This is the privacy policy of Retailpay Limited (“Retailpay”), a private limited liability company incorporated in the Republic of Kenya.

In case you wish to reach us to report any threat to or breach of your privacy or even to make any suggestions relating to such matters, and for any access requests, questions, or inquiries about how we use your Personal Information you may reach us at the below addresses:

By Email:privacy@retailpay.africa

It is Retailpay‘s policy to respect your privacy regarding any information that we may collect while operating our website or when you are interacting with any of our products.This Privacy Policy applies to Retailpay (hereinafter, “us”, “we”, or “ https://www.retailpay.africa”).

We respect your privacy and are committed to protecting personal identifiable information that you may provide to us through the Website or by any other means. We have adopted this policy( “ Privacy Policy “) to explain what information may be collected on our Website how we use this Privacy Policy applies only to information we collect through the Website and does not apply to our collection of information from other sources.

POLICY STATEMENT

The Board of Directors and management of Retailpay are committed to compliance with all relevant Kenyan laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information Retailpay collects and processes including, but not limited to, the Data Protection Act, 2019.

Accordingly, Retailpay has developed this policy to explain how we may collect, retain, process, share and transfer your personal data when you visit our or use our sites and services. This Policy applies to your personal data when you visit our sites or use our services that display or provide links to this Policy and does not apply to Sites and services that we do not own nor control, including the sites and services of other Retailpay users, where applicable.

This Policy is designed to help you obtain information regarding how we process your personal data, and aims to address all possible processing scenarios to aid you in making privacy choices while using our site and services. Where service offerings may vary by region, we may further inform you of product- or service-specific data collection through supplementary policies or notices provided before collection.

APPLICATION AND GUIDING PRINCIPLES

The Data Protection Act, 2019 and this policy apply to all of Retailpay’s personal data processing functions, including those performed on customers’, clients’, employees’, suppliers’ and partners’ personal data, and any other personal data the Retailpay processes from any source.

Retailpay has established objectives for data protection and privacy, which are guided by the following principles:

1. Your personal data will always be processed in accordance with your right to privacy;

2. Your personal data will be processed lawfully, fairly and in a transparent manner;

3. We will collect your personal data for explicit, specified and legitimate purposes only and not further process them in a manner that is incompatible with those purposes;

4. We will ensure that our processing of your personal data is adequate, relevant, limited to what is necessary in relation to the purposes for which it is processed;

5. We will collect your personal data only after providing a valid explanation whenever information relating to your family or private affairs is required;

6. We will ensure that your personal data accurate and, where necessary, kept up to date, and take every reasonable step to ensure that any inaccurate personal data is erased or rectified without delay when it comes to our attention;

7. We will ensure that your personal data is kept in a form which identifies you for no longer than is necessary for the purposes which it was collected; and

8. Ensure that your personal data is not transferred outside Kenya, unless there is proof of adequate data protection safeguards or with your consent.

This Privacy Policy describes your privacy rights regarding our collection, use, storage, sharing and protection of your personal information.It applies to Retailpay’s services and all related sites, applications, services and tools regardless of how or from where you access or use them.

SCOPE AND CONSENT 

You accept this Privacy Policy when you sign up for, access, or use our products, services, content, features, technologies or functions offered on our website and all related sites, applications, and services (for these purposes collectively referred to as the “Retailpay Services”). Should the need arise, we may amend this policy at any time by posting a revised version on our website.The revised version will be effective at the time of posting.

It is important for us to remind you of your rights under Kenyan Law. You have a right: (a) to be informed of the use to which your personal data is to be put; (b) to access your personal data in our custody; (c) to object to the processing of all or part of your personal data; (d) to the correction of false or misleading data; and (e) to deletion of false or misleading data about you.

WHAT PERSONAL DATA DO WE COLLECT?

“Personal data” means any information relating to an identified or identifiable natural person. You accept this Privacy Policy when you sign up for, access, or use our products, sevices, content, features, technologies or functions offered on our website and all related sites, applications, and services (collectively referred to as the “ Retailpay Services “).

