Data Privacy Statement
Policy Statement
Stelden East Africa Ltd, (this includes all its subsidiaries and regional organizations in Kenya) is committed to protecting the fundamental human right to privacy. Stelden East Africa Ltd respects the personal information and data we collect from you through the different mediums.
This Privacy Statement, applies to personal data that Stelden East Africa Ltd including all its subsidiary companies ("SEAL", "we","our","us", "Stelden East Africa Ltd") collects and handles for the purposes of maintaining and providing SEAL related information to the vis. For the purposes of this Privacy Statement, "Personal Data" means any information relating to an identified or identifiable natural person.
Who We Are
Stelden East Africa Ltd of P.O Box 54736-00200 Nairobi is both a controller and a processor in respect of personal data it processes in connection with the services provided under the relevant engagement with its partners and employees.
What Personal Data Do We Collect About You?
As a Data Controller and a Data Processor, Stelden East Africa Ltd collects personal data directly from the Data Subject or indirectly through intermediaries, service providers and other third parties. We may collect the following personal information.
|
Types of Information |
Examples |
|
Identification and Contact Information |
Name, address (and proof of address), other contact details (e.g., email and telephone details), gender, marital status, date and place of birth. |
|
Government Generated Information |
National ID Number, Tax PIN, Passport Details, NHIF and NSSF Details. |
|
Employment and Educational Information |
Employment History, Educational Background including institutions attended and Professional Memberships. |
|
Financial Information |
Bank Account, Investments, payment card number, bank account number and account details, income and other financial information. |
|
Audio-Visual Information |
Photographs, Videos, Audios i.e. CCTV Devices are installed at strategic locations to provide a safe and secure environment in all our branches, Stelden East Africa Ltd premises as a part of our commitment to security and crime prevention. Telephone Recordings - Collected during interactions with our customer service/experience teams. |
|
Online Activity Information |
Stelden East Africa Ltd automatically logs information about you and your computer or device such as the IP address, pages viewed and action on our website through Cookies and Web Beacons. |
The above list is not exhaustive, and Stelden East Africa Ltd may collect additional personal data in the course of our interactions with you.
Where We Collect Personal Information
We use Personal Information to carry out our business activities. The purposes for which we use your Personal Information will differ based on our relationship (i.e. Church Members, Employees, Business Partners, Prospective Members, etc.) including the type of communications between us and the services we provide.
We collect Personal Data from various sources, including (depending on the region you are in):
- Individuals and their family members, online or by telephone, or in written correspondence
We obtain your personal data from sources such as;
- Software applications (apps) made available by us to you
- Our Website (www.stelden.com)
- Meetings, Telephone conversations and other forms of communication
- Social Media applications and/or tools
Use of Your Personal Data
Stelden East Africa Ltd may use your personal data for the following purposes.
- Know your Customer (KYC) and Customer Due Diligence (CDD)
- Communicating with members, business partners and employees.
- Assessing and making determination on provision of products or services, employing persons as employees and such other decisions.
- Enhancing and improving product and service offering including maintaining information security.
- Fulfilling regulatory requirements such as Filing Reports with various regulators such as Office of the Data Protection Commissioner (ODPC), Insurance Regulatory Authority (IRA), Financial Reporting Centre (FRC), Capital Markets Authority (CMA), Retirements Benefits Authority (RBA).
- To respond to feedback, queries and complaints that you submit through our feedback form.
- Facilitating business operations including information technology systems.
- Providing marketing information through communication channels such as email, texts, and other platforms. (here you have provided specific consent and opt-in/subscribe to receiving Stelden East Africa Ltd marketing, products and services information, we will send you communication we think will be of interest to you. You can unsubscribe/opt-out from our marketing communication by clicking "Unsubscribe" on the footer of a Stelden East Africa Ltd marketing e-mail or any other marketing communication received.)
- To personalize and improve our services, including to provide or recommend, features, content, and advertisements. Where this is the case, we will take appropriate measures to protect your personal information in accordance with this Privacy Statement.
Legal Justification for Our Use of Personal Data
The primary purpose for collecting and processing your personal data is to perform contractual and statutory tasks related to management of the financial products/solutions you have with us. We will also process your data in connection with other tasks as required by law and statutory regulations. In addition to these, personal data may be used in product and service development.
We commit to always identify and document without prejudice the lawful basis of processing your personal data for each specific purpose and put necessary security measures to ensure safeguarding of your personal data and the lawful purpose consented to always applies.
How We Store and Protect Your Data
We have put in place appropriate physical, legal, technical and organization safeguards to protect the personal data we collect in connection with our services. Such measures include but are not limited to requiring confidentiality from employees and other persons authorize to handle personal data and implementing information technology security measures such as system rights, audit trails and firewalls.
