Kopafasta Microfinance Privacy Policy

Last Updated: 08^th April 2024

Kopafasta Microfinance Limited (“Kopafasta”, “we”, “us”, or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you use our services or interact with our website.

1. Information We Collect

We may collect the following types of personal information from you:

1. s Identification Information:
   • This includes personal identifiers such as your full name, date of birth, government-issued identification number (e.g., passport number, national ID card number), and other relevant identification details.
   • We collect this information to verify your identity, comply with legal and regulatory requirements, and establish your eligibility for financial products and services.
2. Contact Information:
   • Contact details such as your postal address, email address, and telephone number.
   • We use this information to communicate with you regarding your account, provide updates on our products and services, and respond to your inquiries and requests.
3. Financial Information:
   • Financial data such as income, employment status, occupation, employer details, banking information, credit history, and other relevant financial details.
   • We collect this information to assess your creditworthiness, evaluate loan applications, determine eligibility for financial services, and manage financial transactions.
4. Transactional Information:
   • Details of your interactions with us, including loan applications, account activity, transaction history, payments, and communications.
   • We use this information to process transactions, monitor account activity, provide customer support, and improve our products and services.
5. Biometric Information:
   • In certain cases, we may collect biometric data such as fingerprints or facial recognition data for identity verification purposes.
   • Biometric information may be used to enhance security measures and prevent identity theft or fraudulent activities, where permitted by law and with your explicit consent.
6. Other Information:
   • Additional information voluntarily provided by you, such as feedback, survey responses, preferences, or demographic information.
   • We may collect this information to personalize your experience, tailor our products and services to your needs, and conduct market research and analysis.
7. Sensitive Information:
   • We may collect sensitive information in accordance with applicable laws and with your explicit consent, such as information related to your health, religion, ethnicity, or political affiliations.
   • Sensitive information is collected only when necessary and is subject to heightened security and confidentiality measures to protect your privacy.

We collect and process personal information only to the extent necessary for the purposes outlined in our Privacy Policy, and we take appropriate measures to ensure the confidentiality, integrity, and security of your data. We do not collect information indiscriminately or without your consent, and we strive to be transparent about our data collection practices and the purposes for which your information is used. If you have any questions or concerns about the information we collect, please contact us using the contact details provided in our Privacy Policy.

 

2. How We Use Your Information

We use the information we collect for the following purposes:

1. Providing Financial Services:
   • We use your personal information to facilitate the provision of financial products and services, including loan origination, underwriting, and servicing.
   • This may involve processing loan applications, evaluating creditworthiness, disbursing funds, managing loan accounts, and collecting payments.
2. Customer Relationship Management:
   • We use your information to manage our relationship with you, including communicating with you about your account, transactions, and inquiries.
   • This may involve sending account statements, transaction confirmations, payment reminders, and other essential communications related to your financial transactions.
3. Customizing and Personalizing Services:
   • We use your information to personalize your experience and tailor our products and services to meet your specific needs, preferences, and circumstances.
   • This may involve offering personalized loan terms, interest rates, repayment schedules, or financial advice based on your financial profile and objectives.
4. Marketing and Promotions:
   • With your consent, we may use your contact information to send you promotional materials, newsletters, updates, and marketing communications about our products, services, and special offers.
   • This may involve sending targeted advertisements, promotional offers, or invitations to participate in surveys, contests, or promotional events.
5. Compliance and Legal Obligations:
   • We use your personal data to comply with legal and regulatory requirements, including anti-money laundering (AML) laws, know-your-customer (KYC) regulations, and consumer protection laws.
   • This may involve verifying your identity, conducting due diligence checks, reporting suspicious activities, and fulfilling legal obligations related to financial transactions.
6. Risk Management and Fraud Prevention:
   • We use your information to assess and manage risks associated with financial transactions, including credit risk, operational risk, and fraud risk.
   • This may involve analyzing transaction patterns, detecting unusual or suspicious activities, and implementing security measures to protect against fraud, identity theft, or other unauthorized activities.
7. Improving Products and Services:
   • We use data analytics and insights derived from your information to improve our products, services, and business operations.
   • This may involve analyzing customer feedback, tracking performance metrics, identifying areas for improvement, and developing new products or features to better meet customer needs.
8. Research and Development:
   • We may use aggregated or anonymized data for research and development purposes, including market research, product innovation, and strategic planning.
   • This may involve analyzing trends, conducting surveys or focus groups, and gathering insights to inform business decisions and enhance customer experiences.
9. Legal Proceedings and Dispute Resolution:
   • We may use your information to establish, exercise, or defend legal claims in legal proceedings or dispute resolution processes.
   • This may involve disclosing your information to legal counsel, regulatory authorities, or third-party experts as necessary to resolve disputes or enforce contractual rights.

