Privacy Policy
Privacy Policy
This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the Service and informs you about your privacy rights and how the law protects you. If you do not agree with our policies and practices, you may choose not to use our Service. For more information about C, please visit the “Privacy Policy” section on our official website. This policy may change from time to time. If a specific product we offer has a separate privacy policy or a special provision in the corresponding user service agreement, that product’s privacy policy will take precedence; for content not covered by that product’s privacy policy and user service agreement, this policy will apply. We use your personal data to provide and improve the Service. By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
Introduction
We highly value the privacy and personal information protection of our users. When you use our products and/or services, we may collect and use your information. Through the “Chapeo Cash Financial Privacy Policy” (hereinafter referred to as “this Policy”), we aim to explain the types of personal information we need to collect in relation to our business activities, as well as the means and protective measures we provide for you to access, update, and delete this information. Additionally, we outline the rules we follow when sharing, transferring, or publicly disclosing your personal information. This Policy is closely related to the Chapeo Cash financial services you use and the various business functions included in those services (collectively referred to as “our products and/or services”). We hope you will read this Policy carefully and ensure you fully understand the content described herein (especially the content in bold) before using our products and/or services. This will allow you to make appropriate choices based on the guidance provided in this Policy. For clarity, we use concise expressions for relevant terms mentioned in this Policy to facilitate your better understanding.
It is important to note that this Policy applies only to the products and/or services defined in this Policy.
Table of Contents
- How We Collect Your Personal Information
- How We Use Your Personal Information
- How We Use Cookies and Similar Technologies
- How We Store, Share, Transfer, and Disclose Your Personal Information
- How We Protect Your Personal Information
- Your Rights
- How We Handle Personal Information of Minors
- How This Policy is Updated
- How to Contact Us
- Definitions of Key Terms in This Policy
1. How We Collect Your Personal Information
We adhere to the principles of legitimacy, lawfulness, and necessity when collecting and using your personal information for the purposes described in this policy. We collect and use the personal information you provide actively or that is generated from your use of our products and/or services. Additionally, we may obtain your personal information from third parties. If we intend to use your personal information for purposes not specified in this policy or use the information collected for a specific purpose for another purpose, we will inform you in a reasonable manner and obtain your consent again before using it.
1.1 Personal Data
While using our services, we may ask you to provide certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:
- Email address
- First and last name
- Phone number
- Address, state, province, postal code, city
- Usage data
- Bank Number
- Date of birth
1.2 Usage Data
We collect your personal information through the following channels:
- Information You Provide Directly: We may collect and store information you provide when using Chapeo Cash financial services. This includes information you provide when filling out forms on our website, applying for products and/or services, participating in feedback, resolving disputes, or contacting us regarding Chapeo Cash financial services. Additionally, we collect information generated during your use of our services, including details about your transactions and activities.
- Information We Collect Automatically: While you use the Chapeo Cash website, app, and related services, we collect information sent to us by your computer, mobile phone, and other access devices.
1.3 Information from Third-Party Social Media Services
If you grant us access to your third-party social media accounts, we may collect personal data associated with your third-party social media accounts, such as your name, email address, and activities, with your consent. You may also choose to share additional information with the company through your third-party social media accounts. By providing this information and personal data during registration or other instances, you authorize the company to use, share, and store this information in accordance with this Privacy Policy.
1.4 Mobile Data While Using the Application
To enjoy our financial services and support our anti-fraud systems, we may collect and synchronize the following information with your prior permission while using our application:
Permission Name: Location Permission
- Function Description: Obtain current location.
- Usage Scenario or Purpose: When using the iOS version of the Chapeo Cash app for loan services, we need to confirm that your location is within our financial loan service range. Enabling location permissions allows you to view or access services in your current area. If you do not enable this permission, you will be unable to use the loan service feature but can still use other services.
Permission Name: Identifier for Advertising
- Function Description: Obtain information about installed applications.
- Usage Frequency: When relevant business functions are triggered.
- Usage Scenario or Purpose: This permission is used to collect the IDFA, a unique identifier for advertising purposes. It helps to deliver personalized ads, measure advertising effectiveness, and track user interactions with ads. This information enhances user experience by providing relevant advertisements and insights for marketing strategies.
Permission Name: Network Connection (OpenConnect)
- Function Description: Obtain an internet connection.
- Usage Frequency: When relevant business functions are triggered.
- Usage Scenario or Purpose: To connect and access internet resources.
Function Description: Obtain hardware and operating system information.
- Usage Frequency: When relevant business functions are triggered.
