(and any other documents referred to on it) sets out the basis on which any personal data we collect from you, that
you provide to us, or that is otherwise made available to us will be processed by us. This policy will inform you as
to how we look after your personal data when you hold an account with us, use our products or services, or visit
our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects
you. Please read the following carefully to understand our views and practices regarding your personal data and
how we will treat it. By accepting our terms and conditions you are accepting and consenting to the practices
described in this policy.
i. “Applicable Law” means the Constitution of the Republic of Kenya, all Acts of
Parliament including regulations, rules, guidelines, guidance noted issued pursuant
to the any Act of Parliament, legislative and regulatory requirements, and codes of
practice applicable to the processing of personal data and/or applicableto a data
controller or data processor as may be amended from time to time;
ii. “Personal Data” means any information relating to an identified or identifiable
natural person (hereinafter “Data Subject”). For clarity, an identifiable person is
one who can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online
identifier, or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural, or social identity of such a natural person;
iii. “Controller” means the natural or legal person, authority, organization or other
agency that makes decisions individually or together with other parties regarding
the purposes and means for processing Personal Data;
iv. “Processing” means an operation or activity or set of operations or activities
performed on personal data whether or not by automated means;
v. “Processor” is a natural or legal person, authority, organization or other agency
that processes Personal Data on behalf of the Controller.
vi. “Sub-processor” is the contractual partner of the Processor, engaged to carry out
specific processing activities on behalf of the Processor and/or Controller.
vii. “Third Party” means a natural or legal person, public authority, agency or body
other than the Data Subject, Controller, Processor, Sub-processor, and persons
who, under the direct authority of the Controller, Processor or Sub-processor, are
authorized to process Personal Data;
viii. “Website” means the website of UKULIMA SACCO which is accessible through
ix. “Online and Mobile Banking Services” means the services we offer on our
online and mobile platforms.
Definitions of terms in our general terms and conditions shall be applicable to this
ii. The singular shall include the plural and vice versa; and
iii. A reference to any one gender, whether masculine, feminine or neuter, includes
the other two; and
iv. All the headings and sub-headings in this policy are for convenience only and are
not to be taken into account for the purposes of interpreting it.
i. Identity data which includes name, username or similar identifier, Identity
card/Passport number, PIN number, photo, marital status, symbol, fingerprints,
race, pregnancy status, nationality, ethnic or social origin, color, age, title, date of
birth and gender, and any other similar information;
ii. Contact data which includes billing address, postal address, physical address,
email address and telephone numbers;
iii. Financial data which includes any bank account details, card payment details and
other electronic or non-electronic payment details;
iv. Transaction data which includes details about payments to and from you and other
details of products and services you have acquired from us;
v. Technical data which includes internet protocol (IP) address, your login identity
data, browser type and version, time zone setting and location, browser plug-in
types and versions, device information, operating system and platform, and other
technology on the devices you use to access our systems;
vi. Profile data which includes your profile identification information, purchases or
orders made by you, your interests, preferences, feedback and survey responses;
vii. Usage data which includes information about how you use our website, products
viii. Marketing and communications data which includes your preferences in receiving
marketing information from us and our third parties and your communication
ix. Visitors’ personal information/identification details on our premises;
x. Biometric data such as fingerprint, images, voice and oth
b. We also collect, use and share aggregated data such as statistical or demographic data.
Aggregated data could be derived from your personal data but is not considered personal
data in law as this data will not directly or indirectly reveal your identity. For example, we
may aggregate your usage data to calculate the percentage of users accessing a specific
website feature. However, if we combine or connect aggregated data with your personal
data so that it can directly or indirectly identify you, we treat the combined data as personal
We will collect and process data about you from the following sources:
i. Apply for or use our products or services;
ii. Open an account(s) with us;
iii. Subscribe to our services or publications;
iv. Request marketing information to be sent to you;
v. Enter a competition, promotion or survey; or
vi. Give us feedback or contact us.
vii. Pay using our services
i. Technical information, including the Internet protocol (IP) address used to connect your
computer or mobile phone to the Internet, your login information, browser type and
version, time zone setting, browser plug-in types and versions, operating system and
platform. We collect this personal data by using cookies, server logs and other similar
technologies. We may also receive technical data about you if you visit other websites
employing our cookies;
ii. Information about your visit, including the full Uniform Resource Locators (URL),
clickstream to, through and from our site (including date and time), products you viewed
or searched for page response times, download errors, length of visits to certain pages, page
interaction information (such as scrolling, clicks, and mouse-overs), methods used to
browse away from the page and any phone number used to call our customer service
i. We receive your Personal Data from third parties who provide it to us. We will receive
Personal Data about you from variousthird partiesto whom you have consented and public
sources including but not limited to: companies registry, lands registry and other
government registries; service providers we interact or integrate with now or in future;
Integrated Personal Registration Systems, Kenya Revenue Authority and the National
Transport and Safety Authority database.
