1.1 This Privacy Notice applies to personal information managed by Diamond Trust Bank Kenya Limited (DTB) and Diamond Trust Bancassurance Intermediary Limited (DTBI) as data controllers or data processors. It outlines:
  • the information we collect about you
  • how we use that information
  • who we share it with
  • when we may share it
  • the measures we take to ensure its privacy and security
1.2 This notice covers all the products or services you have with us, such as accounts, loans, credit cards, and insurance, and remains applicable even if you close your account. Please read this notice alongside the product-specific privacy notices, which can be found on the respective application forms and the interaction interface between yourself and us (e.g., DTB’s apps and internet banking platform). You can also contact your customer services team for a copy. Personal data refers to any information that identifies or is identifiable about you.

Wherever the terms “We” or “Us” are used herein, this means DTB and DTBI, as the context may permit, who are the primary data controller or processors of your personal data. We advise you to read the Notice in its entirety.

Wherever the terms “You” or “Your” are used herein, this means you (customer), any authorized person on your account(s), and anyone who deals with us on your behalf including attorneys under a Power of Attorney, legal executors, personal representatives, beneficiaries, and trustees.
DTB collects and uses certain personal data in order to operate and provide you with access to the Services. This includes information that we collect:
  • a) directly from you or you;
  • b) from connected persons, third parties or our agents/partners who inform you of the disclosure of your data to us;
  • c) automatically when you visit or interact with the Services;
  • d) from public domains.

3.1 We collect and process various categories of personal and confidential information at the start of, and for the duration of your relationship with us and beyond (subject to appropriate retention periods as set out in Section 16 below). We will limit the collection and processing of information necessary to achieve one or more legitimate purposes as identified in this notice. Personal and confidential information may include:

  • a) basic personal data, including name and address, date of birth, contact details, nationality, the fact you are our customer;
  • b) financial information, including account and transactional information and history, payment and payee details;
  • c) information about your family (including next of kin and children’s data), lifestyle and social circumstances and preferences;
  • d) information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
  • e) education, employment and business information;
  • f) goods and services provided;
  • g) visual images and personal appearance (such as photos, copies of passports or CCTV images), voice recordings and other biometric data as may be required from time to time;
  • h) Online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example your banking profile and login information, Internet Protocol (IP) address, smart device information, country or region, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns;

3.2 We may also process certain sensitive personal data for specific and limited purposes, such as to make our services accessible to customers or for reporting of complaints for regulatory purposes, or where it is in the wider public interest.

3.3 We will only process sensitive personal data where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so. This may include information revealing:

  • Health status
  • Biometric data
  • Property details
  • Marital status
  • Family details including names of your children, parents, spouse or spouses;
  • Sex

3.4 Where we rely on your consent to process your sensitive personal data, you can withdraw your consent at any time by contacting us. Please note that in some cases, we do not rely on consent to process sensitive personal data.

3.5 We may use artificial intelligence models in the course of providing products and services and this may include use of generative artificial intelligence models. We may also use your information to train artificial intelligence models. When you interact with artificial intelligence models a further explanatory document may be provided to help you understand how the artificial intelligence model has processed your information and reached a particular decision.

4.1 We collect information about your use of the Services and about the device you use to access the Services, including:

  • the pages you request and visit;
  • the posts you submit;
  • information on your interaction with other users;
  • information obtained in the course of maintaining or supporting the Services;
  • information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider;
  • and, if you access the Services via your mobile device, we may also collect information about your mobile provider, IMSI, IMEI and type of mobile device.

We use the personal data we collect to provide, maintain, and improve the Services or if we have other legal reasons for using the personal data. We also use it to:

  • 5.1 send you notices, general updates, goodwill messages, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
  • 5.2 receive and respond to your submissions on the Services such as submissions on DTB website, web applications and mobile applications, social media and submissions to customer service contacts;
  • 5.3 permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfil the incentive offer);
  • 5.4 communicate with you about products, services, and events offered by DTB and others, and provide information we think will be of interest to you. Where required, we will obtain your express consent;
  • 5.5 monitor and analyse trends, usage, and activities in connection with our Services;
  • 5.6 develop new products and services and enhance current products and services;
  • 5.7 detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of DTB and others (public interest);
  • 5.8 perform financial crime risk management activities relating to the detection, investigation and prevention of financial crime e.g. money laundering, terrorist financing and proliferation financing;
  • 5.9 exercise, protect and defend our legal rights;
  • 5.10 enable us to enter into or carry out an agreement we have with you;
  • 5.11 comply with a law, regulation or any legal obligation;
  • 5.12 carry out any other purpose described to you at the time of collecting information.

