Privacy statement

 In Mwito Blog, Mwito News
0

MWITO D.T. SACCO LIMITED PRIVACY NOTICE

Mwito Sacco is committed to protecting the privacy and security of its members’ personal data. This Privacy Notice serves to inform all current and potential members about our practices concerning the collection, use, and protection of personal information.

  • Purpose

To inform members about personal data collection and usage.

  • Scope

Applies to all members, potential members, and website visitors.

  • Commitment

Adherence to data protection and privacy rights.

  • Transparency

Clear practices in data handling and member rights.

Information We Collect

Mwito Sacco collects various types of personal information from its members. This data is essential for membership registration, loan processing, and ensuring the security of your accounts.

Categories of Data Collected:

  • Personal Identifiers: Full names, national ID/Passport numbers, date of birth, gender, and nationality.
  • Contact Information: Residential and postal addresses, telephone numbers (mobile and landline), and email addresses.
  • Financial Data: Bank account details, income statements, salary slips, and credit history reports from authorized credit bureaus.
  • Employment Details: Name of employer, employment status (e.g., permanent, contract), and job title.

Specific Data Points:

  • Biometric Data: Two recent passport-sized photographs required for registration and identification purposes.
  • Property Details: Applicable for members applying for secured loans, including title deeds, property valuation reports, and other relevant asset documentation.
  • Transaction Data: Records of all financial transactions, deposits, withdrawals, and loan repayments made through your Sacco account.

How We Use Your Information

The personal information collected by Mwito Sacco is primarily used to facilitate the provision of our core services, enhance member experience, and ensure compliance with legal and regulatory obligations. Each piece of information serves a specific purpose in our operations.

Member Registration and Account Setup

Utilizing personal identifiers and contact information to create and manage your Sacco membership and accounts.

Loan Processing and Credit Assessment

Assessing your financial data, employment details, and credit history to determine eligibility and terms for loan products.

Communication Regarding Account Status and Updates

Sending essential notifications, statements, and updates about your account, new products, and service changes via your contact information.

Compliance with Regulatory Requirements and Legal Obligations

Using your data to meet statutory reporting, audit, and anti-money laundering (AML) requirements as mandated by Kenyan law.

Service Improvement and Member Experience Enhancement

Analyzing aggregated and anonymized data to understand member needs, improve existing services, and develop new offerings tailored to our members.

Fraud Prevention and Security Measures Implementation

Monitoring transactions and account activity to detect and prevent fraudulent activities, ensuring the security of your funds and data.

Data Sharing and Disclosure

Your information is shared for necessary operational purposes, legal compliance, or with your explicit consent.

Internal Sharing

Data is accessible only to Mwito Sacco staff members who have a legitimate business need to access it, for example, for account management or loan processing.

Regulatory Bodies

We may disclose your data to regulatory and supervisory bodies as required by law, such as the Sacco Societies Regulatory Authority (SASRA) and the Central Bank of Kenya, for compliance and oversight.

Credit Reference Bureaus

For credit assessment and reporting purposes, we share relevant financial data with authorized Credit Reference Bureaus (CRBs) in accordance with established regulations.

Service Providers

We engage third-party service providers (e.g., IT support, payment processors) who may access your data, but only to the extent necessary for them to perform their contracted services and under strict confidentiality agreements.

Data Protection Measures

Our multi-layered approach ensures the confidentiality, integrity, and availability of your information against unauthorized access, alteration, disclosure, or destruction.

Physical Security Controls

For paper-based records, we implement secure storage solutions such as locked filing cabinets, restricted access areas, and monitored premises to prevent unauthorized physical access.

Access Controls

Strict access controls are in place, limiting data viewing and modification privileges to authorized personnel only, based on the principle of least privilege.

Periodic Security Assessments and Vulnerability Testing

We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential weaknesses in our systems proactively.

Digital Encryption

All electronic data is protected using industry-standard encryption protocols during storage and transmission, ensuring that sensitive information remains unreadable to unauthorized parties.

Regular Staff Training

Our staff undergo mandatory and regular training sessions on data protection protocols, privacy best practices, and their responsibilities in handling personal data.

Data Retention Policies

Personal data is retained only for periods necessary to fulfill the purposes for which it was collected or as required by regulatory requirements, after which it is securely disposed of.

Your Rights as a Member

You are empowered with several key rights that ensure you have control over your information and how it is processed. We are committed to facilitating the exercise of these rights.

Right to be informed

You have the right to be informed about the collection and use of your personal data, as detailed in this Privacy Notice.

Right to Access

You can request access to the personal data Mwito Sacco hold about you to verify its accuracy and lawfulness of processing.

Right to Rectification

You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.

Right to Object

You may object to the processing of your personal data in certain circumstances, such as for direct marketing purposes.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Recent Posts

Start typing and press Enter to search

Corporate Social Responsibility ActivitiesMwito News