Normally, you directly provide us with such data when you use Retailpay Services or interact with us. The information we collect may include the following:

Registration Information – When you register to use Retailpay Services by creating an Account, we will collect Personal Data as necessary to fulfill the services you request. Depending on the services you choose, we may require you to provide us with your name, national identification, email address or phone number to establish an Account. We may require you to provide us with additional Personal Data as you use our Services.

Transaction and experience information – When you use Retailpay Services or access our Sites, for example, to make purchases or pay for services provided by or from merchants, or to process payments, we collect information about the transaction, as well as other information associated with the transaction such as amount paid for products or services, nature of service paid for, merchant information, including information about the payment method used to complete the transaction, Device Information and Technical Usage Data.

Information that you choose to provide us to obtain additional Services or specific online Services – If you request or participate in an optional Site feature, or request enhanced Services, we may collect additional information from you. We will provide you with a separate notice at the time of collection, if the use of that information differs from the uses disclosed in this Privacy Policy. An example of this is an online survey, whether provided by us or a third party.

Personal Data about you if you use unbranded Services – certain Services are available without being required to log in to or establish an Account with Retailpay. For instance, we collect Personal Data when you are interacting with and making payments to merchants, on their sites and checkout with Retailpay without logging into an account. For our unbranded payment services, your interaction is with the merchant, on their platform. If you are an Account holder, or create an Account at a later date, we may collect information about such unbranded transactions and associate them with your Account to improve your customer experience as an Account holder and for compliance and analytics purposes. If you are not an Account holder, we will collect and store all information you provide and use such information in accordance with this Privacy Policy.

Other information we collect related to your use of our Sites or Services – We may collect additional information from or about you when you communicate with us, contact our technical, maintenance and support, including customer support teams or respond to a survey.

When you visit the Retailpay website or use Retailpay Services, moreover, we collect information sent to us by your computer, tablet (including iPad), mobile phone or other access device.The information sent to us includes but is not limited to the following: data about the pages you access, computer IP address, device ID or unique identifier, device type, geo - location information, computer and connection information, mobile network information, statistics on page views, traffic to and from the sites, referral URL, ad data, and standard web log data and other information.

We may collect and store information you enter on the Retailpay website or that you provide to us in the context of using our site, applications, services, or tools.When you visit the Retailpay website or use Retailpay Services, we also collect information about your transactions and your activities. In addition, if you open an e -wallet account supported by or related to Retailpay Services or use Retailpay Services, we may collect the following types of information:

• Contact information, such as your name, address, phone, email and other similar information;

• Financial information, such as the full bank account numbers and / or credit / debit card/ mobile telephone numbers that you use to top up the related e-wallet account or make payment when you use Retailpay Services or related Services; and

• Detailed personal information such as your date of birth or national ID number;

We may also obtain information about you from third parties such as credit bureaus and identity verification services. You may choose to provide us with access to certain personal information stored by third parties such as social media sites.The information we may receive varies by site and is controlled by that site. By associating an account managed by a third party with your Retailpay Services related or supported e-wallet account and authorising Retailpay to have access to this information, you agree that Retailpay may collect, store and use this information in accordance with this Privacy Policy.

RETENTION OF PERSONAL DATA

Where it is a requirement of the law, Retailpay will normally retain your personal data for as long as required by a relevant law (e.g. to ensure compliance with tax requirements); or if a relevant law no longer requires us to maintain Personal Information (or that period has elapsed), the Personal Information may then still be retained if required by any relevant contractual agreement or arrangement; and for Personal Information to which a relevant law or contractual agreement or arrangement does not apply, we will retain the Personal Information for as long as is required to manage our engagement and/or relationship with you plus a reasonable period afterwards.

If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such Personal Data in accordance with this Privacy Policy

PROCESSING OF PERSONAL DATA

We may use your personal data for the following purposes:

Provision of our Services, including to:

• initiate a payment, pay for a service, goods or pay a bill;

• authenticate your access to an Account;

• communicate with you about your Account, the Sites, the Retailpay Services, or Retailpay; sending you information about our services that may interest you or help us to serve you better. If you do not want to receive these types of information, you can opt out at any time.

