SIDIAN BANK LIMITED PRIVACY POLICY STATEMENT

  1. INTRODUCTION

Sidian Bank Limited is alive to the need of having high level of privacy and security regarding Personal Data shared with or collected by the Bank with respect to our Customers. To this regard, Sidian Bank Limited respects customer and client’s privacy and is committed to protecting the confidentiality of personal information entrusted to it.

This Privacy Policy explains and expounds on policies, practices and security measures that the Bank has in place to safeguard its Customers’ Personal Data. It covers any products or services customers access from the Bank, including, current accounts, deposit accounts, savings accounts, loans, credit and debit cards, asset financing, trade financing, payment services and access to any of the Bank’s websites.

This Privacy Policy Statement discloses ways in which the Bank gathers, uses, discloses, and manages a customer’s data. This Privacy Policy Statement should be read alongside the relevant terms and conditions provided under each customer agreement governing the use of the Bank’s services.

Please read this Privacy Policy Statement carefully to properly understand our actions and measures when it comes to the handling of your Personal Data.

  1. Definitions

“Bank”  means Sidian Bank Limited, a financial institution licensed under the Banking Act and regulated and supervised by Central Bank of Kenya to conduct Banking activities in Kenya (Hereinafter the Bank) which definition shall where the context so permits include its successors in title and permitted assigns.

“Customer” means

  • The person who subscribes to, uses or purchases any of our products and services or accesses our websites and includes any person who accesses any of the products and services you have subscribed to.
  • Any agent, dealer and/or merchants who has signed an agreement with us and is recognised as a merchant or agent in accordance with any applicable laws or Regulations.
  • Any visitor that is a person (including contractors/subcontractors or any third parties) who gains access to any Bank premises.
  • Any supplier who has been contracted by the Bank and executed an appropriate contract.

“CBK” means the Central Bank of Kenya.

“Consent Form” means that consent form signed by the Customer authorizing the Bank to collect personal data and process the same in accordance with this Privacy Policy Statement.

“Personal Data/Information” means any information identifying you or information relating to you that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access such as your name/s and surname combined with your physical address, contact details and/or passport/identity number. It also refers to information that uniquely identifies a legal entity, such as the trading name of a company combined with the company registration number.

“Processing” includes collecting, using, altering, merging, linking, organising, disseminating, storing, retrieving, disclosing, erasing, archiving, destroying or disposing of personal information that is shared to the Bank by the Customer. It alsoincludes any initial processing that the Bank does when it collects the Customer’s personal information andany further and ongoing processing that the Bank is allowed to carry out legitimately in regard to the information collected.

“Sensitive Personal Information” includes details of your race or ethnic and social origin, gender, religious, philosophical and conscience beliefs, political persuasion, property details, marital status, family details including details of children, parents, spouse or spouses, health status, genetic, biometric information, sex or sexual orientation or any criminal behaviour which relates to alleged criminal offences or proceedings.

