Data/Information means any information relating to you, including your name, identification number, location data, online identifier address, photo, email address, pins, passwords, bank details, posts on our Platforms, religion, date of birth, health, race/tribe, nationality, ethnicity, political views, trades union membership, criminal records, medical information, and other unique identifiers such as but not limited to MAC address, IP address, International Mobile Equipment Identity (IMEI) number, Bank Verification Number, International Mobile Subscriber Identity (IMSI) number, Subscriber Identification Module (SIM) and others. It also includes factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
Process/Processing means any operation or set of operations which is performed on your Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We kindly request that you carefully read through this Policy and click on the ‘Agree’ icon below, if you consent to the terms of this Policy, particularly with respect to the processing of your Personal Data. That notwithstanding, if you proceed to use any of our Platforms and services, it will be deemed that you have provided your express consent to the terms of this Policy.
You must be at least 18 years old to use our services or any of our Platforms. Individuals under the age of 18, or applicable age of maturity, may utilize our Platforms services only with involvement of a parent or legal guardian, under such person’s account. Regardless, all Personal Data which we may process shall be in accordance with this Policy and other applicable laws.
COLLECTION OF PERSONAL DATA
In the course of your engagement with us or with third parties through our Platforms, we may collect your Personal Data in the following ways:
b. Information from downloads: When you download or use our digital Platforms, or access any of our sites, we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertisements, search results, and other personalized content. You may disable your location in the settings menu of the device.
c. Physically or Digitally Provided Information: We may collect and process your information when you create and/or update your account on our Platform; complete forms, questionnaires, surveys etc. We may also collect Information from the data you provide to us through documents, letters, e-mail, agreements, correspondence, ID cards, passports, or through any other means by which you willfully provide information to us.
d. Third Parties: We may also receive your information from third parties such as relatives, guardians, financial institutions, vendors, and service providers etc.
e. Social media: We also receive Information through your engagements with us on social media sites (e.g., Facebook, Instagram, LinkedIn, Twitter, and WhatsApp). This includes but are not limited to your replies to our posts, your comments, enquiries, messages to us, etc.
USING YOUR PERSONAL INFORMATION
In the course of your engagements with us or through our Platforms, we collect personal information for various legal reasons, largely to enable us to personalize your experience and to provide a more efficient service to you. Some of the reasons we collect Information are to:
a. provides services and customer support;
b. process transactions, payment requests, and send notices about transactions; c. create an account with us for the provision or use of our services;
d. verifies customers’ identity, including during account creation and password reset processes; e. manages your account and provide you with efficient customer service,
f. resolve disputes, process payments and troubleshoot problems;
g. manages risks, or to detect, prevent, and/or remediate fraud, violation of policies and applicable user agreements or other potentially prohibited or illegal activities;
h. executes our contractual obligations to you;
i. improves our services and functionality by customizing user experience;
j. measures the performance of our services and improve their content and layout; k. manages and protect our information technology infrastructure;
l. provides targeted marketing and advertising, provide service or transaction update notices, and deliver promotional offers based on communication preferences;
m. obtains a means by which we may contact you; either by telephone, text (SMS), email messaging, social media, etc;
q. executes your specific requests or use same for a specific purpose as you may instruct; r. investigate and respond to your complaints or enquiries;
STORAGE AND PROTECTION OF YOUR DATA
We protect your personal Information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of our safeguards include ensuring that sensitive data are encrypted and store with only authorised users having access to this information. Access to our various platforms is restricted to authorized users only. Your Information is also stored on our secure servers as well as secure physical locations and cloud infrastructure. All information are stored in data centres which is collocated out our office environment, this is to ensure security of data and also availability of data when required.
We will take all necessary measure to ensure that your Personal Data is safe, however, you are also required to ensure that access codes, PINs, passwords, usernames, and all other information or hints that may enable third party access to your accounts on our Platforms are secure. We therefore strongly advise you to keep such information secure and confidential. If you use a third party’s device (laptops, phones, public internet, etc.) to access your account, kindly ensure that you always log out. Kindly note however those certain devices are programmed to save passwords or usernames, as such, we therefore advise that you use third party devices with extreme caution. If you believe that an unauthorized person has accessed your information, please contact us immediately.
