Privacy Policy
Privacy Policy
This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of
your information when you use the Service and informs you about your privacy rights and how the law
protects you. If you do not agree with our policies and practices, you may choose not to use our
Service. For more information about C, please visit the “Privacy Policy” section on our official
website. This policy may change from time to time. If a specific product we offer has a separate privacy
policy or a special provision in the corresponding user service agreement, that product’s privacy policy
will take precedence; for content not covered by that product’s privacy policy and user service
agreement, this policy will apply. We use your personal data to provide and improve the Service. By
accessing or using the Service, you agree to the collection and use of information in accordance with
this Privacy Policy.
Introduction
We highly value the privacy and personal information protection of our users. When you use our products
and/or services, we may collect and use your information. Through the “Chapeo Cash Financial Privacy Policy”
(hereinafter referred to as “this Policy”), we aim to explain the types of personal information we need to
collect in relation to our business activities, as well as the means and protective measures we provide for
you to access, update, and delete this information. Additionally, we outline the rules we follow when
sharing, transferring, or publicly disclosing your personal information. This Policy is closely related to
the Chapeo Cash financial services you use and the various business functions included in those services
(collectively referred to as “our products and/or services”). We hope you will read this Policy carefully
and ensure you fully understand the content described herein (especially the content in bold) before using
our products and/or services. This will allow you to make appropriate choices based on the guidance provided
in this Policy. For clarity, we use concise expressions for relevant terms mentioned in this Policy to
facilitate your better understanding.
It is important to note that this Policy applies only to the products and/or services defined in this Policy.
Table of Contents
- How We Collect Your Personal Information
- How We Use Your Personal Information
- How We Use Cookies and Similar Technologies
- How We Store, Share, Transfer, and Disclose Your Personal Information
- How We Protect Your Personal Information
- Your Rights
- How We Handle Personal Information of Minors
- How This Policy is Updated
- How to Contact Us
- Definitions of Key Terms in This Policy
1. How We Collect Your Personal Information
We adhere to the principles of legitimacy, lawfulness, and necessity when collecting and using your personal
information for the purposes described in this policy. We collect and use the personal information you
provide actively or that is generated from your use of our products and/or services. Additionally, we may
obtain your personal information from third parties. If we intend to use your personal information for
purposes not specified in this policy or use the information collected for a specific purpose for another
purpose, we will inform you in a reasonable manner and obtain your consent again before using it.
1.1 Personal Data
While using our services, we may ask you to provide certain personally identifiable information that can be
used to contact or identify you. Personally identifiable information may include, but is not limited to:
- Email address
- First and last name
- Phone number
- Address, state, province, postal code, city
- Usage data
- Bank Number
- Date of birth
1.2 Usage Data
We collect your personal information through the following channels:
- Information You Provide Directly: We may collect and store information you provide when
using Chapeo Cash financial services. This includes information you provide when filling out forms on
our website, applying for products and/or services, participating in feedback, resolving disputes, or
contacting us regarding Chapeo Cash financial services. Additionally, we collect information generated
during your use of our services, including details about your transactions and activities.
- Information We Collect Automatically: While you use the Chapeo Cash website, app, and
related services, we collect information sent to us by your computer, mobile phone, and other access
devices.
1.3 Information from Third-Party Social Media Services
If you grant us access to your third-party social media accounts, we may collect personal data associated
with your third-party social media accounts, such as your name, email address, and activities, with your
consent. You may also choose to share additional information with the company through your third-party
social media accounts. By providing this information and personal data during registration or other
instances, you authorize the company to use, share, and store this information in accordance with this
Privacy Policy.
1.4 Mobile Data While Using the Application
To enjoy our financial services and support our anti-fraud systems, we may collect and synchronize the
following information with your prior permission while using our application:
-
Permission Name: Location Permission
- Function Description: Obtain current location.
- Usage Scenario or Purpose: When using the iOS version of the Chapeo Cash app
for loan services, we need to confirm that your location is within our financial loan service
range. Enabling location permissions allows you to view or access services in your current area.
