Effective Date: 27 June 2023
1.1 InVenture Mobile Limited (“Tala”), a Kenyan subsidiary of InVenture Capital Corporation, is the data controller responsible for processing your data when you access our Services.
1.2 Tala may also act as a data processor for a data controller with whom you have a contractual relationship. In such instances, Tala will act in accordance with the instructions given by the data controller.
1.3 The Tala Group offers digital financial services to help the traditionally underbanked borrow, save and grow their money. Our Services include:
1.7 Tala’s Services are not intended for children and we do not knowingly process data relating to children.
2. 1 “Channels” means any system or medium (including the Tala App, Unstructured Supplementary Service Data (USSD) and web whether internet based, mobile device based or not), which may be established by Tala from time to time to enable you to access and utilise one or more of the Services.
2.2 “Children” means individuals below the age of eighteen (18) years.
2.3 “Consent” means an express, unequivocal, free, specific, and informed indication of your wishes by a statement or by a clear affirmative action.
2.4 “Customer” or “User” means any individual within the Republic of Kenya to which Tala provides its services.
2.5 “Personal data” means any information relating to an identified or identifiable individual, which shall include Sensitive personal data.
2.6 “Sensitive personal data” means personal data about an individual’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the individual’s child(ren), parent(s), spouse(s), or the individual’s sex or the sexual orientation.
2.7 “Services” refers to the financial and informational products and features provided by Tala to Users, as described in Section 1.3 above.
2.8 “We”, “Our” and “Us” refer to Tala.
3. THE DATA WE COLLECT ABOUT YOU
3.1 Information that you provide. To access our Services, you will be requested to provide personal data as specified in the applicable Privacy Notice. This includes the following:
3.1.1 Identifiers such as name, username, e-mail address, mobile number, or any other identifier by which you may be contacted online or offline;
3.1.2 Responses that you submit to our forms, questionnaires, and surveys;
3.1.3 Communications with Tala, such as call records, customer service requests and tickets, and messages or comments posted on Tala-hosted platforms;
3.1.4 Supporting documents such as government-issued identification, financial documents, and authorization letters.
3.2 Information that we collect as you use the Services. We also collect information from your usage of our products and features, as specified in the applicable Privacy Notice. This includes the following:
3.2.1 Device specifications, such as device identifiers, technical settings and features, and user-selected settings such as language and region;
3.2.2 Usage details, navigation and clicks, traffic data, search history, IP addresses, location data, logs, communication data, and information collected through cookies, web beacons, and other tracking technologies;
3.2.3 Transaction records, such as loan requests, disbursement records, payment records, and fund transfers;
3.2.4 Device content data, such as phonebook and network data, call logs, SMS data, and installed applications.
3.3 Information that we receive from third parties. To provide you with our Services and to comply with our legal obligations, we may also obtain information from third parties such as:
3.3.1 Credit scores or similar scores provided by credit reference or credit scoring entities;
3.3.2 Anti-money laundering records from name and sanctions screening vendors;
3.3.3 Account information from partner financial institutions and service providers;
3.3.4 Identifiers, repayment and other transaction data from partners, external collections agencies, mobile network providers, and mobile money operators.
3.4 Withholding of personal data. If you fail to provide or withhold any or all of the personal data that Tala requests, we may be unable to provide you with our Services.
3.5 Regulatory requirements: We are a Digital Credit Provider regulated by several government bodies, including the Central Bank of Kenya, the Financial Reporting Centre, and the Kenya Revenue Authority. We may be required to collect, process, and retain certain personal data from you in accordance with Anti-Money Laundering, Counter Terrorist Financing and Counter Proliferation Financing (AML/CFT/CPF) or tax regulations if you use our Services.
The personal data mentioned above will be sent to the Tala application programming interface https://prod.ke.atlas-antelope.com
4. HOW WE USE YOUR PERSONAL DATA
4.1 We will only process your personal data when we have a lawful basis to do so, as specified in the applicable Privacy Notice. In most instances, we will process your personal data under one of the following circumstances:
4.1.1 Where you have given your consent for the processing of your personal data.
4.1.2 Where we need to perform a contract with you, or where we need to take steps at your request before entering into a contract with you.
4.1.3 Where we need to comply with a legal obligation.
4.1.4 Where it is necessary for our legitimate interests (or those of a third party), and where your interests and fundamental rights do not override those interests.