  1. COLLECTION OF INFORMATION
    • The Bank uses different ways to collect Personal Data from you (please note that the list is not exhaustive);
  • in provision of the following financial products and services through its physical branches, online systems (website, mobile banking and Internet banking sites), and representative agents and other third-party sources and collects Personal Data;
  • to facilitate in the operating and accessing of different services offered.
  • direct interactions through filling in forms given to the Customer, Customer correspondences through email or phone;
  • to grant you access to protected and secured sites, online and mobile banking service.
  • When you subscribe to our services or publications;
  • You request marketing information to be sent to you.
  • You contact or give the Bank feedback.
  • during account opening in compliance with Know Your Customer (KYC) regulations and when carrying out financial transactions. We also conduct due diligence in line with the law against money laundering and terrorist financing which requires banks to conduct a series of tasks for the identification of the ultimate beneficial owner (UBO) of their customers.
  • From other third-party sources including but not limited to credit reference bureaus, public records, places where you may already have your personal information public, your agent or representatives where the Bank is legally entitled or obligated to do so.
  1. INFORMATION WE COLLECT
  • Generally, the Bank collects the following information;
    • Individual personal information (e.g. name, age, and place of birth).
    • Individual personal contact details (e.g. physical address, email address, mobile numbers).
    • Identity information (e.g. photo ID, passport, utility bill, national ID card and nationality).
    • User authentication login (e.g. login credentials for online banking and mobile banking apps).
    • Financial information about the ways you interact with Sidian Bank (e.g. channels used, payment history from and to your account, transaction information, ATM usage information, geographic information, and information concerning your complaints).
    • Information captured in customer documentation or data exchange such as application forms or advice documents or via telephone.
    • Cookies and similar technologies used to remember your preferences and tailor content. You can follow the instructions provided by your browser or device (usually located under “Settings” or “Preferences”) to modify your cookie settings. Please note that if you set your browser or device to disable cookies, certain of our Services may not function properly.
    • Risk rating information (e.g. credit risk rating and transactional behaviour).
    • Data or records of correspondence related to relevant exchanges of information (e.g. emails).
    • Information from third parties providing information to identify and manage fraud.
    • Closed circuit television (CCTV) in and around Sidian Bank facilities (these may collect photos or videos of you).
    • Voice recorded for quality and security purposes through voice call enquiries made at the Bank Call Centre.
    • Other information about you that is voluntarily provided by filling in forms, participating in marketing research or by communicating with us, whether face-to-face or via other available channels (e.g. by phone, email, online).
  1. PROCESSING AND USE OF INFORMATION
  • In the event a Customer provides this information, it is only used internally and in furtherance of the purpose for which it was provided.
  • Depending on the products and services which you subscribe to, the Bank will only collect personal information necessary to fulfil your requests and to provide the requested and / or agreed services. Your personal information will not be used for purposes other than those listed in this document, unless permission is obtained or otherwise required by law.
  • Processing of your personal data will only be done where we have your consent and thus, where consent is the legal basis for our processing, you may withdraw such consent at any time, in accordance to applicable laws and regulations.
  • Information collected is used to:
    • Verify customer identity to protect both the customer and the Bank Limited as well as to prevent fraud and other crimes.
    • Provide services and delivery products (including via online platforms) to ensure you as the customer receives the best services offered by Sidian Bank Limited.
    • For communication purposes with you as our customer to properly respond to queries and complaints you may have as well as to keep you informed about products and services you hold with us and also those that might be of interest to you.
    • Efficiently deal with your transactions or carry out instructions to effectively cater to the performance of the contract we have with you.
    • Perform data analytics to properly understand your preferences and how you use the provided services in order to better serve you and improve your customer experience.
    • Keep a record of correspondence (e.g. to check instructions given or to enhance service quality).
