B U N G E S A C C O

BUNGE   REGULATED  NON-WDT  SACCO   LTD

  • info@bungesacco.co.ke
  • Parliament Buldings Nairobi

Bunge Sacco Data Privacy Policy

  • Home
  • Data Privacy Policy

Data Privacy Policy

DATA PRIVACY POLICY

INTRODUCTION

 

This Data Protection Policy has been developed as a guide to Bunge Sacco in management of stakeholders’ data. Bunge Sacco obtains, uses, stores and otherwise processes personal data relating to its stakeholders such as potential and current employees, former staff, members, suppliers, visitors to Sacco premises, contractors and website users, collectively referred to in this policy as data subjects. This Policy sets out how the Sacco manages those responsibilities.

The Sacco heavily draws its data policy guidelines from the Data Protection Act, 2019 and the General Data Protection Regulations, 2021. When processing personal data, the Sacco is obliged to fulfil individuals’ reasonable expectations of privacy by complying with the Act and related Regulations and other relevant data protection legislation.

 

The policy document is therefore intended to ensure that the Sacco:

  • Is clear about how personal data must be processed and the Sacco’s expectations

for all those who process personal data on its behalf;

  • Complies with existing data protection laws and with good practice;
  • Protects its reputation by ensuring the personal data entrusted to it is processed

in accordance with data subjects’ rights;

  • Protects itself from risks of personal data breaches and other breaches of data protection law.

 

INFORMATION MANAGEMENT

In the normal course of business Saccos require their members to submit their personal details which includes Personally identifiable information (PII) and Personally identifiable financial information (PIFI). This data is stored and facilitates rendering of customised financial services to each particular member. Since data is at the core of offering financial services, financial institutions must ensure adherence to principles of data privacy including identification of forms of data.

 

Justification for collection of personal information

 

The Sacco may collect and use Data Subject’s personal data:

  • If it is necessary for the Sacco’s legitimate interest and so long as its use is fair, balanced and does not unduly impact data subject’s
  • With the Data Subject’s For example, to send marketing emails, to take and use a data subject’s photograph, to collect relevant medical information. The data subject can withdraw consent for this at any time.

 

  • As required to fulfil the Sacco’s legal obligations as a registered Non-Deposit Taking Co-operative Society and This includes sharing personal info with bodies such as SASRA, Ministry or the day responsible for co-operatives, NSSF, NHIF, Courts, Police, EACC, CRBs, among other legal/statutory bodies.

 

The Sacco will only process sensitive personal data if it has data subject’s explicit consent. In extreme situations, the Sacco may share data subject’s personal details with the emergency services if it believes it is in data subject’s ‘vital interests’ to do so.

 

Sources of personal information

 

The Sacco may collect information about data subject from different sources, for example:

  1. Directly from data subject when they:
    • Apply for membership
    • Apply for account opening
    • Apply for Sacco loan products
    • Apply for employment/internship
    • Are employed in the Sacco
    • Apply as a supplier
    • Register for or at one of events
    • Complete a survey
    • Subscribe for updates via Sacco’s mobile and electronic services

 

  1. Indirectly:
  1. From other people who think that the data subject may be interested in collaborating in their work.
  2. From the public domain when the data subject has deliberately made the data public.

 

  1. From third parties such as previous or current employers to verify details about job applicants.
  2. From external sources such as publications and external reviewers or
  3. From another source when the guardian appointed has consented to the collection in cases where the data subject has an
  4. Where collection of data from another source is necessary:
    • for the prevention, detection, investigation, prosecution, and punishment of crime;
    • for the enforcement of a law which imposes a pecuniary penalty; or
    • for the protection of the interests of the data subject or another

 

Forms of personal information collected

 

The Sacco only collects personal information that is genuinely needed for its operations. This will include:

  • Contact details such as name address, email address and phone numbers
  • Biometric data such as thumb prints
  • Nationality
  • National ID and Passport information
  • Date of birth
  • Gender
  • Information about race and ethnicity
  • Qualifications
  • Bank and wallet account details
  • Medical information
  • Benefits received
  • Employment details
  • Photographs and video recordings
  • Tax and residency status for statutory requirements
  • References from previous employers or educational institutions
  • Contact details for family members and next of kin
  • Details of criminal convictions

 

Personal Data Protection Principles

 

In processing personal data, Bunge Sacco shall be guided by the principles of data protection as captured in the Data Protection Act, and requires the Sacco to ensure that personal data is:

  1. Processed in accordance with the rights to privacy of the data subject;
  2. Processed lawfully, fairly and in a transparent manner in relation to any data subject;
  3. Collected for explicit, specified, and legitimate purposes and not further processed in a manner incompatible with those purposes;
  4. Adequate, relevant, limited to what is necessary in relation to the purposes for which it is processed;
  5. Collected only where a valid explanation is provided whenever information relating to family or private affairs is required;
  6. Accurate and, where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data is erased or rectified without delay;
  7. Kept in a form which identifies the data subjects for no longer than is necessary for the purposes which it was collected; and
  8. Not transferred outside Sacco, unless there is proof of adequate data protection safeguards or consent from the data

 

In complying with the stated data protection principles, Bunge Sacco will observe the following:

 

Fairness and lawfulness

When processing personal data, the individual rights of the data subjects must be protected. Personal data must be collected and processed in a legal and fair manner.

 

Restriction to a specific purpose

Personal data can be processed only for the purpose that was defined before the data was collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.

 

Transparency

The data subject shall be informed of how his/her data is being handled. In general, personal data must be collected directly from the individual concerned. When the data is collected, the data subject must either be aware of, or informed of:

  1. The identity of the Data Controller
  2. The purpose of data processing
  3. Third parties or categories of third parties to whom the data might be transmitted, if any.

 

Data reduction and data economy

Before processing personal data, the Sacco will determine whether and to what extent the processing of personal data is necessary to achieve the purpose for which it is undertaken. Where the purpose allows and where the expense involved is in proportion with the goal being pursued, anonymized or statistical data must be used. Personal data may not be collected in advance and stored for potential future purposes unless required or permitted by national law.

 

Deletion

Personal data that is no longer needed after the expiration of legal or business process- related periods must be deleted. There may be an indication of interests that merit protection or historical significance of this data in individual cases. If so, the data must remain on file until the interests that merit protection have been clarified legally, or the Sacco has evaluated the data to determine whether it must be retained for historical purposes.

 

Factual accuracy; up-to-date data

Personal data on file must be correct, complete, and – if necessary – kept up to date. Suitable steps must be taken to ensure that inaccurate or incomplete data are deleted, corrected, supplemented, or updated.

 

Confidentiality and data security

Personal data is subject to data secrecy. It must be treated as confidential on a personal level and secured with suitable organizational and technical measures to prevent unauthorized access, illegal processing, or distribution, as well as accidental loss, modification or destruction.

 

Your Rights as the Data Subject

 

Every data subject has the following rights:

  1. To be informed of the use to which their personal data is to be put;
  2. To access their personal data in custody of data controller or data processor;
  3. To object to the processing of all or part of their personal data. This does not apply if a legal provision requires the data to be processed;
  4. To correction of false or misleading data; and
  5. To deletion of false or misleading data about

 

A right conferred on a data subject may be exercised:

  1. by a person who has parental authority or by a guardian if the data subject is a minor;
  2. by a person duly authorized to act as a guardian or administrator in a case where the data subject has a mental or other disability; or
  3. by a person duly authorized by the data

 

Data Subject Consent

 

A data subject may prior to the processing of their personal data give consent either orally or in writing, and may include a handwritten signature, an oral statement, or use of an electronic or other medium to signify agreement.

 

The Sacco shall seek consent from data subjects through various means. These include the data subjects willingly:

  • Appending their signature of acceptance of terms and conditions of engagement on physical consent form.

 

  1. Ticking an opt-in box on paper or
  2. Clicking an opt-in button or link
  3. Responding to an email requesting
  • Volunteering optional information for a specific
  • Selecting from equally prominent Yes/No

 

Broadly, the Sacco will have a general statement in all data collection forms and portals authorizing the Sacco to utilize the member data.

 

In obtaining consent from a data subject, the Sacco shall ensure that the data subject:

  1. has capacity to understand and communicate their consent;
  2. is informed of the nature of processing in simple and clear language that is understandable;
  3. is informed whether data is being transferred to third party or implementing partners, or whether data is being collected by a third party on behalf of Bunge
  4. is informed of their duty to keep Bunge Sacco informed of changes to their personal data and status.
  5. is informed of right to access to their personal data, or correction or deletion of
  6. is informed of procedure to lodge a complaint in case of suspected
  7. is informed of the importance of providing accurate and complete
  8. voluntarily gives consent and that the consent is

 

 

 

In case you have any questions or concerns regarding this Data Privacy Policy, or would like to exercise any of your rights under this policy, you can talk to our Data Protection Officer via phone on 0711 180913 or email: customercare@bungesacco.co.ke.

 

 

Go To Top