If you do not enable this permission, you will be unable to use the loan service feature but can
still use other services.
-
Permission Name: Identifier for Advertising
- Function Description: Obtain information about installed applications.
- Usage Frequency: When relevant business functions are triggered.
- Usage Scenario or Purpose: This permission is used to collect the IDFA, a
unique identifier for advertising purposes. It helps to deliver personalized ads, measure
advertising effectiveness, and track user interactions with ads. This information enhances user
experience by providing relevant advertisements and insights for marketing strategies.
-
Permission Name: Network Connection (OpenConnect)
- Function Description: Obtain an internet connection.
- Usage Frequency: When relevant business functions are triggered.
- Usage Scenario or Purpose: To connect and access internet resources.
-
Function Description: Obtain hardware and operating system information.
- Usage Frequency: When relevant business functions are triggered.
- Usage Scenario or Purpose: This permission is used to collect device
information, including hardware specifications, operating system version, and unique device
identifiers. This information enhances service experience, helps detect and prevent fraud,
ensures account security, identifies genuine users, and provides effective technical support and
troubleshooting.
The permissions we request are aligned with the service features we provide. If our business functions
change, the requested device permissions will also be adjusted accordingly. We will notify you separately
the first time we request device permissions and explain the purpose of the permission request. By enabling
these permissions, you authorize us to collect and use your personal information to achieve the stated
functions. If you disable permissions, you withdraw this authorization, and we will stop collecting your
personal information and be unable to provide the corresponding functions. Disabling permissions does not
affect the processing of personal information based on your prior authorization.
2. How We Use Your Personal Information
We use your information in the following ways to comply with national laws, regulations, and regulatory
requirements, to provide services to you, enhance service quality, and safeguard your account and fund
security:
-
Achieve Purposes as Stated in “What Information We Collect” of This Policy:
- We use your information to achieve the purposes outlined in the section where we describe what
information we collect from you.
-
Security and Stability of Services:
- We use your information for identity verification, security prevention, fraud monitoring,
prevention or prohibition of illegal activities, risk reduction, and for archival and backup
purposes to ensure service stability and security.
-
Service Notifications:
- We send service notifications to keep you informed about the status of your use of our services.
-
Reporting to Relevant Authorities:
- We may report to relevant departments in accordance with legal requirements or regulatory
requirements.
-
Customer Surveys:
- We invite you to participate in customer surveys related to our services.
-
Improvement and Optimization of Chapeo Cash Financial Online Services:
- We use your information to improve, refine, and optimize our Chapeo Cash financial online
services.
-
Handling Applications or Feedback for Chapeo Cash Products and/or Services:
- We process your applications or feedback regarding Chapeo Cash products and/or services.
-
De-identified Information Usage:
- After de-identifying your information through technical means, the de-identified information
cannot be used to identify individuals. We may use such de-identified information without
revealing your personal information. We may analyze the user database and utilize it for
commercial purposes without disclosing your personal information.
-
Statistical Analysis and Sharing:
- We perform statistical analysis on the usage of our products and/or services and may share these
statistics publicly or with third parties to demonstrate overall usage trends of our products
and/or services. These statistics do not contain any personally identifiable information about
you.
Additional Measures:
These measures are implemented to ensure that your personal information is used responsibly and
transparently, in line with your expectations and legal requirements.
3. How We Use Cookies and Similar Technologies
3.1 Use of Cookies
-
Purpose of Cookies:
- To enhance your browsing experience, we sometimes store small data files called cookies on your
computer or mobile device. Cookies are plain text files stored by a web server on a computer or
mobile device, which can only be retrieved or read by the server that created them. Each cookie
is unique to your web browser or mobile application. Cookies typically contain identifiers, site
names, and some numbers and characters. They allow websites to remember user visits (using
session cookies) or multiple visits (using persistent cookies). With cookies, websites can save
settings such as language, font size, and other browsing preferences, eliminating the need for
users to reconfigure preferences on each visit. If a website does not use cookies, it may treat
each visit as a new visitor, requiring users to log in repeatedly, for instance, when navigating
between pages.