ii. We may collect information about you from other publicly accessible sources not listed
above. We may also collect information about you from trusted partners, not listed above,
who provide us with information about potential customers of our products and services;
iii. We receive your Personal Data from third parties, where you purchaseany of our products
or services through such third parties; and
iv. We collect Personal Data that you manifestly choose to make public, including via social
media (e.g., we may collect information from your social media profile(s), to the extent
that you choose to make your profile publicly visible.
d. Our Website may include links to third-party websites, plug-ins, cookies and applications. Clicking
on those links or enabling those connections may allow third parties to collect or share data about
you. We do not control these third-party websites or influence the data collected and are not
responsible for their privacy policies. When you leave our Website, we encourage you to read the
e. It is important that the Personal Data we hold about you is accurate and current. Please keep us
informed if your personal data changes during your relationship with us. If case you wish to correct
or update your Personal Data that we hold, you may do so by writing to us at
i. Where we need to perform the agreement, we are about to enter into or have
entered into with you;
ii. Where it is necessary for our legitimate interests (or those of a third party) and your
interests and fundamental rights do not override those interests. Legitimate Interest
means the interest of our business in conducting and managing our business to
enable us to give you the best service or product and the best and most secure
experience. We make sure we consider and balance any potential impact on you
(both positive and negative) and your rights before we process your personal data
for our legitimate interests; and/or
iii. Where we need to comply with a legal obligation
How we use your Personal Data
Lawful Basis for processing your Personal Data
To serve you as a customer; to provide,
a. The processing is necessary for compliance with our legal and
To manage our relationship with you
The processing is necessary for compliance with our legal and contractual
To manage risk, security and crime
a. The processing is necessary for compliance with our legal and
To administer and protect our business
a. The processing of your Personal Data is necessary for compliance
To study how our customers/members
a. The processing is necessary performance of our contractual obligations
b. We have obtained your prior consent to the use and processing of your
To use data analytics/research to better
a. The processing is necessary performance of our contractual
To facilitate payment instructions and
a. The processing is necessary performance of our contractual
To enforce our rights under the
a. The processing is necessary performance of our contractual
How we use your special
Basis for processing your special category data
For Know Your Customer (KYC)
a. We have obtained your prior consent to the use and processing of your
We may use your medical information
a. The processing of the special category data is vital in protecting public
a) Promotional offers from us: We may use your identity, contact, technical, usage and profile data to form a
view on what we think you may want or need, or what may be of interest to you. This is how we decide
which products, services and offers may be relevant to you. You will receive marketing communication
from us if you have requested information or used our products and services and not opted out of receiving
b) Third-party marketing: we may share your Personal Data with any third party for marketing purposes where
we believe that the marketing information from such third parties will be relevant to you and where we have
obtained your prior consent.
a) You can ask us or third parties to stop sending you marketing messages at any time by writing to us or
logging into the relevant website and checking or unchecking relevant boxes to adjust your marketing
preferences or by following the opt-out links on any marketing message sent to you or by contacting us at
any time through the provided contacts.
b) Where you opt-out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of product or service subscribed to, warranty registration, product or service experience or other transactions.
- HOW WE USE “COOKIES” ON OUR WEBSITE
- THE USE OF HYPERLINKS
- CHANGE OF PURPOSE
a. We may place electronic “cookies” in the browser files of your computer when you access
our Website. Cookies are pieces of information that our website transfers to your computer
to enable our systems to recognize your browser and to tailor the information on our
Website to your interests. For example, if you previously visited our Website and inquired
about particular services over the Website, cookies enable usto present information tailored
to your account and/or those particular interests the next time you visit the Website.