PROCESSING YOUR INFORMATION
In order to execute our obligations to you or process your transactions, we may be required to process your Information, such as your name, account number, account ID, e-wallet account, contact details, shipping and billing address, or other information needed to complete the transaction. We also work with third parties, including financial institutions, vendors, service providers, who at one point or the other facilitate transactions executed on our Platforms. For completeness, in the course of your engagement with us or use of our services and Platforms, we may share your information with different stakeholders, including but not limited to Financial institutions; service providers; Credit bureaus and collection agencies to report account or credit information; Cellulant Group companies (including subsidiaries and affiliates); Regulatory or judicial authorities; or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to Cellulant. Please note that the parties mentioned above may be within or outside your country of residence.
We may also process your Information when we believe, in our sole discretion, that the disclosure of your Information is necessary to comply with applicable laws and judicial/regulatory orders; conduct investigations; manage existing or imminent risks, prevent fraud, crime or financial loss, or for public safety or to report suspected illegal activity or to investigate violations of our Terms and Conditions.
In all cases, we will ensure that your Information is safe, and notify the receiving party of the confidential nature of your Information, particularly the need to maintain the confidentiality of same and prevent unlawful or unauthorised usage.
You have the following rights regarding your personal information collected by us:
a. Right to access your personal information being held by us. Request for such information may be sent to [email protected] .
b. Right to request that your personal data be made available to you in an electronic format or that it should be sent to a third party (Kindly note that we have the right to decline such request if it is too frequent, unreasonable, and likely to cause substantial cost to us. In any event, we will communicate the reason for our refusal);
c. Right to rectify any inaccurate, incomplete information. As such, if you discover any inaccuracy in your personal information, kindly notify us promptly and provide us with documentary evidence to enable us to update the requisite changes;
d. Right to withdraw consent for the processing of your information, provided that such withdrawal shall not invalidate any processing hitherto done based on the consent previously given by you; e. Restrict or object to the processing of your personal data if we may be compelled to process your data where required under law, regulatory authorities, or court of law;
f. Right to request that your personal data be deleted. We may however continue to retain the information where required under law, contract, regulatory authorities, or court of law. g. Right to data portability;
h. Right to lodge complaints with relevant authorities;
i. Right to information regarding the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing;
If you download or use our software, such as a stand-alone software product, an app, or a browser plugin, you agree that from time to time, the software may download and install upgrades, updates and additional features from us in order to improve, enhance, and further develop the software.
CROSS BORDER DATA TRANSFER POLICY
Cellulant is a multi-national company with affiliates and partners spread across different parts of the world. Consequently, in the course of providing you with our services and in a bid to serve you better, we may be required to transfer your Information/Data (electronically or otherwise) across the borders of your resident country. Nonetheless, we have an unwavering commitment to ethical and responsible practices in ensuring that your Personal Information is adequately protected regardless of where the data is transferred or hosted.
This Policy defines our global standards for management and protection of Information/Data by or on behalf of Cellulant regardless of the country from which it originates or to which Information may be transferred. This Policy will apply to any transfer of information which is undergoing processing or is intended for processing after transfer to a foreign country or to an international organisation.
We will only transfer Information or allow it to be processed by third parties in a different jurisdiction if such country has an adequate level of data protection as determined by the appropriate regulatory authority in accordance with the provisions of the governing Data Protection Regulation in your country or any other privacy laws in force.
In the absence of any decision by the appropriate regulatory authority as to the adequacy of safeguards in a foreign country to which your Information may be transferred, we will only transfer your Information to a foreign country or an international organisation only if any of the following requirements have been met:
a. Your explicit consent has been obtained (Please note that such foreign country or international organization may have privacy laws or policies less stringent than that of your resident country. However, we will ensure that the recipient of such Information undertakes to protect your Information and handle it with utmost confidentiality);
b. The transfer is necessary for the performance of a contract between you and the Cellulant or the implementation of pre-contractual measures taken at your request;
c. The transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Cellulant and another natural or legal person;
d. The transfer is necessary for public interest;
e. The transfer is necessary for the establishment, exercise or defence of legal claims; and
f. The transfer is necessary in order to protect your vital interests or of other persons, where you are physically or legally incapable of giving consent.