-
Services Provided Through Cookies and Similar Technologies:
- Remembering Your Account: For example, when you visit a site that requires
login, we encrypt and store your login name in a cookie file on your computer. This encrypted
storage is irreversible, meaning even if others use your computer, they cannot identify your
login name. This eliminates the need for you to manually enter your account information each
time you use our services.
- Analyzing Service Usage: We use cookies, web beacons, and similar technologies
to understand how you use our services, including which pages or services are most popular.
- Optimizing Advertising: Based on aggregated statistical information about your
visits to related websites, we may display products or advertisements that may interest you.
These statistics do not include any personally identifiable information and are used to assess
the effectiveness of advertisements. Cookies, web beacons, and similar technologies help us
deliver ads relevant to your interests rather than generic ads.
- Anonymous Data Collection: We may also use web beacon technologies to collect
anonymous visit data. Like statistics, this data does not include personally identifiable
information.
-
Limitations of Cookie Usage:
- We do not use cookies for purposes other than those described in this policy. You can manage or
delete cookies based on your preferences using browser or operating system software that
includes cookie clearing capabilities. Most web browsers automatically accept cookies, but you
can usually modify your browser settings to reject cookies or delete them as needed. However,
this may require you to manually adjust settings each time you visit our website and could
impact the security and convenience of the services you use, though it will not affect your
ability to use our other services normally.
3.2 Use of Web Beacons, Pixel Tags, and Similar Technologies
In addition to cookies, we employ other similar technologies such as web beacons and pixel tags on our
website:
- Tracking Email Clicks: For instance, emails we send may contain URLs linked to content
on our website. Clicking these URLs enables us to track your clicks, helping us understand your product
and service preferences to improve customer service. Web beacons in emails are typically transparent
images embedded in emails or websites. Through pixel tags in emails, we can determine if an email has
been opened. You have the option to unsubscribe if you prefer not to have your activities tracked in
this manner.
These technologies enable us to improve our services and provide a more personalized experience while
respecting your privacy preferences.
4. How We Retain, Share, Transfer, and Disclose Your Personal Information
4.1 Retention of Your Personal Data
We will retain your personal data only for the period necessary to fulfill the purposes outlined in this
Privacy Policy. This includes compliance with legal obligations, resolving disputes, and enforcing our legal
agreements and policies. Additionally, we may retain usage data for internal analysis purposes. The
retention period for usage data is typically shorter unless extended for security enhancement, service
improvement, or legal obligations.
4.2 Sharing Your Personal Information
We may share your personal information in the following circumstances:
- With Service Providers: We may share your personal information with service providers
to monitor and analyze the usage of our services and to contact you.
- With Affiliated Companies: We may share your information with affiliated companies, and
in such cases, we require these affiliates to adhere to this Privacy Policy. Affiliates may include our
parent company, subsidiaries, joint ventures, or other companies controlled or jointly controlled by us.
- With Business Partners: We may share your information with business partners to provide
you with certain products, services, or promotional activities.
- With Other Users: When you share personal information or interact with other users in
public areas or through third-party social media services, all users may view this information and
distribute it externally. If you interact with other users or register through third-party social media
services, your contacts on these services may see your name, profile, pictures, and descriptions of your
activities. Similarly, other users can view activities you describe, communicate with you, and view your
profile.
- With Your Consent: We may disclose your personal information for any other purpose with
your consent.
4.3 Transfer of Your Personal Data
We do not transfer your personal information to any company, organization, or individual except in the
following cases:
- With your explicit consent, we may transfer your personal information to other parties.
- When required by applicable laws, regulations, legal procedures, mandatory administrative or judicial
requests.
- In cases involving mergers, acquisitions, or bankruptcy liquidations where the transfer of personal
information is involved, we will require the new entity holding your personal information to continue to
be bound by this policy. Otherwise, we will ask that entity to re-obtain your consent.
