1. SCOPE OF THIS PRIVACY NOTICE

1.1 Finsprint Limited (“Finsprint”), a is a Kenyan licensed data controller responsible for processing your data when you download and use the Finsprint mobile application (“Finsprint App”) hosted on the Google Play Store or when you access our Services through other Channels.

1.2 Finsprint may also act as a data processor for a data controller with whom you have a contractual relationship. In such instances, Finsprint will act in accordance with the instructions given by the data controller.

1.3 If you have any questions about this Privacy Notice, please contact us via email at info@Finsprint.com

1.4 Please read this Privacy Notice and our Privacy Policy carefully to understand our practices regarding your personal data in accordance with the Data Protection Act, 2019. By expressing your acceptance of the terms of this Privacy Notice and our Privacy Policy (through the Finsprint App, or other Channels ), you accept and understand that your personal data will be processed in accordance with this Privacy Notice and our Privacy Policy.

1.5 Finsprint’s Services are not intended for children, and we do not knowingly collect data relating to children.

2. DEFINITIONS

2.1 “Channels” means any system or medium (including the Finsprint App, Unstructured Supplementary Service Data (USSD) and web whether internet based, mobile device based or not), which may be established by Finsprint from time to time to enable you to access and utilise one or more of the Services.

2.2 “Children” means individuals below the age of eighteen (18) years.

2.3 “Consent” means an express, unequivocal, free, specific, and informed indication of your wishes by a statement or by a clear affirmative action.

2.4 “Customer” or “User” means any individual within the Republic of Kenya to which Finsprint provides its Services.

2.5 “Personal data” means any information relating to an identified or identifiable individual, which shall include Sensitive personal data.

2.6 “Sensitive personal data” means personal data about an individual’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the individual’s child(ren), parent(s), spouse(s), or the individual’s sex or the sexual orientation.

2.7 “Services” refers to the financial products and features provided by Finsprint to Customers through the Finsprint App, through its partner channels, or through other Channels.

2.8 “We”, “Our” and “Us” refer to Finsprint.

3. THE DATA WE COLLECT ABOUT YOU

3.1 Finsprint will collect personal data from you as you use our Services. This includes the following:

  1. Identity Data: includes your full name, title, date of birth, age, gender, identity document, and photo or image.
  2. Contact Data: includes your present address, permanent address, email address, and mobile numbers.
  3. Financial Data: includes your bank account number, mobile account number, remittance account number, and payment card details.
  4. Identity Data: includes your full name, title, date of birth, age, gender, identity document, and photo or image.
  5. Profile Data: includes your level of education, employment status and income information, marital status, and other details you submit in response to surveys administered by Finsprint or Finsprint’s agents.
  6. Contact Data: includes your present address, permanent address, email address, and mobile numbers.
  7. Financial Data: includes your bank account number, mobile account number, remittance account number, and payment card details.
  8. Transaction Data: includes payments and transfers to and from you, and your Finsprint App or Channel transaction history.
  9. Device Data: includes the type of mobile device you use, device specifications (such as screen size, resolution, memory, or CPU capacity), unique device identifiers (IMEI number, IP address, Google Play Services ADID, MAC address), mobile network carrier, and mobile operating system.
  10. Content Data: includes information stored on your device, such as contact lists, call and SMS logs, and list of installed applications.
  11. Network Data: includes information about Finsprint users in your network, such as volume, repayment behaviour, and demographics.
  12. Usage Data: includes your username, password or PIN, OTP, and details of your use of the Finsprint App or Channels.
  13. Communications Data: includes records of messages received from you, your account, or your device, including customer service tickets filed through the App, Channels or via email, call logs and call recordings, and records of other interactions between you or your representatives and Finsprint or its agents.
  14. Marketing Data: includes your preferences in receiving promotional messages from us and our authorised third parties, as well as data provided by you in relation to special offers and promotional activities conducted by Finsprint.
  15. Location Data: includes your current location determined by geolocation technology.
  16. Third Party Data: includes information about you that we obtain from partners, credit reference agencies or bureaus, external collection agencies, identity verification and sanctions screening service providers, mobile network providers, and marketing partners.

