Data Privacy Policy

Introduction

This privacy policy sets out the practices our sacco uses to handle data collected from you.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By accepting our terms and conditions you are accepting and consenting to the practices described in this policy.

Data Collected

We obtain your personal information by telephone, by use of application forms or electronically and by use of agents.  The information obtained may include:
  • Your First name, last name and title
  • Contact information including home address, email address, business address, home telephone numbers, business telephone number
  • Identification details like ID numbers, KRA PIN numbers, business registration numbers
  • Bio data including gender, age, nationality, biometric finger prints, image, signature, residence and next of kin details
  • Business details including principal activity, assets in business, business records, photos of business and business location.
  • Financial information including loans borrowed, bank accounts and balances.
  • Accounts transactions and any other interactions through us.
  • Cookies- A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device. Our website collects and uses cookies
  • Your ownership documents like your title details.

Use of information 

We collect personal information:
  • To verify your identity and personal information.
  • To assess your application to maintain a financial service.
  • To automatically profile you for loan processing and provision of other financial services.
  • To improve the sacco’s products and services.
  • To conduct product and market research
  • To send you marketing information about our products and services.
  • To enable hiring of staff members
  • To comply with laws and regulations
We may also use cookies to remember your choices like your language preferences, to provide a safer experience, and otherwise to customize our Services for you.  

Your rights

Under the data protection act, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing. The sacco may decline your request in case its obligated to do so.  

Security of Information

A range of security measures including information access restrictions, internal data classification and record Management Policies, are in place and are designed to prevent the misuse, interference, loss, unauthorized access, modification or disclosure of your personal information. We hold personal information in physical and electronic forms at our own premises Unaitas sacco employees who handle personal information are under an obligation to treat it confidentially and may not disclose it to unauthorized parties. Employees are also responsible for the internal security of the information and those who violate the privacy policies are subject to a range of disciplinary actions.  

Disclosure of Personal Information and Confidentiality

Third Parties

We will not sell, distribute or lease your personal information to unauthorized third parties unless required by law to do so. Except in those specific, limited situations, we will not make any disclosures of personal information without your consent. We work with authorized third parties who access your information for legitimate business purposes (including providing services to you and operating our sites and systems), in accordance with applicable law. The following are the some of the third parties that may access your personal information:
  • Government authorities and regulators example Sacco society regulatory authority, Unclaimed financial assets authority and Kenya Revenue Authority.
  • Financial institutions who act as correspondent banks for Unaitas or financial institutions through which your transactions are processed.
  • Third parties who are service providers acting as processors, professional advisers including lawyers, bankers, auditors and those who provide consultancy, banking, legal, insurance and accounting services
  • other companies and financial institutions that we work with to provide services to you example ATM card service providers, mobile technology service providers, credit reference bureaus, employers and debt collection agencies.

Our Sacco may access your personal information from some third parties including:

  • various government sources including but not limited to: companies’ registry, lands registry Integrated Personal Registration Systems, Kenya Revenue Authority, and the National Transport and Safety Authority
  • third parties, where you purchase any of our products or services.
  • Other means including social media where you manifestly choose to make information public.
  We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions Our Website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites or influence the data collected and are not responsible for their privacy policies. When you leave our Website, we encourage you to read the privacy policy of every website you visit and understand your rights therein.  

Opting Out

You can ask us to stop sending you marketing messages at any time by writing to us or logging into the relevant website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time through the provided contacts.

Deleting your information

The law requires us to store your information for at least 7 years after closure of your account. We store information until that period lapses. All information you provide to us is stored on our secure servers. We have put in place appropriate security measures to prevent your personal data from being accidentally lost. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so

Right to amend this privacy and security statement

We reserve the right to amend this privacy and security statement at any time. All amendments to this privacy and security statement will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this privacy and security statement. Date June 2021