+254-799-031396 |  +254-20-2861200 | Mon-Fri 08:00 - 17:00

Privacy Policy

  1. INTRODUCTION

    This Privacy Policy provides information on the processing of Personal Data by Banki Kuu Pension Scheme 2012 (“the Scheme”, “we” “us” “our”). This Privacy Policy also explains the rights that you have in relation to the processing activities. The Scheme is committed to ensuring that your Personal Data is processed lawfully and in accordance with the Data Protection Act, 2019 (the “Act”) and its Regulations.

  2. GENERAL PRIVACY STATEMENT

    The Scheme is committed to protecting your personal information in accordance with the Act. This Privacy Policy outlines the types of Personal Data the Scheme may collect, the means by which it may collect, use or share your Personal Data, steps the Scheme has taken to protect your Personal Data and choices you are provided with respect to the use of your Personal Data. Please take a moment to read it.

    For the purpose of this Privacy Policy, “Personal Data” is any information by which you can be individually identified both directly and indirectly, including but not limited to, your name, address, email address and telephone number.

  3. OUR IDENTITY

    The Data Controller is Banki Kuu Pension Scheme 2012. It is registered by the Retirement Benefits Authority as Scheme Reference number: 01950 and issued with Certificate No. 01417.

  4. PURPOSE OF THIS PRIVACY POLICY

    To perform our functions, we need to collect certain Personal Data and sensitive Personal Data.
    This Privacy Policy:

    1. explains how we may contact you and how you can contact us.

    2. explains the different rights and choices you have when it comes to your Personal Data; and

    3. explains the effect of refusing to provide the Personal Data required;

    4. sets out the legal basis we have for using your Personal Data;

    5. explains when, why and with who we will share your Personal Data;

    6. explains how long we keep your Personal Data or the retention criteria;

    7. explains how and why we collect and use your Personal Data;

    8. sets out the types of Personal Data that we collect from you;

  5. THE PERSONAL DATA COLLECTED

    1. The Scheme collects Personal Data directly from you as well as from other available sources to the extent permitted by law.

    2. The Scheme endeavors to collect only that Personal Data that is necessary for the purpose(s) for which it is collected and not to retain such data for longer than necessary for such purpose(s). Subject to applicable law and practice, the categories of Personal Data that are typically collected and processed include, but are not limited to:

      1. Scheme Members: We collect your name, contact information (email addresses and telephone numbers), beneficiaries details, date of birth, gender, residential address.

      2. Event Participants: We collect your name, contact information (email addresses and telephone numbers).

      3. Office guests: We collect your name, contact details ID/Passport number, images through the close circuit cameras (CCTV).

      4. Tenants/Lessees: We collect your name, contact information (email addresses and telephone numbers), ID/Passport number, KRA PIN details, passport photo.

      5. Service Providers, Suppliers: We collect your name, contact details or the details of individual contacts at your organization, your bank details and KRA PIN.

  6. HOW THE PERSONAL DATA IS COLLECTED

    1. We may collect Personal Data:

      1. directly from you. For example, we collect data from you when:

        1. you correspond with us by phone or by email;

        2. you attend our events, such as members day or the Annual General meetings;

        3. you visit our offices; and

        4. you visit our website.

      2. indirectly from you. Examples of situations where we may collect Personal Data indirectly from you include:

        1. where the data is contained in a public record;

        2. where you have deliberately made the data public;

        3. where you have given, us consent to collect the data from another source ;

        4. from third parties who collect information about you on behalf of the Scheme;

        5. where you have an incapacity, and your appointed guardian has consented to the collection from another source;

      3. where the collection from another source is necessary:

        1. for the prevention, detection, investigation, prosecution, and punishment of crime;

        2. for the enforcement of a law which imposes a pecuniary penalty; or

        3. for the protection of the interests of a data subject or another person.

  7. USES OF YOUR PERSONAL DATA

    1. Scheme Members: We process Personal Data to, among others:

      1. assess your eligibility for the Scheme benefits.

      2. enroll you for membership.

      3. determine your beneficiaries.

      4. Process payments from the Scheme.

    2. Participants: We process Personal Data to, among others:

      1. offer the requested services, for example, Annual General Meeting or Members Day.

      2. effectively communicate and update you on upcoming events and Scheme products;

    3. Office Guests: We process Personal Data to, among others:

      1. authorise access to our offices.