We use your personal information only for legitimate business purposes and in accordance with applicable laws and regulations. We do not use your information for purposes unrelated to the provision of financial services or without your consent. If you have any questions or concerns about how we use your information, please contact us using the contact details provided in our Privacy Policy.

 

3. Data Sharing and Disclosure

We may share your personal information with the following categories of recipients:

1. Service Providers:
   • We may share your personal information with trusted service providers, contractors, or agents who assist us in providing financial services and managing our business operations.
   • These service providers may include third-party vendors, consultants, IT professionals, auditors, legal advisors, and other entities that perform services on our behalf.
   • We take appropriate contractual and security measures to ensure that service providers handle your personal information in accordance with our instructions and applicable data protection laws.
2. Financial Institutions:
   • We may share your personal information with banks, credit bureaus, payment processors, and other financial institutions as necessary to process transactions, assess creditworthiness, and comply with regulatory requirements.
   • This may involve disclosing your information to financial intermediaries involved in loan origination, underwriting, funding, and servicing processes.
   • We may also share information with regulatory authorities, central banks, or government agencies as required by law or to fulfill reporting obligations related to financial transactions.
3. Government Authorities:
   • We may disclose your personal information to government agencies, regulatory bodies, law enforcement authorities, or other third parties as required by law, court order, or legal process.
   • This may include disclosing information in response to subpoenas, warrants, regulatory inquiries, or lawful requests from law enforcement agencies or government authorities.
   • We may also share information to comply with tax regulations, customs requirements, or other legal obligations imposed by governmental authorities.
4. Business Partners and Affiliates:
   • We may share your personal information with business partners, affiliates, or joint venture partners for marketing, promotional, or business development purposes, subject to your consent where required by law.
   • This may involve sharing information with co-marketing partners, referral partners, or strategic alliances to offer complementary products or services to our customers.
   • We take appropriate measures to ensure that business partners and affiliates handle your personal information in accordance with applicable privacy laws and industry standards.
5. Corporate Transactions:
   • In the event of a corporate transaction, such as a merger, acquisition, or sale of assets, we may disclose your personal information as part of the transaction process.
   • This may involve sharing information with prospective buyers, investors, or counterparties to facilitate due diligence, negotiations, or the completion of the transaction.
   • We will notify you of any material changes to the ownership or control of your personal information and seek your consent if required by law or contractual obligations.
6. With Your Consent:
   • We may share your personal information with third parties for purposes not covered by this Privacy Policy if we have obtained your consent to do so.
   • This may include sharing information with marketing partners, advertisers, or other third parties for promotional or advertising purposes, where you have opted in to such sharing.

We share your personal information only for legitimate business purposes and in accordance with applicable laws and regulations. We do not sell your information to third parties for their own marketing purposes without your consent.

4. Data Security

We maintain appropriate technical, administrative, and physical safeguards to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, firewalls, regular security audits, and employee training programs.