3.2 We also may collect other information about you, your device, and your use of the App or Channels in ways that we describe to you at the time of collection.

3.3 We process your personal data from the following sources:

  1. 3.3.1 Information you give us. This is information you submit to us or allow us to access by expressing your acceptance in the Finsprint App, through USSD transaction, or by other recorded means, including by filling in forms or by corresponding with us or interacting with our website or social media accounts.
  2. 3.3.2 Information we collect from your device. This is information you allow us to access by installing the Finsprint App or accessing our Channels on your Device and enabling certain device permissions.
  3. 3.3.3 Third Party Data and publicly available sources. We may receive personal data about you from various third parties, partners and public sources such as:
  4. 3.3.3.1 Financial, Profile and Transaction Data from providers of technical, payment, delivery, and general financial services such as mobile network providers, money service businesses, USSD service providers, and external collection agencies.
  5. 3.3.3.2 Contact, Financial, Profile and Transaction Data from identity verification and sanctions screening service providers and credit reference agencies.
  6. 3.3.3.3 Communications Data from your interactions with our external collection agencies.
  7. 3.3.3.4 Identity, Profile, and Contact Data from partners and publicly available sources.

3.4 If you fail to provide or withhold any or all of the personal data that Finsprint requests, we may be unable to provide you with our Services.

4. PURPOSES AND LAWFUL BASIS FOR WHICH WE WILL USE YOUR PERSONAL DATA

4.1 We will only process your personal data when we have a lawful basis to do so. In most instances, we will process your personal data under one of the following circumstances:

  1. 4.1.1 Where you have given your consent for the processing of your personal data.
  2. 4.1.2 Where we need to perform a contract with you, or where we need to take steps at your request before entering into a contract with you.
  3. 4.1.3 Where we need to comply with a legal obligation.
  4. 4.1.4 Where it is necessary for our legitimate interests (or those of a third party), and where your interests and fundamental rights do not override those interests.
Purpose/activity Type of data Lawful basis for processing
To install the Finsprint App or Channel set up and register you as a new App or Channel user Device Usage Contact Your consent
  1. To create your Finsprint App or Channel user profile
  2. To verify your identity through internal or outsourced tools or services
  3. To determine your eligibility for our Services through the use of automated processing, including credit scoring and fraud prevention through machine learning technology
  4. To conduct additional verification of your credit and financial history through credit reference agencies, credit bureaus, and other reliable sources
  5. To process transactions and deliver Services including disbursing loans and collecting payments for your use of the Services
Identity Profile Contact Content Network Location Third Party Performance of a contract with you
Identity Profile Contact Compliance with legal obligations
  1. To perform manual and automated screening of your profile and your transactions pursuant to Anti-Money Laundering, Counter Terrorist Financing and Counter Proliferation Financing (AML/CFT/CPF) regulations
  2. To submit reports of covered and suspicious transactions to the Financial Reporting Centre (FRC)
  3. To supply your account transaction history to the credit bureaus, which may include information on repayments and defaults and account opening and closing
  4. To exchange information with any local or international law enforcement or competent authority to assist in the prevention, detection, investigation or prosecution of criminal activities
  5. To supply your transaction and repayment information in the reporting and remittance of relevant taxes to the Kenya Revenue Authority (KRA)
Location Third Party Necessary for our legitimate interests (to safeguard the legitimate use of our Services)
  1. To manage our relationship with you including notifying you of changes to the Finsprint App/Channels or our Services
  2. To analyse customer behaviour and improve our Services
  3. To contact you by telephone using auto-dialled or pre-recorded message calls or text (SMS) messages
  4. To administer and protect our business and the Finsprint App including troubleshooting, data analysis and system testing
Contact Usage Communications Marketing Third Party Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ Services)
  1. To deliver content and advertisements to you
  2. To make recommendations to you about goods or services which may interest you
  3. To send you marketing notices, announcements about optional service updates, and promotional offers
  4. To measure and analyse the effectiveness of the advertising we serve you
  5. To monitor trends so we can improve our Services
  6. To enable you to participate in a prize draw, competition or complete a survey
Profile Contact Usage Communications Marketing Your consent Necessary for our legitimate interests (to develop our products/Services and grow our business)
  1. To allow our partners to fulfil their obligations to you
  2. To fulfil our commitments to our partners
  3. To transmit relevant information to Finsprint’s service providers who act as data processors upon Finsprint’s instructions
  4. To exchange relevant information with Finsprint’s agents or any other company that may become Finsprint’s affiliate entity, for reasonable commercial purposes relating to the Services
Identity Profile Contact Financial Transaction Device Content Network Usage Communications Marketing Location Third Party Performance of a contract with you Necessary for our legitimate interests (for running our business)
  1. To conduct research and testing of product features and modifications to the Services, including experimentation with limited user segments prior to general availability
  2. To develop and refine machine learning models for fraud prevention, credit scoring,
Identity Profile Contact Financial Transaction Device Content Network Usage Necessary for our legitimate interests (to maintain Service quality and for the continuous improvement of our Services)
  1. underwriting, and other automated decision-making processes
  2. To administer training for Finsprint personnel and conduct performance evaluations
  3. To conduct quality assurance and internal audit
Communications Marketing Location Third Party