In order to ensure that any cross-border transfer of your Information is adequately protected, we may:
a. conduct privacy due diligence to evaluate the privacy practices and risks associated with third parties in a foreign country.
c. ensures that in providing your Information, that we will, where necessary, ensure that it is anonymized, and we will obtain written assurances from any third parties that they will only use the Information for the legal purpose for which it was provided, and in accordance with applicable laws;
d. where required, register the processing of your Information with or seek the approval of the applicable privacy or data protection regulatory authority.
e. limit data retention periods for Information.
f. discloses your Information in response to lawful requests by public authorities, including to meeting national security or law enforcement requirements.
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser, and which collects information about user actions on a site.
This Policy applies to our websites and Platforms alone. We do not exercise control over the sites displayed or linked from within our various services. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you.
WHAT TYPE OF COOKIES DO WE USE?
Temporary cookies: This is also known as ‘session cookies’; it helps our sites and platforms to recognise users, temporarily memorize their online activities and the information provided when they navigate through our website. Session cookies only retain information about your activities for as long as you are on the website. Once the web browser is closed, the cookies are automatically deleted.
Permanent cookies: This is also known as ‘persistent cookies’ or ‘first-party cookies’; they remain in operation even after the web browser has closed. It helps our sites or platforms remember your information, preferences and settings such as language selection and internal bookmarks for when you revisit in the future.
Cookies store helpful information to enhance users’ experiences on our site, and possibly to improve our ability to reconnect with you later. They are used to remember you and your preferences such as your preferred language, device settings, browsing activities and other useful information, help you navigate between pages efficiently, and generally improve your experience in using our services.
The following cookies are used are as follows:
WHERE WE PLACE COOKIES
We set cookies in a number of different locations across our services. These locations may include:
b. Our mobile applications;
Declining our Cookies may affect your ability to fully utilize our Platform and services. Without cookies you may not have access to certain features on the site, including access to certain personalized content.
Cellulant may revise this Cookies Policy to reflect changes in the law, our data collection and use practices, the features of our site, or advancements in technology. If we make any material changes, we will notify you by email or through a prominent notice on our sites/platforms prior to such change.
DATA RETENTION POLICY
This Data Retention Policy (the “Policy”) sets out how Cellulant retains Records (defined below) necessary for its business operations, contractual obligations, legal, audit and regulatory compliance, and when we may destroy such Records, whilst promoting orderly and efficient data management. This ensures compliance with the data protection laws and the duty of confidentiality to which we are bound. We retain your information for as long as necessary for the purpose(s) for which it was collected. The period of data storage and retention is subject to legal, regulatory, administrative and operational requirements.
Records include Information, data, documents (contractual, personal), correspondence, policies, confidential information, etc. regardless of media; created, received, and maintained by Cellulant as evidence, and in compliance with regulatory requirements, legal obligations, business practices, legal policies, contractual obligations, financial transactions, administrative activities, business decisions or other actions. Records provide information about, and evidence of Cellulant’s transactions, customers, employment and activities, and may be created, received or maintained in hard copy or electronic format.
Scope of this Policy
The main objective of this Policy is to ensure that complete and accurate Records are identified, retained, stored, protected and subsequently destroyed or archived appropriately under such terms and within such periods set out in this Policy.
This Policy applies to all our Platforms, and all related sites, applications, services and tools regardless of how they are accessed or used. It also covers all Records stored on company-owned, leased, and otherwise company-provided systems and media, regardless of location, including our servers, third party servers; computer systems (desktops or laptops), mobile devices, physical records stored at our offices or other locations.
Cellulant’s Data Compliance Officer (DCO) shall oversee the administration, implementation and the procedure of this Policy. The DCO work with the company’s management and legal & compliance department and shall ensure that the data retention schedule (below) is followed. The DCO has the authority to review the data retention procedures; monitor compliance; make modifications to the data retention schedule when necessary to ensure it complies with the relevant laws, encompasses new developments and contains the appropriate records and document.