Moreover, we, or our third-party service providers or business partners may place cookies
on your computer’s hard drive that can be matched to other personal information we
maintain about you to pre- populate certain online forms for your convenience. We also
which areas of our sites are most useful and popular, to enable us to plan improvements and
a. Other URLs may be referenced through hyperlinks on our website. Clicking on these links
may open webpages operated by third parties not associated with us. These hyperlinks are for dissemination of information and for you to have a good user experience.
b. If we need to use your Personal Data for an unrelated purpose, we will notify you and seek your consent where necessary.
c. Please note that we may process your Personal Data without your knowledge or consent if this is required or permitted by law.
i. Government (including law enforcement) authorities and regulators
e.g. Sacco Societies Regulatory Authority (SASRA) and Central Bank of Kenya (CBK)
ii. Other financial institutions through which your transactions are processed;
iii. Other companies and financial institutions that we work with to provide services to you
e.g. Credit card service providers, technology service providers, credit reference
bureaus, employers, debt collection agencies and outsourced services vendors; fraud
prevention/detection, private investigators, agencies tasked with conducting surveys
on behalf of UKULIMA SACCO
iv. Third parties with accruing legal obligations e.g. Trustees and executors, guarantors,
anyone holding a power of attorney to operate an account on your behalf and joint
v. Third parties with reference to acquisition, merger, asset sales, restructuring or by legal
obligation or otherwise. We may also transfer your personal data to any of our
subsidiaries, new owners, successor entities, or in case of change of business; your
vi. Third parties who are service providers acting as processors, professional advisers
including lawyers, bankers, auditors and those who provide consultancy, banking,
legal, insurance and accounting services.
vii. Restricted or publicly accessible government repository as a verification procedure in
compliance with regulations
viii. Regulatory authorities, police or security agencies, courts of law or statutory
authorities in response to litigation and demand issued on legal/regulatory grounds in
accordance to the law
ix. Agencies tasked with conducting surveys on behalf of UKULIMA SACCO
x. Emergency and disaster response providers in cases where a person’s
health and safety are at stake when an emergency call is made.
xi. Persons involved in delivering UKULIMA SACCO products and services you use or
b. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
a. We may need to transfer or store your information in another jurisdiction to fulfill a legal
obligation, for our legitimate interest and to protect the public interest.
b. If the other jurisdiction does not have the same level of protection for Personal Data, when we do process the data, we shall put in place appropriate safeguards e.g. contractual commitments to ensure the data is adequately protected.
c. We ensure your Personal Data is protected by requiring all our related companies to follow the same rules when processing your Personal Data.
d. Where third parties are based in other jurisdictions, their processing of your Personal Data will involve a transfer of data to their jurisdictions.
a. We have put in place appropriate security measures to prevent your Personal Data from
being lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we
limit access to your Personal Data to those employees, agents, contractors and other third
parties who have a business need to know. They will only process your Personal Data on
our instructions and they are subject to a duty of confidentiality.
b. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
a. We will only retain your Personal Data for as long as reasonably necessary to fulfill the
purposes we collected it for, including for the purposes of satisfying any legal, regulatory,
tax, accounting or reporting requirements. We may retain your Personal Data for a longer
period in the event of a complaint or if we reasonably believe there is a prospect of litigation
in respect to our relationship with you.
b. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
c. By law we have to keep basic information about our customers/members (including contact, identity, financial and transaction data) for a minimum of seven years after they cease being customers. Our internal policy as amended from time to time may also require us to keep customer data for a longer period.
d. In some circumstances, we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
i. Right to be informed that we are collecting your personal information and how we are processing it;
ii. Right to rectify your personal data including next of kin details where it is inaccurate or incomplete;
iii. Right to withdraw or objection your consent to processing of your personal data. However, we may continue processing your personal data for legitimate interests or legal grounds;
iv. Right to be forgotten, noting that we may continue to retain your information if we are entitled to do so or obliged by law;
v. Right to access your Personal Data in our possession;
vi. Right to not be subjected to profiling or automated decision-making data processes in regards to your data. However, we may decline your request if we are obliged by law or entitled to do so;
vii. Right to request your personal data be processed in a restricted manner. Note that we may continue processing data and reject the request if we are entitled to or legally obliged;
viii. Right to data portability in a manner we may deem appropriate such as electronic format;
b. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
c. We try to respond to all legitimate requests within reasonable time. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
A copy of this policy can be downloaded here https://ukulimasacco.coop/privacypolicy .We may modify or update this policy from time to time. Where the changes will have a fundamental impact on the nature of the processing of your data or your rights, we shall notify you in advance.
Ukulima Co-operative House, Haile Selassie Avenue Off Parliament Road, Red Cross Lane
P.O. Box 44071 – 00100, NAIROBI Tel: 020 – 2785000, 0111 035 600
UKULIMA SACCO Data protection office: email@example.com