How we use and share your information with other DTB group companies

6.1 We will only use and share your information with other DTB group companies where it is necessary for us to lawfully carry out our business activities. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in Section 14.

6.2 We may also share aggregated, pseudonymised or anonymised information that cannot reasonably be used to identify you to protect your privacy rights.

7.1 All our Services provided to children align to the data protection requirements in law. These include consent provided by the child’s parent/guardian and age verification. If you have reason to believe that a child has provided personal data to us, please contact us through our contact details on Section 20 and we will endeavour to delete that information from our databases.

8.1 The Services may contain links to other websites. Please note we are not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you access via the services. This Notice applies solely to your personal data collected for provision of our products and services.

9.1 We seek to use appropriate technical and organisational measures to safeguard personal data within our organisation against loss, theft, breach, and unauthorised use, disclosure, or modification. We have taken measures to keep your data secure including encryption and other forms of security. We also require our employees and any third party who we engage to comply with our internal policies and to input the appropriate compliance measures as in the applicable laws and regulations, by executing confidentiality agreements, data processing agreements and other documentation for imposition of the regulatory obligations to safeguard your data.

10.1 We may use your personal data to provide you with information about our Services and other promotions. We may invite you to opt in to receive marketing communications via post, email, phone, text messages, social media, or our web services. You can modify your preferences for how you receive these communications or choose to stop receiving them at any time. If you no longer wish to receive marketing communications from DTB, you can opt out or unsubscribe by following the instructions in each communication or by contacting us through our contact details on Section 20. We will make every effort to process your request as quickly as possible.

