1. Introduction
- the information we collect about you
- how we use that information
- who we share it with
- when we may share it
- the measures we take to ensure its privacy and security
Wherever the terms “We” or “Us” are used herein, this means DTB and DTBI, as the context may permit, who are the primary data controller or processors of your personal data. We advise you to read the Notice in its entirety.
Wherever the terms “You” or “Your” are used herein, this means you (customer), any authorized person on your account(s), and anyone who deals with us on your behalf including attorneys under a Power of Attorney, legal executors, personal representatives, beneficiaries, and trustees.
2. Personal Data Collected Through the Services
- a) directly from you or you;
- b) from connected persons, third parties or our agents/partners who inform you of the disclosure of your data to us;
- c) automatically when you visit or interact with the Services;
- d) from public domains.
3. Information that You Provide to Us
3.1 We collect and process various categories of personal and confidential information at the start of, and for the duration of your relationship with us and beyond (subject to appropriate retention periods as set out in Section 16 below). We will limit the collection and processing of information necessary to achieve one or more legitimate purposes as identified in this notice. Personal and confidential information may include:
- a) basic personal data, including name and address, date of birth, contact details, nationality, the fact you are our customer;
- b) financial information, including account and transactional information and history, payment and payee details;
- c) information about your family (including next of kin and children’s data), lifestyle and social circumstances and preferences;
- d) information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
- e) education, employment and business information;
- f) goods and services provided;
- g) visual images and personal appearance (such as photos, copies of passports or CCTV images), voice recordings and other biometric data as may be required from time to time;
- h) Online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example your banking profile and login information, Internet Protocol (IP) address, smart device information, country or region, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns;
3.2 We may also process certain sensitive personal data for specific and limited purposes, such as to make our services accessible to customers or for reporting of complaints for regulatory purposes, or where it is in the wider public interest.
3.3 We will only process sensitive personal data where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so. This may include information revealing:
- Health status
- Biometric data
- Property details
- Marital status
- Family details including names of your children, parents, spouse or spouses;
- Sex
3.4 Where we rely on your consent to process your sensitive personal data, you can withdraw your consent at any time by contacting us. Please note that in some cases, we do not rely on consent to process sensitive personal data.
3.5 We may use artificial intelligence models in the course of providing products and services and this may include use of generative artificial intelligence models. We may also use your information to train artificial intelligence models. When you interact with artificial intelligence models a further explanatory document may be provided to help you understand how the artificial intelligence model has processed your information and reached a particular decision.
4. Information that We Collect About Your Use of Our Services
4.1 We collect information about your use of the Services and about the device you use to access the Services, including:
- the pages you request and visit;
- the posts you submit;
- information on your interaction with other users;
- information obtained in the course of maintaining or supporting the Services;
- information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider;
- and, if you access the Services via your mobile device, we may also collect information about your mobile provider, IMSI, IMEI and type of mobile device.
5. How Personal Data is Used
We use the personal data we collect to provide, maintain, and improve the Services or if we have other legal reasons for using the personal data. We also use it to:
- 5.1 send you notices, general updates, goodwill messages, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
- 5.2 receive and respond to your submissions on the Services such as submissions on DTB website, web applications and mobile applications, social media and submissions to customer service contacts;
- 5.3 permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfil the incentive offer);
- 5.4 communicate with you about products, services, and events offered by DTB and others, and provide information we think will be of interest to you. Where required, we will obtain your express consent;
- 5.5 monitor and analyse trends, usage, and activities in connection with our Services;
- 5.6 develop new products and services and enhance current products and services;
- 5.7 detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of DTB and others (public interest);
- 5.8 perform financial crime risk management activities relating to the detection, investigation and prevention of financial crime e.g. money laundering, terrorist financing and proliferation financing;
- 5.9 exercise, protect and defend our legal rights;
- 5.10 enable us to enter into or carry out an agreement we have with you;
- 5.11 comply with a law, regulation or any legal obligation;
- 5.12 carry out any other purpose described to you at the time of collecting information.
6. How Personal Data is Shared
How we use and share your information with other DTB group companies
6.1 We will only use and share your information with other DTB group companies where it is necessary for us to lawfully carry out our business activities. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in Section 14.
6.2 We may also share aggregated, pseudonymised or anonymised information that cannot reasonably be used to identify you to protect your privacy rights.
7. Children
7.1 All our Services provided to children align to the data protection requirements in law. These include consent provided by the child’s parent/guardian and age verification. If you have reason to believe that a child has provided personal data to us, please contact us through our contact details on Section 20 and we will endeavour to delete that information from our databases.
