MUIAA Pesa Privacy Policy

Effective Date: 25th December 2023

1. INTRODUCTION

1.1 MUIRURI & ASSOCIATES PESA (“MUIAA Pesa”), a Kenyan subsidiary of MUIAA Limited, is the data controller responsible for processing your data when you access our Services.

1.2 MUIAA Pesa may also act as a data processor for a data controller with whom you have a contractual relationship. In such instances, MUIAA will act in accordance with the instructions given by the data controller.

1.3 The MUIAA Limited offers digital financial services to help the traditionally underbanked borrow, save and grow their money. Our Services include:

1.4 This Privacy Policy applies to your use of MUIAA’s Services and explains what personal data we collect, with whom we share it, how we may use your data and how you can prevent us from sharing certain information with certain parties. 

This Privacy Policy should be read together with the applicable Privacy Notice for the particular Service that you are using as linked above. The relevant Privacy Notice informs you as to how we look after your personal data when you use our Services and tells you about your privacy rights and how you are protected under the Data Protection Act, 2019.

1.5 By accepting the terms of this Privacy Policy and the relevant Privacy Notice, you accept and consent to the practices described.

1.6 If you have any questions about this Privacy Policy, please contact us via email at admin@muiaa.com

1.7 MUIAA’s Services are not intended for children and we do not knowingly process data relating to children.

2. DEFINITIONS

2. 1 “Channels” means any system or medium (including the MUIAA App, Unstructured Supplementary Service Data (USSD) and web whether internet based, mobile device based or not), which may be established by MUIAA from time to time to enable you to access and utilize one or more of the Services.

2.2 “Children” means individuals below the age of eighteen (18) years.

2.3 “Consent” means an express, unequivocal, free, specific, and informed indication of your wishes by a statement or by a clear affirmative action.

2.4 “Customer” or “User” means any individual within the Republic of Kenya to which MUIAA provides its services.

2.5 “Personal data” means any information relating to an identified or identifiable individual, which shall include Sensitive personal data.

2.6 “Sensitive personal data” means personal data about an individual’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the individual’s child(ren), parent(s), spouse(s), or the individual’s sex or the sexual orientation.

2.7 “Services” refers to the financial and informational products and features provided by MUIAA to Users, as described in Section 1.3 above.

2.8 “We”, “Our” and “Us” refer to MUIAA Limited.

3. THE DATA WE COLLECT ABOUT YOU

3.1 Information that you provide. To access our Services, you will be requested to provide personal data as specified in the applicable Privacy Notice. This includes the following:

3.2 Information that we collect as you use the Services. We also collect information from your usage of our products and features, as specified in the applicable Privacy Notice. This includes the following:

3.3 Information that we receive from third parties. To provide you with our Services and to comply with our legal obligations, we may also obtain information from third parties such as:

3.4 Withholding of personal data. If you fail to provide or withhold any or all of the personal data that MUIAA requests, we may be unable to provide you with our Services.

3.5 Regulatory requirements: We are a Digital Credit Provider regulated by several government bodies, including the Central Bank of Kenya, the Financial Reporting Centre, and the Kenya Revenue Authority. We may be required to collect, process, and retain certain personal data from you in accordance with Anti-Money Laundering, Counter Terrorist Financing and Counter Proliferation Financing (AML/CFT/CPF) or tax regulations if you use our Services.

4. HOW WE USE YOUR PERSONAL DATA

4.1 We will only process your personal data when we have a lawful basis to do so, as specified in the applicable Privacy Notice. In most instances, we will process your personal data under one of the following circumstances:

4.2 We collect and use your personal data for the following purposes, as further specified in the applicable Privacy Notice for each specific Service:

4.3 We will only send you direct marketing communications by push notification, email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us via email at admin@muiaa.com

4.4 Where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us via email at admin@muiaa.com Once we have received notification of withdrawal of consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

4.5 We use automated processing and automated decision-making with little to no human intervention when we provide you with certain features of our Services. Our models are regularly tested to ensure they remain fair, accurate, and unbiased. Where applicable, you may request a reconsideration of an automated decision by emailing us at admin@muiaa.com Please note that human intervention does not guarantee that the automated decision will be overturned.

5. DISCLOSURES AND CROSS-BORDER TRANSFERS OF YOUR PERSONAL DATA

5.1 We may disclose and/or transfer your personal data to internal and external third parties as described in the applicable Privacy Notice of each particular Service.

5.2 Your personal data collected by MUIAA shall be stored and processed inside of Kenya in a location where MUIAA or its agents maintain facilities, including the use of cloud storage and cloud computing technology.

5.3 Whenever we transfer your personal data outside of Kenya, we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are implemented. We ensure your personal data is protected by requiring all our group companies, personnel, and agents to follow the same rules when processing your personal data.

6. DATA GOVERNANCE AND SECURITY MEASURES

6.1 MUIAA implements an Information Security Management System to maintain the confidentiality, integrity, and availability of MUIAA’s information resources, in keeping with our commitments, industry standards and global best practices.

6.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulatory authority when we are required to do so.

7. DATA RETENTION

7.1 To determine the appropriate retention period for personal data, we consider the retention requirements set by legal, tax, accounting, and AML/CFT/CPF regulations, the nature and sensitivity of the information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the need to comply with our internal policies. We will retain or store your personal information only for so long as is necessary to fulfil the purposes set forth in the applicable Privacy Notice, and for a reasonable time thereafter for the furtherance and completion of any of our services to you, and for such time as may be necessary in order to comply with any legal obligation.

7.2 Details of retention periods for different aspects of your personal data are available in the Privacy Notice for the applicable Service.

7.3 In some circumstances you can ask us to delete your data: see Your Data Subject Rights below for further information. Where personal data must be deleted, disposal shall be done in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other entity.

7.4 In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

8. YOUR DATA SUBJECT RIGHTS

8.1 As a data subject, you have the following rights in relation to your personal data:

  1. The purposes for which we process your personal data;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  4. where possible, the period for which the personal data may be stored, or the criteria used to determine the period for storage and retention;
  5. where the personal data is not collected from you as the data subject, any available information as to the source of collection.

8.2 You may request that we restrict the processing of your personal data in the following circumstances:

8.3 You have the right to object to the processing of your personal data for direct marketing purposes, and you can opt out of direct marketing communications by asking us not to send you direct marketing messages.

8.4 You may withhold or withdraw your consent in cases where we rely on your consent as the lawful basis for processing of your Personal Data. Doing so may prevent us from providing you with our Services.

8.5 You or your authorized representative can exercise any of these rights at any time, subject to our verification and review, by contacting us via email at admin@muiaa.com

9. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

9.1 We keep this Privacy Policy under regular review. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you.

9.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

10. THIRD PARTY LINKS

Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.