Privacy Policy

About this Privacy Policy

Our privacy policy (this policy) sets out how FINGO PAYMENT SERVICES LIMITED (each "we", "us") manages personal information, including credit-related information, we collect about you. This policy was prepared in January 2025. If you have any feedback on this policy, or you wish to contact us, please email us at privacy@fingopay.io. We look forward to hearing from you. We may vary this policy from time to time. We will ensure that the most updated version is on our website. We invite you to check the policy on the website from time to time.

What is Personal Information and Personal Data

Personal information in Kenya

In Kenya, personal information is information, or an opinion about you or from which you can reasonably be identified. When we collect and use personal information about you in Kenya, we manage that personal information under this privacy policy, Privacy and Data Protection Policy 2018 and the Kenyan Data Protection Act, 2019 (the DPA).

Why We Collect Personal Information

To provide services to you and manage our relationship

We collect personal information about you when we take a record of that personal information. We collect personal information about you only where we need to or where that personal information is related directly to your payment processing and business banking functions and activities with FingoPay. For example, we collect personal information about you so we can:

• Supply payment gateway, banking or other financial services to you
• Manage our commercial relationship and arrangements with you
• Help us to understand your business requirements and develop our products and services
• Offer you our products or other products as they become available and that may be of interest to you
• Make products available to you at your request
• Improve the services and products we offer to businesses

If you are a FingoPay customer, we may collect other personal information about you from dealing with you to help us conduct our payment and banking activities efficiently.

What Personal Information Do We Collect

The types of personal information we collect

We or our service providers may collect personal information about you including:

• Identification information like your name, business name, date of birth, address and contact details
• Information you use or give us when you:
  • Enquire about our products or services
  • Apply to open an account with us or to obtain other products or services
  • Use our website or API
  • Ask us, or accept our invitation, to participate in beta activities
• Information we collect from supplying products or services to you
• Information we collect when you use our website like:
  • Your IP address
  • The user ID of logged in users
  • The username of login attempts
• Financial information like your business income, transaction data, and payment processing history
• Credit information like details about your credit history, credit capacity and credit worthiness

How long do we keep personal information

We keep information while you are a customer with us and for only as long as we need it. Generally we will keep your information for 7 years but sometimes we need to keep it for longer such as: if the law requires us to keep it for longer; to respond to any complaints.

How We Collect Personal Information

Personal information you provide

Mostly, we collect personal information about you directly from you. We may collect personal information about you from other sources, like when:

• You use our website or application
• You use our API to process payments
• If you apply for credit services from us, when we obtain a credit report about you
• We access your transaction data from other financial service providers to assess credit eligibility

Personal information provided by others

Sometimes, we collect personal information about you that is available publicly or from others who:

• Act for you or represent your business
• Check information you give us, like confirming business registration details
• Supply services (like identity verification or payment settlement services) to us
• Give us information to help us decide whether to make a product or service available to you
• Help us manage our arrangements with you

Cookies

We use cookies to personalise content and ads to make our website and our apps more appealing or easier for you to use. We also share cookie information with third parties to assist us to direct advertising to you and to analyse data relating to use of our website and our apps.

How We Protect Personal Information

Securing your personal information is important to us

We will take steps reasonably available to us to protect your personal information from:

• Misuse, interference or loss
• Unauthorised access, modification or disclosure

We will do this by ensuring that access to your personal information is password protected, encrypted with AES-256, and available only to those of our employees that need to use, disclose or manage it under this policy.

What happens when there is a data breach

If, despite our best efforts, a data breach occurs, we will take immediate steps to determine the breach, its cause and how to fix it. We will advise you of the extent of the data breach (if known) and the most appropriate means of regaining control of that information. We will also notify the Office of the Data Protection Commissioner or any other regulator, if appropriate and comply with all other relevant legal requirements.

How We Use Personal Information

Using your personal information to benefit you and keep things safe

We may use personal information about you to:

• Consider any requests or applications you make to us or to our service partners
• Help us to understand your business and payment requirements
• Assess your ongoing ability to meet payment obligations
• Refine and develop our products and services

We may also use your personal information to tell you about our products and services or products and services from our service partners that may be available to you. That may include telling you about competitions or other promotional events in which we invite you to participate. That correspondence is called direct marketing.

You can tell us to stop sending you direct marketing at any time. Please see below for our contact details.