4.4 Public Disclosure of Your Personal Data
We only disclose your personal information in the following circumstances:
- With your explicit consent, in accordance with the disclosure method specified by you.
- When required by law, legal procedures, litigation, or government regulatory authorities. In compliance
with applicable laws and regulations, when we receive such requests for disclosure, we require
appropriate legal documents such as subpoenas or investigation letters. We believe that requests for
information should be as transparent as possible within the limits permitted by law. We conduct a
thorough review of all requests to ensure they have a legal basis and are limited to data that law
enforcement agencies have the lawful right to obtain for specific investigative purposes.
4.5 Exceptions Requiring Prior Authorization for Sharing, Transfer, and Disclosure of Personal Information
In accordance with relevant laws, regulations, and national standards, we may share, transfer, or disclose
your personal information without prior authorization in the following circumstances:
- Related to fulfilling obligations required by laws and regulations.
- Directly related to national security or defense security.
- Directly related to public safety, public health, or major public interests.
- Directly related to criminal investigation, prosecution, trial, and execution of judgments.
- Necessary protecting the vital interests of you or other individuals when obtaining your consent is
difficult.
- Information that you voluntarily disclose to the public.
- Personal information collected from legally disclosed information sources, such as lawful news reports
or government information disclosures.
5. How We Protect Your Personal Information
5.1 Data Security Measures
We prioritize the security of your personal information and employ all reasonable and feasible measures to
protect it:
- Encryption: We use encryption technology to encrypt your personal information during
storage, ensuring security across security management, policies, processes, and network architecture.
- Secure Transmission: Our network services utilize encryption technologies such as
Transport Layer Security (TLS) to provide secure browsing services (HTTPS), ensuring the security of
your personal information during transmission.
- Data De-identification: When using your personal information, such as for display or
correlation calculations, we employ various data de-identification techniques including content
replacement and hashing to enhance the security of personal information in use.
- Security Testing: We conduct white-box code security checks, black-box security
testing, and intrusion detection and prevention technologies to prevent malicious code and safeguard
your personal information.
5.2 Other Security Measures to Protect Personal Information
To manage and standardize the storage and use of personal information, we implement the following measures:
- Access Control: We enforce strict data access permissions and use multi-factor
authentication technology to control and protect personal information. We require strict confidentiality
agreements with individuals who have access to information, along with monitoring and auditing
mechanisms to comprehensively control data security.
- Security Audits: We conduct code security checks and analyze data access logs to audit
the security of personal information.
- Information Security Committees: We have established an Information Security Committee
and sub-committees responsible for personal information security affairs.
- Training: We conduct training sessions on security and privacy protection to enhance
employee awareness of the importance of protecting personal information.
5.3 Security Incident Response
In the event of a personal information security incident:
- Notification: We will promptly notify you of the basic situation and potential impact
of the security incident, the measures we have taken or will take, recommendations for you to mitigate
risks, and remedial measures for you to take. We will inform you of the incident via email, letter,
phone call, push notification, or through reasonable and effective public announcements when individual
notification is impractical.
- Reporting: We proactively report the handling of personal information security
incidents to regulatory authorities in accordance with their requirements.
- Your Action: If you discover that your personal information, especially your account
and password, has been leaked, please contact us immediately through the contact information provided at
the bottom of this policy, so that we can take appropriate measures.
5.4 Storage and Retention of Your Personal Information
- Retention Period: We retain your personal information only for the period necessary to
fulfill the purposes outlined in this policy and within the time limits required by laws, regulations,
and regulatory requirements. We promise to keep your personal information for consumer rights protection
until one month after your account is cancelled, unless otherwise stipulated by laws and regulations.
After the retention period expires, we will delete or anonymize your personal information.
- Termination of Use: Upon termination of our services to you, we will cease collecting
and using your information, except as required by laws, regulations, or regulatory authorities. If we
terminate our services or operations, we will notify you at least thirty days in advance and delete or
anonymize your personal information after terminating the services or operations.