      2. security purposes.

    4. Employees: We process Personal Data to, among others:

      1. assess your suitability for the role we seek to fill internally;

      2. enter into an employment contract with you;

      3. populate your employee file;

      4. undertake the payroll process;

      5. collect emergency contact details;

    5. Service Providers, Supplier: We process Personal Data to, among others:

      1. enter into supplier contracts;

      2. make the necessary payments;

      3. effectively communicate and coordinate during the contract period;

      4. make tax payments and returns.

    6. We also process Personal Data to:

      1. communicate and respond to your requests and inquiries to the Scheme;

      2. to engage with business partners;

      3. to analyse, develop, improve and optimize the use, function and performance of our sites and products and services;

      4. to manage the security and operation of our sites, facilities and networks and systems;

      5. to general administration services;

      6. to analyze the trends in our sector of operation;

      7. for research purposes;

      8. help us establish or defend legal claims; and

      9. to comply with applicable laws and regulations.

  8. OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

    1. The Scheme processes your Personal Data for the following lawful bases:

      1. where you consent to the processing for one or more specified purposes; or

      2. where the processing is necessary:

    2. for the performance of a contract to which you are a party or to take certain steps at your request before entering a contract;

    3. for compliance with any legal obligation to which we are subject;

    4. to protect your vital interests or that of another person/individual;

    5. to enable us to perform a task carried on in public interest or in the exercise of official authority vested in us; and

    6. for our legitimate interest.

  9. SHARING OF YOUR PERSONAL DATA

    1. Any disclosure of your Personal Data shall be in accordance with applicable law and regulations.

    2. We may disclose your Personal Data to:

      1. tax or other authorities when we believe in good faith that the law or other regulation requires us to share this data.

      2. service providers who perform functions on our behalf (including but not limited to the administrator, actuary, custodian, investment managers, property managers, external consultants, professional advisers such as lawyers, auditors and accountants, technical and support functions and IT consultants carrying out testing and development work on our systems).

      3. third party outsourced IT and document storage providers.

      4. debt-collection agencies or other debt-recovery organisations.

      5. relevant third parties in the event of a Scheme reorganization, merger, (including in connection with any bankruptcy or similar proceedings).

      6. emergency service providers where such disclosure to emergency service providers is necessary for your rescue, health and safety, including your approximate location.

  10. SAFEGUARDING YOUR PERSONAL DATA

    1. We care about protecting your Personal Data. That is why we have put in place appropriate measures that are designed to prevent Personal Data breaches.

    2. We do this by having in place a range of appropriate technical and organizational measures including measures to deal with any suspected Personal Data breaches.

    3. If you suspect any misuse or loss of or unauthorized access to your Personal Data, please let us know immediately by contacting us.

  11. RETENTION OF YOUR PERSONAL DATA

    1. We will only keep your Personal Data for as long as it is necessary to achieve the purposes for which it was required unless the retention is required or authorized by law, reasonably necessary for a lawful purpose, you have consented to longer retention periods or if the Personal Data is required for auditing or compliance purposes.

  12. THE RIGHTS YOU HAVE OVER YOUR PERSONAL DATA

    1. The Act accords you several rights over your data.

    2. right to information: you have a right to be informed of how the Scheme will use your Personal Data.

    3. right of access: you are entitled to access your Personal Data that is in our possession or custody.

    4. right to object: you can object to the processing of all parts of your Personal Data, unless we can demonstrate:

      1. a compelling legitimate interest for the processing which overrides your interests: or

      2. that we are processing your Personal Data for the establishment, exercise or defense of a legal claim.

    5. right to rectification: you have the right to request us to rectify or correct, Personal Data in our possession or under our control that is inaccurate, outdated, incomplete or misleading.

    6. right to erasure: you can request us to delete or destroy Personal Data that we are no longer authorized to retain, or which is irrelevant, excessive, or obtained unlawfully.

    7. right to data portability: you have the right to receive Personal Data concerning you in a structured, commonly used and machine-readable format and to transmit the data to another data controller without hinderance. Where technically possible, have Personal Data transmitted directly from us to another data controller or data processor.

    8. automated decision making: you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning or that significantly affects you. The Scheme may from time to time make decisions based on automated processing of your Personal Data. In such instance, you will be informed, in writing, whenever a decision based on automated processing is taken. In addition, you can request us to reconsider any decisions made based on automated processing or to take a new decision that is not based solely on automated processing.

