Policies and Notices
At Prime Bank, we value our policies
Privacy Notice
This notice is to inform and guide you our esteemed customer, employee, supplier or vendor (hereinafter referred to as “Customer“) on how we as Prime Bank Limited (hereinafter referred to as “the Bank”), will process your personal data and the safeguards applied to ensure that your rights, as a data subject, are protected pursuant to Article 31 (c) and (d) of the Constitution of Kenya and Kenya Data Protection Act of 2019. This notice should be read together with the General Terms and Conditions of the Bank.
Key Terms
- Act – the Kenya Data Protection Act of 2019 (KDPA).
- Data subject – an identified or identifiable natural person who is the subject of personal data.
- Personal data – any information relating to a data subject including but not limited to Name, Identity Card (ID) number, Passport number, photo, email address, Phone No., Bank and transactional details, IP address, home address etc.
- Sensitive Personal data – data revealing the natural person’s race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person’s children, parents, spouse or spouses, sex or the sexual orientation of the data subject.
- Rights – privileges a data subject is entitled to as per the Kenya Data Protection Act (KDPA).
- Data Controller – a natural or legal person(s), public authority, agency or other body, which alone or jointly with others determines the purpose and means of processing personal data, in this case, the Bank.
- Processing data – any process that is applied on personal data i.e. collecting, processing, storing and transferring of personal data.
1.2 How the Bank collects personal data?
The Bank will collect data directly from its Customers;
- At the point of onboarding the Customer to the Bank during account opening.
- When a customer is applying for a credit facility (loan).
- Enrolling for internet banking service.
- Enrolling for mobile banking service.
- Enrolling for debit and credit cards service.
- During the recruitment process and execution of employment contracts.
- When onboarding employees to various processes in the Bank.
- When establishing new business relationship with suppliers or vendors.
- Through the CCTV surveillance in the Bank premises.
- Through the voice recognition platform (IVR).
- Through the Bank’s visitors register.
The Bank may also collect data indirectly;
- Where a prospective employee has provided the information publicly.
- Where a customer’s information is available in the public domain (News /social media).
- In case of minor accounts or where a customer is incapacitated and the appointed guardian has consented to such collection.
1.3 Why the Bank collects Personal Data?
We may collect personal data to further a legitimate interest, which is to offer various Banking services, efficiently and promptly, to our Customers.
We may also collect data for contractual interest when issuing credit facilities to Customers, during the recruitment process of employees and when establishing new business relationships with suppliers or vendors.
1.4 What personal data is collected?
We may collect both categories of personal data i.e. personal data and sensitive personal data from our customers for the purposes outlined in 1.3 above.
1.5 Processing activities done on the Personal Data
We as your Bank shall process the personal data only for the lawful and intended purpose.
For processing of sensitive personal data, we shall restrict the processing to the legitimate and contractual interest between our customers and the Bank as stipulated in the Act.
However, where the Bank is required by law to further process customer data for legal and regulatory obligation the Bank will be obligated to do so without the customer’s prior consent.
1.6 Does the Bank use your Personal Data for any other Purpose?
We may process the customer’s Personal Data for any other purpose if such purpose is in line with the initial basis of processing. However, where the purpose deviates we shall seek consent from you with the exception of where the processing is for legitimate interest, facilitating the performance of a contract, legal obligations, vital interest, public interest, regulatory and national security bodies, and historical, journalistic, literature, art or scientific research as stipulated in the Act.
1.7 Automated individual decision-making
The Bank will, within the constraint of law, use automated decision-making for its various products and processes with the aim of making informed decisions and offering tailor made products and services.
1.8 Who in the Bank can access Personal Data?
Personal data will be accessed by individuals who due to the nature of their work are mandated to process personal data and are bound by an oath of confidentiality and secrecy and this may include third parties with whom we have signed data protection agreements.