You should be aware that the Internet is not a secure form of communication and sending and receiving information over the Internet carries with it risks including the risk of access and interference by unauthorized third parties. We do not accept responsibility or liability for the confidentiality, security or integrity of your Personal Data in connection with its transmission over the Internet.
Disclosure of Personal Data
Stelden East Africa Ltd undertakes to keep your personal data confidential and where it is necessary to satisfy the purpose for which it was collected or as may be required by law Stelden East Africa Ltd will share your data with third parties.
In connection with the purposes described above we sometimes need to share your Personal Information with third parties. Please note that in addition to the disclosures we have identified in the table below, we may disclose Personal Data for the purposes we explain in this Privacy Statement to service providers, contractors, agents and Stelden East Africa Ltd companies that perform activities on our behalf.
|
PURPOSE OF PROCESSING |
LEGAL GROUNDS |
DISCLOSURE |
|
Establishing a client relationship, including fraud, anti-money laundering and sanctions checks |
|
|
|
POLICY ADMINISTRATION |
||
|
General client care, including communicating with client |
|
|
|
CLAIMS ADMINISTRATION |
||
|
Defending or prosecuting legal claims |
|
|
|
THROUGHOUT THE MEMBERSHIP LIFECYCLE |
||
|
Marketing analytics and direct marketing, including data anonymization. |
|
|
|
Complying with our legal or regulatory obligations |
|
|
Stelden East Africa Ltd shall not disclose your personal information to any third parties such as service providers other than with your prior consent, for a legitimate reason or for the performance of a contract.
Consent
In order to facilitate the provision of our services, we rely on the data subject's consent to process personal sensitive information, such as personal records. This consent allows us to utilize the information to provide efficient products and services.
You understand that by using our site services and our products you agree to be bound by this statement of privacy. If you agree to this statement on behalf of an entity, you represent and warrant that you have the authority to bind that entity to our privacy statement, by using our products and/or accessing our site, if you do not accept it in entirety you must inform us immediately indicating what part of our privacy statement you are not agreeable to.
The affected individual's consent to this processing of personal information is a necessary condition for Stelden East Africa Ltd to be able to provide the services the client requests. Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their Personal Data and to obtain such consent for us.
Individuals may withdraw their consent to such processing at any time. However, doing so may prevent Stelden East Africa Ltd from continuing to provide the services.
Transfer of Your Personal Data
Stelden East Africa Ltd may transfer your personal information for the purpose of effecting/implementing, administering, and securing any product or service that you have applied for or for other purpose set out in this privacy statement. We may transfer or disclose the personal data we collect to regulatory, or supervisory authority, third party contractors, subcontractors, and/or their subsidiaries and affiliates who provides support to Stelden East Africa Ltd in providing its services. The third-party providers may use their own third-party subcontractors that have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by Stelden East Africa Ltd, and to flow those same obligations down to their sub-processors.
Cross-border Transmission of Your Personal Data
Your data is primarily stored in our data centres located in Ireland. From time to time we may need to transfer your personal information outside Ireland. This includes countries that do not have laws that provide specific protection to your personal data.
Where we send your information outside the country, we will make sure that there is proof of adequate data protection safeguards in the recipient country or consent from you on transfer of your personal information. Prior to transferring personal data outside the country where you are located, we shall ascertain that the transfer is based on the provided legal and regulatory standards. Circumstances in which we may transfer your personal data outside are highlighted in the table below;
|
Legal Basis |
Example |
|
There being appropriate data protection safeguards with respect to the security and protection of personal data in respect to the jurisdiction to which the data is being transferred to. |
Storage of your personal data in a cloud whose data server is located in one of the European countries that has implemented the General Data Protection Regulation (GDPR). |
|
An adequacy decision having being made by the Office of the Data Commissioner |
Where the Data Commissioner has published a list of countries which have appropriate data protection safeguards and we decide to store your data in that jurisdiction in furtherance to our legitimate interest. |
|
Necessity |
When we reinsure your risk as part of our legitimate interest and the reinsurance company requests for your personal data in respect to the insurance policy |
|
Consent |
When following your express consent, we transfer your personal data to another jurisdiction. |
Retention of Personal Data
Personal Data is retained as long as necessary for the purpose for which it is collected and to meet legal, regulatory and operational requirements. Retention periods may differ for each financial product purchased. At the end of the retention period, anonymized data is kept for management information purposes. Stelden East Africa Ltd has also put in place Data retention policy in line with Data Protection law.
Stelden East Africa Ltd may also retain your contact information for the purposes of inviting you to renew any of your insurance policy from time to time and may use your contact to send you notifications notifying you of our various products, renewal notice and claim updates.
You are responsible for the confidentiality of any password you have put in place to allow you to access certain products or services. Please note our customer service agents will never request you to share your password.
