Privacy Policy

Privacy policy

USER PRIVACY NOTICE

  1. IMPORTANT INFORMATION AND WHO WE ARE

    We take the privacy of our online platform and mobile application users very seriously. We ask that you read this privacy policy (“Policy”), carefully as it contains important information about how we will use your personal data. For the Purposes of the Data Protection Act, No. 24 of 2019, Jireh Innovations Limited, a limited liability company incorporated in Kenya with Company number PVT-Y2U985XX of PO Box 76547-00508, Nairobi, Kenya is the data controller and processor and is responsible for your personal data.

  2. CONTACT DETAILS

    Our full details are:

    • Full name of legal entity: Jireh Innovations Limited
    • Name or title of Data Protection Officer: Terach Franchi
    • Email address: [email protected]
    • Postal address: Jahazi, James Gichuru, Nairobi, Kenya
    • Phone Number: +254 11 432 1958

  3. PERSONAL DATA WE PROCESS

    We will collect the following information from you:

    1. your name,
    2. your email address,
    3. your physical address,
    4. your identity details,
    5. your phone number,
    6. your financial transactions information and statements,
    7. your location,
    8. your credit card number,
    9. your employment information,
    10. other social media information, and
    11. transaction data whenever you transact on Jireh’s website (www.jireh-health.com) and Jireh’s mobile applications (including iOS, Android and Web applications (Apps) together, the Services.

    We will store and process your personal data in our servers in Kenya or in other countries where our cloud storage infrastructure is domiciled. Our cloud storage infrastructure is DigitalOcean and is located in Bangalore, India. DigitalOcean maintains a high level of data security and protection and we will continue to ensure that DigitalOcean maintains its promise of maintaining high security and technical measures and safeguards that guarantee the safety of your Information.

    Whenever we share your information with our third party partners, we will ensure that such partners have demonstrated that they store Information in countries or servers with adequate level of security and protection for your personal data and in accordance with the same principles under the Data Protection Act.

    By submitting your Information, you agree to the collection, transfer, storing or processing of your Information in the manner set in this Policy. We will take all steps reasonably necessary to ensure that your personal data is treated, stored and processed securely and in accordance with this Policy.

  4. HOW WE USE YOUR PERSONAL DATA

    We will use your personal data in the following circumstances:

    • To determine your eligibility for the financing that you will apply for on our platform.
    • We will use your identity details and location information to verify your identity;
    • where we need to perform the contract we are about to enter into or have entered into with you;
    • to handle your loan application and provide you with the right services;
    • to disburse loans and collect payments for your use of the Service;
    • to build the credit models and perform credit scoring on you;
    • to provide other fintech services to you;
    • to communicate with you about Jireh’s products and services;
    • to provide functionality, analyse performance, fix errors, and improve usability and effectiveness of the Services.
    • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
    • where we need to comply with a legal obligation.

    We adhere to the principles relating to processing of personal data as set out in the Data Protection Act and its regulations and therefore will not process your personal data unless you give us consent to do so.

    We acknowledge that any information you provide to us should be given voluntarily. Given the nature of our service, we will not be able to provide the Services if you do not provide the information requested or authorize us to obtain the same from third parties because we rely on the information to transact the Services.

  5. DISCLOSURE OF PERSONAL DATA

    We may disclose your personal data to:

    • Other companies within our group;
    • A third party who acquires or substantially acquires all of our assets, in which case the personal data shall be one of the acquired assets;
    • Our agents and service providers, including partners who will share your credit reports, and third parties who will help us with automated processing of your bank statements. These include but are not limited to:
      • TransUnion Africa, a credit reference bureau;
      • Spin Mobile LLC, a credit scoring service;
    • law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law;
    • Financial institutions such as payment service providers, credit reference bureaus, debt collection agencies, for purposes of assessing your credit, settling financial obligations, recovering any due amounts, and where necessary reporting defaults;
    • Cloud infrastructure providers such as Amazon Web Services, Microsoft Azure, or Google Drive for purposes of hosting your data;
    • Identity verification service providers to authenticate your identity;
    • our business partners in accordance with the ‘Marketing or Opting out’ clause 6;
    • Any other legitimate purpose as allowed by the Data Protection Act and its accompanying regulations.

  6. MARKETING AND OPTING OUT

    If you have given permission, we may contact you by email, telephone or SMS, about our services, promotions or offers that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time.

  7. KEEPING YOUR DATA SECURE

    We will use technical and organisational measures to safeguard your personal data, for example:

    • access to your account is controlled by a password and username that are unique to you;
    • we use secure communication by default to ensure that data is encrypted during transfers;
    • we have established robust access control and monitoring systems to prevent unauthorised access to your data;
    • we store your personal data on secure servers;
    • we regularly review our data security protocols to ensure that our security systems remain updated at all times';
    • We require the same level of security to be maintained by our third party partners.

    While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

  8. MONITORING

    We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance.

  9. TRANSFER OF PERSONAL DATA OUTSIDE KENYA

    We may transfer your personal data outside Kenya to our secure cloud servers in Bangalore, India. Our cloud infrastructure provider maintains the highest level of security compliance in respect of data protection and maintains the following certifications for compliance with ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, and SOC 2 Type II. By providing your consent to this policy, you also authorise us to transfer your personal data provided to us out of Kenya and you explicitly consent to the transfer of your personal data to the foreign recipients mentioned above. We assure you that such proper safeguards have been put in place to address the security and protection of your Information in accordance with the provisions of the Data Protection Act or other similar regulations in the relevant jurisdictions.

  10. DATA RETENTION

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

  11. YOUR LEGAL RIGHTS

    Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights include:

    • request access to your personal data;
    • request correction of your personal data;
    • request erasure of your personal data;
    • object to processing of your personal data;
    • request restriction of processing your personal data;
    • request transfer of your personal data; and
    • right to withdraw consent.

    If you wish to exercise any of the rights set out above, please send us a written request through [email protected] and we will respond to you within 48 hours.

  12. CHANGES TO THIS PRIVACY POLICY

    We may change this Policy from time to time and we will notify you when we do. Regardless, you should check this policy frequently to ensure you are aware of the most recent version that will apply each time you use the Service.

  13. CONTACTS, NOTICES

    If you have any concern about privacy or want to contact one of our data controllers, please contact us through the address set out above, with a thorough description and we will try to resolve the issue for you. Further, the data protection officer for the above mentioned data controllers can be contacted at [email protected]

    14. Last Updated: 7 December 2024.