Data security is of paramount importance to Kopafasta Microfinance Limited. Here’s a more detailed elaboration on how we ensure the security of your personal information:

1. Encryption and Secure Protocols:
   • We utilize encryption technologies such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to encrypt data transmitted between your device and our servers.
   • Secure protocols are employed to ensure that sensitive information, such as login credentials, financial data, and personal details, is protected during transmission over the internet.
2. Access Controls:
   • Access to your personal information is restricted to authorized personnel who have a legitimate business need to access such data.
   • Role-based access controls are implemented to limit access to specific data based on job responsibilities and organizational hierarchy.
   • Access permissions are regularly reviewed and updated to ensure that only authorized individuals have access to sensitive information.
3. Firewalls and Intrusion Detection Systems:
   • We deploy firewalls and intrusion detection systems to monitor network traffic and detect and prevent unauthorized access, intrusions, or malicious activities.
   • Firewalls are configured to block unauthorized access attempts and filter incoming and outgoing network traffic to protect against cyber threats and attacks.
4. Data Encryption at Rest:
   • Personal information stored in databases, servers, or other storage systems is encrypted to protect against unauthorized access or data breaches.
   • Strong encryption algorithms and cryptographic techniques are used to secure data at rest, ensuring that sensitive information remains confidential and inaccessible to unauthorized parties.
5. Data Minimization and Anonymization:
   • We employ data minimization and anonymization techniques to limit the collection, storage, and retention of personal information to the minimum necessary for business purposes.
   • Where feasible, personal data is anonymized or pseudonymized to remove identifying information and reduce the risk of unauthorized disclosure or misuse.
6. Regular Security Audits and Testing:
   • We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address security vulnerabilities, weaknesses, and threats.
   • External security experts may be engaged to perform independent assessments and audits of our systems, infrastructure, and security controls.
7. Employee Training and Awareness:
   • We provide comprehensive training and awareness programs to educate employees about data security best practices, policies, and procedures.
   • Employees are trained to recognize and report security incidents, phishing attempts, social engineering attacks, and other potential security risks.
8. Incident Response and Breach Notification:
   • We have established incident response procedures and protocols to promptly respond to security incidents, data breaches, or unauthorized access.
   • In the event of a data breach or security incident involving personal information, we will notify affected individuals, regulatory authorities, and other stakeholders as required by law or regulation.
9. Third-Party Security Assessments:
   • We conduct due diligence assessments and security reviews of third-party service providers, vendors, and partners to ensure they meet our security standards and requirements.
   • Contracts and agreements with third parties include provisions for data protection, security, confidentiality, and compliance with applicable laws and regulations.
10. Compliance with Data Protection Laws:
    • We comply with applicable data protection laws, regulations, and industry standards governing the collection, use, storage, and disclosure of personal information.
    • Our data processing activities are conducted in accordance with principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

We implement robust security measures to protect your personal information, no system or method of transmission over the internet or electronic storage is completely secure. However, we continuously strive to enhance our security practices and technologies to safeguard your data and maintain your trust. If you have any questions or concerns about data security, please contact us using the contact details provided in our Privacy Policy.

Top of Form

 

5. Your Rights and Choices

You may have certain rights and choices regarding your personal information, including the right to:

1. Access and Rectification:
   • You have the right to access and review the personal information we hold about you. If you believe that any of the information is inaccurate, incomplete, or outdated, you have the right to request corrections or updates.
   • You can exercise your right to access and rectify your personal information by contacting us using the contact details provided in our Privacy Policy. We will respond to your request in a timely manner and make reasonable efforts to address your concerns.
2. Data Portability:
   • You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another organization or service provider if you wish.
   • To request data portability, please contact us using the contact information provided in our Privacy Policy. We will provide you with your data in a format that facilitates portability within a reasonable timeframe.
3. Withdrawal of Consent:
   • Where we rely on your consent for the processing of your personal information, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
   • You can withdraw your consent by contacting us using the contact details provided in our Privacy Policy. We will update our records accordingly and cease processing your personal information for the specified purposes.
4. Objection and Restriction:
   • You have the right to object to the processing of your personal data on grounds relating to your particular situation, where processing is based on legitimate interests or performance of a task carried out in the public interest.
   • You also have the right to request restriction of processing if you contest the accuracy of your personal data, the processing is unlawful, or you have objected to processing pending verification of legitimate grounds.
   • To exercise your right to object or request restriction, please contact us using the contact information provided in our Privacy Policy. We will assess your request and respond in accordance with applicable data protection laws.
5. Erasure (Right to Be Forgotten):
   • In certain circumstances, you have the right to request the deletion or erasure of your personal data. This right applies where your personal data is no longer necessary for the purposes for which it was collected or processed, or where you have withdrawn your consent for processing.
   • To request erasure of your personal data, please contact us using the contact details provided in our Privacy Policy. We will evaluate your request and take appropriate action in accordance with applicable legal requirements and retention policies.
6. Objection to Automated Decision-Making:
   • You have the right to object to automated decision-making, including profiling, which produces legal effects concerning you or significantly affects you. You have the right to request human intervention, express your point of view, and challenge the decision.
   • To exercise your right to object to automated decision-making, please contact us using the contact information provided in our Privacy Policy. We will review your request and provide you with information about the decision-making process and your rights.
7. Complaints and Inquiries:
   • If you have any questions, concerns, or complaints about our handling of your personal information or our privacy practices, you have the right to lodge a complaint with us or with the relevant data protection authority.
   • We encourage you to contact us first so that we can address your concerns promptly and effectively. You can reach us using the contact details provided in our Privacy Policy.

It’s important to note that while you have these rights and choices regarding your personal information, there may be limitations or exceptions based on applicable laws, contractual obligations, or legitimate business interests. We are committed to respecting your rights and will make reasonable efforts to facilitate the exercise of your rights in accordance with applicable data protection laws and regulations. If you have any questions or require further information about your rights and choices, please contact us using the contact details provided in our Privacy Policy.Top of Form

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. When no longer needed, we will securely delete or anonymize your data to prevent unauthorized access or use.

1. Purpose Limitation:
   • We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by law.
   • Personal data is collected and processed for specific and lawful purposes, and we do not retain it for longer than is necessary to achieve those purposes.
2. Legal and Regulatory Requirements:
   • We may retain your personal information for the duration required to comply with applicable legal and regulatory requirements.
   • This includes retention periods prescribed by financial regulations, tax laws, consumer protection laws, anti-money laundering (AML) regulations, know-your-customer (KYC) requirements, and other legal obligations.
3. Contractual Obligations:
   • Personal data may be retained for the duration of the contractual relationship with you, including the provision of financial services, management of customer accounts, and fulfillment of contractual obligations.
   • Retention periods may vary depending on the terms of the contract, the nature of the services provided, and any ongoing obligations or commitments.
4. Statutory Limitations Periods:
   • We may retain personal information for the duration necessary to assert or defend legal claims or establish compliance with statutory limitations periods.
   • Retention periods may be extended to preserve evidence, support legal proceedings, or respond to regulatory inquiries or investigations.
5. Business Purposes:
   • Personal data may be retained for legitimate business purposes, such as record-keeping, internal reporting, analysis, auditing, and business continuity planning.
   • Retention periods are determined based on business needs, operational requirements, and industry standards for data retention and record-keeping practices.
6. Data Minimization:
   • We implement data minimization principles to limit the collection, storage, and retention of personal information to the minimum necessary for business purposes.
   • Where feasible, we anonymize or pseudonymize personal data to reduce the risk of identification and ensure compliance with data protection principles.
7. Data Subject Requests:
   • Upon request, we provide individuals with the ability to access, rectify, or delete their personal information in accordance with applicable data protection laws.
   • We promptly respond to data subject requests and take appropriate action to comply with requests for data access, correction, erasure, or restriction of processing.
8. Data Disposal and Destruction:
   • Personal data is securely disposed of or destroyed when it is no longer needed for the purposes for which it was collected or as required by law.
   • Disposal methods may include shredding, erasing, or anonymizing data to prevent unauthorized access or disclosure.
9. Review and Update of Retention Policies:
   • We periodically review and update our data retention policies, procedures, and practices to ensure compliance with legal requirements, industry standards, and best practices.
   • Retention periods are regularly assessed and adjusted based on changes in business operations, regulatory requirements, and evolving data protection principles.

