PRIVACY POLICY
1. General Provisions
PESAKAY CREDIT LIMITED ("we") collects and processes personal data in accordance with the Data Protection Act 2019 (DPA), enacted on November 25, 2019. We adhere to the principles of lawfulness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.
2. Data Controller and DPO
We are the data controller. A Data Protection Officer (DPO) has been appointed — contact details are provided below.
3. What Data We Collect
Basic data: Full name, date of birth, contact details
Identification data: National ID/passport, address
Financial data: Bank details, credit history
Technical data:IP address, cookies, browsing history
4. Purpose of Processing and Legal Grounds
KYC/AML: Legal obligations
Provision of financial services: Performance of a contract
Analytics and service improvement: Legitimate interest
Marketing: Only with explicit consent
5. Data Subject Rights
You have the right to access, rectify, delete, restrict processing, request data portability, and withdraw consent or object to processing.
Requests will be processed within 30 days.
7. Data Security
We implement technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration. Data is stored securely and access is limited to authorized personnel only.
8. Breach Notifications
In case of a data breach, we will notify the Office of the Data Protection Commissioner (ODPC) and affected individuals within 72 hours.
9. Regulatory References
For more information about your data rights, please visit the Office of the Data Protection Commissioner (ODPC)
PESAKAY CREDIT LIMITED is a registered financial service provider in Kenya.
Our operations comply with the guidelines issued by:
10. Contact Information
11. Policy Updates
This policy is reviewed annually or whenever regulatory changes occur.