5. DISCLOSURES OF YOUR PERSONAL DATA

When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below for the purposes set out in the table above.

5.1 Internal Third Parties being other companies in the InVenture Capital Corporation Group acting as joint controllers or processors and who are based in locations outside of Kenya and provide system administration and other shared services within the group.

5.2 External Third Parties such as:

  1. 5.2.1 Data controllers with whom you have a contractual relationship and for whom Finsprint acts as a data processor;
  2. 5.2.2 Mobile money providers whom we use for verification in relation to your mobile money account, pursuant to the agreement between you and the relevant mobile money provider;
  3. 5.2.3 Credit bureaus and/or any other reliable sources from whom we may obtain your personal data and also supply your consumer credit information which may include information on repayments and defaults and account opening and closing;
  4. 5.2.4 Any local or international law enforcement or competent regulatory or governmental agencies in connection with an official request so as to assist in the prevention, detection, investigation or prosecution of criminal activities or fraud;
  5. 5.2.5 Finsprint’s service providers, such as external collection agencies, who are acting as data processors upon the instructions of Finsprint;
  6. 5.2.6 Finsprint’s agents or any other company that may be or become Finsprint’s affiliate entity, for reasonable commercial purposes relating to the Services;
  7. 5.2.7 Finsprint’s professional advisors and consultants including lawyers and auditors or to any court or arbitration tribunal in connection with any legal or audit proceedings;

5.3 Third parties to whom we may choose to sell, assign, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

5.4 Any other person that we deem legitimately necessary to share the data with, in all cases in compliance with the Data Protection Act, 2019.

6. INTERNATIONAL TRANSFERS

6.1 Your personal data collected by Finsprint shall be stored and processed outside of Kenya in a location where Finsprint or its agents maintain facilities, including the use of cloud storage and cloud computing technology.

6.2 Whenever we transfer your personal data outside of Kenya, we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are implemented. We ensure your personal data is protected by requiring all our group companies, personnel, and agents to follow the same rules when processing your personal data.

7. AUTOMATED PROCESSING

We use automated processing to determine your eligibility for our Services based on the personal data that we collect. Our fraud prevention and data models utilise data science and machine-learning technology with little to no human intervention and are regularly tested to ensure they remain fair, accurate, and unbiased. You may object to the automated processing of your personal data, but doing so will prevent us from providing you with our Services. If you wish to request a reconsideration of an automated decision, you may contact us via email at info@Finsprint.io. Please note that human intervention does not guarantee that the automated decision will be overturned

8. DATA GOVERNANCE AND SECURITY

8.1 Finsprint implements an Information Security Management System to maintain the confidentiality, integrity, and availability of Finsprint’s information resources, in keeping with our commitments, industry standards and global best practices. You may refer to our Privacy Policy for further details on the data governance and security measures that we implement.

