Data Protection Policy

TARAJI SACCO SOCIETY

About Our Data Protection Policy

At Taraji Sacco Society LTD, we take our responsibilities under the Government of Kenya’s Personal Data Protection Act 2021 (the “PDPA”) seriously. We recognize the importance of the personal data you have entrusted to us and are committed to keeping it private.
This policy is designed to assist you in understanding how we generally collect, use, disclose and/or process the personal data you have provided to us, as well as to assist you in making an informed decision before providing us with any of your personal data.
If you, at any time, have any queries on this policy or any other queries in relation to how we manage, protect and/or process your personal data, please do not hesitate to contact us at the email mentioned below.

DEFINITIONS
Biodata: Biographical information: Personal information with regard to gender, nationality, contact information, physical location, and any other.
PDPA – Personal Data protection Act 2021of the Kenyan constitution.
Controller: Means the natural or legal person, authority, organization or other agency that makes decisions individually or together with other parties regarding the purposes and means for processing Personal Data.
Processor: a natural or legal person, authority, organization or other agency that processes Personal Data on behalf of the Controller.
Responsible Person: information security department
Register of Systems: a register of all systems or contexts in which personal data is processed by the Sacco.
Personal Data: is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that, data and other information to which an organization has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, medical records, photographs and video images.
PDPA Excludes anonymous data or data that has had the identity of you as an individual permanently removed.

1. Introduction
1.1 INFORMATION WE COLLECT.

We must receive or collect some information to operate, provide, improve, understand, customize, support, and market our Services. This also includes when you access or use our Services. The types of information we receive and collect depend on how you use our Services.

1.2 We will collect your personal data in accordance with the PDPA. We will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.

2 PURPOSES FOR COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
2.1 The personal data which we collect from you may be collected, used, disclosed and/or processed for various purposes including providing our services to you and meeting our legal and regulatory obligations. Depending on the circumstances, for example, we may/will need to process your personal data for:
a). processing your enquiries and application for account opening as well as products and services;
b). providing you with products and/or services, the entry into and/or performance of any transactions with us, and the facilitation of any of the foregoing;
c). administering and/or managing your relationship and/or account(s) with us (including the outsourcing of any related functions to authorized service providers or third party vendors who provide operational services to us;
d). carrying out your instructions or responding to any enquiries by you;
e). carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures (including but not limited to those designed to combat financial crime, “know-your customer”, anti-money laundering, counter-terrorist financing or anti-bribery), that may be required by law or that may have been put in place by us;
f). dealing in any matters relating to the products and/or services offered or provided by us under the agreement(s) between you and us (including the printing and mailing of correspondence, statements, invoices, confirmations, advices, information, reports or notices to you, which could involve disclosure of certain personal data to bring about delivery of the same as well as on the external cover of envelopes/mail packages);
g). the recovery of any and all amounts owed to us;
h). the process of reviewing and approving the account(s), and the conduct of initial and anticipatory credit checks and assessments, relevant checks, ongoing assessment and verification of ongoing credit worthiness and standing;
i). preventing, detecting and investigating crime, fraud, misconduct, any unlawful action or omission, whether relating to your application or any other matter relating to your account(s), and whether or not there is any suspicion of the aforementioned;
j). managing our infrastructure and business operations, and complying with policies and procedures that may be required by law, applicable regulation, guidelines or notices and/or that may have been put in place by us;
k). monitor and record telephone conversations, voice or video conferences and all electronic communications for record keeping, quality training and investigation purposes;
l). to publish your feedback at our internal and external events, feedback exercises and/or as part of our marketing and promotional activities;
m). processing and/or storing information related to your relationship with us;
n). complying with applicable law, regulations, guidelines and/or notices in administering and managing your relationship with us; and
o). any other purposes which we may notify you of at the time of obtaining your consent,
(Collectively, the “Purposes”).
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.

2.2 In order to conduct our business operations more smoothly, we may also be disclosing the personal data you provide to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties, for one or more of the above-stated Purposes.

