USD/KES :
Buy: 127.00
Sell: 131.00
GBP/KES :
Buy: 154.00
Sell: 161.00
EUR/KES :
Buy: 129.00
Sell: 136.00

Whistleblowing Notice - Family Bank Limited, Kenya

Notices

Whistleblowing Notice

This Whistleblowing Privacy Notice ("Privacy Notice") describes how Family bank Limited  ("Family Bank", "we", "us" or "our") processes your personal information in the context of whistleblowing. Family Bank will process the personal data that is included in the report and any supplementary data that may be collected to evaluate the report or to be able to conduct an investigation of the reported wrongdoings or to report the wrongdoings to any relevant authorities.

This notice must be read in conjunction with the Bank's privacy notice  at Privacy Statement - Family Bank Limited, Kenya and applies to anyone who makes a report through channels (the "whistleblowing channels")  provided by Family bank to submit any disclosures as per the whistleblowing policy and to anyone about whom a report is made through the whistle blowing channels. The data processing described in this notice may be limited as required by applicable law.

DEFINITIONS

  • Concerned party/parties:
    Natural person/persons or legal entity/entities mentioned in the Whistleblowing Report as those whom the violation is attributed to and those with whom they are associated with
  • Disclosures
    Acts related to fraud, misconduct, unlawful acts, bribery, corruption, harassments and bullying and data breaches
  • External company/Service provider
    The External Company(Adili Risk Advisory Services Limited) formally appointed to manage the whistleblowing Reporting channels
  • Whistleblower/Whistleblowers
    A natural person who reports information on violations within the meaning of the Bank's whistleblowing  Policy.
  • Whistleblowing channel
    The Whistleblowing Channel adopted  for whistleblowing purposes. This includes WhatsApp, emails, web portal or chatbot
  • Whistleblowing report
    An oral or written communication of information concerning a suspected or alleged violation

WHAT PERSONAL  DATA WE COLLECT

We recognize that the personal information in a whistleblowing report can relate to the whistleblower(s), the accused, witnesses, or others that are mentioned as long as they can be directly or indirectly identified .

Personal data, if any, included in the report by the Whistleblower, including identification and contact data of the Whistleblower, identification data of the Reported Person or Third Parties, personal data provided as part of the description of the circumstances and facts being reported.

We will also ask you for your organizations name and where you want to reveal your identity; Your name and telephone number. If you are worried about being identified as a whistleblower, you can make a disclosure anonymously or partially anonymously.

SOURCE OF THE PERSONAL DATA

The data of the Whistleblower are possibly provided directly by the Whistleblower himself/herself (and therefore acquired by the Bank from the person concerned). The personal data of the Reported Person and/or Third Parties are provided to the Data Controller (Family Bank) by the Whistleblower (and thus acquired by the Data Controller from third parties. It is therefore important to provide Factual information as a whistleblower

DATA DISCLOSURE

Any access to Personal Data and to any Sensitive Data provided in the Whistleblowing Report is limited to the persons who need to be aware of these in order to fulfill their responsibilities in relation to the management of the Whistleblowing Report/process.The personal data collected in connection with the whistleblowing report will be used and disclosed only as follows:

    1. The data will be disclosed to the members of the Ethics Committee and Selected Internal members  who are involved in evaluating the reported wrongdoings.
    2. If after the initial assessment it is decided to initiate an internal investigation of the reported wrongdoings, the data will also be used for such investigation and disclosed to the individuals that need access to the data in order to conduct the investigation.
    3. We are partnered with an Independent Service provider who operates the whistleblowing channels(telephone and  web portal) for the Bank. They collect data relating to reports on our behalf and then pass the reports on to us.The personal data and information you provide will be stored in systems which are located on servers hosted and operated by the Service provider. Personal data and information provided in a report may be transferred to these servers for the purpose of administering the whistleblowing system, including follow up investigations.
    4. Where personal data is to be transferred outside Kenya the transfer is protected by appropriate safeguards e.g. Data Protection Agreements and standard contractual clauses
    5. Where the Bank  decides to suggest employment law measures against the individual(s) that committed the reported wrongdoings, the data may be used for such employment law measures and disclosed to the individuals that need access to the data in order to carry out those measures.
    6. Personal data and information you provide may also be disclosed to the police and/or other law enforcement or regulatory authorities.
    7. Family bank will notify the whistleblower as to the status of the whistleblowing report.

LAWFUL BASIS

    1. Legitimate interests
      To receive personal data when Whistleblower's report concerns or disclosures related to misconduct or improper activities within the Bank
    2. Legitimate interests
      To communicate effectively with the Whistleblower in gathering information and evidence, providing status update and the outcome of the investigation.
    3. Legitimate interests
      To provide a secure and confidential platform for individuals to report any wrongdoing, misconduct, or unethical behavior within the organization.
    4. Legitimate interests
      To conduct preliminary assessment of the complaint in determining the category of misconduct and ensuring the completeness and validity of information to establish the basis of the complaint.
    5. Legitimate interests/Legal Obligation
      To prevent and suppress unlawful acts, even on disciplinary grounds, as well as to protect the rights and interests of the Bank  and/or of third parties, even in  court proceedings.
    6. Legal obligation
      To protect the privacy and anonymity of Whistleblower, where applicable, in accordance with legal and regulatory requirements
    7. Legal obligation
      To ensure that the organization complies with relevant legal and regulatory obligations pertaining to whistleblowing and data protection.
    8. Consent
      To disclose the Whistleblowers identity. The Whistleblowers Personal Data, may be disclosed when the Whistleblowing Report is used during disciplinary and/or court procedures which may have commenced, in such cases where the dispute is based on the Whistleblowing Report, whether wholly or partially, and the disclosure of the Whistleblower's identity is essential to the Concerned party's defense in the context of said procedures. In such cases,  free, specific, and expressed consent shall be granted by the Whistleblower only if the above necessities should arise, with prior notice being provided to the Whistleblower via a written communication of the reasons for the disclosure of their Personal Data.

DATA SECURITY

With reference to Personal Data or any Sensitive data, if provided in the Whistleblowing Report, the  Bank and the Service provider shall apply: Encryption techniques and anonymization techniques, in order to guarantee their privacy and confidentiality, of the Whistleblower and of the process.

AUTOMATED DECISION MAKING

Neither automated individual decision-making nor profiling measures  take place in the context of investigatory process.

DATA RETENTION

Personal data is kept for a reasonable amount of time and in accordance with the Bank's  whistle blowing policy after the conclusion of the case, unless the investigation leads to disciplinary or legal proceedings, in which personal data may need to be retained until the conclusion of those proceedings and the period permitted under applicable law(s).

YOUR RIGHTS

Subject to restrictions under applicable law you have the following rights. You can:

  1. Access and obtain a copy of your personal data.
  2. Require us to rectify/change incorrect or incomplete personal data.
  3. Require us to delete/erase your personal data.
  4. Request to restrict the processing of your personal data (in certain circumstances)
  5. Request your personal data in a portable format.

If you would like to exercise any of these rights, please contact Family Bank's Data Protection Officer via email at dataprotection@familybank.co.ke

 

Can't find what you are looking for?

Fill in the details below and we will respond to your request. Fill marked with (*) are required.