Your privacy is important to us. Family Bank Limited is committed to keeping your personal data private. This privacy notice explains the personal data Family bank collects, how it is processed, for what purposes and how you can exercise your rights in relation to processing of personal data.
This privacy notice should be read together with the terms and conditions. Where in conflict, the privacy notice shall prevail.
“FBL”, “We,” “our,” “ours,” and “us,” means Family Bank Limited, Family Group and includes its successors in title and assigns, its affiliates and/or its subsidiaries as may from time to time be specified by the Bank to you.
Customer – (which includes personal representatives and assigns) operating an Account held with us and includes (where appropriate) any person you authorize to give us instructions, the person who uses any of our products and services or accesses our websites. “Customer” shall include both the masculine and the feminine gender as well as juristic person.
Any agent, dealer and/or merchants who has signed an agreement with us and is recognized as a merchant or agent in accordance with any applicable laws or Regulations.
Any visitor that is a person (including contractors/subcontractors or any third parties) who gains access to any Family Bank Limited premises.
2. Collecting Information from You
We may collect and process your personal data through information that you provide us such as when you fill out application forms, through our website, face-to-face and electronic communication (including telephone conversations) in order to provide our services to you.
Our Privacy Notice does not apply when you leave our website, including third-party websites where our online advertisements are displayed or links to third-party websites which we do not operate or control. Please read the privacy statements/notices and terms and conditions of these third-party websites and decide whether they satisfactorily protect your rights.
3. The Kind of Information We Hold About You
We may collect, store, and use the following categories of personal data about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Personal information such as passport photos, Date of birth, Gender, Marital status, employment status, and Next of Kin
- Financial information; estimated monthly income levels, Your credit or debit-card information, bank account numbers and or other banking information.
- Copies of your identity documents such as IDs or passports
- Name of your employer, terms of employment and if on contract, expiry of the contract.
- Your signature specimen.
- Your transaction information when you use our electronic and digital platforms, branches, our agents and/or merchants.
- Your preferences for particular products and services, based on information provided by you or from your use of our network or third party products and services.
- Name, family details, age, profiling information such as level of education, bank account status, income brackets.
- Your contact with us, such as when you: call us or interact with us through social media, email (we may record your conversations, social media or other interactions with us), register your biometric information such as your voice, fingerprints etc, visit our branches.
- Information as required by Regulators, such as KYC AND AML (Know Your Client and/or Anti Money Laundering regulations) and as part of our client intake procedures. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources.
3.1. How do we obtain such information?
- Make an application, buy or use any of our product and or service on our electronic and digital platforms.
- Use any of our product and/or service online, on a mobile or other device or in any of our branches or with any of our agents or merchants.
- When you contact the bank with a query or a complaint or Ask for more information about a product or service;
- Application for employment at Family Bank Limited;
- CCTV footage and other information obtained through electronic means in our premises;
- When you engage our insurance services or as a result of your relationship with one or more of our staff and clients;
- When we require personal information from you in order to fulfil a statutory or contractual requirement, or where such information is necessary to enter into a contract or is otherwise an obligation, we will inform you and indicate the consequences of failing to do so;
- When you make an application or engage with Family Foundation as a beneficiary in any of our programs.
- We may obtain from third parties, such as information that we obtain when verifying details supplied by you and information collected from publicly available sources such as Companies Registry. Such third parties may include fraud prevention agencies, banks, merchants and credit reference agencies.
- Other information about an individual that you or they disclose to us when communicating with us
4 Legal Basis for Collecting the Information
This privacy notice aims to give you complete and transparent information on how we process your personal data. We are committed to ensure that your personal information is processed in a way that is compatible with the specified, explicit, and legitimate purpose of collection. We process your personal data in accordance with the Data Protection Act No. 24 of 2019
Where personal data relates to a child, we will process the personal data only where parental or legal guardian consent has been given. The processing of such data will be done in a manner that protects and advances the rights and best interests of the child.
We’ll only use your information where we have your consent or where we have another lawful reason including:
- To carry out our obligations from any contracts entered into between you and us or to take steps to enter into an agreement with you.
- Verifying your identity information through publicly available and/or restricted government databases to comply with applicable Know Your Customer (KYC) requirements.
- Assessing the purpose and nature of your business or principal activity, your financial status and the capacity in which you are entering into the business relationship with us.
- To meet our regulatory compliance and reporting obligations
- To provide our services to you, manage your accounts and our relationship with you
- To respond to your queries and complaints to us and any other requests that you may have made to us
- Identifying your source of income and similar information.
- Carrying out credit checks and credit scoring.
- to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies) which may be of interest to you unless you have indicated at any time that you do not wish us to do so.
- to prevent, detect, and investigate fraud and alleged fraud practices and other crimes
- Any purpose related to the prevention of financial crime, including sanctions screening, monitoring of anti-money laundering and any financing of terrorist activities.
- to verify your identity in order to protect you and your assets
- To evaluate, develop and improve our services to you and other customers
- To protect our business interests and to develop our business strategies
- To contact you, by post, phone, text, email and other digital methods. This may be for reasons such as to collect any debts owing to us.