- Usage Scenario or Purpose: This permission is used to collect device information, including hardware specifications, operating system version, and unique device identifiers. This information enhances service experience, helps detect and prevent fraud, ensures account security, identifies genuine users, and provides effective technical support and troubleshooting.
The permissions we request are aligned with the service features we provide. If our business functions change, the requested device permissions will also be adjusted accordingly. We will notify you separately the first time we request device permissions and explain the purpose of the permission request. By enabling these permissions, you authorize us to collect and use your personal information to achieve the stated functions. If you disable permissions, you withdraw this authorization, and we will stop collecting your personal information and be unable to provide the corresponding functions. Disabling permissions does not affect the processing of personal information based on your prior authorization.
2. How We Use Your Personal Information
We use your information in the following ways to comply with national laws, regulations, and regulatory requirements, to provide services to you, enhance service quality, and safeguard your account and fund security:
Achieve Purposes as Stated in “What Information We Collect” of This Policy:
- We use your information to achieve the purposes outlined in the section where we describe what information we collect from you.
Security and Stability of Services:
- We use your information for identity verification, security prevention, fraud monitoring, prevention or prohibition of illegal activities, risk reduction, and for archival and backup purposes to ensure service stability and security.
Service Notifications:
- We send service notifications to keep you informed about the status of your use of our services.
Reporting to Relevant Authorities:
- We may report to relevant departments in accordance with legal requirements or regulatory requirements.
Customer Surveys:
- We invite you to participate in customer surveys related to our services.
Improvement and Optimization of Chapeo Cash Financial Online Services:
- We use your information to improve, refine, and optimize our Chapeo Cash financial online services.
Handling Applications or Feedback for Chapeo Cash Products and/or Services:
- We process your applications or feedback regarding Chapeo Cash products and/or services.
De-identified Information Usage:
- After de-identifying your information through technical means, the de-identified information cannot be used to identify individuals. We may use such de-identified information without revealing your personal information. We may analyze the user database and utilize it for commercial purposes without disclosing your personal information.
Statistical Analysis and Sharing:
- We perform statistical analysis on the usage of our products and/or services and may share these statistics publicly or with third parties to demonstrate overall usage trends of our products and/or services. These statistics do not contain any personally identifiable information about you.
Additional Measures:
These measures are implemented to ensure that your personal information is used responsibly and transparently, in line with your expectations and legal requirements.
3. How We Use Cookies and Similar Technologies
3.1 Use of Cookies
Purpose of Cookies:
- To enhance your browsing experience, we sometimes store small data files called cookies on your computer or mobile device. Cookies are plain text files stored by a web server on a computer or mobile device, which can only be retrieved or read by the server that created them. Each cookie is unique to your web browser or mobile application. Cookies typically contain identifiers, site names, and some numbers and characters. They allow websites to remember user visits (using session cookies) or multiple visits (using persistent cookies). With cookies, websites can save settings such as language, font size, and other browsing preferences, eliminating the need for users to reconfigure preferences on each visit. If a website does not use cookies, it may treat each visit as a new visitor, requiring users to log in repeatedly, for instance, when navigating between pages.
Services Provided Through Cookies and Similar Technologies:
- Remembering Your Account: For example, when you visit a site that requires login, we encrypt and store your login name in a cookie file on your computer. This encrypted storage is irreversible, meaning even if others use your computer, they cannot identify your login name. This eliminates the need for you to manually enter your account information each time you use our services.
- Analyzing Service Usage: We use cookies, web beacons, and similar technologies to understand how you use our services, including which pages or services are most popular.
- Optimizing Advertising: Based on aggregated statistical information about your visits to related websites, we may display products or advertisements that may interest you. These statistics do not include any personally identifiable information and are used to assess the effectiveness of advertisements. Cookies, web beacons, and similar technologies help us deliver ads relevant to your interests rather than generic ads.
- Anonymous Data Collection: We may also use web beacon technologies to collect anonymous visit data. Like statistics, this data does not include personally identifiable information.
Limitations of Cookie Usage:
- We do not use cookies for purposes other than those described in this policy. You can manage or delete cookies based on your preferences using browser or operating system software that includes cookie clearing capabilities. Most web browsers automatically accept cookies, but you can usually modify your browser settings to reject cookies or delete them as needed. However, this may require you to manually adjust settings each time you visit our website and could impact the security and convenience of the services you use, though it will not affect your ability to use our other services normally.
