In case you wish to reach us to report any threat to or breach of your privacy or even to make any suggestions relating to such matters, and for any access requests, questions, or inquiries about how we use your Personal Information you may reach us at the below addresses:
The Board of Directors and management of Retailpay are committed to compliance with all relevant Kenyan laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information Retailpay collects and processes including, but not limited to, the Data Protection Act, 2019.
Accordingly, Retailpay has developed this policy to explain how we may collect, retain, process, share and transfer your personal data when you visit our or use our sites and services. This Policy applies to your personal data when you visit our sites or use our services that display or provide links to this Policy and does not apply to Sites and services that we do not own nor control, including the sites and services of other Retailpay users, where applicable.
This Policy is designed to help you obtain information regarding how we process your personal data, and aims to address all possible processing scenarios to aid you in making privacy choices while using our site and services. Where service offerings may vary by region, we may further inform you of product- or service-specific data collection through supplementary policies or notices provided before collection.
APPLICATION AND GUIDING PRINCIPLES
The Data Protection Act, 2019 and this policy apply to all of Retailpay’s personal data processing functions, including those performed on customers’, clients’, employees’, suppliers’ and partners’ personal data, and any other personal data the Retailpay processes from any source.
Retailpay has established objectives for data protection and privacy, which are guided by the following principles:
Your personal data will always be processed in accordance with your right to privacy;
Your personal data will be processed lawfully, fairly and in a transparent manner;
We will collect your personal data for explicit, specified and legitimate purposes only and not further process them in a manner that is incompatible with those purposes;
We will ensure that our processing of your personal data is adequate, relevant, limited to what is necessary in relation to the purposes for which it is processed;
We will collect your personal data only after providing a valid explanation whenever information relating to your family or private affairs is required;
We will ensure that your personal data accurate and, where necessary, kept up to date, and take every reasonable step to ensure that any inaccurate personal data is erased or rectified without delay when it comes to our attention;
We will ensure that your personal data is kept in a form which identifies you for no longer than is necessary for the purposes which it was collected; and
Ensure that your personal data is not transferred outside Kenya, unless there is proof of adequate data protection safeguards or with your consent.
SCOPE AND CONSENT
It is important for us to remind you of your rights under Kenyan Law. You have a right: (a) to be informed of the use to which your personal data is to be put; (b) to access your personal data in our custody; (c) to object to the processing of all or part of your personal data; (d) to the correction of false or misleading data; and (e) to deletion of false or misleading data about you.
WHAT PERSONAL DATA DO WE COLLECT?
Normally, you directly provide us with such data when you use Retailpay Services or interact with us. The information we collect may include the following:
Registration Information – When you register to use Retailpay Services by creating an Account, we will collect Personal Data as necessary to fulfill the services you request. Depending on the services you choose, we may require you to provide us with your name, national identification, email address or phone number to establish an Account. We may require you to provide us with additional Personal Data as you use our Services.
Transaction and experience information – When you use Retailpay Services or access our Sites, for example, to make purchases or pay for services provided by or from merchants, or to process payments, we collect information about the transaction, as well as other information associated with the transaction such as amount paid for products or services, nature of service paid for, merchant information, including information about the payment method used to complete the transaction, Device Information and Technical Usage Data.
Other information we collect related to your use of our Sites or Services – We may collect additional information from or about you when you communicate with us, contact our technical, maintenance and support, including customer support teams or respond to a survey.
When you visit the Retailpay website or use Retailpay Services, moreover, we collect information sent to us by your computer, tablet (including iPad), mobile phone or other access device.The information sent to us includes but is not limited to the following: data about the pages you access, computer IP address, device ID or unique identifier, device type, geo - location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, and standard web log data and other information.
