We are updating our Terms and Conditions, effective 16/03/2023. See the Credit Line Terms and Conditions for details.
Effective Date: 1 July 2022
1. SCOPE OF THIS PRIVACY NOTICE
1.1 This Privacy Notice applies to your use of:
1.2 InVenture Capital Corporation, a US corporation, is affiliated with different legal entities. When we mention TALA in this document, we are referring to the relevant Kenyan subsidiary company, InVenture Mobile Limited, which is the data controller responsible for processing your data and which will be clear to you when you use our App.
1.3 If you have any questions about this Privacy Notice, please contact us via email at hellokenya@talamobile.com.
1.4 Our Privacy Policy also applies to your use of the App and explains what personal data we collect, with whom we share it, how we may use your data and how you (the user of the Service) can prevent us from sharing certain information with certain parties.
1.5 This Privacy Notice informs you as to how we look after your personal data when you download our App, use our products or services and tells you about your privacy rights and how the law protects you. Please read our Privacy Policy and this Privacy Notice carefully to understand our views and practices regarding your personal data and how we will treat it in accordance with the Data Protection Act, 2019.
1.6 By accepting the terms of this Privacy Notice and our Privacy Policy, you accept and consent to the practices described in this Privacy Notice and our Privacy Policy. This Privacy Notice shall always prevail over the Privacy Policy in relation to how we use your information for the App.
1.7 The Tala App is not intended for children, and we do not knowingly collect data relating to children.
2. DEFINITIONS
Terms used in this Privacy Notice shall have the following meanings, and reference to the singular includes the plural (and vice versa).
2.1 “Authorities” includes any judicial, administrative, government, public or regulatory body, securities or futures exchange, court, central bank or law enforcement body, or any of their agents with jurisdiction over Tala.
2.2 “Child” means an individual who has not attained the age of eighteen (18) years.
2.3 “Comply with a legal obligation” means processing your Personal Data where it is necessary for compliance with a legal obligation that we are subject to, such as (a) Laws or international guidance and internal policies or procedures, (b) any demand from Authorities or reporting, disclosure or other obligations under Laws, and (c) Laws requiring us to verify the identity of our customers.
2.4 “Consent” means processing your Customer Information where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely given, specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us via hellokenya@talamobile.com.
2.5 “Customer” or “User” means any individual within the Republic of Kenya to which Tala provides its products or services.
2.6 “Customer Information” means your Personal Data, Sensitive Personal Data, and/or Relevant Information including relevant information about you, your transactions, your use of our products and services, and your relationships with Tala.
2.7 “Laws” include any local or foreign law, regulation, judgment or court order, voluntary code, sanctions regime, an agreement between any member of Tala and an Authority, or agreement or treaty between Authorities and applicable to Tala.
2.8 “Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
2.9 “Performance of Contract” means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
2.10 “Personal Data” or “Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
2.11 “Relevant Information” means information that Tala requires for purposes of providing the Services, including, but not limited to, data relating to your phone (including, without limitation, your phone’s history) from your Equipment (meaning your mobile phone handset, SIM Card and/or other equipment which when used together enables you to access the Network), from any SMS (meaning a short message service consisting of a text message transmitted from your mobile phone to another)sent to you by the Mobile Money Providers (meaning a mobile network operator registered with the Communications Authority of Kenya) and any financial services providers relating to your use of the Mobile Money Service (meaning the money transfer and payments service provided by the Mobile Money Providers through the Mobile Money System) and such other information as may be described in Section 3.1 below;
2.12 “Sensitive Personal Information” refers to Personal Data about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; health status, education, biometric data, genetic data, sex or the sexual orientation of a person, property details, family details including names of the person’s children, parents, spouse or spouses; any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and specifically established by an executive order or other legislative act to be kept classified.
2.13 “Services” refers to the products and features provided through the App or the App Site, including the maintenance of the App, once you have downloaded or streamed a copy of the App onto your Device.
2.14 “We”, “Our” and “Us” refer to Tala.
3. THE DATA WE COLLECT ABOUT YOU
3.1 We may collect, use, process, store and transfer different kinds of Personal Data and Relevant Information about you including but not limited to:
3.2 We also may collect other information about you, your device and your use of the App in ways that we describe to you at the time of collection or otherwise with your consent.
3.3 The collection of your data by us includes but is not limited to the following sources:
3.4 The App may access the following device permissions, depending on your Equipment’s operating system and the version of the App that you have downloaded. Keep your Tala App updated to make sure you can experience the latest and most secure features.