4.2 We collect and use your personal data for the following purposes, as further specified in the applicable Privacy Notice for each specific Service:
4.2.1 To determine your eligibility for our Services, including for credit scoring and fraud prevention;
4.2.2 To process requests and instructions that we receive from you, your account, or your device;
4.2.3 To improve our Services, including the development of our models using data science and machine learning technology;
4.2.4 To communicate with you and manage our relationship with you;
4.2.5 To analyse customer behaviour, conduct research, and to personalise the customer experience;
4.2.6 To meet legal requirements, such as know-your-customer and transaction monitoring obligations;
4.2.7 To comply with other orders and directives of local and international law enforcement agencies and regulatory bodies;
4.2.8 To fulfil our contractual obligations to our partners and to allow our partners to fulfil their contractual obligations to you;
4.2.9 To enable the conduct of Tala’s business through its agents, employees, representatives, consultants, vendors, partners, and other service providers.
4.3 We will only send you direct marketing communications by push notification, email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us via email at firstname.lastname@example.org or email@example.com.
4.4 Where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us via email at firstname.lastname@example.org or email@example.com. Once we have received notification of withdrawal of consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
4.5 We use automated processing and automated decision-making with little to no human intervention when we provide you with certain features of our Services. Our models are regularly tested to ensure they remain fair, accurate, and unbiased. Where applicable, you may request a reconsideration of an automated decision by emailing us at firstname.lastname@example.org or email@example.com. Please note that human intervention does not guarantee that the automated decision will be overturned.
5. DISCLOSURES AND CROSS-BORDER TRANSFERS OF YOUR PERSONAL DATA
5.1 We may disclose and/or transfer your personal data to internal and external third parties as described in the applicable Privacy Notice of each particular Service.
5.2 Your personal data collected by Tala shall be stored and processed outside of Kenya in a location where Tala or its agents maintain facilities, including the use of cloud storage and cloud computing technology.
5.3 Whenever we transfer your personal data outside of Kenya, we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are implemented. We ensure your personal data is protected by requiring all our group companies, personnel, and agents to follow the same rules when processing your personal data.
6. DATA GOVERNANCE AND SECURITY MEASURES
6.1 Tala implements an Information Security Management System to maintain the confidentiality, integrity, and availability of Tala’s information resources, in keeping with our commitments, industry standards and global best practices.
6.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulatory authority when we are required to do so.
7. DATA RETENTION
7.1 To determine the appropriate retention period for personal data, we consider the retention requirements set by legal, tax, accounting, and AML/CFT/CPF regulations, the nature and sensitivity of the information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the need to comply with our internal policies. We will retain or store your personal information only for so long as is necessary to fulfil the purposes set forth in the applicable Privacy Notice, and for a reasonable time thereafter for the furtherance and completion of any of our services to you, and for such time as may be necessary in order to comply with any legal obligation.
7.2 Details of retention periods for different aspects of your personal data are available in the Privacy Notice for the applicable Service.
7.3 In some circumstances you can ask us to delete your data: see Your Data Subject Rights below for further information. Where personal data must be deleted, disposal shall be done in a secure manner that would prevent further processing, unauthorised access, or disclosure to any other entity.
7.4 In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
8. YOUR DATA SUBJECT RIGHTS
8.1 As a data subject, you have the following rights in relation to your personal data:
8.2 You may request that we restrict the processing of your personal data in the following circumstances:
8.2.1 where need to verify the accuracy of data that you are contesting;
8.2.2 where our use of the data is unlawful but you do not want us to erase it;
8.2.3 where the purpose of the processing has been achieved, but the we need your personal data to establish, exercise or defend legal claims;
8.2.4 you have objected to our use of your data but we need to determine whether we have overriding legitimate grounds to use it.
8.3 You have the right to object to the processing of your personal data for direct marketing purposes, and you can opt out of direct marketing communications by asking us not to send you direct marketing messages.
8.4 You may withhold or withdraw your consent in cases where we rely on your consent as the lawful basis for processing of your Personal Data. Doing so may prevent us from providing you with our Services.
8.5 You or your authorised representative can exercise any of these rights at any time, subject to our verification and review, by contacting us via email at firstname.lastname@example.org or email@example.com.
9.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
10. THIRD PARTY LINKS
Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.