SIDIAN BANK PRIVACY NOTICE

  1. Purpose and Scope of the Privacy Notice

The following information is intended to provide you with an overview of how your data is processed by Sidian Bank Limited Kenya, its subsidiaries, it successors in title and permitted assigns, (‘hereinafter collectively referred to as Sidian Bank/the Bank’) and your rights according to data privacy laws. The details of what data will be processed and which method will be used depend significantly on the services applied for or agreed upon. We therefore ask you to familiarize yourself with this Data Privacy Notice.

Any reference to the Bank, Sidian Bank, we, us or our includes Sidian Bancassurance Intermediary Limited, a subsidiary of Sidian Bank Limited and any other Sidian Bank Limited subsidiaries.

  1. What Personal Information Is Collected by Sidian Bank?

Personal information is any information from which you can be identified with. The personal information we may collect about you include:

  1. Any information that lets Sidian Bank identify you as a unique individual, such as your name/s and surname combined with your physical address, contact details and/or passport/identity number.
  2. Any information that uniquely identifies a legal entity, such as the trading name of a company combined with the company registration number.
  3. Special personal information that includes details of your race or ethnic and social origin, gender, religious, philosophical and conscience beliefs, political persuasion, property details, marital status, family details including details of children, parents, spouse or spouses, health status, genetic, biometric information, sex or sexual orientation or any criminal behaviour which relates to alleged criminal offences or proceedings.
  4. Personal information given to or collected by Sidian bank in writing as part of a written application form, electronically (email), telephonically, online (sidianbank.co.ke) or via the SidianVibe App.
  5. Other personal details such as date and place of birth as well as nationality, physical and email addresses, and contact numbers
  6. Online identifiers and your online behavior such as cookies and IP addresses.
  7. Engagement with us including use of products, or services, transaction, requests, queries, applications and complaints.
  8. Data available from the public domain (e.g. internet, social media, debtor directories, land register, trade association registers, media, etc.)
  9. We use Closed Circuit Television (CCTV) surveillance recordings. CCTV Devices are installed at strategic locations to provide a safe and secure environment in all our branches, Sidian Bank premises and ATMs as a part of our commitment to security and crime prevention.
  10. Other comparable data in line with the criteria outlined above.
  1. When Do We Collect Your Personal Information?

You directly provide the Bank with most of the data that we collect. We collect and process data when you:

  1. Voluntarily complete customer survey or provide feedback on any of our message boards or via email.
  2. View or use our website via your browser cookies.
  3. By telephone or through online channels such as our website, mobile applications, Internet Banking or electronic messaging platforms or filling any of our written application forms/documents.
  4. Use or apply for any of our product and/or service in any of our branches.
  5. When you visit, access any of Sidian Bank buildings/ premises;
  6. Where you’ve been identified as a next of kin by our customer or employee;

The Bank also collects personal information about you from other sources where lawful and reasonable, such as reputable third parties that you deal with or that the Bank interacts with for the purposes of conducting its business. These third parties include:

  • Business partners (including partners and participating partners involved in reward programmes, campaigns or other business activity, joint-venture partners, social media and platform partners) or companies that we may acquire or that merge with us.
  • Service providers (including payment processors, insurance companies, card network providers, debt collection and tracing agencies, credit agencies and bureaux, electronic communication service providers, public and private data and data verification providers including data registries, aggregators, search engines, social media and marketing list providers).
  • Employers, advisers, agents, associates, assignees, cessionaries, successors in title, trustees’ executors, curators and appointed third parties (including lawyers and contractors).
  • Government departments, regulatory authorities, courts of law and law enforcement agencies, ombudsmen and tax authorities.

If you are a third-party service provider, the Bank may collect personal information about you as a data subject in order to ensure that the business relationship and matters relating to the agreement between you and us can be fulfilled. You warrant that, if you provide us with any personal information about other persons, such as employees, shareholders or your directors, you are authorised to share their personal information with us for purposes set out in this statement.

