Data Privacy Policy

Data Privacy Policy

Gusii Mwalimu Sacco Limited (“us”, “we”, or “our”) was established in the year 1977 and is registered under the Co-operative Societies Act, Cap 490 as a Sacco Society No CS/2641

We are a duly registered Sacco in Kenya and regulated by SASRA to offer financial services to our members. We operate the https://gusiimwalimusacco.co.ke/ website, which provides more information about us and our various services.

We use your data to provide and improve the Services. By using these Services, you agree to the collection and use of information by this policy. Unless otherwise defined in this Data Privacy Policy, terms used in this Data Privacy Policy.

Gusii Mwalimu Savings and Credit Society is committed to protecting your data and respecting your privacy. This Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us through any of our contact points to request joining our membership, requesting credit, savings depositing, general inquiries, and membership exit. The interaction points you may have with us could be over the phone, in person, over email, or indeed via inquiry forms on our website or social media platforms.

It also explains how we’ll store and handle that data, keep it safe, and tell you about your privacy rights and how the law protects you. We shall likely need to update this Privacy Policy from time to time. We shall notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

Data Collection

We are data processors and controllers, as such we collect and determine the purpose of processing such personal data that we collect. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (i.e., anonymous data).

The people whose personal data we collect and control include:

Our members, potential members, employees, and other service providers whom we have a business relationship with, members’ security providers and guarantors, and next of kin details.

We collect personal data such as Name, date of birth, Identification number, tax pin, financial information such as bank account details and statements, age, and geographical information We may also collect sensitive personal data such as sex, marital status, family details, belief, ethnic origin, biometric data, etc.

Some of the purposes for which we collect and process your data include:

  • To provide and maintain our Service.
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so.
  • To provide member support
  • To gather analysis or valuable information so that we can improve our Service.
  • To monitor the usage of our Service
  • To detect, prevent, and address technical issues.
  • To provide you with news, special offers, and general information about other goods, services, and events that we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

Legal Basis for Data Collection and Processing

  • Contractual Obligation:

To perform the contractual obligation entered into with our data subjects, we collect such personal data. For example, we provide our services based on the agreement we have with the data subject such as processing of credit facilities for our members.

  • Consent.

We shall in specific situations collect and process your data with your consent. In doing so, we shall ensure that consent is explicitly requested from you. When collecting your data, we shall always make clear to you, which data is necessary in connection with a particular service. All data provided by you shall be used for legitimate purposes only and the company undertakes to use such information only in connection with services you shall normally expect from us. For example, example, when you lick a box/subscribe to receive email newsletters when you make an online inquiry

We shall also seek explicit consent when handling data about children below 18 years of age from the parent, guardian, or person holding responsibility for the said minor.

  • Legal Compliance.

In the conduct of our business, we are required to comply with the specified industry regulators which would then oblige us to collect, process, and share the data subject’s information with the relevant regulators or law enforcement agency.

  • Legitimate Interest

In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably and legally be expected as part of running our business and which does not materially impact your rights, freedom, or interests.

How We Collect Your Data

We use different methods to collect data from and about you, including through:

  • Direct interactions: When you fill out forms such as membership or send inquiries and submit the same to us directly.
  • Closed Circuit Television (CCTV) surveillance recordings. CCTV Devices are installed at strategic locations to provide a safe and secure environment on all premises as a part of our commitment to community safety, security, and crime prevention.
  • Through Automated interactions such as our website.
  • Third parties such as the Teachers’ Service Commission or publicly available resources.

Data Retention, Disclosure, and International Transfer

We shall only retain your data for as long as reasonably necessary to fulfill the purposes we collected it for, including to satisfy any legal, regulatory, tax, accounting, or reporting requirements. We may retain personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation concerning our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.

Anonymized information that can no longer be associated with you may be held indefinitely.

Gusii Mwalimu Sacco Limited may disclose your Personal Data in the good faith belief that such action is necessary to:

  1. Law-enforcement agencies, regulatory authorities, courts, or other statutory authorities in response to a demand issued with the appropriate lawful mandate and where the form and scope of the demand are compliant with the law.
  2. Our suppliers, associates, partners, software developers, and agents are involved in delivering services and services.
  3. Fraud prevention and Anti-money laundering agencies, credit-reference agencies;
  4. Publicly available and/or restricted government databases to verify your identity information to comply with regulatory requirements;
  5. Debt-collection agencies or other debt-recovery organizations;
  6. Any other person that we deem legitimately necessary to share the data with.

We do not generally transfer data beyond the Kenya jurisdiction. However, sometimes, within the conduct of business, we may need to transfer data to another country other than Kenya. In such a case, we shall only process your personal information with your consent. If necessary, we shall ask the party to whom we transfer your personal information to agree to our privacy principles, associated policies, and practices by the applicable Data protection laws.

Your Rights as the Data Subject

As a Data Subject, you have the following rights as set out in the Data Protection Act No. 24 of 2019:

  1. Right, to be informed that we are collecting personal data about you;
  2. The right to access such personal data that we hold and request details on how the same is processed.
  3. The right to request that we correct such personal data where the same is inaccurate.
  4. Right to request that we correct your data where it is inaccurate or incomplete;
  5. Right to request that we erase your data noting that we may continue to retain your information if obligated by the law or entitled to do so;
  6. Right to object and withdraw your consent to the processing of your data. We may continue to process if we have a legitimate or legal reason to do so;
  7. Right to request restricted processing of your data noting that we may be entitled or legally obligated to continue processing your data and refuse your request;
  8. Right to request transfer of your data.

You shall not have to pay a fee to access your data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances and in cases where it would be technically challenging to do so.

Verification of Identity for requesting data subject

We may need to request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information about your request to speed up our response.

If you have authorized a third party to submit a request on your behalf, we shall ask them to prove they have your permission to act

The time limit for response to the data subject.

We shall respond to all legitimate requests within 30 working days. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we shall notify you and keep you updated on the same.

Change of purpose

We shall only use your data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the

processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your data for an unrelated purpose, we shall notify you and explain the legal basis that allows us to do so.

Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Safeguarding and Protecting Your Data

We have put in place technical and operational measures to ensure the integrity and confidentiality of your data via controls around information classification, access control, physical and environmental security, and monitoring and compliance.

Amendments to this Policy

We reserve the right to amend or modify this statement at any time. If and when we amend this statement. You may access the most current version of the privacy statement by visiting our website at https://gusiimwalimusacco.co.ke/ to understand how your personal information is being used or shared. Any amendment or modification to this statement shall take effect from the date of notification on the website.

Contacts

We hope this Privacy Notice has helped set out the way we handle your data and your rights to control it. If you have any questions or concerns that may have not been covered, please contact our Data Protection Officer who shall be pleased to help you using the details provided below:

Data Protection Officer (Insert DPO email)

Gusii Mwalimu Savings and Credit Sacco,

Gusii Mwalimu Complex, 1st Floor,

P.O. Box 1335-40200, Kisii- Kenya,

Tel: 058 – 2030357, Fax: 058 – 2031021.

Non-compliance with this policy

Gusii Mwalimu Savings and Credit Sacco shall have the right to terminate any agreement with you for failure to comply with the provisions of this statement and reject any application for information contrary to this statement.