In addition to other existing data protection measures being implemented by Cellulant, we will ensure that the following measures are in place to protect the security of retained Records:
a. All Records received and retained through emails must be encrypted and/or password protected and will only be transmitted and stored over secure networks.
b. All Records retained physically (in hardcopy form) will be stored in a secure container, file or folder, marked “confidential” and kept in a safe location.
c. Records whether physical or electronic will be stored in secure folders and will not be left unattended.
d. Computers used to retain Records will always be password protected, properly maintained, and protected from virus or unauthorized access.
e. Retained Records will not be stored in the personal devices of employees of the company. f. All Records stored electronically will be backed up periodically with backups stored onsite at our offices or offsite at a data center.
g. All electronic copies of Records will be stored securely using passwords and encryption as appropriate.
h. Records will be retained in a secure location, with limited access to authorized personnel only. i. All passwords used to protect Records will be changed periodically and must be secure.
j. All Records retained during their specified periods will be traceable and retrievable.
Retention Period and Procedures
For all Records obtained, used and stored by Cellulant, we will conduct periodic reviews of the Records retained, confirming their purpose, continued validity, accuracy and requirement to retain such Records. Records will be kept for as long as they are needed to meet the operational or contractual needs of Cellulant, together with legal and regulatory requirements. Cellulant may transfer paper-based Records to an alternative media format in instances of long retention periods. As a general principle, Cellulant will only need to retain one copy of the final version of a Record. Draft documents may be destroyed immediately unless they contain vital information which were not otherwise contained the final document.
The retention periods for Records provided under this Policy takes into consideration: the requirements of Cellulant for such Records; the type, sensitivity and importance of such Record; contractual obligations; the purpose of processing such record; lawful basis for processing the records; the requirements of the law. Where it is not possible to define a statutory or legal retention period in line with the applicable data protection/privacy laws, we will identify the criteria by which the period can be determined (such as industry standards) and update this Policy as may be necessary.
Records must be categorised by purpose and retained for specific periods in accordance with the Retention Schedule below. Retained Records will be grouped by category and in a clear date order when the Record was stored and/or archived.
Notwithstanding the retention periods provided in the retention schedule below, Records which are subject of, or required in any pending litigation, investigation or other regulatory process shall not be destroyed or altered, until the completion of such process.
Destruction of Records
Destruction of Records is a critical component of a data retention policy. Once the retention period has elapsed, the Records are either reviewed, archived, returned, anonymized or confidentially destroyed depending on their purpose, importance and legal requirements. When a Record has reached its designated destruction date, the DCO shall refer to the retention register to determine the next action to be taken. Not all data or records are expected to be deleted upon expiration; sometimes it is sufficient to anonymize the data, return the Record or to archive Records for a further period.
Records will not be kept after the retention period unless:
a. the Record is the subject of a pending litigation, administrative or regulatory proceedings. In these circumstances, destruction will be delayed until such regulatory proceedings have been completed, at which time a new retention period will be created.
b. the Record has long-term value for Cellulant’s statutory or regulatory obligations. c. Cellulant determines that such Record will be permanently stored, provided that no legal, regulatory or contractual breach will occur by the permanent retention of such record. d. there is a legal or regulatory reason or order to maintain the Records either permanently or for a longer period.
Cellulant is committed to the secure and safe disposal of any Record in accordance with our contractual and legal obligations. Accordingly, when the Records have been retained until the end of their retention period, they can be destroyed in the following ways:
a. Hardcopy of documents will be destroyed by shredding or burning.
b. non-sensitive information can be thrown in a normal trash bin and properly disposed. c. Electronic Records will be deleted /erased and cleared from recycle bins. d. electronic equipment or systems containing Records will be destroyed. Where a specific Record
is stored in one single media such as a CD Rom and cannot be erased, such media used to store the Record will be physically destroyed. However, where the media contains other Records which are not due for deletion, and it is impossible to separately erase such Record due for deletion, the retention period shall be extended to such period when all the Records in that media are due for deletion/destruction, and Cellulant shall either format or physically destroy the media.
e. Destruction of electronic Records should render them non-recoverable even using forensic data recovery techniques.
DATA RETENTION SCHEDULE
The Retention schedule below will govern the period that Records will be retained in accordance with this Policy. Cellulant must comply with data protection laws, contractual or regulatory obligations which require that Records must not be kept longer than is necessary for the purpose for which it was collected.