• perform Account application or Service provision and availability evaluations and compare information for accuracy and verification purposes.

• keep your Account and financial information up to date.

To manage our operational needs, such as monitoring, analyzing, and improving the Retailpay Services and the Sites’ performance and functionality. For example, we analyze User behavior and perform research about the way you use the RetailpayServices.

To manage risk and protect the Sites, the Retailpay Services and you from fraud by verifying your identity. Retailpay’s risk and fraud tools use Personal Data, Device Information, Technical Usage Data and Geolocation Information from our Sites and website that offer Retailpay Services to help detect and prevent fraud and abuse of the Retailpay Services.

To market to you Retailpay products and Services and the products and services of unaffiliated businesses. We may also process your Personal Data to uniquely tailor the marketing content and certain Services or Site experiences to better match your interests on Retailpay and other third-party websites.

To provide personalized Services offered by Retailpay. We may use your Personal Data and other information collected in accordance with this Privacy Policy to provide a targeted display, feature, Services or offer to you on our sites. We may use cookies and other tracking technologies to provide these online services and/or personalize your experience to your unique needs.

To provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Retailpay Services. We will use this information to enhance the security of the Sites and Retailpay Services and provide you with location- based Services, such as advertising, search results, and other personalized content.

To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.

To respond to your requests, for example to contact you about a question you submitted to our customer support or technical and maintenance team and better respond to your requests and support needs.

HOW WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES 

When you visit our Sites, use our Services, or visit a third-party website for which we provide online or digital Services, we may use cookies and other tracking technologies (collectively, “Cookies”) to recognize you as a User and to customize your online experiences, the Services you use, and other online content and advertising; measure the effectiveness of promotions and perform analytics; and to mitigate risk, prevent potential fraud, and promote trust and safety across our Sites and Services.

Retailpay will not use cookies for any purposes not stated in this Policy. You can manage or delete cookies based on your own preferences.

You can clear all the cookies stored on your computer, and most web browsers provide the option of blocking cookies.

Please review our Cookie Policy to learn more about how we use Cookies.

HOW WE DISCLOSE PERSONAL DATA

Information about our customers and users of platforms, websites or portals that use the Retailpay Services is an important part of our business and we address sharing of your data as such. We may disclose Personal Information that we collect from you for the purpose(s) that it was collected. We may disclose the Personal Information for other purposes where we have received your consent to do so or are required to do so by law.

The following are examples of circumstances when we may disclose your information:

• With your transaction counterpart to validate transactions: We will normally share Personal Data with your transaction counterpart to enable the validation of your transaction and ensure that you obtain the services paid for. This applies, for example to a particular MDA or merchant to which a payment is made or from which a service is sought. The information includes:

  • Personal Data and Account information necessary to facilitate the transaction;

  • information to help the transaction counterpart or other participant(s) resolve disputes and detect and prevent fraud; and

  • aggregated data and performance analytics to help MDAs and merchants better understand Users and to help MDAs and merchants enhance Users’ experiences.

• With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity or assist in processing transactions.

• With other financial institutions: We may share Personal Data with other financial institutions that we have partnered with to offer a product. These financial institutions may only use this information to offer Retailpay-related products, unless you have given consent for other uses. We may also share Personal Data to process transactions, and keep your financial information safe and up to date.

• With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for Retailpay’s business purposes or as permitted or required by law, including:

  • if we need to do so to comply with a law, regulation or other legal process;

  • To comply with applicable laws or respond to valid legal procedures, Court Orders or Regulatory Directives, we may disclose your personal data to regulators, law enforcement or other government agencies; or when we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss; or to report suspected illegal activity or to investigate violations of a user agreement;

  • to protect the vital interests of a person;

  • to protect our property, Services and legal rights;

  • to facilitate a purchase or sale of all or part of Retailpay’s business;

  • to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services

  • to companies that we plan to merge with or be acquired by; and

  • to support our audit, compliance, and corporate governance functions.

We do not share your Personal Data with third parties for their marketing purposes without your consent.

We will take reasonable steps to ensure that the Personal Information we use or disclose is accurate, up to date, complete and relevant to the purpose of the use or disclosure.