3.2 Use of Web Beacons, Pixel Tags, and Similar Technologies
In addition to cookies, we employ other similar technologies such as web beacons and pixel tags on our website:
- Tracking Email Clicks: For instance, emails we send may contain URLs linked to content on our website. Clicking these URLs enables us to track your clicks, helping us understand your product and service preferences to improve customer service. Web beacons in emails are typically transparent images embedded in emails or websites. Through pixel tags in emails, we can determine if an email has been opened. You have the option to unsubscribe if you prefer not to have your activities tracked in this manner.
These technologies enable us to improve our services and provide a more personalized experience while respecting your privacy preferences.
4. How We Retain, Share, Transfer, and Disclose Your Personal Information
4.1 Retention of Your Personal Data
We will retain your personal data only for the period necessary to fulfill the purposes outlined in this Privacy Policy. This includes compliance with legal obligations, resolving disputes, and enforcing our legal agreements and policies. Additionally, we may retain usage data for internal analysis purposes. The retention period for usage data is typically shorter unless extended for security enhancement, service improvement, or legal obligations.
4.2 Sharing Your Personal Information
We may share your personal information in the following circumstances:
- With Service Providers: We may share your personal information with service providers to monitor and analyze the usage of our services and to contact you.
- With Affiliated Companies: We may share your information with affiliated companies, and in such cases, we require these affiliates to adhere to this Privacy Policy. Affiliates may include our parent company, subsidiaries, joint ventures, or other companies controlled or jointly controlled by us.
- With Business Partners: We may share your information with business partners to provide you with certain products, services, or promotional activities.
- With Other Users: When you share personal information or interact with other users in public areas or through third-party social media services, all users may view this information and distribute it externally. If you interact with other users or register through third-party social media services, your contacts on these services may see your name, profile, pictures, and descriptions of your activities. Similarly, other users can view activities you describe, communicate with you, and view your profile.
- With Your Consent: We may disclose your personal information for any other purpose with your consent.
4.3 Transfer of Your Personal Data
We do not transfer your personal information to any company, organization, or individual except in the following cases:
- With your explicit consent, we may transfer your personal information to other parties.
- When required by applicable laws, regulations, legal procedures, mandatory administrative or judicial requests.
- In cases involving mergers, acquisitions, or bankruptcy liquidations where the transfer of personal information is involved, we will require the new entity holding your personal information to continue to be bound by this policy. Otherwise, we will ask that entity to re-obtain your consent.
4.4 Public Disclosure of Your Personal Data
We only disclose your personal information in the following circumstances:
- With your explicit consent, in accordance with the disclosure method specified by you.
- When required by law, legal procedures, litigation, or government regulatory authorities. In compliance with applicable laws and regulations, when we receive such requests for disclosure, we require appropriate legal documents such as subpoenas or investigation letters. We believe that requests for information should be as transparent as possible within the limits permitted by law. We conduct a thorough review of all requests to ensure they have a legal basis and are limited to data that law enforcement agencies have the lawful right to obtain for specific investigative purposes.
4.5 Exceptions Requiring Prior Authorization for Sharing, Transfer, and Disclosure of Personal Information
In accordance with relevant laws, regulations, and national standards, we may share, transfer, or disclose your personal information without prior authorization in the following circumstances:
- Related to fulfilling obligations required by laws and regulations.
- Directly related to national security or defense security.
- Directly related to public safety, public health, or major public interests.
- Directly related to criminal investigation, prosecution, trial, and execution of judgments.
- Necessary protecting the vital interests of you or other individuals when obtaining your consent is difficult.
- Information that you voluntarily disclose to the public.
- Personal information collected from legally disclosed information sources, such as lawful news reports or government information disclosures.
5. How We Protect Your Personal Information
5.1 Data Security Measures
We prioritize the security of your personal information and employ all reasonable and feasible measures to protect it:
- Encryption: We use encryption technology to encrypt your personal information during storage, ensuring security across security management, policies, processes, and network architecture.
- Secure Transmission: Our network services utilize encryption technologies such as Transport Layer Security (TLS) to provide secure browsing services (HTTPS), ensuring the security of your personal information during transmission.
- Data De-identification: When using your personal information, such as for display or correlation calculations, we employ various data de-identification techniques including content replacement and hashing to enhance the security of personal information in use.
- Security Testing: We conduct white-box code security checks, black-box security testing, and intrusion detection and prevention technologies to prevent malicious code and safeguard your personal information.
5.2 Other Security Measures to Protect Personal Information
To manage and standardize the storage and use of personal information, we implement the following measures:
- Access Control: We enforce strict data access permissions and use multi-factor authentication technology to control and protect personal information. We require strict confidentiality agreements with individuals who have access to information, along with monitoring and auditing mechanisms to comprehensively control data security.