We may collect and store information you enter on the Retailpay website or that you provide to us in the context of using our site, applications, services, or tools.When you visit the Retailpay website or use Retailpay Services, we also collect information about your transactions and your activities. In addition, if you open an e -wallet account supported by or related to Retailpay Services or use Retailpay Services, we may collect the following types of information:
Contact information, such as your name, address, phone, email and other similar information;
Financial information, such as the full bank account numbers and / or credit / debit card/ mobile telephone numbers that you use to top up the related e-wallet account or make payment when you use Retailpay Services or related Services; and
Detailed personal information such as your date of birth or national ID number;
RETENTION OF PERSONAL DATA
Where it is a requirement of the law, Retailpay will normally retain your personal data for as long as required by a relevant law (e.g. to ensure compliance with tax requirements); or if a relevant law no longer requires us to maintain Personal Information (or that period has elapsed), the Personal Information may then still be retained if required by any relevant contractual agreement or arrangement; and for Personal Information to which a relevant law or contractual agreement or arrangement does not apply, we will retain the Personal Information for as long as is required to manage our engagement and/or relationship with you plus a reasonable period afterwards.
PROCESSING OF PERSONAL DATA
We may use your personal data for the following purposes:
Provision of our Services, including to:
initiate a payment, pay for a service, goods or pay a bill;
authenticate your access to an Account;
communicate with you about your Account, the Sites, the Retailpay Services, or Retailpay; sending you information about our services that may interest you or help us to serve you better. If you do not want to receive these types of information, you can opt out at any time.
perform Account application or Service provision and availability evaluations and compare information for accuracy and verification purposes.
keep your Account and financial information up to date.
To manage our operational needs, such as monitoring, analyzing, and improving the Retailpay Services and the Sites’ performance and functionality. For example, we analyze User behavior and perform research about the way you use the RetailpayServices.
To manage risk and protect the Sites, the Retailpay Services and you from fraud by verifying your identity. Retailpay’s risk and fraud tools use Personal Data, Device Information, Technical Usage Data and Geolocation Information from our Sites and website that offer Retailpay Services to help detect and prevent fraud and abuse of the Retailpay Services.
To market to you Retailpay products and Services and the products and services of unaffiliated businesses. We may also process your Personal Data to uniquely tailor the marketing content and certain Services or Site experiences to better match your interests on Retailpay and other third-party websites.
To provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Retailpay Services. We will use this information to enhance the security of the Sites and Retailpay Services and provide you with location- based Services, such as advertising, search results, and other personalized content.
To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
To respond to your requests, for example to contact you about a question you submitted to our customer support or technical and maintenance team and better respond to your requests and support needs.
You can clear all the cookies stored on your computer, and most web browsers provide the option of blocking cookies.
HOW WE DISCLOSE PERSONAL DATA
Information about our customers and users of platforms, websites or portals that use the Retailpay Services is an important part of our business and we address sharing of your data as such. We may disclose Personal Information that we collect from you for the purpose(s) that it was collected. We may disclose the Personal Information for other purposes where we have received your consent to do so or are required to do so by law.
The following are examples of circumstances when we may disclose your information:
With your transaction counterpart to validate transactions: We will normally share Personal Data with your transaction counterpart to enable the validation of your transaction and ensure that you obtain the services paid for. This applies, for example to a particular MDA or merchant to which a payment is made or from which a service is sought. The information includes:
Personal Data and Account information necessary to facilitate the transaction;
information to help the transaction counterpart or other participant(s) resolve disputes and detect and prevent fraud; and
aggregated data and performance analytics to help MDAs and merchants better understand Users and to help MDAs and merchants enhance Users’ experiences.
With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity or assist in processing transactions.
With other financial institutions: We may share Personal Data with other financial institutions that we have partnered with to offer a product. These financial institutions may only use this information to offer Retailpay-related products, unless you have given consent for other uses. We may also share Personal Data to process transactions, and keep your financial information safe and up to date.
With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for Retailpay’s business purposes or as permitted or required by law, including:
if we need to do so to comply with a law, regulation or other legal process;
To comply with applicable laws or respond to valid legal procedures, Court Orders or Regulatory Directives, we may disclose your personal data to regulators, law enforcement or other government agencies; or when we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss; or to report suspected illegal activity or to investigate violations of a user agreement;
to protect the vital interests of a person;
to protect our property, Services and legal rights;
to facilitate a purchase or sale of all or part of Retailpay’s business;
to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services
to companies that we plan to merge with or be acquired by; and
to support our audit, compliance, and corporate governance functions.
