed, in order to provide top- notch service, to protect our business interests and the interests of our clients | Mobile number
Email address
|
| 3.4 To provide statements and relevant information concerning your account.
|
Where this is required by Law
|
Email address
|
| 3.5 To handle enquiries and complaints
|
To ensure that complaints are investigated, so that you receive a high standard of service and prevent similar complaints from occurring in future
|
Mobile number
Email address |
| 3.6 To contact you, by post, phone, text, email and other digital methods. This may be to help manage accounts, to meet our regulatory obligations, to keep you informed about products and services you hold with us | Where we have agreed to contact you in our agreement
Where it’s in our lawful interests to share information with you about products / services that may be relevant and beneficial to them. Where we send you marketing messages, you can always tell us when you no longer wish to receive them.
|
Mobile number
Email address Postal address |
| 3.7 To collect any debts owing to us
|
Where it’s in our legitimate interests to collect any debts owing to us
|
Mobile number
Email address Postal address |
| 3.8 To meet our regulatory compliance and reporting obligations and to prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes.
|
Where it’s in our legitimate interests to prevent and investigate fraud, money laundering and other financial crimes
|
Name
ID number Email address Mobile number Bank account number |
| 3.9 To assess any application you make, including carrying out fraud, money laundering, identity, sanctions screening and any other regulatory checks | Where such actions are in our legitimate interests, for the protection of our business interests
|
Name
ID number Email address Mobile number Bank account number |
4.0 Your Rights
You have the following rights in relation to our use of personal information
4.1 Right to access your personal data in our custody.
4.2 Right to object to the processing of part or all of your personal data.
4.3 Right to the rectification of incorrect or misleading data.
4.4 Right to deletion of false or misleading data.
4.5 Right to data portability:
4.6 Right to object to direct marketing
4.7 The right to withdraw consent
4.8 The right to lodge a complaint
4.9 A right conferred upon you may be exercised—
(a) Where the client is a minor, by a person who has parental authority or by a guardian;
(b) Where the client has a mental or other disability, by a person duly authorized to act as their guardian or administrator; or
(c) In any other case, by a person duly authorized by the client.
Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can’t comply with your request, we will give reasons why.
5.0 Transferring personal data out of Kenya
We will transfer personal data out of Kenya only if we have:
5.1 Proof of appropriate measures for security and protection of the personal data, and the proof provided to the Data Protection Commissioner in accordance with Kenya’s Data Protection Act, 2019, such measures include that data is transferred to jurisdictions with corresponding data protection laws.
5.2 The transfer is necessary for the performance of a contract, implementation of pre- contractual measures such as: for the conclusion or performance of a contract to which the data subject is part of; For matters of public interest; For legal claims, To protect your vital interests, For compelling legitimate interests pursued by the data controller or data processor which are not overridden by your interests, rights and freedom.
5.3 We will process sensitive personal data out of Kenya only after obtaining your consent and on receiving confirmation of appropriate safeguards.
6.0 Sharing Personal Information
6.1 As part of its business, we may use processors to provide certain services. In this context, the provision of services involves access to Client information by such processors. In such cases, we have implemented appropriate measures to ensure that third parties having access to such data comply with the obligations imposed by the DPA and offer the highest possible guarantees to protect the rights and freedoms of data subjects. In compliance with the provisions of ACT, the terms and conditions of data processing by third parties are objectively defined by means of a data protection agreement that binds both parties.
6.2 Accordingly, all our processors are required to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, namely against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all other unlawful forms of processing.
6.3 We remain responsible for the personal information made available to our processors.
We use the following categories of processors;
6.4 Business and IT consulting services: providers of technical and IT support services
6.5 Administrative and business advisory services: provider of contracted services for administrative and business support and management.
6.6 Trading platforms in financial markets: service provider contracted to provide access for Clients to different financial markets.
6.7. Digital communication services: service provider contracted to supply and maintain the digital platforms for communication and interaction with Clients and potential Clients.
6.8 Where you have named an alternative contact (such as a relative) to transact on your behalf. Once you have told us your alternative contact, this person will be able to discuss all aspects of your accounts with us and make changes on your behalf.
6.9The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime
7.0 Retaining and Disposing Data
7.1 We mostly retain information for at least seven years as required by law. We may retain personal information, or information relating to the data subjects account after ceasing to be a client for longer than this, provided it is necessary for a legal, regulatory, fraud prevention or other legitimate business purpose.
7.2 We keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Data Protection Policy and in order to comply with our legal and regulatory obligations. In some instances, we will minimize personal data; or de-identify data to use for statistical or analytical purposes, this activity is undertaken in accordance with Data Protection laws.
8.0 Restrictions on the Commercial Use of Personal Data
8.1 We shall not use, for commercial purposes, personal data obtained unless we;
- have sought and obtained express consent from you
- Are authorized to do so under any written law and you have been informed of such use when collecting the data.
9.0 Changes to This privacy policy
We may update this policy from time to time. Where the changes will have a fundamental impact on the nature of the processing of your data or your rights, we shall notify you in advance. Unless otherwise stated, the current version shall supersede all previous versions of this policy.