Providing your personal information to us is usually voluntary. However, it may be mandatory under certain circumstances, for example when you apply for products and/or services or to comply with anti-money laundering legislation. If you fail to provide us with your personal information when requested, we may not be able to provide the products or services to you or comply with our legal obligations.

Whenever you provide us with the personal information of third parties, you must inform them that you need to disclose their personal information to us. We will process the information in accordance with this statement.

  1. For What Purpose and On What Legal Basis Does Sidian Bank Use Your Data?
    • For the Fulfilment of Contractual Obligations

We will need to process your personal information if we require it to conclude or perform under a contract or agreement with you for a product or service that you have applied for either with us, through us or through our business partners with whom we have entered into a partnership, collaboration or alliance arrangement or for purposes of:-

  • providing products and services to you that involve opening and maintaining your account, accessing our bancassurance services, executing transactions, administering claims where applicable, collecting payments due to us by you, managing our risks and maintaining our overall relationship with you;
  • Communicating with you regarding the products or services you have with us;
  • Providing you with further information that you request from us regarding the products or services you have with us;
  • Compliance with specific banking products (e.g. accounts, loans, securities, deposits,); or
  • Analysis of any potential needs, the provision of advice, and to support the execution of transactions.

Further details can be found in your contract documents or in the General Terms & Conditions.

  • Legitimate Interests

Where required, we process your data beyond the actual fulfilment of the contract for the purposes of the legitimate interests pursued by us or a third party. For example:

  • Consulting with credit rating agencies to investigate creditworthiness and credit risks.
  • Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions.
  • Obtaining personal data from publicly available sources for client acquisition purposes.
  • Testing and optimization of processes for requirement analysis or client contact.
  • Measures for business management and further development of services and products.
  • Risk control at Sidian Bank.
  • Asserting legal claims and a defense in legal disputes.
  • Guarantee of Sidian Bank’s IT security and IT operations.
  • Prevention and investigation of crimes.
  • Video surveillance and measures to protect the rights of an owner of premises to keep out trespassers and to provide security (e.g. access controls).
  • Assisting the Bank to achieve any other related purpose.
  • To protect your vital interests and vital interests of third parties. 
  • Lawful Obligations

We may need to process your personal information for the following purposes:-

  • To complete integrity and business conduct checks required for compliance purposes including due diligence and onboarding processes, monitoring and assurance reviews and conduct sanctions screening against any sanctions lists.
  • To comply with other risk management, regulatory and legislative requirements
  • To comply with voluntary and mandatory codes of conduct.
  • To detect, prevent and report theft, money laundering, terrorist financing, corruption or other potentially illegal activity, or activity that could lead to loss.
  • To process and/or settle transactions, payments, insurance claims and any other connected purpose.
  • To conduct research and analysis (which may include assessing product suitability, credit quality, insurance risks, market risks and affordability, developing credit models and tools and obtaining related information.
  • On the Basis of Your Consent

In addition to the reasons given above, we may process your personal data where we have your specific consent for a defined purpose. We will also seek your consent where the applicable laws require it. You have the right to withdraw consent at any time. However, withdrawal of consent does not affect the legality of data processed prior to such withdrawal.

  1. Who Can Access Your Data?
    • Sidian Bank Agents, Branch network and Subsidiaries

We may share your data with other entities in Sidian Bank where required to fulfil our contractual and legal obligations. We may transfer your personal data to Sidian Bank Agents, Branch network and Subsidiaries for risk control purposes in connection with statutory / regulatory obligations. We may also share information Sidian Bank Agents, Branch network and Subsidiaries in connection with services that we believe may be of interest to you.

