C
Compliance 360

Privacy Policy

Last Updated: May 9, 2024

You can manage your cookie preferences at any time.

1. Introduction

At Compliance And Risk Management System ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform for decoding Mobile-money transaction hashes.

This policy applies to all information collected through our website, API, mobile applications, and any related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using our Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Account Information: When you register for an account, we collect your name, email address, phone number, and company name (if applicable).
  • Payment Information: When you purchase credits, we collect payment information, which may include M-Pesa phone numbers or credit card details. Full payment information is processed by our secure payment processors and is not stored on our servers.
  • Transaction Data: We collect information about the Mobile-money transaction hashes you submit for decoding, including the hash itself and the resulting decoded information.
  • Communication Data: If you contact us directly, we may collect additional information you provide in your communications.

2.2 Usage Information

We automatically collect certain information about your use of our Service, including:

  • Log Data: Information that your browser or device sends whenever you visit our Service, including your IP address, browser type and version, time and date of your visit, time spent on pages, and other statistics.
  • Device Information: Information about the device you use to access our Service, including device type, operating system, and unique device identifiers.
  • Usage Patterns: Information about how you use our Service, including the features you use, the actions you take, and the frequency and duration of your activities.

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

3. How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing, maintaining, and improving our Service
  • Processing and completing transactions
  • Decoding Mobile-money transaction hashes and providing the results to you
  • Sending you technical notices, updates, security alerts, and support messages
  • Responding to your comments, questions, and requests
  • Monitoring and analyzing trends, usage, and activities in connection with our Service
  • Detecting, preventing, and addressing technical issues, fraud, or illegal activities
  • Complying with legal obligations

4. Legal Basis for Processing (For EEA and UK Users)

If you are from the European Economic Area (EEA), United Kingdom, or regions with similar data protection laws, our legal basis for collecting and using your personal information depends on the specific information concerned and the context in which we collect it.

We generally process your personal information only:

  • With your consent
  • To perform a contract with you (e.g., to provide the services you requested)
  • To comply with legal requirements
  • When it is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms

5. Data Sharing and Disclosure

5.1 Service Providers

We may share your information with third-party service providers who help us operate our Service, such as cloud hosting providers, payment processors, and analytics services. These service providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

5.2 Compliance with Laws

We may disclose your information where required by law, regulation, or legal process, such as in response to a court order or a subpoena, or to comply with valid requests from regulatory authorities in the countries where we operate, including Kenya and other African nations where M-Pesa is available.

5.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different Privacy Policy.

5.4 With Your Consent

We may share your information with third parties when we have your consent to do so.

6. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.

Our security measures include:

  • Encryption of sensitive data both in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Regular security training for our staff
  • Monitoring for suspicious activities

We are particularly careful with Mobile-money transaction data, implementing additional security measures to protect this sensitive financial information.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Specifically:

  • Account information is retained as long as you maintain an active account
  • Transaction data is retained for a period of 7 years to comply with financial regulations in the countries where we operate
  • Usage information may be retained for up to 2 years for analytics and service improvement purposes

When personal information is no longer needed, we will securely delete or anonymize it.

8. Your Data Protection Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 For All Users

  • Access: You can request copies of your personal information.
  • Correction: You can request that we correct inaccurate information about you.
  • Deletion: You can request that we delete your personal information in certain circumstances.

8.2 For Users in Certain Jurisdictions (e.g., Kenya under the Data Protection Act)

  • Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
  • Restriction of Processing: You can request that we restrict the processing of your information in certain circumstances.
  • Objection to Processing: You can object to our processing of your personal information in certain circumstances.
  • Withdrawal of Consent: Where we rely on your consent to process your personal information, you can withdraw your consent at any time.

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We may need to verify your identity before responding to your request.

9. International Data Transfers

We primarily process and store your information in Kenya and other African countries where M-Pesa operates. However, we may transfer your information to service providers and others who support our business in other countries.

When we transfer personal information outside of your country, we take steps to ensure that appropriate safeguards are in place to protect your information and to ensure that it is treated in accordance with this Privacy Policy.

10. Children's Privacy

Our Service is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.

11. Mobile Money Transaction Data

Our Service specifically processes Mobile-money transaction hashes. We understand the sensitive nature of this financial information and treat it with the highest level of security and confidentiality.

When you submit a transaction hash for decoding:

  • We process the hash to extract relevant transaction details
  • We store the hash and decoded information in your account for your reference
  • We implement strict access controls to this information
  • We do not share transaction details with third parties except as described in this Privacy Policy
  • We comply with all relevant financial regulations regarding the handling of this data

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top.

For significant changes, we will provide a more prominent notice, which may include an email notification to users with registered accounts.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Compliance with Regional Data Protection Laws

13.1 Kenya Data Protection Act

We comply with the Kenya Data Protection Act, 2019. This includes implementing appropriate technical and organizational measures to protect personal data, respecting data subject rights, and maintaining records of our data processing activities.

13.2 Other African Data Protection Laws

We also comply with data protection laws in other African countries where M-Pesa operates and where our users are located, including but not limited to:

  • Tanzania's Electronic and Postal Communications (Consumer Protection) Regulations
  • Ghana's Data Protection Act
  • South Africa's Protection of Personal Information Act (where applicable)

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Data Protection Officer
Compliance And Risk Management System
Email: privacy@compliance360.co.ke
Postal Address: Westlands Business Park, Nairobi, Kenya
Phone: +254 712 345 678

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact your local data protection authority.

For questions about our Privacy Policy, please contact privacy@compliance360.co.ke