We may also use personal information about you to:

• Identify you and manage our arrangements with you
• Prevent or investigate conduct that may be fraudulent or criminal
• Assist us to develop and improve our payment and banking products and services
• Assist with any other purpose you consent to or at your direction

How We Use Government Identifiers

Only as permitted by Law

We do not use Government related identifiers (such as KRA PIN or National ID) to identify you in our records. We may collect and use some of your Government related identifiers, but only for reasons required and permitted by Proceeds of Crime and Anti-Money Laundering Act, 2009, the Proceeds of Crime And Anti-Money Laundering Regulations, 2013, Privacy and Data Protection Policy 2018 and the DPA. For example, we may use those identifiers to help us to check your identity before we make payment or banking products available to you or for tax reasons.

When Do We Disclose Personal Information

Who we share your personal information with

We may exchange personal information about you with:

• Financial Service partners such as Choice Bank Kenya Limited
• Payment network providers such as Safaricom M-Pesa, Visa, and Mastercard
• Credit reporting bodies, if you apply for, guarantee or obtain credit products from us
• Any guarantors or possible guarantor of your obligations to us
• Suppliers that help us to conduct our business, including suppliers that help us to:
  • Understand your business and payment requirements
  • Improve our products or services
  • Verify your identity
  • Process payments and settlements
  • Provide services to help us run our business
  • Take appropriate action about suspected unlawful activity or serious misconduct

What we use your personal information for

Our arrangements with suppliers will limit use of your personal information to the services they supply to us. We will ask suppliers to in turn ensure their arrangements with contractors limit those contractors' use of your personal information to help the suppliers perform services for us. We will require suppliers or their subcontractors to return, destroy or de-identify personal information about you that they hold when they cease performing services for us. If you want information on how those suppliers manage your personal information, please email us at privacy@fingopay.io.

Yes, we use Google Analytics

We use Google Analytics services to improve and analyse our website and app experiences. We may share information with Google for that purpose. When you use our website, that information may include the URL of the webpage that you've visited and your IP address. Google may also set cookies on your browser or read cookies that are already there.

Google uses the information FingoPay shares with them to help us understand how you engage with FingoPay's website and app. Also, Google may use that information for other purposes. Please read Google's Privacy Policy to learn more about how Google uses and processes data.

Data Transfer Limitation

We may transfer your personal data outside the Republic of Kenya if the transfer is necessary for one of the other reasons set out in the DPA including the performance of a contract between us and yourselves, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests and where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.

What The Law Requires Us To Do

We collect and use personal information when required by law

We may collect personal information about you because the law requires us to do so. For example, the law requires us to collect personal information about you to identify you under the Proceeds of Crime and Anti-Money Laundering (POCAML) Regulations before we open an account for you or provide payment processing services to you.

How To Stop Receiving Direct Marketing

How to tell us to stop sending you direct marketing information

You can ask us any time to stop sending you direct marketing information. When we email you with direct marketing, you can respond by clicking unsubscribe and we will stop sending you direct marketing. We do not charge you a fee for asking us to stop direct marketing.

How To Access Your Personal Information

Asking for access to personal information

You can ask for access to personal information we hold about you anytime. We may ask you to detail the information you require if you want only some of that personal information. If you want to access the personal information we hold about you, please email us at privacy@fingopay.io.

How we will respond to requests for personal information

We will give you access to the information you request in the manner you request (for example, by email), if we are reasonably able to do so. We will respond to any request you make for access to personal information we hold about you within a reasonable time after you make the request. The time it takes will depend on the amount of information you seek and whether we have to make more enquiries of you to clarify your request. We expect to respond to any request you make for access within 30 days after we receive your request.

Is there a cost to accessing personal information?

Depending on the amount of information you request, we may charge you a fee for organising the information you request from us. We will give you an estimate of the fee before we organise the information. Then, we can work with you to check whether you wish to limit your request to reduce the charges.

How Personal Information Is Kept Up-To-Date

Correcting your personal information

We take steps, reasonably available to us, to ensure that the personal information we hold about you is accurate, up-to-date and complete. To assist us, we ask that you contact us and update the personal details we hold about you (for example, your name, address and contact details), if those details change. You can contact us by email to privacy@fingopay.io.

You may consider that the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading. You can request us to correct the personal information we hold about you by email to privacy@fingopay.io. We will not charge you for correcting or associating a statement to personal information at your request.

How To Make A Complaint

If you have a complaint start with us, but there are other ways

If you have a complaint about the way we manage the personal information we hold about you, please email us at privacy@fingopay.io.

If we cannot resolve your complaint in a manner that is satisfactory to you and within 30 days of receiving your complaint, you can reach out to the office of the Data Protection Officer. Website at www.odpc.go.ke.