3. CONFIDENTIALITY

3.1 We will respect the confidentiality of the personal data you provide to us.
3.2 In that regard, we will not disclose your personal data to third parties without first obtaining your consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
a). cases in which the disclosure is required or authorised based on the applicable laws and/or regulations;
b). cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
c). cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
d. cases in which the disclosure is necessary for any investigation or proceedings;
e. cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
f). cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or
g). where such disclosure without your consent is permitted by the PDPA or by law.
3.3 The instances listed above in the foregoing paragraph are not intended to be exhaustive.

4. THIRD PARTY PERSONAL DATA
4.1 You represent, undertake and warrant to us that:
a). in respect of any personal data of any individuals whatsoever which you may, from time to time, disclose to us (“Third Party Personal Data”), you would have prior to disclosing such Third Party Personal Data to us obtained the appropriate consent from the individuals whose Third Party Personal Data are being disclosed, to:
b). permit you to disclose the individuals’ Third Party Personal Data to us for or in connection with the Purposes; and/or (ii) permit us to collect, use, disclose, share and/or process (through authorised service providers, relevant third parties or otherwise) the individuals’ Third Party Personal Data for or in connection with the Purposes;
c). any Third Party Personal Data that you disclose to us are accurate;
d). should you become aware that any such Third Party Personal Data has been updated and/or changed after such disclosure to us, you shall give us notice in writing as soon as reasonably practicable thereafter; and
e). should you become aware that any such Third Party Personal Data has been updated and/or changed after such disclosure to us, you shall give us notice in writing as soon as reasonably practicable thereafter; and
f). should you become aware that any individual whose Third Party Personal Data you have disclosed to us has withdrawn his consent as referred to in sub-Clause (a) above, you shall give us notice in writing as soon as reasonably practicable thereafter. Without prejudice to our other rights under law and/or the agreement(s) between you and us, upon our receipt of the said notification, we shall have the right to discontinue or not provide any products and/or services to and/or transactions with you that are linked to such Third Party Personal Data.

5. REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
5.1 You may request to have access to and/or correct your personal data currently in our possession by contacting us using the email address provided in this policy and phone numbers in our website.
5.2 We reserve the right to charge you a fee for handling and processing your requests to access and/or correct your personal data. Such fee will depend on the nature and complexity of your request.
5.3 If you withdraw your consent to our collection, use or disclosure of your personal data in whole or in part, please provide us with prompt notice in writing.
Without prejudice to our other rights under law and/or the agreement(s) between you and us, upon our receipt of your notification and depending on the nature and scope of your withdrawal of consent, we shall have the right to discontinue or not provide any products and/or services to and/or transactions with you that are linked to such personal data.

6 ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
6.1 We will make reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organization. However, this means that you must also update us of any changes in your personal data from time to time. We will not be responsible for relying on inaccurate or incomplete personal data arising from you not updating us of any changes in your personal data from time to time in a timely manner.
6.2 We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties, which are wholly attributable to factors beyond our control.
6.3 We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.

7. HOW YOU EXERCISE YOUR RIGHTS
Under the General Data Protection Regulation or other applicable local laws, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.
If we process your information based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

8. COMPLAINT PROCESS
8.1 If you have any complaint or grievance regarding about how we are handling your personal data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance at info@tarajisacco.co.ke.

8.2 Your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint promptly by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.
8.3 We will certainly strive to deal with any complaint or grievance that you may have promptly and fairly.

9. UPDATES ON DATA PROTECTION POLICY
As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
We reserve the right to amend the terms of this policy at our absolute discretion. Any amended policy will be posted on our website. You are encouraged to visit our website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.

10. COOKIES
10.1 A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device.
10.2 We use cookies to understand, secure, operate, and provide our Services. For example, we use cookies:
• To provide web portal services, improve your experiences, understand how our Services are being used, and customize our Services;
• To understand which of our FAQs are most popular and to show you relevant content related to our Services;
• To remember your choices, such as your language preferences, and otherwise to customize our Services for you; and
• To rank the FAQs on our website based on popularity, understand mobile versus desktop users of our web-based Services, or understand popularity and effectiveness of certain of our web pages.
10.3 How to control cookies You can follow the instructions provided by your browser or device (usually located under “Settings” or “Preferences”) to modify your cookie settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.