Tala Channel Privacy Notice

a picture of a lock

TALA CHANNEL PRIVACY NOTICE

Effective Date: 27 June 2023

1. SCOPE OF THIS PRIVACY NOTICE

1.1 InVenture Mobile Limited (“Tala”), a Kenyan subsidiary of InVenture Capital Corporation, is a Central Bank of Kenya licensed Digital Credit Provider and the data controller responsible for processing your data when you download and use the Tala mobile application (“Tala App”) hosted on the Google Play Store or when you access our Services through other Channels.

1.2 Tala may also act as a data processor for a data controller with whom you have a contractual relationship. In such instances, Tala will act in accordance with the instructions given by the data controller.

1.3 If you have any questions about this Privacy Notice, please contact us via email at hellokenya@talamobile.com or dpo@tala.co.ke.

1.4 Please read this Privacy Notice and our Privacy Policy carefully to understand our practices regarding your personal data in accordance with the Data Protection Act, 2019. By expressing your acceptance of the terms of this Privacy Notice and our Privacy Policy (through the Tala App, or other Channels ), you accept and understand that your personal data will be processed in accordance with this Privacy Notice and our Privacy Policy.

1.5 Tala’s Services are not intended for children, and we do not knowingly collect data relating to children.

2. DEFINITIONS

2.1 “Channels” means any system or medium (including the Tala App, Unstructured Supplementary Service Data (USSD) and web whether internet based, mobile device based or not), which may be established by Tala from time to time to enable you to access and utilise one or more of the Services.

2.2 “Children” means individuals below the age of eighteen (18) years.

2.3 “Consent” means an express, unequivocal, free, specific, and informed indication of your wishes by a statement or by a clear affirmative action.

2.4 “Customer” or “User” means any individual within the Republic of Kenya to which Tala provides its Services.

2.5 “Personal data” means any information relating to an identified or identifiable individual, which shall include Sensitive personal data.

2.6 “Sensitive personal data” means personal data about an individual’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the individual’s child(ren), parent(s), spouse(s), or the individual’s sex or the sexual orientation.

2.7 “Services” refers to the financial products and features provided by Tala to Customers through the Tala App, through its partner channels, or through other Channels.

2.8 “We”, “Our” and “Us” refer to Tala.

3. THE DATA WE COLLECT ABOUT YOU

3.1 Tala will collect personal data from you as you use our Services. This includes the following:

  • Identity Data: includes your full name, title, date of birth, age, gender, identity document, and photo or image.
  • Profile Data: includes your level of education, employment status and income information, marital status, and other details you submit in response to surveys administered by Tala or Tala’s agents.
  • Contact Data: includes your present address, permanent address, email address, and mobile numbers.
  • Financial Data: includes your bank account number, mobile account number, remittance account number, and payment card details.
  • Transaction Data: includes payments and transfers to and from you, and your Tala App or Channel transaction history.
  • Device Data: includes the type of mobile device you use, device specifications (such as screen size, resolution, memory, or CPU capacity), unique device identifiers (IMEI number, IP address, Google Play Services ADID, MAC address), mobile network carrier, and mobile operating system.
  • Content Data: includes information stored on your device, such as contact lists, call and SMS logs, and list of installed applications.
  • Network Data: includes information about Tala users in your network, such as volume, repayment behaviour, and demographics.
  • Usage Data: includes your username, password or PIN, OTP, and details of your use of the Tala App or Channels.
  • Communications Data: includes records of messages received from you, your account, or your device, including customer service tickets filed through the App, Channels or via email, call logs and call recordings, and records of other interactions between you or your representatives and Tala or its agents.
  • Marketing Data: includes your preferences in receiving promotional messages from us and our authorised third parties, as well as data provided by you in relation to special offers and promotional activities conducted by Tala.
  • Location Data: includes your current location determined by geolocation technology.
  • Third Party Data: includes information about you that we obtain from partners, credit reference agencies or bureaus, external collection agencies, identity verification and sanctions screening service providers, mobile network providers, and marketing partners.