3.5 We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy notice.
4. HOW WE USE YOUR PERSONAL DATA
4.1. We will only use your Personal Data when we are legally permitted to do so. Most commonly we will use your Personal Data in the following circumstances:
4.2 We will only send you direct marketing communications by push notification, email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us via email at hellokenya@talamobile.com.
5. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
Purpose/activity |
Type of data |
Lawful basis for processing |
|
Identity Contact Financial Device |
Your consent |
|
Identity Contact Financial Transaction Device Account Servicing Marketing and Communications Location Third Party |
Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us) |
|
Identity Contact Financial Profile Account Servicing Marketing and Communications |
Your consent Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyze how customers use our products/ Services) Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions) |
To enable you to participate in a prize draw, competition or complete a survey |
Identity Contact Device Profile Marketing and Communications |
Your consent Performance of a contract with you Necessary for our legitimate interests (to analyze how customers use our products/Services and to develop them and grow our business) |
To administer and protect our business and this App including troubleshooting, data analysis and system testing |
Identity Contact Device Account Servicing |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) Performance of a contract with you |
|
Identity Contact Device Content Profile Usage Marketing and Communications Location |
Consent Necessary for our legitimate interests (to develop our products/Services and grow our business) |
|
Identity Contact Device Content Profile Usage Marketing and Communications Location Financial |
Necessary to comply with legal obligations Necessary for our legitimate interests (for running our business) |
|
Identity Contact Device Content Profile Usage Account Servicing Marketing and Communications Location Financial |
Your consent Performance of a contract with you Necessary for our legitimate interests (for running our business) Necessary to comply with legal obligations |
6. DISCLOSURES OF YOUR PERSONAL DATA
When you consent to providing us with your Personal Data, we will also ask you for your consent to share your Personal Data with the third parties set out below for the purposes set out in the table above.
6.1 Internal Third Parties being other companies in the InVenture Capital Corporation Group acting as joint controllers or processors and who are based in locations outside of Kenya and provide IT and system administration services and undertake leadership reporting.
6.2 External Third Parties such as Service providers acting as processors who include:
6.3 Third parties to whom we may choose to sell, assign, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Notice.
6.4 In business practices including but not limited to quality control, training and ensuring effective systems operation.
6.5 Any other person that we deem legitimately necessary to share the data with.
7. INTERNATIONAL TRANSFERS
7.1 Your Personal Data collected by Tala may be stored and processed outside Kenya in a location which Tala or its agents maintain facilities.
7.2 Whenever we transfer your personal data out of Kenya, we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are implemented. We ensure your personal data is protected by requiring all our group companies and agents to follow the same rules when processing your personal data.
8. AUTOMATED PROCESSING
We use automated processing to determine your eligibility for our Services based on the Personal Data and Relevant Information that we collect. Our fraud prevention and credit models utilize data science and machine-learning technology with little to no human intervention and are regularly tested to ensure they remain fair, accurate, and unbiased. You may object to the automated processing of your Personal Data, but doing so will prevent us from providing you with our Services. If you wish to request a reconsideration of an automated decision, you may contact us via email at hellokenya@talamobile.com. Please note that human intervention does not guarantee that the automated decision will be overturned.
9. DATA SECURITY
9.1 All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be secured. Where we have given you (or where you have chosen) a password that enables you to access certain parts of Our App, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.
9.2 Once we have received your information, we will use strict procedures and security features to try to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way.
9.3 We will collect and store your Personal Data on your Device using application data caches and browser web storage (including HTML5) and other technology.
9.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
10. DATA RETENTION
10.1 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.
10.2 In adherence to the law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for certain periods after they cease being customers.
10.3 Details of retention periods for different aspects of your personal data are available in our retention policy which you can request by contacting us.
10.4 In some circumstances you can ask us to delete your data: see Your Data Subject Rights below for further information.
10.5 In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
11. YOUR DATA SUBJECT RIGHTS
11.1. Under certain circumstances you have the following rights under data protection laws in relation to your personal data.
You have the right to:
11.2 You also have the right to ask us not to continue to process your personal data for marketing purposes.
11.3 You can exercise any of these rights at any time by contacting us via email at hellokenya@talamobile.com.
12. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
12.1 We keep this Privacy Notice under regular review. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you when you next start the App or log onto one of the Services Sites. The new notice may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App or the Services.
12.2 It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
13. THIRD PARTY LINKS
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services.31