Privacy Policy

About this Policy

In recognition of each customer’s right to privacy and right to access information with lawful restrictions therein as provided for in the Constitution of Kenya, ERESIDENT has developed this Privacy policy. This Policy seeks to provide for the nature of information sought, the manner of data collection, mode of data management and use, instances and method of information disclosure by ERESIDENT.

About Eresident

ERESIDENT Limited is a company duly incorporated in Kenya under the Laws of Kenya. ERESIDENT Limited owns all intellectual property rights to and operates www.eresident.co.ke, an electronic payments solution, for collecting payments on behalf of its Clients.

Application

This policy shall apply to all clients whom ERESIDENT deals with and have set up accounts on the web platform. It applies to clients, customers and all third parties who use the platform.

What the Law Says

The right to privacy is well established in the Constitution of Kenya 2010. Article 31 provides that; “Every person has the right to privacy, which includes the right not to have their person, home or property searched; their possessions seized; information relating to their family or private affairs unnecessarily required or revealed; or the privacy of their communications infringed.”

However, the right to privacy is not an absolute right and may be limited by statute as provided under Article 24 of the Constitution. Further, the law permits limitation of the right to privacy to that extent that it allows a person, home or property to be searched; possessions to be seized; or the privacy of a person's communication to be investigated, intercepted or otherwise interfered with.

Overarching principles of data protection

These are global principles which guide the collection, use and management of information collected by data controllers. This Policy recognizes the following principles:

1. Lawfulness, fairness and transparency – the client shall be reasonably informed of what processing will occur and the purpose for which such information is sought by ERESIDENT through this Policy and any other internal policy.

2. Purpose limitation – ERESIDENT shall collect data for a specified, explicit and legitimate purpose. Such data shall not be distributed in a way incompatible with the purpose for which is was collected that is with direct consent and per the provisions of this policy herein.

3. Data minimization – ERESIDENT shall only collect or require information necessary for effective delivery of the services requested by the client, customer and any other third party. Data collected and/or processed should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

4. Accuracy and Completeness– All data held by ERESIDENT should be accurate, complete and where applicable and necessary, kept up to date.

5. Data Subject access and Correction of errors – Users are allowed a right of access to their personal information and a right to demand correction if such information is inaccurate by following the prescribed procedure on the portal.

6. Storage Limitation - User data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

7. Integrity and Confidentiality – ERESIDENT has an obligation to ensure the integrity, security and confidentiality in order to ensure the privacy of its users’ communications is not infringed, that there is protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

8. Consent - Information shall be collected directly from and with the consent of the data subject by ERESIDENT or through its agents.

9. Technical and Organizational Measures - ERESIDENT shall take reasonable and proportional appropriate technical and organizational measures to safeguard the data subject against the risk of loss, damage, destruction of or unauthorized access to personal information

Definitions
“Client” means any person who appoints ERESIDENT to collect payments from its Customers whether as an agent or otherwise;
“Company” means ERESIDENT Limited;
“Customer” means any person who, being a Customer of ERESIDENT Client, elects to pay for services using ERESIDENT;
“Data” means representations, in any form, of information or concepts;

"Personal information" means information about an identifiable individual, including, but not limited to—‚Äč
a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, age, physical, psychological or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the individual;
b) information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved;
c) any identifying number, symbol or other particular assigned to the individual;
d) the fingerprints, blood type, address, telephone or other contact details of the individual;
e) a person's opinion or views over another person;
f) correspondence sent by the individual that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
g) any information given in support or in relation to an award or grant proposed to be given to another person;
h) contact details of an individual.
“Data Subject” means customer, client or any third party user of the platform; and
“Platform” means the ERESIDENT web based platform exclusively owned and maintained by the Company.

What Information we collect

The Company shall require the client/customer to produce an official record reasonably capable of establishing the true identity of the applicant as is prescribed hereunder for registration to be effected.