  • External Recipients of Data

We will transfer personal data about you in the course of conducting our usual business or if legal, regulatory or market practice requirements demand it to the following external recipients;-

  1. to public entities and institutions (e.g. financial authorities, Central Bank of Kenya, Financial Reporting Centre, law enforcement authorities);
  2. to other credit and financial services institutions or similar institutions to which Sidian Bank transfers personal data within the context of its business relationship with you (e.g. correspondent banks, custodian banks, brokers, insurance and information agencies);
  3. to third parties (including but not limited to correspondent banks, brokers, exchanges, reinsurers, insurance services providers such as insurance companies and agencies, loss adjustors, investigators e.t.c, , trade repositories, processing units and third-party custodians’ issuers, authorities and their representatives) for the purpose of ensuring that we can meet the requirements of applicable law, contractual provisions, market practices and compliance standards in connection with transactions you enter into and the services that we provide you with; or
  4. to a natural or legal person, public authority, agency or body for which you have given us your consent to transfer personal data to or for which you have released us from banking confidentiality.
  • Service Providers and Agents

We will transfer your personal data to service providers and agents appointed by us for the purposes given, subject to maintaining banking confidentiality. These are companies in the categories of banking services, IT services, insurance services, logistics, printing services, telecommunications, collection, advice and consulting and sales and marketing.

  1. Does Sidian Bank Transfer Data Across Borders?

Sidian Bank will transfer your personal data outside Kenya:-

  1. Where it is necessary for the purpose of carrying out your orders (e.g. payment and other orders)
  2. Where it is required by law (e.g. reporting obligations under financial regulation), or
  3. If you have given your consent.
  4. If we have a legitimate interest in doing so.

Sidian Bank will only transfer personal information to countries that it is satisfied will provide adequate data protection and such transfer will be secured through corresponding guarantees of the recipients to ensure an appropriate level of data protection.

  1. How Do We use your Personal Information for Marketing?

Whether you are an existing client or a prospective client with whom we had previous interactions in respect of your financial well-being or needs, you are important to us and therefore we would like to share information about our products, services and special offer with (subject to the applicable laws).

If you are a prospective client, and we have had no previous interaction or have no relationship with you, we will seek your express consent in compliance with local laws to market to you, electronically.

If you no longer wish to be contacted for marketing purposes, you may opt out at any time when you receive a marketing communication or by contacting us through your Branch Manager or Sidian Bank’s Privacy Officer (whose contact details have been provided hereinbelow).

  1. How Long will your Data be Stored?

We will process and store your information as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations. It should be noted here that our business relationship is a long-term one, extending for a period of years.

We will ordinarily retain your personal information for a minimum period of seven (7) years to enable Sidian Bank comply with regulatory and contractual requirements unless there is a particular reason to hold records for longer, including legal hold – a process that the Bank uses to preserve all forms of relevant information when litigation is reasonably anticipated which require us to keep records for an undefined period of time.

We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected or that is no longer required to fulfil regulatory or statutory obligations or for any subsequent purpose that is compatible with the original purpose.  This does not affect your right to request that we delete your personal data before the end of its retention period.  We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

  1. How is your Personal Information Protected?

The security of your personal information is important to us and we take reasonable steps to keep your personal information safe and to prevent loss, destruction of and damage or unlawful access to your personal information by unauthorized parties. We require the same level of security to be implemented by our service providers and other third parties. However, you must share or send us any personal information through unauthorized channels as these are not a secure way of communication and carry a risk of interception and unauthorized access. You should only share personal information through our authorised channels

  1. What are your Rights?

We value your trust and want you to be familiar with your rights under the legislation and to know how you can exercise them in your interactions with Sidian Bank.  Your data protection rights include the following:

  1. Right of access: requesting that information on your personal data that Sidian Bank holds on record be shared with you.
  2. Right to rectification: demanding that the information be rectified should it be incorrect.
  3. Right to erasure: asking that your data be deleted if Sidian Bank is not permitted or is not legally obliged to retain your data.
  4. Right to restrict processing: demanding that the processing of your data be restricted if:
  • you have disputed the accuracy of your data stored by Sidian Bank and it has not yet completed its assessment
  • you object to the deletion of your data although Sidian Bank is obligated to delete it, or
  • you have objected to the processing of your data but it has not yet been established whether this outweighs Sidian Bank’s reasons for processing your data.
  1. Right to transmit your data to another data controller or data processor without any hindrance and where technically possible, to have your data transmitted directly to another data controller or processor.
  2. Right be notified that your personal information is being collected by us or has been accessed or acquired by an unauthorised person.
  3. Right to object to the processing of personal information for the purposes of direct marketing.
  4. Right not be subject to automated decision-making processes in respect of an application for products and/or services, except under certain circumstances;
  5. You also have the right of appeal (as far as this affects you) to your respective Data Protection Supervisory Authority.
  1. What Data are you asked to Supply?