- Where processing of personal data is carried out on behalf of FBL, we have a separate contract with the processor with respect to this processing. This contract ensures compliance with Data Protection Act 2019 and defines sufficient guarantees for the implementation of appropriate technical and organizational measures, which ensure the protection of your rights
5. Retention of Information
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. The statutory legal requirement is 7 years. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements. Anonymized information that can no longer be associated with you may be held indefinitely.
6. Disclosure and Information Sharing
Any disclosure of your information shall be in accordance with applicable law and regulations. We shall assess and review each application for information and may decline to grant such information to the requesting party.
We may disclose your information to:
- law-enforcement agencies, regulatory authorities, courts or other statutory authorities in response to a demand issued with the appropriate lawful mandate and where the form and scope of the demand is compliant with the law.
- our subsidiaries, associates, partners, software developers or agents who are involved in delivering the bank’s products and services you order or use;
- Fraud prevention and Anti money laundering agencies, credit- reference agencies;
- publicly available and/or restricted government databases to verify your identity information in order to comply with regulatory requirements;
- debt-collection agencies or other debt-recovery organizations;
- Any other person that we deem legitimately necessary to share the data with.
To help us provide services, your data will be processed internally and externally by other third parties. We use third parties for [administrative, servicing, monitoring and storage of your data]. We will outsource some services to third parties whom we consider capable of performing the required processing activities so that there is no reduction in the service standard provided to you by us.
7. Your Rights
Subject to legal and contractual exceptions, you have rights under data protection laws in relation to your personal data. These are listed below: –
- Right to be informed that we are collecting personal data about you;
- Right to access personal data that we hold about you and request for information about how we process it;
- Right to request that we correct your personal data where it is inaccurate or incomplete;
- Right to request that we erase your personal data noting that we may continue to retain your information if obligated by the law or entitled to do so;
- Right to object and withdraw your consent to processing of your personal data. We may continue to process if we have a legitimate or legal reason to do so;
- Right to request transfer of your personal data in [an electronic format].
In exercising your right as provided above, we may request specific information from you to help us confirm your identity. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Queries and concerns about your rights should be Family Bank Ltd, Family Towers, Muindu Mbingu Rd, P.O Box 74145-00200 Nairobi or E-mail: email@example.com
8. International Data Transfers
Your data is primarily stored in our data centers located within Kenya and some data resides abroad using cloud technologies and in several countries. We ensure an appropriate level of protection by the recipient of the data when we transmit your data outside Kenya, in addition, those jurisdictions must have in place Data Protection Laws.
If you are located outside Kenya and choose to provide information to us for purpose of processing, please note that we transfer the data, including Personal Data, to Kenya and process it there.
Your consent to this Privacy statement followed by your submission of such information represents your agreement to that transfer.
We generally do not use your information collected on the data collection modes for marketing purposes but if you apply for products and services on the data collection modes, your information may be used to inform you about other related products and services of Family Group that may be of interest.
9.1 Social Media
We operate and communicate through our designated channels, pages and accounts on some social media sites to inform, help and engage with our customers. We monitor and record comments and posts made about us on these channels so as to improve our services. We are not responsible for any information posted on those sites other than the information posted by our designated officials. We do not give investment, tax or other professional advice on social media sites.
As such we operate the following social channels:
9.2 Surveys and Feedback
As with any regular survey, our online and mobile surveys are there to help gathering of specific information regarding our various services including transactional. This is in order to enhance the quality of service offering, which eventually will be reflected positively for our customers. The provision of their name and other details is totally optional however, FBL has provided an opt-out for mechanism for customer who will not like to continue participating in this surveys.
9.3 Job Applicants
Personal information provided on our data collection modes in connection with an application for employment will be used to determine your suitability for a position with the FBL Group. Your information may also be used to monitor our recruitment initiatives and equal opportunities policies. Applicant details may be disclosed to third parties to verify or obtain additional information including education institutions, current/previous employers and credit reference agencies. Credit reference agencies record these searches and you can contact us to find out which agencies we used. Unsuccessful applications may be retained to match your skills to future job opportunities. These are usually retained for up for 12 months but please let us know if you do not wish us to retain your information for this purpose.
10. Data Security
All information you provide to us is stored in our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We acknowledge that there will be exceptional circumstances where personal data can be processed without the data subjects consent. There may be limitations on data subject rights when required by the law or when there are competing rights and therefore it will require an assessment based on the facts and circumstances.
12. Right to Lodge Complaint
You have the right to lodge a complaint with the relevant supervisory authority that is tasked with personal data protection within the Republic of Kenya.
13. Changes to Our Privacy Statement
Family Bank reserves the right to amend this policy at any time. All amendments to this policy will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this policy.
This Privacy Statement has been updated on (1st September 2022)
If you have questions about our Privacy Notice, please write to us:
Family Bank Limited
Family Bank Towers, 6th Floor,
Muindi Mbingu Street
P.O Box 74145-00200,