KNIGHT SACCO Privacy Policy

Definitions

KNIGHT SACCO means KNIGHT SCRAP SACCO LIMITED, a Cooperative Society organized and existing under the laws of KENYA, with its head office located at Lunga Lunga Square, Nairobi, Kenya.

GDPR means the General Data Privacy Regulation.

Responsible Person means KNIGHT SACCO and its Staff.

Register of Systems means a register of all systems or contexts in which personal data is processed by KNIGHT SACCO.

1. Data Privacy Principles

• Personal Data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.
• The processing of Personal Data must happen in a lawful way and have a legal or legitimate basis.
• Personal data will be considered to have been obtained fairly if the data subject is informed of the name of the data controller and the purpose(s) for processing the personal data or any further information necessary for fair processing.
• Data controller/processor should be transparent regarding the processing of personal data and inform the data subject in an open and transparent manner.
• Personal Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
• Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purpose for which the data will be processed.
• Personal data shall not be kept for longer periods than necessary to achieve the purpose for which the data was collected and processed.
• Personal data on file must be correct, complete, and be kept up to date.
• Personal data must be processed securely to retain confidentiality and integrity.

2. General Provisions

• This policy applies to all personal data collected, stored, and processed by KNIGHT SACCO.
• The Responsible Person shall take responsibility for KNIGHT SACCO’s ongoing compliance with this policy.
• This policy shall be reviewed at least annually.
• KNIGHT SACCO shall process any data collected on behalf of any of its customers only in accordance with the customers’ set policies and within the GDPR guidelines.

3. Mobile Banking

• The user MUST consent to allowing the application to access the specified data by granting the app the specific permissions needed.
• All information read from messages, logs etc. shall not be used for any other purposes other than the specific purposes for which the information was requested.
• We shall not store personal data such as messages and call logs in any of our servers for uses beyond the scope for which the data was collected.
• Access to incoming messages shall only be for purposes of authentication and validation of processes and tasks.

4. Lawful Purposes

• All data processed by KNIGHT SACCO shall be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task, or legitimate interests.
• KNIGHT SACCO shall note the appropriate lawful basis in the Register of Systems.
• Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
• Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is accurately reflected in KNIGHT SACCO’s systems.

5. Data Minimization

KNIGHT SACCO shall ensure that personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

6. Accuracy

• KNIGHT SACCO shall take reasonable steps to ensure personal data is accurate.
• Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.

7. Archiving / Removal

• To ensure that personal data is kept for no longer than necessary, KNIGHT SACCO shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
• The archiving policy shall consider what data should/must be retained, for how long, and why.
• A member may request for deletion of their data from the SACCO upon termination of membership.

8. Security

• KNIGHT SACCO shall ensure that personal data is stored securely using modern software that is kept up to date.
• Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
• When personal data is deleted, this should be done safely such that the data is irrecoverable.
• Appropriate backup and disaster recovery solutions shall be in place.

9. Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, KNIGHT SACCO shall promptly assess the risk to people’s rights and freedoms and, if appropriate, report this breach to the relevant government authorities for further action.