3.2 We also may collect other information about you, your device, and your use of the App or Channels in ways that we describe to you at the time of collection.

3.3 We process your personal data from the following sources:

  • 3.3.1 Information you give us. This is information you submit to us or allow us to access by expressing your acceptance in the Tala App, through USSD transaction, or by other recorded means, including by filling in forms or by corresponding with us or interacting with our website or social media accounts.
  • 3.3.2 Information we collect from your device. This is information you allow us to access by installing the Tala App or accessing our Channels on your Device and enabling certain device permissions.
  • 3.3.3 Third Party Data and publicly available sources. We may receive personal data about you from various third parties, partners and public sources such as:
  1. 3.3.3.1 Financial, Profile and Transaction Data from providers of technical, payment, delivery, and general financial services such as mobile network providers, money service businesses, USSD service providers, and external collection agencies.
  2. 3.3.3.2 Contact, Financial, Profile and Transaction Data from identity verification and sanctions screening service providers and credit reference agencies.
  3. 3.3.3.3 Communications Data from your interactions with our external collection agencies.
  4. 3.3.3.4 Identity, Profile, and Contact Data from partners and publicly available sources.

3.4 If you fail to provide or withhold any or all of the personal data that Tala requests, we may be unable to provide you with our Services.

4. PURPOSES AND LAWFUL BASIS FOR WHICH WE WILL USE YOUR PERSONAL DATA

4.1 We will only process your personal data when we have a lawful basis to do so. In most instances, we will process your personal data under one of the following circumstances:

  • 4.1.1 Where you have given your consent for the processing of your personal data.
  • 4.1.2 Where we need to perform a contract with you, or where we need to take steps at your request before entering into a contract with you.
  • 4.1.3 Where we need to comply with a legal obligation.
  • 4.1.4 Where it is necessary for our legitimate interests (or those of a third party), and where your interests and fundamental rights do not override those interests.

4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

Purpose/activity

Type of data

Lawful basis for processing


  1. To install the Tala App or Channel set up and register you as a new App or Channel user

Device 

Usage

Contact

Your consent

  1. To create your Tala App or Channel user profile 

  2. To verify your identity through internal or outsourced tools or services

  3. To determine your eligibility for our Services through the use of automated processing, including credit scoring and fraud prevention through machine learning technology

  4. To conduct additional verification of your credit and financial history through credit reference agencies, credit bureaus, and other reliable sources

  5. To process transactions and deliver Services including disbursing loans and collecting payments for your use of the Services

Identity

Profile

Contact

Content

Network

Location

Third Party

Performance of a contract with you 


Necessary for our legitimate interests (to conduct responsible lending)

  1. To perform manual and automated screening of your profile and your transactions pursuant to Anti-Money Laundering, Counter Terrorist Financing and Counter Proliferation Financing (AML/CFT/CPF) regulations

  2. To submit reports of covered and suspicious transactions to the Financial Reporting Centre (FRC)

  3. To supply your account transaction history to the credit bureaus, which may include information on repayments and defaults and account opening and closing

  4. To exchange information with any local or international law enforcement or competent authority to assist in the prevention, detection, investigation or prosecution of criminal activities

  5. To supply your transaction and repayment information in the reporting and remittance of relevant taxes to the Kenya Revenue Authority (KRA)

Identity 

Profile

Contact 

Financial

Transaction

Location

Third Party

Compliance with legal obligations 


Necessary for our legitimate interests (to safeguard the legitimate use of our Services)

  1. To manage our relationship with you including notifying you of changes to the Tala App/Channels or our Services 

  2. To analyse customer behaviour and improve our Services

  3. To contact you by telephone using auto-dialled or pre-recorded message calls or text (SMS) messages

  4. To administer and protect our business and the Tala App including troubleshooting, data analysis and system testing

Contact 

Usage

Communications 

Marketing

Third Party

Performance of a contract with you 


Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ Services)