We take drastic measures to minimize the risk of unauthorized access, disclosure, or misuse. If you have any questions or concerns about our data retention practices, please contact us using the contact details provided in our Privacy Policy.

 

7. International Transfers

Your personal information may be transferred to, stored, and processed in countries outside your jurisdiction where our service providers or affiliates are located. We will take appropriate measures to ensure that such transfers comply with applicable data protection laws and provide adequate safeguards for the protection of your personal data.

1. Transfers to Third Countries:
   • Kopafasta Microfinance Limited may transfer personal information to countries outside the jurisdiction where the data was originally collected. These countries may have different data protection laws and standards compared to the jurisdiction of origin.
   • International transfers may occur when Kopafasta Microfinance Limited uses third-party service providers, vendors, or affiliates located in other countries to process personal information or perform services on its behalf.
2. Legal Basis for Transfers:
   • International transfers of personal information are carried out in accordance with applicable data protection laws and regulations, including relevant legal mechanisms for cross-border data transfers.
   • The legal basis for international transfers may include:
     • Adequacy Decisions: Transfers to countries that have been deemed to provide an adequate level of data protection by the European Commission or other relevant authorities.
     • Standard Contractual Clauses (SCCs): Transfers based on standard contractual clauses approved by the European Commission or other competent authorities to ensure adequate safeguards for data protection.
     • Binding Corporate Rules (BCRs): Intra-group transfers based on approved binding corporate rules governing the transfer and protection of personal information within multinational organizations.
     • Approved Codes of Conduct or Certification Mechanisms: Transfers based on approved codes of conduct or certification mechanisms that provide sufficient guarantees regarding data protection compliance.
     • Explicit Consent: Transfers based on the explicit consent of data subjects, where appropriate safeguards are implemented to protect the rights and freedoms of individuals.
3. Data Transfer Agreements:
   • Kopafasta Microfinance Limited may enter into data transfer agreements or data processing agreements with third parties involved in international transfers to ensure compliance with data protection laws and contractual obligations.
   • These agreements typically include provisions for data protection, security, confidentiality, and compliance with applicable laws and regulations.
4. Security Measures:
   • Kopafasta Microfinance Limited implements appropriate technical, organizational, and contractual measures to ensure the security and confidentiality of personal information during international transfers.
   • Security measures may include encryption, access controls, data minimization, anonymization, pseudonymization, and other safeguards to protect against unauthorized access, disclosure, or misuse.
5. Data Protection Impact Assessments:
   • Kopafasta Microfinance Limited conducts data protection impact assessments (DPIAs) or risk assessments to evaluate the potential risks and implications of international transfers on the rights and freedoms of data subjects.
   • DPIAs help identify and mitigate risks associated with cross-border data transfers, ensuring compliance with data protection principles and legal requirements.
6. Data Subject Rights:
   • Data subjects have rights and remedies available to them in relation to international transfers of personal information, including the right to access, rectify, erase, or restrict the processing of their data.
   • Data subjects may exercise their rights by contacting Kopafasta Microfinance Limited using the contact details provided in its Privacy Policy.
7. Transparency and Accountability:
   • Kopafasta Microfinance Limited maintains transparency and accountability regarding international transfers of personal information by providing relevant information to data subjects in its Privacy Policy and other disclosures.
   • Data protection authorities may be notified or consulted as necessary to ensure compliance with legal requirements and regulatory expectations.