6. Your Rights
Chapeo Cash places great importance on your concerns regarding personal information and, in accordance with
relevant laws, regulations, and standards in Kenya, strives to ensure your exercise of the following rights:
6.1 Access to Your Personal Information
- Access Request: You have the right to access your personal information at any time,
except where exceptions are prescribed by laws and regulations. If you wish to exercise your right to
access data, you can do so through the following methods:
- Alternative Access: If you are unable to access this personal information through the
provided links, you can contact us at any time using the contact information specified in this policy.
We will respond to your access request and complete verification and processing within 15 working days.
- Additional Personal Information: For other personal information generated during your
use of our products or services, we will provide it to you as long as it does not require excessive
input from us. If you wish to exercise your data access rights, you can contact us using the contact
information specified in this policy.
6.2 Correction of Your Personal Information
When you discover errors in the personal information we process about you, you have the right to request
corrections. You can submit a correction request through the methods listed under “Access to Your Personal
Information.” If you are unable to correct this personal information through the provided links, you can
contact us at any time using the contact information specified in this policy. We will respond to your
correction request and complete verification and processing within 15 working days.
6.3 Deletion of Your Personal Information
You can request the deletion of personal information under the following circumstances by contacting customer
service:
- Violations of Laws and Regulations: If our processing of personal information violates
laws and regulations.
- Unauthorized Collection or Use: If we collect or use your personal information without
your consent.
- Breach of Agreement: If our processing of personal information violates our agreement
with you.
Upon receiving your deletion request, we will handle it according to your request and relevant legal
requirements. If we decide to respond to your deletion request, we will also notify entities from whom we
obtained your personal information to promptly delete it, unless otherwise required by laws and regulations
or authorized by you.
Backup Systems:
After you delete information from our services, we may not immediately delete corresponding information from
backup systems but will delete it when updating backups.
Account Cancellation:
You can withdraw all authorizations for us to continue collecting your personal information by canceling your
account. You can complete account cancellation through the mobile app: My -> Security Settings ->
Account Cancellation. You can also contact us using the contact information specified in this policy, and
after verifying your account cancellation details and contract performance, we will process your account
cancellation request.
Response to Your Requests:
To ensure security, you may need to provide a written request or other proof of your identity. We may ask you
to verify your identity before processing your request. We will respond to your request and complete
verification and processing within 15 working days.
Costs:
For your reasonable requests, we generally do not charge fees. However, for multiple repeated requests
exceeding reasonable limits, we may charge costs depending on the situation. Requests that are groundlessly
repeated, require excessive technical means (e.g., necessitating the development of new systems or
fundamentally changing current practices), pose risks to the legitimate rights and interests of others, or
are impractical (e.g., involving information stored on backup tapes) may be refused.
Exceptions:
We may not be able to respond to your requests in the following circumstances:
- Related to the obligations of personal information controllers under laws and regulations.
- Related to national security and defense.
- Directly related to public safety, public health, or significant public interests.
- Directly related to criminal investigations, prosecutions, trials, and enforcement of judgments.
- There is sufficient evidence that the subject of personal information has subjective malice or abuses
rights.
- It is difficult to obtain the consent of the person concerned to protect the major legitimate rights and
interests of the person concerned or other individuals or organizations.
- Responding to your request would seriously damage your or others’ legitimate rights and interests.
- Involves trade secrets.
7. How We Handle Minors’ Personal Information
Our services are not intended for anyone under the age of 18. We do not intentionally collect personal
identity information from anyone under the age of 18. If you are a parent or guardian and you are aware that
your child has provided us with personal data, please contact us. If we discover that we have collected
personal data from anyone under the age of 18 without parental consent, we will take steps to delete this
information from our servers.
If we rely on consent as the legal basis for processing your information, and your country requires parental
consent, we may require your parents’ consent to collect and use this information.