1.9 How long will the Bank store Personal Data?
We shall retain necessary personal data in our database throughout our banking relationship with the customer. In case of termination of the banking/contractual/employment relationship either by the Bank or Customer we shall retain the data for the timelines stipulated by various laws of the land after which we shall delete the data to fulfill the right to be forgotten as per the Act, with the exception of where the Bank is required by regulatory / legal obligations to continue retaining the data.
2.0 Does the Bank share personal data with a third party?
We may share the personal data with third parties for the purpose of enhancing and providing better products and services.
2.1 Does the Bank transfer personal data outside Kenya?
We shall share Customers’ data outside Kenya to our vendors for the purpose of issuance of debit, credit and prepaid cards. The Bank has put in place necessary safeguards to ensure that the data is protected throughout the processing and has entered into data protection agreements with the respective vendors.
2.2 Does the Bank use cookies?
We use cookies on our website and on our online banking services.
2.2.1 About Cookies
A cookie is a piece of data or text file from a website that is stored within your web browser that the website can retrieve at a later time.
2.2.2 Type of Cookies we use and how they are used
- Necessary
This cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously and will always be enabled by default. - Functional
They help perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features. - Performance
This cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors. - Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. - Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads. - Other
Other uncategorized cookies are those that are being analysed and have not been classified into a category as yet. - Third-party cookies
This cookies help us analyse and understand how you use this website.
2.2.3 How to manage your cookies preferences
You can choose to block, delete or disable cookies as your browser or device permits. Please note that if you do so some features and functionality on our website will be affected or you may not be able to access some parts of the website. To enable or disable cookies, follow the instructions provided by your browser.
2.2.4 Disclaimer
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these web-sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
2.3 Data subject Rights
As stipulated in the Act, our Customers (which includes Service Providers/Vendors and Employees) are entitled to the following rights:
- Right to Access: The customer may request access to Personal Data collected through the Branch or Relationship Manager and in the case of Employees through the Head of Human Resource. The Bank will respond to the request within seven (7) days of receipt of the request. No fee will be charged for such requests.
- Right to information: The customer has the right to know the type of personal data we hold, how we will process this data, with whom we will share the data with and how long we intend to retain the data for.
- Right of rectification: The customer may request, from time to time, through the Branch or Relationship Manager and at no fee, for rectification of the personal data in our possession. We will, within 14 days of receipt of the request, rectify the same where the Bank is satisfied that the rectification is necessary. In the event the Bank declines a request for rectification, it shall notify the Customer in writing within 7 days of the decision citing reasons thereof.
- Right of Erasure: The customer may request us to delete the personal data from our database. However, this right will be exercised subject to other laws and regulatory requirements.
- Right to object to Processing of Data: The customer may object, at no fee, to processing of a part or all of their Personal Data, in case the same is erroneous or is being used for direct marketing where we have sought and received your consent. However, the Bank may continue to process the data if it has an overriding legitimate interest.
- Right to lodge a complaint: The customer has the right to lodge a complaint with the relevant supervisory authority that is tasked with protection of personal data in Kenya.
- Right to data portability: The Bank may, at the request of the customer and at a reasonable fee, transfer personal data to an intended recipient within 30 days of the request. In the event the Bank declines a request for data portability, it shall notify the Customer in writing within 7 days of the decision citing reasons thereof.
- Right to withdraw consent: The customer may withdraw consent to processing of Personal Data at any time subject to the law, regulatory requirements and compelling legitimate interest. However, this withdrawal does not affect any processing done before receiving such a request, based on prior consent.
2.4 Effective Date and Amendment of the Privacy Notice
This notice is effective from July 2022 and may be revised from time to time in accordance with the relevant laws and regulations. Any amendment or modification to this notice will take effect from the date of publication of the same on the Bank’s website.
2.5 Contact details in case of queries
In case of any queries about this Privacy notice, please contact our Data Protection Officer by email: dpo@primebank.co.ke
Dated June 2022