We do not share your Personal Data with third parties for their marketing purposes without your consent.
We will take reasonable steps to ensure that the Personal Information we use or disclose is accurate, up to date, complete and relevant to the purpose of the use or disclosure.
Importantly, we only process your Personal Data in accordance with the Principles outlined herein above, in accordance with the law.
ACCESS TO AND CONTROL YOUR PERSONAL DATA
In accordance with and subject to any limitation set out in the Data Protection Act, 2019 any other applicable law, you have certain rights in relation to your Personal Data. You have the right to request access to your data, rectification and data portability.
It is your responsibility to ensure that all personal data submitted to Retailpay is correct. Retailpay is dedicated to maintaining the accuracy and completeness of personal data and keeping the data up to date.
To the extent required by the Data Protection Act, 2019 any other applicable law, you or your duly authorised person may:
have the right to access certain personal data that we maintain about you;
request that we update or correct inaccuracies in that data;
object or restrict to our use of your personal data, and
ask us to delete your personal data from our platforms.
To exercise these rights, you may contact Retailpay Directly through the contacts provided in this policy. Alternatively, you may contact Retailpay’s designated registered data controller.
PROTECTION OF YOUR PERSONAL DATA
Retailpay takes the security of your personal data very seriously. We use appropriate physical, management, and technical measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss. The security measures include, but are not limited to:
Implementing security measures in accordance with internationally recognized standards for information access management, firewalls, security monitoring and data encryption. Our security controls and mechanisms are continuously verified by an independent external auditor.
We use cryptographic technologies for transaction security and integrity such as encryption, transmission of transaction information using HTTPS and Secure Socket Layer (SSL) technology and ensuring that post transaction no sensitive card information is stored on our systems.
We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information.
We will normally add additional layers of security, including the use of one-time passwords or pins (OTPs) for additional security and safety of your transactions and personal data.
While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
Ordinarily, Retailpay will not transfer your Personal Data outside Kenya unless the transfer is necessary:
for the performance of a contract between you and Retailpay or for the implementation of pre-contractual measures taken at your request;
for the conclusion or performance of a contract concluded in your interest between the Retailpay and another person;
for any matter of public interest;
for the establishment, exercise or defence of a legal claim;
in order to protect your vital interests or of other persons, where you are physically or legally incapable of giving consent; or
for the purpose of compelling legitimate interests pursued by Retailpay, which are not overridden by your interests, rights and freedoms under Kenyan law.
However, there are several safeguards put in place by Retailpay that will normally be applicable, prior to transfer of your personal data out of Kenya in such circumstances, including the processing of sensitive personal data out of Kenya shall only be effected upon obtaining your consent and on obtaining confirmation of appropriate safeguards or the existence of compelling legitimate interests.
Moreover, Retailpay’s services can sometimes be accessed from outside of Kenya and necessitating organization-wide adoption of cloud services when your personal data collected by Retailpay may be processed or accessed in the country/region where you use our products and services or in other countries/regions where Retailpay has a presence. These jurisdictions may have different data protection laws. In such circumstances, Retailpay will take measures to ensure that data is processed as required by this Policy and the applicable national laws and regulations.
HOW YOU CAN ACCESS OR CHANGE YOUR PERSONAL INFORMATION
You can review and edit your personal information at any time by logging in to your account and reviewing your account profile.If you close your Retailpay account or an account supported or serviced otherwise related to Retailpay in terms of transactions enabling or support, we will mark your account in our database as “closed”, but may retain personal information from your account for a certain period of time to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce our user Agreement or Service Level Agreement, or take other actions as required or permitted by law.
UPDATES TO THIS POLICY
HOW TO CONTACT US
If you have any questions or suggestions, privacy complaints or issues, and want to contact Retailpay’s Data Protection Officer (DPO), please contact firstname.lastname@example.org.
Retailpay Limited, P O Box 15140-00509, NAIROBI