HFCB← Back to HFCB

For Public · Version 1.0

HFCB Data Privacy Statement

Effective 2021

Disclaimer

On our website or portals, we may provide hyperlinks to other websites or third parties. When you visit these websites as redirected from our websites or portals, you shall be subject to the third party’s terms and conditions and privacy policies and we do not in any way guarantee nor will we be held responsible for the privacy of your personal data while accessing those third-party websites.

Our Rights

HFCB reserves the right to update, modify or amend this policy statement at any time and an updated copy can be obtained from the official group website.

Abbreviations

CCTV
Closed Circuit Television
DCI
Directorate of Criminal Investigations
NSSF
National Social Security Fund
NHIF
National Hospital Insurance Fund
KRA
Kenya Revenue Authority
PIN
Personal Identification Number
ID
Identity
CBK
Central Bank of Kenya
HELB
Higher Education Loans Board
CDD
Customer Due Diligence
ECDD
Enhanced Customer Due Diligence
KYC
Know Your Customer
AML
Anti Money Laundering
CFT
Counter Terrorist Financing
IPRS
Integrated Population Registration System

Definitions

Personal data, Sensitive personal data, identifiable natural person — as given meaning in the Kenya Data Protection Act, 2019.

Processing — as given meaning in the Kenya Data Protection Act, 2019.

Customer(s), “You”, “Your” — this may mean, as the situation may apply:
  1. the person who enquires about, purchases, subscribes to, enrolls onto, or consumes any of our products and/or services or accesses our website or other HFCB portals.
  2. any visitor including contractors/service providers or any third party who gains access to any HFCB premises.

“Organization”, “Us”, “We”, “Our” — HFCB, including the Bank and its branches and all its subsidiaries as listed on the official group website.

Introduction

HFCB operates in a complex, data-oriented environment that requires use of personal data to fulfil its core mandate in serving various stakeholders. This policy is our statement of commitment to handle your personal data with the privacy it requires and in accordance to the provisions of various laws and regulations.

The below statements outline our key touch points with you highlighting how we shall be handling your personal data throughout its lifecycle right from acquisition to erasure. The statements also spell out your rights and also indicates the controls the organization has established to safeguard your data.

Scope

This Data Privacy statement applies to all our customers where the term customer is given meaning above.

Individual Statements

  1. Acknowledgement and consent.
  2. When is personal data collected from you?
  3. What personal data is collected from you?
  4. Why do we need to collect and use your personal data?
  5. Do we retain any of your personal data?
  6. With whom will we share/disclose your personal data?
  7. Transfer of your information.
  8. Direct marketing.
  9. Access to or updating your personal data.
  10. Safeguarding and protecting your personal data.
  11. Handling your sensitive personal data.
  12. Your rights.
  13. Our Contacts.

1. Acknowledgement and Consent

By choosing to interact with us in any of the ways outlined in section 2, you will be doing so with the full knowledge and consent that we will collect and process your personal data.

By consenting, you allow us to collect, process, store, disclose, transfer your data as guided in the provisions of the Data protection laws.

By withholding or withdrawing your consent, HFCB shall terminate any agreement with you and reject any further applications.

Please note that withholding or withdrawing your consent shall not apply to any processing done on your personal data prior to you exercising this right.

2. When is personal data collected from you?

We will collect your personal information when you (this list is not exhaustive):

  1. Enquire about, subscribe to, enroll onto or take up any of our products or services.
  2. Visit our offices including the head office or any of our branches or subsidiary offices.
  3. Visit our website or any of our online portals.
  4. Call our contact center, treasury or any official bank numbers.
  5. Utilize any of our bank provided WIFI connections.
  6. Report an incident or lodge a complaint through any of our specified channels.

3. What personal data is collected from you?

Whenever you interact with us, we will collect the following information from you (please note that this list is not exhaustive):

  1. Information relating to enquiring about, acquiring or procuring, subscribing or onboarding/enrolling onto any of our HFCB products or services or channels. Such information includes: your full names, identification document type(s) and number(s), phone number, email address, location, postal address, date of birth, age, gender, photograph, signature, marital status, PIN number, occupation, nationality, etc.
  2. Information that enables us to contact you and/or positively identify you in relation to enquiries made by you through our channels or portals and/or offer support for products or services that you have acquired/procured from us including: account number(s), account name(s), transaction history, phone number, etc.
  3. Information that will enable us conduct CDD/ECDD/KYC/AML/CFT validation checks as required of us by the regulators. Such information will include: your identification number, KRA details for individuals or corporates as the case may be, company details and relevant incorporation documents, etc.
  4. Surveillance recordings captured by our Closed Circuit TV (CCTV) that have been installed in strategic places in any of the HFCB premises to improve the security posture of the facilities.
  5. Information for safety and security purposes when you visit our premises which is recorded in an access register at the building entrance including your name, phone number(s), identification type and number, company or institution details.
  6. When you visit our website, Internet Banking, Mobile Banking or any of our other portals, we will collect information such as your device address, location, browsing preferences.
  7. Voice recordings whenever you call our contact center, treasury or any other official numbers.
  8. When you use Bank provided WIFI, we will collect your device address, traffic information including sites visited, duration and date for the traffic.
  9. When you report an incident relating to any of your products or lodge a complaint with us we may collect information relating to such reports including your full names, identification document type(s) and number(s), phone number, email address, location, postal address.