In the context of your relationship with Sidian Bank, you must provide all personal data that:

  • is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations, and
  • Sidian Bank is legally required to collect.

Without this data, Sidian Bank will most likely be unable to enter into a contractual relationship with you.

Under the regulations on combatting money laundering and the financing of terrorism, Sidian Bank is obligated to verify your identity on the basis of your identification documents and, in this context, to collect and store your address, nationality, name, date and place of birth, and identification data prior to the commencement of a business relationship. In order for Sidian Bank to comply with these regulations, you are required to supply it with the necessary information. If this information changes during the course of the business relationship, you are obliged to notify Sidian Bank without delay. If you do not provide Sidian Bank with the necessary information, it will not be able to commence or continue a business relationship with you.

  1. Will Cookies be Collected?

Yes. Sidian Bank does collect cookies.

  • What are Cookies?

Cookies are information packages sent by a web server (in this case this website) to your internet browser, saved on your computer and checked by the server on each subsequent visit to the site. To gain full benefit from this website, we recommend that you configure your browsers to accept cookies. 

  • Why do we use them?

Cookies are used to facilitate navigation within the website and correct use. They also serve a statistical purpose, making it possible to establish which areas of the site have been visited, and to improve and update user procedures. 

  • Type of Cookies used

For further information about the types of cookies used please refer to our “Cookies Notice” on our website on www.sidianbank.co.ke.

  • How should I manage my Settings with respect to Cookies?

To optimize your use of our website, we recommend that you accept the cookies. Most internet browsers are initially set to accept cookies. You can at any time set your browser to accept all cookies, just some cookies or no cookies. In the latter case, you would disable use of part of the sites. Additionally, you can set your preferences in the browser so that you will be notified whenever a cookie is saved on your device. Please note that if you disable the cookies, you may not have optimum use of the site.

  1. Will your Data be Automatically Processed?

We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). For example, we may use profiling in the following ways:

  1. In order to combat money laundering, the financing of terrorism, and criminal acts, Sidian Bank also conducts data assessments (among others in payment transactions). The aim of these measures is to protect you.
  2. Sidian Bank uses assessment tools to provide clients with relevant and appropriate information on its products and services. These allow communications and marketing to be tailored, as needed, including market and opinion research.
  3. Sidian Bank uses assessment tools in order to be able to specifically notify you and advise you regarding products. These allow communications and marketing to be tailored as needed, including market and opinion research.
  1. Will Biometric Data be used?

No. Sidian Bank does not collect biometric data.

  • Right to Amend this Privacy Notice

Sidian bank reserves the right to change this statement at any time in accordance with the applicable law. All changes to this notice will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this notice.

Previously updated – September 2020

Reviewed and updated – November 2022

Reviewed and updated – January 2023

You can find the applicable version at  https://Sidianbank.com/kenya/home/kenyaHome.html

  1. How can you Contact Sidian Bank?

Should you have any questions about the treatment of your data, please contact your Branch Manager or Sidian Bank’s Privacy Officer whose contact details are as follows;-

Sidian Bank Limited,
K-Rep Centre, Wood Avenue, Kilimani,
P.O. Box 25363-00603,
Nairobi, Kenya.

            Phone: +254 711 058 994

            Email: dpo@sidianbank.co.ke for Sidian Bank

           dpoassurance@sidianbank.co.ke for Sidian Bancassurance Intermediary Limited

  1. How do you Contact Appropriate Authority?

After engaging us and should your queries still not be addressed to your satisfaction, you have the right to lodge a formal complaint with the Office of the Data Protection Commissioner at https://www.odpc.go.ke/file-a-complaint/