    • Meet our regulatory compliance and legal obligations including but not limited to comply with CBK regulations and other regulatory framework.
    • Efficiently manage our relationship with you (including any marketing activities you agree to, notifying you about changes to our terms or Privacy Statement, asking you to leave a review or take a survey) among other things.
    • Collect any money owed to the Bank. In the event the same is necessary in as far as our contractual obligations are involved.
    • Perform credit checks and obtain or provide credit references in case such is required
    • For internal operational support and administrative purposes (e.g. product development, audit, credit and risk management) to better our services to you
    • Complete surveys that we use for research purposes, although you do not have to respond to them.
    • Ensure security and business continuity.
    • For service quality management and product improvement.
    • Correspond with third parties (e.g. surveyors, valuators, intermediaries).
    • Carry out investigations (e.g. due diligence checks, sanctions and anti-money laundering checks).
  1. AUTOMATED DECISIONS AND PROFILING
  • To ensure decisions are quick, fair, efficient and correct, based on information held; Sidian Bank Limited may use systems to make automated suggestions and decisions that can affect the products, services or features offered to customers. The types of automated decisions include:
  • Tailored Products and Services: The Bank may group customers with similar customer segments to study and learn about their needs, design products and services and to make decisions based on what we learn.
  • Credit risk rating and detecting fraud: Personal, financial and transactional information may be used for risk and credit rating purposes.
  • Nonetheless, where these automated processes suggest that your application should be rejected, we will manually review your application before making a final decision.
  1. DISCLOSURE AND SHARE OF USER INFORMATION
  • The Bank does not disclose any customer information about current customers, former customers, or website visitors to anyone, except as permitted or required by law. The Bank does not sell any of its customer’s personal information.
  • Personal information can however be shared with affiliated third parties such as;
    • Service Providers acting on the Bank’s behalf to provide financial services and only to the extent of the information they require to provide the service. The Bank will only transfer personal information to them when they meet privacy and security standards for processing of data.
    • Courts, law enforcement and regulatory bodies in order to respond to requests of courts, government or law enforcement entities or where it is necessary to comply with applicable laws, court orders or rules, or government regulations.
    • Payment recipients, beneficiaries, intermediaries, nominees, clearing houses, agent banks, fraud prevention agencies, debt recovery agencies, guarantee providers, other financial institutions, lenders and holders of security over any property relevant to the Bank, tax authorities, credit reference agencies, payment service providers.
    • The Bank may also share aggregated or anonymized information with partners such as research groups or universities.
  1. RETENTION OF INFORMATION
  • We will only retain your data for as long as it is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
  • In the event you cease to be a customer of the Bank, according to our data retention practices, and in compliance with CBK regulations, we shall retain your data for a period of up to Seven (7) years. After expiration of the aforementioned period, the Bank may anonymize, erase or destroy your data or aggregate it for analytical purposes. In the event we decide to retain your information longer than the statutory timeline, we shall do this provided it is necessary for a legal, regulatory, fraud prevention or other legitimate purpose.
  • you have the right to request all or part of their data erased from the Bank’s system. You also have the right to request that your personal information is corrected or updated accordingly in case of any changes.
  1. DATA TRANSFERS OUTSIDE KENYA
  • Your personal data in our possession may be transferred, stored or processed in any other country outside Kenya.
  • In case such a circumstance arises, we will ensure that the transfer is lawful and that appropriate safeguards have been put in place to ensure maximum protection of your data.
  1. MARKETING
  • We may use your identity, contact, technical, usage and profile data to form a view on what products, services and offers we think you may want or need, or what may be of interest to you.
  • You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
  • Nonetheless, if you have opted out of receiving electronic marketing communication, Sidian Bank Limited will not market to you using electronic media. Further, if you are receiving marketing via electronic media, you have the right to opt out at any time by contacting us and following the proper procedures.
  1. PRINCIPLES THE BANK ADHERES TO
  • Accuracy