4. Why do we need to collect and use your personal data?

The Data Protection Law provides the lawful basis for which we may collect and process your information including consent provided by you to collect and process the information, to aid in the performance of a product or service contract we have with you, to comply to a legal or regulatory obligation or requirement, for public and data subject interests and for various legitimate business interests of HFCB.

We will use and process the information collected from you for various purposes including (please note that this list is not exhaustive):

  1. For positive identification purposes including:
    1. When you contact us with inquiries or service requests regarding any of the products or services we offer you.
    2. For cross-referencing with various government databases e.g. IPRS, KRA etc.
  2. For communication purposes including:
    1. Contacting you about products or services that we are offering you or that you have enquired about.
    2. Promotional messages for existing, new or updated products or service offerings.
    3. Technology systems, premises accessibility and/or account transaction updates.
    4. Any other general information.
  3. Satisfying our contractual obligations to you when providing the products and/or services you have procured from us.
  4. Building a dependable customer profile and provision of customized services by:
    1. Conducting credit checks and credit scoring with various credit reference bureaus.
    2. Conducting CDD/ECDD/AML/CTF checks with various internal and government databases and various sanction lists.
    3. Establishing customer/company legitimacy/validity.
  5. Aiding in investigations in the event of reported incidents or frauds.
  6. Complying with any legal, governmental or regulatory requirement or for use by our lawyers in connection with any legal proceedings e.g. responding to court orders.

5. Do we retain any of your personal data?

HFCB shall not retain your data any longer than as shall be determined by the purpose for which the data was collected and whether that purpose has been fulfilled unless as circumstances may dictate including:

  • Applicable legal and regulatory requirements,
  • Consent provided by you,
  • For legitimate lawful purposes or
  • For historical and reporting purposes.

6. With whom will we share/disclose your personal data?

We will not share or disclose any of your information except in accordance with applicable laws and regulations.

HFCB may share or disclose your information to:

  1. Our debt recovery agencies for purposes of debt recovery.
  2. Legal, regulatory or any other statutory authorities for purposes of complying to or responding to a demand by the said authorities.
  3. Credit reference agencies/bureaus.
  4. Various government databases in order to comply with applicable regulatory requirements e.g. IPRS.
  5. Our subsidiaries, partners for purposes of fulfilling our obligations to you.

7. Commercial use of your personal data

We will continually introduce new products or services, upgrade existing ones and introduce new ways of serving you. In this regard, we may need to communicate such developments with you.

HFCB will however seek your consent to opt-in to receive such updates via our various communication channels.

To opt-out of these communications, you may:

8. Access to or updating your personal data

Access to personal data shall be provided upon visit or formal request to the bank and requisite data update/modification forms provided to capture any personal data update requests. Modification of this data shall be done by the bank according to the established internal processes that aim to give assurance on integrity and accuracy of personal data.

9. Safeguarding and Protecting your personal data

HFCB has put in place various operational and technical controls to safeguard your data from unauthorized access or modification. We are also continually enhancing our controls in line with the ever-evolving threat landscape.

10. Handling your sensitive personal data

HFCB shall not collect or process your sensitive personal data except as necessary to carry out the activities prescribed in section 4 above.

11. Transfer of your personal data outside Kenya

HFCB may from time to time transfer your personal data outside Kenya as circumstances may allow in fulfilment of its obligations. This shall be done with the requisite and appropriate approvals and safeguards on the data.

12. Your rights

Your rights as spelt out in the data protection laws include the below. Please note that these are subject to legal, regulatory and contractual exceptions and we reserve a right to override exercise of your rights where there is a legitimate reason, legal or regulatory requirement to do so as may be applicable.

  1. Right to be informed of the use to which your personal data is to be put.
  2. Right to access your personal data.
  3. Right to object to the processing of all or part of your personal data.
  4. Right to correction of false or misleading data about you.
  5. Right to deletion of false or misleading data about you.
  6. Right to erase your personal data that we are no longer authorized to retain, irrelevant, excessive or obtained unlawfully.
  7. Right to be informed that we are collecting personal data about you.
  8. Right to withdraw your consent to processing of your personal data.
  9. Right to request restricted processing of your personal data.
  10. Right to request transfer of your personal data.
  11. Right to not be subject to a decision based on automated processing; subject to such automated processing producing legal effects that affect you.
  12. Right to decline use of your personal data for commercial purposes.
  13. Right to be informed about a breach to your personal data unless your identity cannot be established in that breach.
  14. Right to lodge a complaint with the office of the Data Commissioner if you feel aggrieved by a decision made by HFCB using the prescribed mechanisms in the protection laws.

13. Our Contacts

Our contact details are:

HFCB
Rehani House, Kenyatta Avenue / Koinange Street
P.O. Box 30088-00100, Nairobi

14. Data Protection Officer (DPO) Contacts

Email Address: dpo@hfcb.co.ke
Telephone: 0709 438 308

HFCB Data Privacy Statement, 2021Copyright © 2021 HFCB. All Rights Reserved.
← Back to HFCB Whizz