Be the First to get refreshing services here at iKonnect hub
More Detailscustomerservice@creditbank.co.ke
customerservice@creditbank.co.ke
Be the First to get refreshing services here at iKonnect hub
More DetailsCredit Bank PLC is committed to keeping your information private. This is any information about you that you provide to us or that we obtain through other sources. This statement is about the protection of your information with the bank. We only collect, process and share your personal data so that we can provide you with the services and/or products that we offer to you. We will obtain your consent for any otherprocessing that is not related to this purpose.
The following terms are used in this policy as respectively defined below:
“Data subject” means an identified or identifiable natural person who is the subject of personal data;
“Identifiable natural person” means a person who can be identified directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or social identity;
“Personal data” means any information relating to an identified or identifiable natural person;
“Data controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of processing of personal data;
“Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
“Processing”: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
“Consent” means any manifestation of express, unequivocal, free, specific and informed indication of the data subject’s wishes by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to the data subject;
KYC – Know your Customer Information
KYE – Know your Employee Information
Towards the commitment to protect your personal data, the Bank shall ascribe to the following principles governing the Processing of Personal Data in compliance with the applicable data Protection laws, regulations and the prevailing best practices. The Bank shall ensure that your Personal Data:
1. Is processed in accordance with your right to privacy.
2. Is processed fairly and transparently in accordance with this Policy including the following legal bases:
a) Your consent;
b) In your best interest as the Data Subject or of another natural person;
c) the legitimate interests pursued by the Bank
d) the performance of a contract with the bank
e) the compliance with a binding obligation of the Bank;
f) the compilation of historical and statistical information; and
g) any other legal basis specifically identified by the Bank.
3. Is collected and only used for the purpose originally collected for. We will obtain your consent for any other processing that is not related to the original purpose.
4. is accurate, and, where necessary, kept up to date, to ensure fulfilment of the legitimate purpose(s).
5. Is kept in a form which identifies you for no longer than is necessary for the purposes which it was collected.
6. Is not retained for longer than is necessary for the purpose(s) for which it was collected.
7. is processed with due regard to confidentiality and is retained secure, using appropriate technical and organizational safeguards, from unauthorized or unlawful Processing, including unauthorized or accidental access, unauthorized modification, damage, loss orreasonably avoidable breaches.
8. is transferred to third parties for legitimate purpose(s) only, provided that appropriate level of Personal Data protection has been reasonably ascertained in advance.
9. Is not transferred outside Kenya, unless there is proof of adequate data protection safeguards or your consent.
We shall ensure compliance with data protection principles by adhering to the following practices:
1. Undertake Data Protection Impact Assessments where the Bank’s processing operation is likely to result in high risk to the rights and freedoms of a data subject, including the processing of sensitive personal data or data relating to children or vulnerable groups.
2. Undertake regular Privacy Risk Assessments to identify Privacy Risks and evaluate Privacy Solutions.
3. Apply a Personal Data and information security management system, which covers the Bank’s activities, monitors and controls the implementation of this Policy, while it also assesses the effectiveness regarding current international best standards and practices for the protection of Personal Data.
4. Update our systems in accordance with privacy-by-design, where data protection and safeguards should be embedded from the beginning.
5. Apply procedures for satisfying the complete and effective protection of your relevant rights.
6. Explicitly inform you regarding the Processing of your Data, in accordance with this policy.
7. Periodically update this Policy in accordance with the legislative and international best practice developments.
We may collect your personal information that includes but is not limited to the following:
1. Personal bio data (e.g., KYC information including full name, date of birth, marital status, citizenship, address, telephone numbers.
2. Images (e.g., videos, photos.)
3. Unique identification data (e.g., tax/VAT number, ID/passport number).
4. Financial data (e.g., source of wealth, tax/VAT number, salary, loans)
5. Educational and professional data (such as e.g., CV)
6. Data regarding administrative and criminal investigations, administrative and criminal penalties, and other related data. (e.g., AML information – adverse mention, sanction lists from other databases)
7. Information provided by third party database service providers (e.g., CRB, IPRS, AML and sanctions databases)
8. Images (E.g., through CCTV, photographs)
9. Biometric data collected through the door access control systems.
We will always collect your personal information with your consent. However, we may also collect your information indirectly in cases where prior consent cannot be obtained and where such processing is permitted by law.
We will collect your personal information when you do any of the following:
1. Fill a written service request forms and reports, and/or vouchers through any of our branches, agents or service providers.
2. Use any of our electronic and digital platforms to access our products and services online, on a mobile or other device or in any of our branches or with any of our agents or merchants.
3. Ask us for more information about a product or service or contact us with a query or a complaint via our contact centre.
4. When you visit, access any of our buildings/ premises.
5. Where you’ve been identified as a next of kin by our customer or employee.
6. Where you have applied for employment with us or Made an application to us or interact with us as a supplier, agent or dealer.
7. Attend an event sponsored by us.
8. Subscribe to any of our online services, Short Message Service (SMS), email or social media platforms.
9. Respond to or participate in a survey, marketing promotion, prize competition or special offer.
The above examples are non-exhaustive, but just a reflective of the varied nature of the personal information we may collect.
We collect personal data for explicit, specified and legitimate purposes. The data we collect shall not be further processed in a manner incompatible with those purposes. In so far as practicable, we shall inform you of the purpose for which your data is being collected.
The main purposes for which we collect your data include:
1. To comply with our KYC and KYE requirements (e.g., for onboarding purposes)
2. To enable communication with you in the provision of our services.
3. Management of the Bank’s human resources: e.g., for employee recruitment and management, administration of social security and pension schemes, training, learning and development of the employees, handling of grievances etc.