10.2 Please note that if you opt-out of receiving marketing-related communication, we may still send you administrative messages, from which you cannot opt out or unsubscribe, such as changes to our terms and conditions, system upgrades or communication requiring regulatory compliance.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
12.1 From time to time, we may revise this Notice. Changes may be made for any number of reasons, including but not limited to reflect industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services.
13.1 If you have any other questions concerning this Notice, please contact us through our contact details on Section 20.
Legal Basis for Processing and Purpose
Legal Basis Purpose
Consent We may seek your consent for activities such as processing specific sensitive personal data (outlined in Section 3.3), using cookies or similar technologies (detailed in Section 11), obtaining your permission for marketing communications (covered in Section 10), or any other processing that requires your approval.
Contractual Necessity We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing for:
  • Providing and Managing Accounts or Products: We may process your personal data to facilitate the opening, management, or closure of your accounts or products. This includes gathering the necessary information to verify your identity, ensuring compliance with regulatory requirements, and setting up your account or product in our systems. Throughout the duration of your relationship with us, we will manage your accounts or products by updating your details as necessary, monitoring account activities, and ensuring that your financial needs are met. If you choose to close an account or product, we will process your personal data to finalise the closure, ensuring all obligations are settled, and necessary documentation is issued.
  • Issuing and Collecting Necessary Documentation: We may process your personal data to issue and collect the necessary documentation related to your accounts or products. This includes the preparation and delivery of account statements, contracts, terms and conditions, disclosures, and any other relevant documents that are required by law or necessary for the provision of our services. We will also collect, and store documents provided by you, such as identification documents, proof of address, and any other paperwork necessary to maintain your account and comply with legal obligations.
  • Executing Your Instructions: We process your personal data to execute your instructions concerning your accounts or products. This may involve transferring funds between your accounts, setting up standing orders or direct debits, updating account details at your request, or making changes to the terms of your products as you instruct. We ensure that your instructions are carried out promptly and accurately, keeping you informed of any actions taken on your behalf.
  • Processing Transactions: We may process your personal data to facilitate transactions, such as money transfers between accounts or payments to third parties. This includes verifying the details of the transactions, ensuring that sufficient funds are available, and securely processing the transfer or payment. We also manage any related processes, such as issuing receipts, tracking transaction status, and resolving any issues that may arise during the transaction process.
  • Resolving Queries or Discrepancies: We process your personal data to address and resolve any queries or discrepancies related to your accounts or products. This may involve investigating unusual account activity, correcting errors in transactions, and responding to any questions you may have about your account statements or other communications. We aim to resolve issues promptly and to your satisfaction, ensuring that your banking experience remains smooth and reliable.
  • Processing Applications: Assess and process applications for products or services, including applications where you are acting on behalf of one of our customers, such as Power of Attorney;
  • Relationship Management: Managing and maintaining our relationship with you, including ongoing customer service, which may involve sharing your information with other DTB group companies to enhance service availability, such as allowing visits to other DTB branches;
  • Facilities: managing credit facilities or debts, including agreeing on repayment options;
  • Communication: communicating with you about your account(s) or the products and services you receive from us.
Legal Obligation When you apply for a product or service, and throughout your relationship with us, we are legally required to collect and process certain personal data about you. Please note that if you choose not to provide the requested data, we may be unable to maintain your account or provide our products and services. This processing may include:
  • Confirming Your Identity: We must confirm your identity, which may involve using biometric information, voice-recognition technology, and other identification methods, such as fingerprint verification, where we have a valid legal basis, such as your consent.
  • Performing Checks and Monitoring Transactions: We perform checks and monitor transactions, as well as location data, to prevent and detect crime, and to comply with laws regarding money laundering, fraud, terrorist financing, bribery, corruption, and international sanctions. This may require processing information about criminal convictions and offenses, investigating suspected financial crimes or fraud, and sharing data with law enforcement and regulatory bodies.
  • Assessing Credit Affordability and Suitability: We assess the affordability and suitability of credit during initial credit applications and throughout the duration of our relationship. This includes analysing customer credit data for regulatory reporting.
  • Sharing Data with Law Enforcement and Government Agencies: We may share your data with police, law enforcement, tax authorities, or other government and fraud prevention agencies when we have a legal obligation, such as reporting suspicious activity or complying with production and court orders.
  • Recovering Misdirected Funds: We may share your data with other banks and third parties to help recover funds that have been mistakenly deposited into your account due to a misdirected payment by a third party.
  • Delivering Mandatory Communications: We will deliver mandatory communications to you, including updates to product and service terms and conditions.
  • Investigating and Resolving Complaints: We investigate and resolve complaints and remediate any errors that occur on your account or service.
  • Managing Regulatory Matters, Investigations, and Litigation: We manage contentious regulatory matters, investigations, and litigation to ensure compliance and protect the bank’s interests.
  • Monitoring Market Dealings: We monitor dealings to prevent market abuse, ensuring fair and lawful transactions.
  • Conducting Investigations of Employees: We conduct investigations into breaches of conduct and corporate policies by our employees to maintain a trustworthy and compliant work environment.
  • Providing Assurance on Risk Management: We perform assessments and analyse customer data to manage, improve, and ensure data quality, and to provide assurance that the bank has effective processes to identify, manage, monitor, and report risks.
  • Coordinating Responses to Disruptions: We coordinate responses to incidents that disrupt business operations, ensuring that facilities, systems, and people are available to continue providing services.
  • Handling Emergencies on Bank Premises: We investigate and report on incidents or emergencies occurring on the bank’s properties and premises to ensure safety and compliance.
  • Ensuring Accessibility and Reasonable Adjustments: We are committed to accessibility and providing reasonable adjustments to accommodate the needs of our customers.
Our Legitimate Interests We may process your personal data where it is in our legitimate interests as an organisation or in the legitimate interests of a third party. This includes:
  • Managing Risk and Preventing Financial Crime: It is essential for us to manage risks and protect our business, customers, and others from financial crime, fraud, and other criminal activities. This processing may include:
    • Conducting financial, credit, and insurance risk assessments.
    • Making decisions about your accounts and sharing risk scores with third-party eligibility checking services for financial products.
    • Performing additional checks on customers, potential customers, business partners, and associated persons, including adverse media checks, and screening against sanctions lists and politically exposed persons databases.
    • Sharing data with credit reference, fraud prevention agencies, and law enforcement agencies.
    • Tracing debtors and recovering outstanding debts.
    • Conducting checks, monitoring, and investigations to prevent and detect crime, including money laundering, fraud, terrorist financing, bribery, corruption, and international sanctions. This may involve screening against internal fraud databases, analyzing intelligence on suspected crimes, and sharing data with banks, card schemes, law enforcement, and regulatory bodies.
    • Participating in industry improvements, consultations, and initiatives.
    • Responding to and investigating complaints, whether raised directly with us or through third parties like regulatory bodies.
    • Sharing debt-related data with third-party guarantors.
  • Day-to-Day Business Operations: To effectively manage our business and financial affairs and protect our customers, employees, and property, we process your personal data in our daily operations. This includes:
    • Monitoring, maintaining, and improving internal business processes, information, technology, and communications solutions.
    • Ensuring business continuity and disaster recovery, and responding to IT and business incidents and emergencies.
    • Maintaining network and information security, including monitoring authorized users’ access to our IT systems to prevent cyber-attacks, unauthorised use, and crime, while protecting your personal data.
    • Providing assurance on the bank’s material risks, reporting to internal management, and supervisory authorities on effective risk management.
    • Performing general, financial, and regulatory accounting and reporting.
    • Protecting our legal rights and interests.
    • Managing and monitoring our properties and branches (e.g., through CCTV) for crime prevention, identifying accidents and emergencies, and internal training.
    • Facilitating proposed or actual sales, reorganisations, transfers, or other business transactions.
  • Developing and Improving Products and Services: It is in our interest to provide you with the most appropriate products and services and to continually improve as an organisation. This may involve processing your data to:
    • Identify new business opportunities and develop leads into applications or proposals for new business.
    • Send you relevant marketing information (where you have not opted out or have given permission), including details of products and services offered by us, DTB Group companies, or selected third parties. This may involve marketing online, via our app, or through email, SMS, or post. We will not share your data with third parties for their own marketing purposes.
    • Understand customer behaviour, preferences, transactions, feedback, and financial history to improve and develop our products and services.
    • Research your experiences with us and monitor the performance and effectiveness of our offerings.
    • Assess the quality of our customer services and provide staff training, including recording and monitoring calls and communications.
    • Analyse customer complaints to prevent errors and improve processes, ensuring rectification of negative impacts.
    • Compensate customers for loss, inconvenience, or distress due to service, process, or regulatory failures.
    • Identify customers’ use of third-party products and services to enhance the uses of customer information.
    • Combine your information with third-party data to better understand customer needs and improve services.
    • Consider your welfare needs and provide suitable adjustments, support, or tailored products and services.
    • Organize educational events to increase awareness of scams and fraud.
Your Rights
Your Rights  
Informed – You have a right to be informed of how we use your personal data. It is important to note that these rights are subject to the applicable laws and regulations. If you would like to exercise your rights or access further information on anything detailed in this Privacy Notice, you may contact our Data Protection Officer at [email protected] or write to us at the following address:

The Data Protection Officer
DTB Centre, Mombasa Road, Nairobi
P.O. Box 61711-00200, Nairobi
Access – You have a right to get access to the personal information we hold about you.
To object – You have the right to object to the processing of all or part of your personal data.
Correction of false or misleading data – You have a right to rectification of inaccurate personal information and to update incomplete personal information we hold about you.
Deletion of false or misleading data – You have a right to request us to delete false or misleading data we hold about you.
Data portability – You have a right to request us to send a copy of your personal data to another organisation.
Erasure – You have a right to request that we delete your personal information.
Marketing – You have a right to object to direct marketing.
Withdraw consent – You have a right to withdraw your consent.

We retain personal data for as long as required by applicable laws and regulations. For instance, we will keep your banking data for a period of at least seven years from the end of our relationship with you in compliance with legal and regulatory requirements. We may keep your personal data for a longer period where we need to use it for our legitimate purposes such as dealing with any legal disputes, fraud or financial crime, responding to regulators or other legal concerns that may arise. Where we do not need to retain your data for this period of time, we may destroy, delete or anonymise it sooner at your request or our discretion.

Your personal data may be stored and processed in any country where we have facilities or in which we engage data controllers or processors. Where the data is shared, we will ensure that it has an appropriate level of protection and that the transfer is lawful, in accordance with the applicable data protection laws and regulations.

If you need this information in a different format, please contact us through the below contact details.

Your use of the Services signifies that you agree to the use of your personal data by DTB for the specific purposes mentioned in this privacy notice.

The Data Protection Officer
DTB Centre, Mombasa Road, Nairobi
P.O. Box 61711-00200
Nairobi
Telephone: +254 719 031 888, +254 732 121 888
Email: [email protected]

This privacy notice was last updated on 31 December 2024.