- Security Audits: We conduct code security checks and analyze data access logs to audit the security of personal information.
- Information Security Committees: We have established an Information Security Committee and sub-committees responsible for personal information security affairs.
- Training: We conduct training sessions on security and privacy protection to enhance employee awareness of the importance of protecting personal information.
5.3 Security Incident Response
In the event of a personal information security incident:
- Notification: We will promptly notify you of the basic situation and potential impact of the security incident, the measures we have taken or will take, recommendations for you to mitigate risks, and remedial measures for you to take. We will inform you of the incident via email, letter, phone call, push notification, or through reasonable and effective public announcements when individual notification is impractical.
- Reporting: We proactively report the handling of personal information security incidents to regulatory authorities in accordance with their requirements.
- Your Action: If you discover that your personal information, especially your account and password, has been leaked, please contact us immediately through the contact information provided at the bottom of this policy, so that we can take appropriate measures.
5.4 Storage and Retention of Your Personal Information
- Retention Period: We retain your personal information only for the period necessary to fulfill the purposes outlined in this policy and within the time limits required by laws, regulations, and regulatory requirements. We promise to keep your personal information for consumer rights protection until one month after your account is cancelled, unless otherwise stipulated by laws and regulations. After the retention period expires, we will delete or anonymize your personal information.
- Termination of Use: Upon termination of our services to you, we will cease collecting and using your information, except as required by laws, regulations, or regulatory authorities. If we terminate our services or operations, we will notify you at least thirty days in advance and delete or anonymize your personal information after terminating the services or operations.
6. Your Rights
Chapeo Cash places great importance on your concerns regarding personal information and, in accordance with relevant laws, regulations, and standards in Kenya, strives to ensure your exercise of the following rights:
6.1 Access to Your Personal Information
- Access Request: You have the right to access your personal information at any time, except where exceptions are prescribed by laws and regulations. If you wish to exercise your right to access data, you can do so through the following methods:
- Alternative Access: If you are unable to access this personal information through the provided links, you can contact us at any time using the contact information specified in this policy. We will respond to your access request and complete verification and processing within 15 working days.
- Additional Personal Information: For other personal information generated during your use of our products or services, we will provide it to you as long as it does not require excessive input from us. If you wish to exercise your data access rights, you can contact us using the contact information specified in this policy.
6.2 Correction of Your Personal Information
When you discover errors in the personal information we process about you, you have the right to request corrections. You can submit a correction request through the methods listed under “Access to Your Personal Information.” If you are unable to correct this personal information through the provided links, you can contact us at any time using the contact information specified in this policy. We will respond to your correction request and complete verification and processing within 15 working days.
6.3 Deletion of Your Personal Information
You can request the deletion of personal information under the following circumstances by contacting customer service:
- Violations of Laws and Regulations: If our processing of personal information violates laws and regulations.
- Unauthorized Collection or Use: If we collect or use your personal information without your consent.
- Breach of Agreement: If our processing of personal information violates our agreement with you.
Upon receiving your deletion request, we will handle it according to your request and relevant legal requirements. If we decide to respond to your deletion request, we will also notify entities from whom we obtained your personal information to promptly delete it, unless otherwise required by laws and regulations or authorized by you.
Backup Systems:
After you delete information from our services, we may not immediately delete corresponding information from backup systems but will delete it when updating backups.
Account Cancellation:
You can withdraw all authorizations for us to continue collecting your personal information by canceling your account. You can complete account cancellation through the mobile app: My -> Security Settings -> Account Cancellation. You can also contact us using the contact information specified in this policy, and after verifying your account cancellation details and contract performance, we will process your account cancellation request.
Response to Your Requests:
To ensure security, you may need to provide a written request or other proof of your identity. We may ask you to verify your identity before processing your request. We will respond to your request and complete verification and processing within 15 working days.
Costs:
For your reasonable requests, we generally do not charge fees. However, for multiple repeated requests exceeding reasonable limits, we may charge costs depending on the situation. Requests that are groundlessly repeated, require excessive technical means (e.g., necessitating the development of new systems or fundamentally changing current practices), pose risks to the legitimate rights and interests of others, or are impractical (e.g., involving information stored on backup tapes) may be refused.
Exceptions:
We may not be able to respond to your requests in the following circumstances:
- Related to the obligations of personal information controllers under laws and regulations.
- Related to national security and defense.
- Directly related to public safety, public health, or significant public interests.
- Directly related to criminal investigations, prosecutions, trials, and enforcement of judgments.
- There is sufficient evidence that the subject of personal information has subjective malice or abuses rights.
