We obtain your personal information by telephone, by use of application forms or electronically and by use of agents. The information obtained may include:
- Your First name, last name and title
- Contact information including home address, email address, business address, home telephone numbers, business telephone number
- Identification details like ID numbers, KRA PIN numbers, business registration numbers
- Bio data including gender, age, nationality, biometric finger prints, image, signature, residence and next of kin details
- Business details including principal activity, assets in business, business records, photos of business and business location.
- Financial information including loans borrowed, bank accounts and balances.
- Accounts transactions and any other interactions through us.
- Your ownership documents like your title details.
Use of information
We collect personal information:
- To verify your identity and personal information.
- To assess your application to maintain a financial service.
- To automatically profile you for loan processing and provision of other financial services.
- To improve the sacco’s products and services.
- To conduct product and market research
- To send you marketing information about our products and services.
- To enable hiring of staff members
- To comply with laws and regulations
Under the data protection act, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing.
The sacco may decline your request in case its obligated to do so.
Security of Information
A range of security measures including information access restrictions, internal data classification and record Management Policies, are in place and are designed to prevent the misuse, interference, loss, unauthorized access, modification or disclosure of your personal information. We hold personal information in physical and electronic forms at our own premises
Unaitas sacco employees who handle personal information are under an obligation to treat it confidentially and may not disclose it to unauthorized parties. Employees are also responsible for the internal security of the information and those who violate the privacy policies are subject to a range of disciplinary actions.
Disclosure of Personal Information and Confidentiality
We will not sell, distribute or lease your personal information to unauthorized third parties unless required by law to do so.
Except in those specific, limited situations, we will not make any disclosures of personal information without your consent.
We work with authorized third parties who access your information for legitimate business purposes (including providing services to you and operating our sites and systems), in accordance with applicable law. The following are the some of the third parties that may access your personal information:
- Government authorities and regulators example Sacco society regulatory authority, Unclaimed financial assets authority and Kenya Revenue Authority.
- Financial institutions who act as correspondent banks for Unaitas or financial institutions through which your transactions are processed.
- Third parties who are service providers acting as processors, professional advisers including lawyers, bankers, auditors and those who provide consultancy, banking, legal, insurance and accounting services
- other companies and financial institutions that we work with to provide services to you example ATM card service providers, mobile technology service providers, credit reference bureaus, employers and debt collection agencies.
Our Sacco may access your personal information from some third parties including:
- various government sources including but not limited to: companies’ registry, lands registry Integrated Personal Registration Systems, Kenya Revenue Authority, and the National Transport and Safety Authority
- third parties, where you purchase any of our products or services.
- Other means including social media where you manifestly choose to make information public.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
You can ask us to stop sending you marketing messages at any time by writing to us or logging into the relevant website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time through the provided contacts.
Deleting your information
The law requires us to store your information for at least 7 years after closure of your account. We store information until that period lapses. All information you provide to us is stored on our secure servers. We have put in place appropriate security measures to prevent your personal data from being accidentally lost. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so
Right to amend this privacy and security statement
We reserve the right to amend this privacy and security statement at any time. All amendments to this privacy and security statement will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this privacy and security statement.
Date June 2021