Importantly, we only process your Personal Data in accordance with the Principles outlined herein above, in accordance with the law.

ACCESS TO AND CONTROL YOUR PERSONAL DATA

In accordance with and subject to any limitation set out in the Data Protection Act, 2019 any other applicable law, you have certain rights in relation to your Personal Data. You have the right to request access to your data, rectification and data portability.

It is your responsibility to ensure that all personal data submitted to Retailpay is correct. Retailpay is dedicated to maintaining the accuracy and completeness of personal data and keeping the data up to date.

To the extent required by the Data Protection Act, 2019 any other applicable law, you or your duly authorised person may:

• have the right to access certain personal data that we maintain about you;

• request that we update or correct inaccuracies in that data;

• object or restrict to our use of your personal data, and

• ask us to delete your personal data from our platforms.

To exercise these rights, you may contact Retailpay Directly through the contacts provided in this policy. Alternatively, you may contact Retailpay’s designated registered data controller.

PROTECTION OF YOUR PERSONAL DATA

Retailpay takes the security of your personal data very seriously. We use appropriate physical, management, and technical measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss. The security measures include, but  are not limited to:

• Implementing security measures in accordance with internationally recognized standards for information access management, firewalls, security monitoring and data encryption. Our security controls and mechanisms are continuously verified by an independent external auditor.

• We use cryptographic technologies for transaction security and integrity such as encryption, transmission of transaction information using HTTPS and Secure Socket Layer (SSL) technology and ensuring that post transaction no sensitive card information is stored on our systems.

• We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information.

• We will normally add additional layers of security, including the use of one-time passwords or pins (OTPs) for additional security and safety of your transactions and personal data.

While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

Ordinarily, Retailpay will not transfer your Personal Data outside Kenya unless the transfer is necessary:

1. for the performance of a contract between you and Retailpay or for the implementation of pre-contractual measures taken at your request;

2. for the conclusion or performance of a contract concluded in your interest between the Retailpay and another person;

3. for any matter of public interest;

4. for the establishment, exercise or defence of a legal claim;

5. in order to protect your vital interests or of other persons, where you are physically or legally incapable of giving consent; or

6. for the purpose of compelling legitimate interests pursued by Retailpay, which are not overridden by your interests, rights and freedoms under Kenyan law.

However, there are several safeguards put in place by Retailpay that will normally be applicable, prior to transfer of your personal data out of Kenya in such circumstances, including the processing of sensitive personal data out of Kenya shall only be effected upon obtaining your consent and on obtaining confirmation of appropriate safeguards or the existence of compelling legitimate interests.

Moreover, Retailpay’s services can sometimes be accessed from outside of Kenya and necessitating organization-wide adoption of cloud services when your personal data collected by Retailpay may be processed or accessed in the country/region where you use our products and services or in other countries/regions where Retailpay has a presence. These jurisdictions may have different data protection laws. In such circumstances, Retailpay will take measures to ensure that data is processed as required by this Policy and the applicable national laws and regulations.

HOW YOU CAN ACCESS OR CHANGE YOUR PERSONAL INFORMATION

You can review and edit your personal information at any time by logging in to your account and reviewing your account profile.If you close your Retailpay account or an account supported or serviced otherwise related to Retailpay in terms of transactions enabling or support, we will mark your account in our database as “closed”, but may retain personal information from your account for a certain period of time to collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, prevent fraud, enforce our user Agreement or Service Level Agreement, or take other actions as required or permitted by law.

UPDATES TO THIS POLICY

Retailpay reserves the right to update or change this Privacy Policy at any time. We will release the latest Privacy Policy on our website and appropriate channels in case of any changes. If major changes are made to the Privacy Policy, we may notify you through different channels, for example, posting a notice on our website or sending you a direct notification, including by email.

HOW TO CONTACT US

If you have any questions or suggestions, privacy complaints or issues, and want to contact Retailpay’s Data Protection Officer (DPO), please contact privacy@retailpay.africa.

By Post:

Retailpay Limited, P O Box 15140-00509, NAIROBI