  1. To deliver content and advertisements to you 

  2. To make recommendations to you about goods or services which may interest you

  3. To send you marketing notices, announcements about optional service updates, and promotional offers

  4. To measure and analyse the effectiveness of the advertising we serve you 

  5. To monitor trends so we can improve our Services

  6. To enable you to participate in a prize draw, competition or complete a survey

Profile

Contact 

Usage 

Communications

Marketing

Your consent 


Necessary for our legitimate interests (to develop our products/Services and grow our business)

  1. To allow our partners to fulfil their obligations to you

  2. To fulfil our commitments to our partners

  3. To transmit relevant information to Tala’s service providers who act as data processors upon Tala’s instructions

  4. To exchange relevant information with Tala’s agents or any other company that may become Tala’s affiliate entity, for reasonable commercial purposes relating to the Services

Identity

Profile 

Contact 

Financial 

Transaction 

Device 

Content 

Network

Usage

Communications 

Marketing 

Location 

Third Party

Performance of a contract with you 


Necessary for our legitimate interests (for running our business)

  1. To conduct research and testing of product features and modifications to the Services, including experimentation with limited user segments prior to general availability

  2. To develop and refine machine learning models for fraud prevention, credit scoring, underwriting, and other automated decision-making processes

  3. To administer training for Tala personnel and conduct performance evaluations

  4. To conduct quality assurance and internal audit

Identity

Profile 

Contact 

Financial 

Transaction 

Device 

Content 

Network

Usage

Communications 

Marketing 

Location 

Third Party

Necessary for our legitimate interests (to maintain Service quality and for the continuous improvement of our Services)


5. DISCLOSURES OF YOUR PERSONAL DATA

When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below for the purposes set out in the table above.

5.1 Internal Third Parties being other companies in the InVenture Capital Corporation Group acting as joint controllers or processors and who are based in locations outside of Kenya and provide system administration and other shared services within the group.

5.2 External Third Parties such as:

  • 5.2.1 Data controllers with whom you have a contractual relationship and for whom Tala acts as a data processor;
  • 5.2.2 Mobile money providers whom we use for verification in relation to your mobile money account, pursuant to the agreement between you and the relevant mobile money provider;
  • 5.2.3 Credit bureaus and/or any other reliable sources from whom we may obtain your personal data and also supply your consumer credit information which may include information on repayments and defaults and account opening and closing;
  • 5.2.4 Any local or international law enforcement or competent regulatory or governmental agencies in connection with an official request so as to assist in the prevention, detection, investigation or prosecution of criminal activities or fraud;
  • 5.2.5 Tala’s service providers, such as external collection agencies, who are acting as data processors upon the instructions of Tala;
  • 5.2.6 Tala’s agents or any other company that may be or become Tala’s affiliate entity, for reasonable commercial purposes relating to the Services;
  • 5.2.7 Tala’s professional advisors and consultants including lawyers and auditors or to any court or arbitration tribunal in connection with any legal or audit proceedings;

5.3 Third parties to whom we may choose to sell, assign, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

5.4 Any other person that we deem legitimately necessary to share the data with, in all cases in compliance with the Data Protection Act, 2019.

6. INTERNATIONAL TRANSFERS

6.1 Your personal data collected by Tala shall be stored and processed outside of Kenya in a location where Tala or its agents maintain facilities, including the use of cloud storage and cloud computing technology.

6.2 Whenever we transfer your personal data outside of Kenya, we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are implemented. We ensure your personal data is protected by requiring all our group companies, personnel, and agents to follow the same rules when processing your personal data.

7. AUTOMATED PROCESSING

We use automated processing to determine your eligibility for our Services based on the personal data that we collect. Our fraud prevention and credit models utilise data science and machine-learning technology with little to no human intervention and are regularly tested to ensure they remain fair, accurate, and unbiased. You may object to the automated processing of your personal data, but doing so will prevent us from providing you with our Services. If you wish to request a reconsideration of an automated decision, you may contact us via email at hellokenya@talamobile.com or dpo@tala.co.ke. Please note that human intervention does not guarantee that the automated decision will be overturned.