8. Links to Other Websites
8.1 The Services may contain links to other websites. Please note we are not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you access via the services. This Notice applies solely to your personal data collected for provision of our products and services.
9. Security
9.1 We seek to use appropriate technical and organisational measures to safeguard personal data within our organisation against loss, theft, breach, and unauthorised use, disclosure, or modification. We have taken measures to keep your data secure including encryption and other forms of security. We also require our employees and any third party who we engage to comply with our internal policies and to input the appropriate compliance measures as in the applicable laws and regulations, by executing confidentiality agreements, data processing agreements and other documentation for imposition of the regulatory obligations to safeguard your data.
10. Marketing Communication
10.1 We may use your personal data to provide you with information about our Services and other promotions. We may invite you to opt in to receive marketing communications via post, email, phone, text messages, social media, or our web services. You can modify your preferences for how you receive these communications or choose to stop receiving them at any time. If you no longer wish to receive marketing communications from DTB, you can opt out or unsubscribe by following the instructions in each communication or by contacting us through our contact details on Section 20. We will make every effort to process your request as quickly as possible.
10.2 Please note that if you opt-out of receiving marketing-related communication, we may still send you administrative messages, from which you cannot opt out or unsubscribe, such as changes to our terms and conditions, system upgrades or communication requiring regulatory compliance.
11. Cookies
12. Changes to this Notice
13. Contact Us
14. Legal Basis for Processing and Purpose
Legal Basis | Purpose |
---|---|
Consent | We may seek your consent for activities such as processing specific sensitive personal data (outlined in Section 3.3), using cookies or similar technologies (detailed in Section 11), obtaining your permission for marketing communications (covered in Section 10), or any other processing that requires your approval. |
Contractual Necessity | We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing for:
|
Legal Obligation | When you apply for a product or service, and throughout your relationship with us, we are legally required to collect and process certain personal data about you. Please note that if you choose not to provide the requested data, we may be unable to maintain your account or provide our products and services. This processing may include:
|
Our Legitimate Interests | We may process your personal data where it is in our legitimate interests as an organisation or in the legitimate interests of a third party. This includes:
|
15. Your Rights
Your Rights | |
---|---|
Informed – You have a right to be informed of how we use your personal data. | It is important to note that these rights are subject to the applicable laws and regulations. If you would like to exercise your rights or access further information on anything detailed in this Privacy Notice, you may contact our Data Protection Officer at [email protected] or write to us at the following address: The Data Protection Officer DTB Centre, Mombasa Road, Nairobi P.O. Box 61711-00200, Nairobi |
Access – You have a right to get access to the personal information we hold about you. | |
To object – You have the right to object to the processing of all or part of your personal data. | |
Correction of false or misleading data – You have a right to rectification of inaccurate personal information and to update incomplete personal information we hold about you. | |
Deletion of false or misleading data – You have a right to request us to delete false or misleading data we hold about you. | |
Data portability – You have a right to request us to send a copy of your personal data to another organisation. | |
Erasure – You have a right to request that we delete your personal information. | |
Marketing – You have a right to object to direct marketing. | |
Withdraw consent – You have a right to withdraw your consent. |
16. Data Retention
We retain personal data for as long as required by applicable laws and regulations. For instance, we will keep your banking data for a period of at least seven years from the end of our relationship with you in compliance with legal and regulatory requirements. We may keep your personal data for a longer period where we need to use it for our legitimate purposes such as dealing with any legal disputes, fraud or financial crime, responding to regulators or other legal concerns that may arise. Where we do not need to retain your data for this period of time, we may destroy, delete or anonymise it sooner at your request or our discretion.
17. Data Transfer
Your personal data may be stored and processed in any country where we have facilities or in which we engage data controllers or processors. Where the data is shared, we will ensure that it has an appropriate level of protection and that the transfer is lawful, in accordance with the applicable data protection laws and regulations.
18. Accessibility
If you need this information in a different format, please contact us through the below contact details.
19. Acceptance
Your use of the Services signifies that you agree to the use of your personal data by DTB for the specific purposes mentioned in this privacy notice.
20. DPO Contact Details
The Data Protection Officer
DTB Centre, Mombasa Road, Nairobi
P.O. Box 61711-00200
Nairobi
Telephone: +254 719 031 888, +254 732 121 888
Email: [email protected]
This privacy notice was last updated on 31 December 2024.