8.2 Where you have chosen or have been given a password, PIN or OTP code that enables you to access certain parts of the Finsprint App or Channels portal, you are responsible for keeping this password, PIN or OTP code confidential. Never share this password, PIN or OTP code with anyone. Finsprint will never ask you to provide us with your password PIN or OTP code.

8.3 We have put in place procedures to deal with any suspected breach of personal data and will notify you and any applicable regulatory authority when we are legally required to do so.

9. DATA RETENTION

9.1 Being a registered reporting institution under the Proceeds of Crime and Anti-Money Laundering Act, as amended (POCAMLA), Finsprint has the obligation to retain certain records for a period of at least seven (7) years or such longer period as the FRC may require, from the date of the relevant transaction or following the termination of an account or business relationship with Finsprint. To ensure Finsprint’s ability to comply with this obligation, Finsprint will retain relevant personal data associated with your account for a period of ten (10) years from the date of the closure of your Finsprint account.

9.2 In some circumstances, such as when you have no outstanding credit balance with Finsprint, you can ask us to close your Finsprint account and delete the associated personal data (subject to Finsprint’s record retention obligations under the POCAMLA as mentioned above): see the section on Your Data Subject Rights below for further information.

9.3 In some circumstances we will anonymise your information such that it will no longer constitute personal data. In such cases we may use anonymised information for whatever legitimate purpose without further notice to you.

10. YOUR DATA SUBJECT RIGHTS

10.1 As a data subject, you have the following rights in relation to your personal data:

  1. To be informed of the uses for which your personal data is processed;
  2. To access your personal data in our custody, as well as information about:
  3. the purposes for which we process your personal data;
  4. the categories of personal data processed;
  5. the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  6. where possible, the period for which the personal data may be stored, or the criteria used to determine the period for storage and retention;
  7. where the personal data is not collected from you as the data subject, any available information as to the source of collection.
  8. To object to the processing of all or part of your personal data (unless we have compelling legitimate interests to continue the processing, or when it is necessary for the establishment, exercise, or defense of a legal claim);
  9. To correct or rectify false, inaccurate, outdated, incomplete, or misleading data about you (subject to verification, such as examination of supporting documents);
  10. To erase or delete data that is false, misleading, irrelevant, excessive, unlawfully obtained, or which we are no longer authorised to retain. Your right to erasure will not apply if it is necessary for us to continue to process your personal data to comply with a legal obligation, or for to establish, exercise, or defend a legal claim.
  11. To copy, port, or receive your personal data in a structured, commonly used, and machine-readable format, or to have your personal data ported to another data controller or data processor.

10.2 You may request that we restrict the processing of your personal data in the following circumstances:

10.2.1 where need to verify the accuracy of data that you are contesting;

10.2.2 where our use of the data is unlawful but you do not want us to erase it;

10.2.3 where the purpose of the processing has been achieved, but the we need your personal data to establish, exercise or defend legal claims;

10.2.4 you have objected to our use of your data but we need to determine whether we have overriding legitimate grounds to use it.

10.3 You have the right to object to the processing of your personal data for direct marketing purposes, and you can opt out of direct marketing communications by asking us not to send you direct marketing messages.

10.4 You may withhold or withdraw your consent in cases where we rely on your consent as the lawful basis for processing of your Personal Data. Doing so may prevent us from providing you with our Services.

10.5 You or your authorised representative can exercise any of these rights at any time, subject to our verification and review, by contacting us via email at hellokenya@Finsprintmobile.com or dpo@Finsprint.co.ke.

11. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

11.1 We keep this Privacy Notice under regular review. Changes to this Privacy Notice will be posted on this page and, where appropriate, notified to you through either the Finsprint App or Channels, Website email, or SMS.

11.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

12. THIRD PARTY LINKS

Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.