The Data Retention Schedule is organized as follows:
|S/N||Record Type||Retention Period|
|1.||Accounting and Finance||7 years|
|2.||Contracts||7 years after termination/expiry|
|3.||Corporate Records||6 years|
|4.||Correspondence and Internal Memoranda||6 years|
|5.||Electronic Documents||6 years|
|6.||Grant Records||6 years after expiration|
|7.||Insurance Records||7 years|
|8.||Legal Files and Papers||Permanent|
|10.||Payroll Documents||6 years|
|11.||Pension Documents||6 years|
|12.||Personnel Records||6 years|
|14.||Tax Records||10 years|
|15.||Project Records||6 years after completion|
|16.||General Correspondence||10 years|
|17.||Corporate Policies||6 years after cancellation or expiry|
|18.||Employment records||6 years after termination|
|19.||Health & Safety Records||6 years|
|20.||Intellectual Property documents||Permanent|
|21.||Membership records||6 years from membership expiry|
THIRD PARTY CONTRACT & SERVICE PROVIDERS DATA POLICY
Data transfer to third parties
We may share your personal data with our service providers, financial institutions, vendors, affiliates, subsidiaries, parent company, contractors, etc to assist us in providing, delivering, analyzing, administering, improving, and personalizing content that are delivered to you as part of our services. These include third parties who assist us in performing, delivering, or enhancing certain products and services related to the delivery and operation of our services; or who provide technical and/or customer support on our behalf; or who provide application or software development and quality assurance; or who provide verification functions, who process transactions and payment requests, research on user demographics, interests, and behaviour, and other products or services. These third-party service providers may also collect personal information about or from you in performing their services and/or functions on our website or Platforms. We may also pass certain requests from you or your organization to these third-party service providers. Regardless of the third-party involved, any disclosure shall only be for a lawful purpose.
Data transfer for the purpose of legal/regulatory compliance
We may from to time be required to share your personal data with a regulator, law enforcement body, government agency, court or other third party to (i) comply with the law; (ii) enforce the terms of a contract; and (iii) protect the rights, property, or safety of Cellulant.
Links to third-party websites or services
This Policy only applies to Information collected by our site/Platforms or which we transfer in the course of our services to you. Our site and platforms may contain links to other websites or services that are not owned or controlled by us, including links to websites of financial or technical partners, financial institutions, vendors, advertisers, sponsors, partners, service providers, who at one point or the other facilitate transactions executed on our Platforms.
Security of shared information
Cellulant will from time to time monitor and review the conduct or activities of these third parties to ensure that they are compliant with the confidentiality obligations imposed on them.
If you violate the letter or spirit of this Policy, or otherwise create risk or possible legal exposure for us or attempt to violate the privacy rights of Cellulant and/or its other users, we reserve to restrict your access to our Platforms. We will notify you if we are constrained to take such decision.
We are dedicated to ensuring that you are satisfied with our management of your Information. However, in the unlikely event that you have a complaint, please contact us via the details below, stating your name and details of your complaint. Upon receipt of your complaint we will endeavor to contact you within (48hrs) with a view to amicably resolving such dispute within the shortest possible time. The foregoing notwithstanding, all disputes arising from this policy shall first be resolved by negotiation. However, if parties fail to resolve the disputes amicably by such mutual consultations, parties shall further attempt to resolve the dispute by mediation.
If you have questions regarding your data privacy rights or would like to submit a related data privacy right request, kindly contact us via the information below:
CELLULANT KENYA LIMITED
Vienna Court, State House Crescent,
West Wing, 2nd Floor,
P.O Box 44134-00100, Nairobi, Kenya.
Email: [email protected]
Phone number: +2349074180976
Physical addresses of our other offices can be accessed via https://cellulant.io/contact-us/
Please allow up to 2days for requests to be processed. The Company reserves the right to charge a reasonable fee to process excessive or repeated requests.
We may amend or revise this Policy at any time by posting a revised version on our website. Notice of the amendment shall be posted on our website and the revised version will be effective from the date of publication. Kindly, note that your continued use of our Platform after the publication of the revised version constitutes your acceptance of our amended terms of the Policy.