- It is difficult to obtain the consent of the person concerned to protect the major legitimate rights and interests of the person concerned or other individuals or organizations.
- Responding to your request would seriously damage your or others’ legitimate rights and interests.
- Involves trade secrets.
7. How We Handle Minors’ Personal Information
Our services are not intended for anyone under the age of 18. We do not intentionally collect personal identity information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we discover that we have collected personal data from anyone under the age of 18 without parental consent, we will take steps to delete this information from our servers.
If we rely on consent as the legal basis for processing your information, and your country requires parental consent, we may require your parents’ consent to collect and use this information.
8. How This Policy Is Updated
- Changes to Privacy Policy: Our privacy policy may change. Without your explicit consent, we will not reduce your rights under this policy. We will publish any changes made to this policy on the Chapeo Cash Financial official website.
- Notification of Major Changes: For significant changes, we will also notify you promptly through one of the following methods:
- Pop-up reminders when you log in to relevant client software or use Chapeo Cash Financial services.
- Pop-up reminders when you update client software versions.
- Short message notifications are pushed to you when you use Chapeo Cash Financial services.
- Announcements on the Chapeo Cash official website.
- Significant Changes Defined: Major changes referred to in this policy include but are not limited to:
- Significant changes in our business and service models, such as changes in business functions, purposes of processing personal information, types of personal information processed, and methods of using personal information.
- Significant changes in ownership structure, organizational structure, etc., such as changes caused by business adjustments, bankruptcies, mergers, etc., leading to changes in ownership.
- Major changes in the main objects of personal information sharing, transfer, or public disclosure.
- Significant changes in your rights regarding the processing of personal information and the way they are exercised.
- Changes in the department responsible for personal information security, contact methods, and complaint channels.
- When the personal information security impact assessment report indicates high risks.
- Keeping Updated: To ensure you receive timely notifications, please inform us promptly when your contact information changes. If you continue to use our services after this policy update takes effect, it means you have fully read, understood, and accepted the updated policy and are willing to be bound by it. We encourage you to review this policy each time you use our services. You can view this policy in the Chapeo Cash APP under “Home Page -> My -> Chapeo Cash Privacy Policy.”
9. How to Contact Us
- Contact Information: We have established a dedicated department and a personal information protection commissioner. If you have any questions, comments, or suggestions regarding this policy or your personal information, please contact us through the following methods:
- Customer Service Phone: +254 (0) 0759553972
- Email: contact-us@chapeo.club
- Feedback in Chapeo Cash APP: “Home Page -> My -> Help Center -> Feedback”
- Customer Service in Chapeo Cash APP: “Home Page -> My -> Help Center -> Customer Service Phone”
Our customer service department, along with the personal information protection department, will respond to you promptly.
- Response Time: Generally, we will respond and complete verification and processing within 15 working days. If you are dissatisfied with our response, especially if our processing of personal information has harmed your legitimate rights and interests, you can seek solutions through the following external channels: file a lawsuit with a competent court or complain/report to the relevant regulatory authorities.
10. Definitions of Key Terms in This Policy
For the purposes of this privacy policy:
- Account: Refers to the unique account created for you to access our services or parts of our services.
- Affiliated Companies: Refers to entities that control, are controlled by, or are under common control with another entity, where “control” means owning 50% or more of the shares, equity interests, or other securities that have the right to elect directors or other managing authorities.
- Application (App): Refers to the software program named Chapeo Cash provided by the company and downloaded onto any of your electronic devices.
- Company (also referred to as “we” or “our” in this agreement): Refers to Chapeo Cash, with address information [to be filled].
- Cookies: Are small files placed on your computer, mobile device, or any other device by websites, containing detailed information about your browsing history and serving many purposes.
- Country: Refers to Kenya.
- Device: Refers to any device that can access the services, such as a computer, mobile phone, or digital tablet.
- Personal Data: Refers to any information relating to an identified or identifiable natural person.
- Services: Refers to the applications or websites or both.
- Service Providers: Refers to any natural or legal person who, on behalf of the company, processes data. It refers to third-party companies or individuals employed by the company to facilitate the services, represent the company in providing services, perform services related to the services, or assist the company in analyzing the usage of services.
- Third-Party Social Media Services: Refers to any website or any social network website through which users can log in or create an account to use the services.
- Usage Data: Refers to data automatically collected, generated by the use of the services or the service infrastructure itself (e.g., duration of page visits).
- Website: Refers to Chapeo Cash accessible from the official website address https://chapeo.co.ke/.
- You: Refers to the individual accessing or using the services, or the legal entity, depending on the context.