Your Data Protection Rights
We will collect, process and store your personal data in accordance with your rights under the Data Protection Act and attendant Regulations. Under certain circumstances, you have the following rights in relation to your personal data:
|
DESCRIPTION OF RIGHT |
APPLICABILITY |
|
Right to object to processing of personal data: You have a right to object to the processing of their personal data. In implementation of this right, you shall use the statutory form "Request for restriction or objection to the processing of personal data" provided in our website. |
The right is not an absolute right and we can reject the request where we demonstrate that we have justifiable reasons for processing that would negate your interests e.g. when we are required by a government agency exercising their legal mandate to provide your personal data against your request not to avail the same or in our defense of a legal claim. We will always inform you when we have decline your request and provide the reasons. This right is however absolute when it relates to direct marketing. |
|
Right to restrict processing of personal data: You have the right to request the suspension of processing of your personal data in certain circumstances. In implementation of this right, you shall use the statutory form "Request for restriction or objection to the processing of personal data" provided in our website |
This right is not an absolute right and shall be available when
|
|
Right to access personal data: You have the right to access your personal data and obtain information of how the said personal data is used and processed. In implementation of this right, you shall use the statutory form "Request for access to personal data" provided in our website |
You may access your personal data through our Self-Service Portals. Should you want to access your personal data in any other format, you may use the form subject to availing us available notice and other circumstances as shall be communicated by us to you. |
|
Right to rectification of personal data: You have the right to request your personal data to be corrected in instances of inaccuracy or incompleteness. In implementation of this right, you shall use the statutory form "Request for rectification" provided in our website. |
The right is available always subject to the discretion accorded to us to decline with reasons |
|
Right to data Portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format to transmit the said personal data obtained to another third party without any hindrance. In implementation of this right, you shall use the statutory form "Request for Data Portability" provided in our website |
This right is available always provided that it is technically feasible for us to provide the personal data in the required format. |
|
Right to erasure: This right is sometimes referred to as "the right to be forgotten" and entitles you to request deletion or removal of your personal data from our records. In implementation of this right, you shall use the statutory form "Request for erasure of personal data" provided in our website |
Right of erasure does not apply if processing of your personal data is necessary for one of the following reasons.
|
|
Right to complain to the Office of the Data Commissioner |
This right is available always. |
|
Right to withdraw consent to processing of personal data |
This right only applies where personal data is processed based upon your consent. |
|
Rights relating to automated decision making and profiling: You have a right not to be subjected to a decision based solely on our automated processing, including profiling, which legally and significantly affects you. |
This right is not applicable when a decision is:
|
In exercising your right as provided above, we may request specific information from you to help us confirm your identity. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Enforcing Your Rights
If you wish to enforce any of your rights as highlighted above as provided under the Data Protection Act and attendant Regulations, then please contact us on our details in clause 16 below. You may use the various statutory forms made available by us and we will respond to your request without undue delay and within the statutory timelines.
Complaints
If you feel we have not complied with your right to privacy and other provided rights regarding your personal data, you have a right to complain to us through the provided tool available on our website or you may pay us a visit and fill the complaint form and we shall endeavor to resolve such a complain. You however have the right to contact the Office of the Data Commissioner or such other data supervisory authority in the jurisdiction we operate in.
Cookies
Cookies are small text files which are stored on your computer when you visit certain web pages. Stelden East Africa Ltd may use cookies and similar technologies on our websites and apps, and in our emails. When you return to the website or app, or visit websites and apps that use the same cookies, they recognize these cookies and your device.
We use cookies to do many different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your online experience. We also use cookies in some of our emails to help us understand how you interact with our emails, and to help us improve our future email communications. The cookies policy on our websites and apps give you more information on cookies, how and where we use them, and how you can control them.
Changes to This Data Privacy Statement
Stelden East Africa Ltd reserves the right to change the provisions of this Privacy Statement at any time. Where the changes will have a fundamental impact on the nature of the processing of your data or your rights, we shall notify you in advance. We will let you know via email and/or a prominent notice on our Service, prior
to the change becoming effective and update the "effective date" at the top of this Privacy Statement.
Your use of the Website and applications following the posting of such revised Statement shall constitute your acceptance of any such changes. We encourage you to review our Privacy Statement whenever you visit the Website and application(s) to guarantee your understanding of how your information may be collected, processed and used.
Contact Information
If you have any queries relating to your personal data and/or this Privacy Statement, contact us throughdataprotection@stelden.com
Our address for purposes of data processing is;
Data Protection Officer
7731 Muchai Drive, Off Ngong Road
P.O Box 54736-00200 Nairobi
Tel: (020) 8566725;
Cell: +254 700 570 725, +254 777 570 725
Email: dataprotection@stelden.com
Website: www.stelden.com
Downloadable Forms
|
ID |
Title |
|
1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
Request For Restriction Or Objection To The Processing Of Personal |
Version 1.2 Dated 19thJune 2024