The Bank will ensure that the customer’s personal information is accurate and, where necessary, kept up to date; taking every reasonable step to ensure that the customer’s personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay.

  • Lawfulness and Transparency

The Bank will make certain that the processing of your personal data is lawful and fair. The Bank will ensure that it is transparent to its customers in regard to how personal data concerning them are collected, used, consulted, or otherwise processed and to what extent the personal data is or will be processed.

  • Purpose Limitation

The Bank will endeavour to collect from its customers personal data that is for a specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. If we need to use your Personal Data for an unrelated purpose, we will notify you and seek your consent where necessary.

  • Data Minimization

The Bank will make certain that processing of its customers’ personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

  • Storage Limitation

The Bank shall retain personal data only as long as may be reasonably necessary to satisfy the purpose for which it is processed as well as in accordance with the relevant laws regulating retention of Personal Data.

  1. HOW WE KEEP YOUR PERSONAL INFORMATION SECURE:

The security of your data is very fundamental to the Bank. The Bank Limited will take all necessary steps to ensure that all customer data is treated securely and in accordance with this Privacy Policy Statement.

  • Proper security standards and procedures are maintained to prevent unauthorized access/loss, misuse, alteration, or destruction of data. The Bank uses technologies (e.g. data encryption, firewalls) to protect the security of customers.
  • Further, in regard to the access of your personal data, we limit this to those employees, agents, contractors and other third parties who have a legitimate business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
  • Nevertheless, in case there is such breach, we have put in place procedures to appropriately deal with the same and we will notify you and any applicable regulator of a breach where we are legally required to do so.
  1. CUSTOMERS’RIGHTS

As a Customer, you are entitled to exercise the following rights in relation to the information we hold about you: –

  • Access – You have the right to request a copy of the personal data processed in relation to you. The Bank may charge a fee for this as permitted by law.
  • Correction/ Rectification- You have the right to request that we correct your personal data that is inaccurate, out-dated, incomplete or misleading. Polite note that we may need to verify the accuracy of the new data you provide to use.
  • Erasure- You have the right to ask us to delete your personal data that we are no longer authorised to retain, irrelevant, excessive or obtained unlawfully as far as is reasonably possible.
  • Object- You have the right to object to how we process your Personal Data unlesss then the Bank demonstrates compelling legitimate interest for the processing of the same which overrides the customer’s interests, or for the establishment, exercise or defence of a legal claim. Nonetheless, it is important to note that objection does not mean you get to decide how we process your information.
  • Information-You have the right to be informed that we are collecting Personal Data about you;
  • Restriction- You have the right to restrict how your personal data is processed in certain cases, such as when the accuracy of your Personal Data is contested. Restriction can happen when:
  • The accuracy of the personal data is contested by Customer.
  • The personal data is no longer needed to achieve the purpose unless the Bank requires the personal data for the establishment, exercise or defence of a legal claim.
  • Processing is unlawful and you the customer opposes the erasure of the personal data and requests the restriction of their use instead.
  • Customer has objected to the processing and the Bank is considering legitimate grounds that override those of the data subject.
  • Portability- You have the right to request for a copy of the personal data you have given to us and thus given to you in a structured, commonly used and machine-readable format.
  • The right to withdraw consent- You also have the right to withdraw your consent at any time where the Bank relied on your consent to process your personal Nevertheless, it is important to note that this will not affect the lawfulness of any processing carried out before you withdraw your consent.
  1. OUR COMMUNICATION WITH YOU
    • We may communicate with you via electronic mail (e-mail), post, phone, text, and other digital methods.
    • We will never ask you for your password or account number.
    • When you contact us through any of our communication channels including visiting a local branch or calling the telephone banking service, we will verify your identity by asking you a number of questions based on information known to us about you and the transactions on your account.
    • We may record your calls for training, quality and security purposes 
  1. EXEMPTIONS

15.1   The Bank shall be exempted from complying with data protection principles relating to lawful processing, minimisation of collection, data quality, and adopting security safeguards to protect personal data if:

15.1.1   It is a matter of national security- (e.g., terrorism)

15.1.2   It is a general situation- lessening threat to life, health or safety, unlawful activity or misconduct (e.g., money laundering), locating missing persons among others.

15.1.3   Health situation- providing health services to data subject, data subject is incapable of giving consent among others.

  1. PRIVACY POLICY STATEMENT UPDATES
  • It should be gently noted that, the Bank may review and update this Privacy Policy Statement from time to time as may be needed.
  • In light of this, we request that, you review the terms of this policy periodically available in our website………………………. to make sure that you are well aware and up to date on how the Bank collects and uses your personal information.
  1. CONTACT INFORMATION

In case of any queries or complaints regarding this Privacy Policy Statement, or wish to exercise your rights as set out herein and under the applicable laws please contact us on:

Email: talktous@sidianbank.co.ke

Telephone: (+254) 711-058000; (+254) 732-158000

  1. DISCLAIMER
    • When one visits the Bank’s website, you are not required to provide any personal information. The Bank does not collect any unique identifying information about customers browsing our website unless one voluntarily and knowingly provides that information, when one sends us an email or completes an application online.
    • Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these web-sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.