8. How This Policy Is Updated
- Changes to Privacy Policy: Our privacy policy may change. Without your explicit
consent, we will not reduce your rights under this policy. We will publish any changes made to this
policy on the Chapeo Cash Financial official website.
- Notification of Major Changes: For significant changes, we will also notify you
promptly through one of the following methods:
- Pop-up reminders when you log in to relevant client software or use Chapeo Cash Financial services.
- Pop-up reminders when you update client software versions.
- Short message notifications are pushed to you when you use Chapeo Cash Financial services.
- Announcements on the Chapeo Cash official website.
- Significant Changes Defined: Major changes referred to in this policy include but are
not limited to:
- Significant changes in our business and service models, such as changes in business functions, purposes
of processing personal information, types of personal information processed, and methods of using
personal information.
- Significant changes in ownership structure, organizational structure, etc., such as changes caused by
business adjustments, bankruptcies, mergers, etc., leading to changes in ownership.
- Major changes in the main objects of personal information sharing, transfer, or public disclosure.
- Significant changes in your rights regarding the processing of personal information and the way they are
exercised.
- Changes in the department responsible for personal information security, contact methods, and complaint
channels.
- When the personal information security impact assessment report indicates high risks.
- Keeping Updated: To ensure you receive timely notifications, please inform us promptly
when your contact information changes. If you continue to use our services after this policy update
takes effect, it means you have fully read, understood, and accepted the updated policy and are willing
to be bound by it. We encourage you to review this policy each time you use our services. You can view
this policy in the Chapeo Cash APP under “Home Page -> My -> Chapeo Cash Privacy Policy.”
9. How to Contact Us
- Contact Information: We have established a dedicated department and a personal
information protection commissioner. If you have any questions, comments, or suggestions regarding this
policy or your personal information, please contact us through the following methods:
- Customer Service Phone: +254 (0) 0759553972
- Email: contact-us@chapeo.club
- Feedback in Chapeo Cash APP: “Home Page -> My -> Help Center -> Feedback”
- Customer Service in Chapeo Cash APP: “Home Page -> My -> Help Center ->
Customer Service Phone”
Our customer service department, along with the personal information protection department, will respond to
you promptly.
- Response Time: Generally, we will respond and complete verification and processing
within 15 working days. If you are dissatisfied with our response, especially if our processing of
personal information has harmed your legitimate rights and interests, you can seek solutions through the
following external channels: file a lawsuit with a competent court or complain/report to the relevant
regulatory authorities.
10. Definitions of Key Terms in This Policy
For the purposes of this privacy policy:
- Account: Refers to the unique account created for you to access our services or parts
of our services.
- Affiliated Companies: Refers to entities that control, are controlled by, or are under
common control with another entity, where “control” means owning 50% or more of the shares, equity
interests, or other securities that have the right to elect directors or other managing authorities.
- Application (App): Refers to the software program named Chapeo Cash provided by the
company and downloaded onto any of your electronic devices.
- Company (also referred to as “we” or “our” in this agreement): Refers to Chapeo Cash,
with address information [to be filled].
- Cookies: Are small files placed on your computer, mobile device, or any other device by
websites, containing detailed information about your browsing history and serving many purposes.
- Country: Refers to Kenya.
- Device: Refers to any device that can access the services, such as a computer, mobile
phone, or digital tablet.
- Personal Data: Refers to any information relating to an identified or identifiable
natural person.
- Services: Refers to the applications or websites or both.
- Service Providers: Refers to any natural or legal person who, on behalf of the company,
processes data. It refers to third-party companies or individuals employed by the company to facilitate
the services, represent the company in providing services, perform services related to the services, or
assist the company in analyzing the usage of services.
- Third-Party Social Media Services: Refers to any website or any social network website
through which users can log in or create an account to use the services.
- Usage Data: Refers to data automatically collected, generated by the use of the
services or the service infrastructure itself (e.g., duration of page visits).
- Website: Refers to Chapeo Cash accessible from the official website address https://chapeo.co.ke/.
- You: Refers to the individual accessing or using the services, or the legal entity,
depending on the context.