Natural Persons
a) Name of the individual
b) National Identity Number/service card/passport/alien card number
c) Phone Number
d) Email Address
e) Physical Address and Location details of the premises
f) Copy of cancelled cheque leaf or letter of confirmation from the bank
g) such other information as may be prescribed from time to time.
Business Entities
a) Name of the Company
b) Names of the relevant persons having senior management position in the legal person or trustees of the legal arrangement
c) National Identity Number/passport/alien card number
d) A scanned copy of the certificate of incorporation or the certificate of registration
e) Physical address and location details of the premises
f) Copy of cancelled cheque leaf or letter of confirmation from the bank
g) such other information as may be prescribed from time to time.

Additionally, such other information shall be collected from the user to enhance and improve their user experience on the platform and for internal purposes to meet the Company’s objectives. Such information may include, but is not limited to, device information, server log information, IP address, location information, unique application numbers, local storage, cookies.
ERESIDENT owns all data collected and uploaded onto the web portal by users.

Obligations of ERESIDENT
1. Duty to verify identity of clients and customers - ERESIDENT shall confirm the identity of a person or the existence of an entity within acceptable timeframes using acceptable identification methods outlined hereinabove.
One-Time Password (OTP) Authentication - The Company has further implemented a one-time password (OTP) authentication process. When a user logs in to the system, a one-time password shall be automatically sent to them to authenticate their identity before accessing the portal.
Unique user name and password login credentials - The platform also requires each and every user to log in with a unique user name and password enabling the company to trace each and every transaction and accredit such transaction to an individual user.
2. Duty to keep and maintain accounts and accurate records - ERESIDENT shall keep and maintain up to date records of accounts and customer information.
3. Duty to maintain up to date records – ERESIDENT has the duty to update customer information collected in case of any changes or developments when informed by the client/customer.
4. Duty of confidentiality – ERESIDENT shall keep the information safe and maintain the integrity of information provided to it by the end users in a secure and confidential manner.
5. Disclosure of Information
The Company shall not disclose any information held by it except for the purpose of law enforcement or national interest in accordance with any statute in force in Kenya or as provided for in this Policy.
a) The Company may, upon request, grant information to the Client/Customer.
b) The Company shall make disclosures to any statutory regulator where it is so prescribed under any written law;
c) The Company shall disclose information it holds for the purpose of law enforcement or national interest under any written law including, but not limited to the Access to Information Act, the Income Act, the Penal Code, the National Intelligence Service Act, the Prevention of Terrorism Act, The Proceeds of Crime and Anti-Money Laundering Act or per an order issued by any court of law;
d) The Company may facilitate and allow disclosures for the purpose of any criminal proceeding or civil proceedings;
e) The Company may grant access to information to a third party when authorized by the user.
Obligations of the client and Customer
Duty to give true and accurate information – the client/customer shall provide accurate and truthful information during registration to the Platform.
Duty to update Information - the client/customer shall inform the Company of any information change within fourteen days of receipt of new identification documents or change in particulars.
Duty of disclosure – The client/customer may be required to provide additional and supplementary information to the Company when obligated and/or required to under any company Policy, any written law, for the purpose of law enforcement or pursuant to any court order.
Consent
The client/customer is presumed to grant authority to the company to use or disclose such information for any purposes of the company’s business as well as any specified, explicit and legitimate purpose to any third party.
Consent may be obtained orally, in person to the Company or its agents, implied by conduct, in writing, through click-through agreements, when the subscriber accepts terms and conditions on web- based or mobile - based applications and services.
The User agrees that the Company or its agents may hold and process his/her Personal/Technical Information on Computer or otherwise in connection with the platform Services as well as for statistical analysis.

Information submitted to the Company may further be used to offer the user other related products and services that may be beneficial to the customer. The user thereby agrees that the Company may use aggregated information to recommend products and services.
The User agrees that the Company may collect User system related information. The User also agrees that the Company may disclose, in strict confidence, to other institutions, or persons such Personal Information as may be reasonably necessary.


6