International transfers of personal information are conducted in compliance with applicable data protection laws and regulations, and appropriate safeguards are implemented to protect the privacy and security of data subjects’ personal information. If you have any questions or concerns about international transfers, please contact Kopafasta Microfinance Limited using the contact details provided in its Privacy Policy.

 

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. We will notify you of any material changes by posting the updated policy on our website or through other appropriate channels. Please see the elaborated procedures that we undertake during any changes

1. Notification of Changes:
   • Kopafasta Microfinance Limited notifies users of any material changes to its privacy policy through prominent notices on its website, mobile applications, or other relevant communication channels.
   • Users are informed about the nature of the changes, the effective date of the updated privacy policy, and any significant updates to the handling of personal information.
2. Communication with Users:
   • Kopafasta Microfinance Limited communicates changes to its privacy policy directly to users via email, SMS, or other forms of electronic communication, where feasible.
   • Users are provided with clear and understandable information about the reasons for the changes, the impact on their rights and choices, and any actions they need to take in response to the updates.
3. Review and Acknowledgment:
   • Users are encouraged to review the updated privacy policy to understand how their personal information is collected, used, disclosed, and protected.
   • Kopafasta Microfinance Limited may request users to acknowledge their acceptance of the updated privacy policy by clicking on an acknowledgment button, checkbox, or similar mechanism.
4. Access to Previous Versions:
   • Kopafasta Microfinance Limited maintains a record of previous versions of its privacy policy for reference purposes.
   • Users can access previous versions of the privacy policy on the company’s website or by contacting customer support for assistance.
5. Education and Awareness:
   • Kopafasta Microfinance Limited provides educational resources and materials to help users understand the changes to its privacy policy and their implications.
   • Frequently asked questions (FAQs), user guides, blog posts, or other informative content may be published to address common concerns or questions about the updated privacy policy.
6. Feedback and Inquiries:
   • Kopafasta Microfinance Limited welcomes feedback, questions, and inquiries from users regarding the updated privacy policy.
   • Users are encouraged to contact customer support or the privacy officer with any concerns, suggestions, or requests for clarification about the changes to the privacy policy.
7. Compliance with Applicable Laws:
   • Changes to the privacy policy are made in compliance with applicable data protection laws, regulations, and industry standards.
   • Kopafasta Microfinance Limited ensures that updates to the privacy policy reflect changes in legal requirements, regulatory guidance, and best practices for data protection and privacy.
8. Continued Use of Services:
   • Users are informed that their continued use of Kopafasta Microfinance Limited’s services after the effective date of the updated privacy policy constitutes acceptance of the revised terms.
   • Users who do not agree with the updated privacy policy are provided with options to discontinue their use of the services or exercise their rights to object, restrict processing, or withdraw consent as applicable.
9. Periodic Reviews and Audits:
   • Kopafasta Microfinance Limited conducts periodic reviews and audits of its privacy policy to ensure ongoing compliance with legal requirements and alignment with evolving business practices.
   • Feedback from users, data protection authorities, and other stakeholders may be considered in the review process to enhance transparency, accountability, and user trust.
10. Documentation and Record-Keeping:
    • Kopafasta Microfinance Limited maintains documentation and records of changes to its privacy policy, including the rationale for the updates, the approval process, and any relevant discussions or decisions.
    • Records of changes to the privacy policy are retained in accordance with internal policies, legal requirements, and industry standards for data retention and record-keeping.

It’s important for Kopafasta Microfinance Limited to communicate changes to its privacy policy effectively and transparently to ensure that users understand their rights and responsibilities regarding the handling of their personal information. By providing clear and accessible information about changes to the privacy policy, Kopafasta Microfinance Limited aims to foster trust, transparency, and accountability in its data protection practices.

 

9. Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us at:

Kopafasta Microfinance Limited
info@kopafasta.co.tz
support@kopafasta.co.tz