8. DATA GOVERNANCE AND SECURITY

8.1 Tala implements an Information Security Management System to maintain the confidentiality, integrity, and availability of Tala’s information resources, in keeping with our commitments, industry standards and global best practices. You may refer to our Privacy Policy for further details on the data governance and security measures that we implement.

8.2 Where you have chosen or have been given a password, PIN or OTP code that enables you to access certain parts of the Tala App or Channels portal, you are responsible for keeping this password, PIN or OTP code confidential. Never share this password, PIN or OTP code with anyone. Tala will never ask you to provide us with your password PIN or OTP code.

8.3 We have put in place procedures to deal with any suspected breach of personal data and will notify you and any applicable regulatory authority when we are legally required to do so.

9. DATA RETENTION

9.1 Being a registered reporting institution under the Proceeds of Crime and Anti-Money Laundering Act, as amended (POCAMLA), Tala has the obligation to retain certain records for a period of at least seven (7) years or such longer period as the FRC may require, from the date of the relevant transaction or following the termination of an account or business relationship with Tala. To ensure Tala’s ability to comply with this obligation, Tala will retain relevant personal data associated with your account for a period of ten (10) years from the date of the closure of your Tala account.

9.2 In some circumstances, such as when you have no outstanding credit balance with Tala, you can ask us to close your Tala account and delete the associated personal data (subject to Tala’s record retention obligations under the POCAMLA as mentioned above): see the section on Your Data Subject Rights below for further information.

9.3 In some circumstances we will anonymise your information such that it will no longer constitute personal data. In such cases we may use anonymised information for whatever legitimate purpose without further notice to you.

10. YOUR DATA SUBJECT RIGHTS

10.1 As a data subject, you have the following rights in relation to your personal data:

  • To be informed of the uses for which your personal data is processed;
  • To access your personal data in our custody, as well as information about:
  1. the purposes for which we process your personal data;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  4. where possible, the period for which the personal data may be stored, or the criteria used to determine the period for storage and retention;
  5. where the personal data is not collected from you as the data subject, any available information as to the source of collection.
  • To object to the processing of all or part of your personal data (unless we have compelling legitimate interests to continue the processing, or when it is necessary for the establishment, exercise, or defence fo a legal claim);
  • To correct or rectify false, inaccurate, outdated, incomplete, or misleading data about you (subject to verification, such as examination of supporting documents);
  • To erase or delete data that is false, misleading, irrelevant, excessive, unlawfully obtained, or which we are no longer authorised to retain. Your right to erasure will not apply if it is necessary for us to continue to process your personal data to comply with a legal obligation, or for to establish, exercise, or defend a legal claim.
  • To copy, port, or receive your personal data in a structured, commonly used, and machine-readable format, or to have your personal data ported to another data controller or data processor.

10.2 You may request that we restrict the processing of your personal data in the following circumstances:

  • 10.2.1 where need to verify the accuracy of data that you are contesting;
  • 10.2.2 where our use of the data is unlawful but you do not want us to erase it;
  • 10.2.3 where the purpose of the processing has been achieved, but the we need your personal data to establish, exercise or defend legal claims;
  • 10.2.4 you have objected to our use of your data but we need to determine whether we have overriding legitimate grounds to use it.

10.3 You have the right to object to the processing of your personal data for direct marketing purposes, and you can opt out of direct marketing communications by asking us not to send you direct marketing messages.

10.4 You may withhold or withdraw your consent in cases where we rely on your consent as the lawful basis for processing of your Personal Data. Doing so may prevent us from providing you with our Services.

10.5 You or your authorised representative can exercise any of these rights at any time, subject to our verification and review, by contacting us via email at hellokenya@talamobile.com or dpo@tala.co.ke.

11. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

11.1 We keep this Privacy Notice under regular review. Changes to this Privacy Notice will be posted on this page and, where appropriate, notified to you through either the Tala App or Channels, Website email, or SMS.

11.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

12. THIRD PARTY LINKS

Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.