    9. right of restriction: You have the right to request us to restrict the processing of Personal Data where:

      1. you contest the accuracy of the Personal Data.

      2. the Personal Data is no longer required for the purpose of the processing.

      3. the processing is unlawful or you are opposed to the erasure of the Personal Data and requested for restriction of its use instead.

      4. you have objected to the processing of Personal Data, pending verification as to whether our legitimate interests override yours as the data subject.

    10. right to raise a complaint: You can raise a complaint about the processing of your Personal Data.

    1. If you wish to exercise any of our rights above, please contact us using our contact address. We will endeavor to deal with your request without undue delay.

    2. We will ask for identification to ascertain whether we are issuing the data to the right person.

  13. MINORS

    Our processing activities described in this Privacy Policy are not designed or intended to collect Personal Data from children under the age of eighteen (18) unless explicitly advertised in the platform. We do not knowingly collect any Personal Data on this site from anyone under the age of 18 without the prior, verifiable consent of a parent or guardian. Such parent or guardian may have the right, upon request, to view the information provided by the child and require that it be deleted. Moreover, all minors should seek their parents or guardians’ permission prior to using or disclosing any Personal Data on our website or online resources.

  14. COMPLAINTS MANAGEMENT

    If you have any complaint regarding our compliance with this Privacy Policy, please contact us. We will investigate and endeavor to resolve complaints and disputes regarding use of Personal Data in accordance with our policies and the applicable law. You also have the right to file a complaint with the Office of the Data Protection Commissioner.

  15. INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

    1. To provide you with the best services and carry out the purposes outlined in this Privacy Policy, we may need to transfer your Personal Data;

    2. to our oversees service providers; or

    3. to cloud-based storage providers.

    4. We will only transfer your data outside Kenya where such transfer is compliant with the provisions of the Act.

    5. To ensure that your Personal Data receives adequate levels of protection, we shall put in place appropriate procedures with the third parties we share your Personal Data with to ensure that your Personal Data is treated by those third parties in a way that is consistent with and which respects the data protection laws.

  16. COOKIES

    Cookies are small text files that websites save to your computer.

    These pieces of information are used to improve services for you through, for example:

  • remembering settings, so you don’t have to keep re-entering them whenever you visit a new page.

  • measuring how you use the website so we can make sure it meets your needs

  1. We use cookies for website analytical and performance monitoring functions.

  2. COLLECTION OF PERSONAL DATA FROM OUR WEBSITE VISITORS

    Optional Personal information will only be collected when a visitor submits Feedback.

  3. YOUR RESPONSIBILITIES

    1. You are responsible for the Personal Data you make available to the Scheme, and you must ensure it is accurate, honest, truthful, and not misleading in any way. You remain liable for any claims, damages or loss that may occur due to your provision to the Scheme of inaccurate information. You will be required to indemnify the Scheme for any third-party claims that may arise thereto.

    2. You must also ensure that the Personal Data you provide to the Scheme does not contain material that is obscene, defamatory, or infringing on any rights of any third party.

    3. Further, if you provide any Personal Data concerning any other person, such as individuals you provide for recommendation purposes or as references (“referee”), you are responsible for providing any notices and obtaining any consents necessary for the Scheme to collect and use that Personal Data before you provide the referee’s Personal Data to the Scheme.

    4. Should you choose to withhold your Personal Data, for any reason whatsoever, the Scheme will be unable to provide you with the services requiring the Personal Data withheld.

  4. UPDATES TO THIS PRIVACY POLICY

    The Scheme reserves the right to amend or modify this Privacy Policy at any time. If we amend this Policy, you can access the most current version of the Policy at our offices or on our website.

    Any amendment or modification to this statement will take effect from the date of notification. Your use of our website following an update means that you accept the revised Privacy Policy.

  5. CONTACT DETAILS

    1. We welcome your questions, inquiries, comments, and concerns about privacy. If you have any questions about this Privacy Policy or our Personal Data processing practices, you can contact the Scheme using this email address pensions@centralbank.go.ke.

      The Scheme’s offices are located at: CBK Pensions Secretariat, Haile Selassie Avenue, , P.O Box 51065-00200 Nairobi.