4. Statutory and legal obligations (e.g., Customers i-Tax information)
5. Management of the Bank’s lending/investing and borrowing processes: (e.g., for the evaluation of prospects, KYC due diligence, AML information – adverse mention, sanction lists from other databases, asset recovery, preparation of legal documents, provision of legal advice and litigation etc.)
6. For physical security purposes: e.g., through CCTV and Biometric systems.
7. Administrative functions of the Bank: e.g., for collection and registration of documentation, handling of documents mainly for signature purposes, registration of service providers for Bank’s operations and to perform our obligations under a contractual obligation with you.
8. Management of audit, investigations and complaints: e.g., for the performance of internal/external audits, internal investigations regarding violations of the Bank’s Code of Conduct, external investigations regarding Prohibited Practices, Money Laundering and Terrorism Financing, handling of complaints etc.
9. From our website cookies configurations to help respond to the needs of our website visitors better: e.g., to optimize access, provide banking products more effectively, etc.
10. For the documentation of bank’s public events and meetings: e.g., videos and photos during events and online meeting images. The images or videos taken during the events may be used by us to share news about the event, in press releases, printed publicly, and published on our website.
11. For any other legitimate purpose for which the bank may be involved.
We may disclose your personal information where required by law, to enforce other agreements, or to protect the bank, our customers, employees, or others. Some of the cases where we may disclose your data include:
1. With the Bank’s experts and consultants or any other individual engaged at any given period by the Bank.
2. With third party service providers (e.g., data integrators, technology companies, insurance companies, etc.)
3. With public authorities as may be required by various laws, regulations and guidelines.
4. With Credit Bureaus
5. With other member banks and partners
6. With Countries’ Embassies and High Commissions (e.g., for validation of statements)
7. With Foreign Government agencies with existing inter-governmental agreements/arrangements (e.g., FATCA, CRS)
We may occasionally need to transfer personal data out of the country in the following circumstances:
1. In compliance with the US Foreign Account Tax Compliance Act (FATCA) – i.e., annual transfer of data with the US Government.
2.In compliance with the Common Reporting Standard (CRS) as stated in the Tax Procedures Act and regulations – i.e., annual automatic exchange of information with the Kenya Revenue Authority (KRA).
3. During the regional and international fund transfer within the SWIFT and correspondence banking framework.
4. In the Management of the Banks NOSTRO accounts with the corresponding banks in other countries.
5. To share information with Bank’s potential investors who may be located out of the country.
6. To Service Providers who may be located out-side the country.
To safeguard Personal data during transfer out of the country, the Bank shall inter alia ensure that the transfer is for the legitimate purposes only and shall implement adequate Information Security controls to limit breach.
We commit to observe extra caution with regard to the Processing of personal data relating to children and vulnerable groups; and as such shall establish the following safeguards whenever their personal data is involved:
1. Incorporate appropriate mechanisms for age verification and the relevant consent in order to process personal data.
2. Develop separate operating procedures for handling minor/vulnerable persons’ accounts.
3. Undertake a Data Protection Impact Assessment for any operation or project involving children and vulnerable persons’ personal data.
1. We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes for which we collected it; to satisfy any legal, regulatory, tax, accounting or reporting obligations; where we have an ongoing relationship with you; in the event of a complaint; or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
2. By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for a minimum of seven years after they cease being customers. Our internal policy as amended from time to time may also require us to keep customer data for a longer period.
3. In some circumstances, we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
You possess and can exercise the following rights regarding the Processing and retention of your Data by the Bank:
1. Request information as to whether or not your Personal Data is being processed by the Bank.
2. Request information as to the purpose of the Processing by the Bank, the categories of your Personal Data being processed and the recipients of your Personal Data.
3. Request verification of your Personal Data.
4. Request the correction of your Personal Data, when the data held by the Bank is inaccurate or insufficient.
5. Request the deletion/destruction of your Personal Data, in case there is no legal obligation for the Bank to keep it or if no longer necessary for the specific purpose(s) for which it was collected.
6. Withdraw your consent, in cases where consent is the legal basis for the lawful Processing of your Personal Data by the Bank.
7. Object to the Processing of your Personal Data, when the Bank has no legal basis for such Processing.
8. Request restriction of the Processing of your Personal Data, when the Bank has no legal basis for such processing.
9. Request the Bank to provide you with your Data in a structured, commonly used and machine-readable format, so as to transfer to a third party
We may restrict, where applicable, the exercise of any of the aforementioned rights, where such restriction may constitute a necessary measure to ensure safeguards, such as the prevention, investigation and detection of Prohibited Practices, Money Laundering and Terrorism Financing, your safety, and the protection of the rights and freedoms of others.
You may exercise their aforementioned rights, by addressing the Bank’s Data Protection Officer, who shall acknowledge the receipt of the request and, following the review of the request, respond, without undue delay in accordance to the requisite laws and regulations.
You can contact our Data Protection Officer if you have any questions or concerns about how we process your personal data or want to exercise any of your rights in relation to your personal data, by writing to us at dpo@creditbank.co.ke
Empowering you to grow takes a special place at the heart of our operations. elev8HER is designed just for you and offers more than just financial solutions. We seek to be the friend you can bank on for your growth. Join elev8HER today and get exclusive access to:
With elev8HER, we have curated our motor vehicle insurance options just for you. We have the following options:
This insurance cover indemnifies you in respect of accidental damage including collision, fire, theft of the vehicle and third party liabilities.
This is a comprehensive insurance that covers your property against any accidental and unforeseen loss or damage. It offers a wide range of unique benefits depending on your needs. The following policies are available under this class among others:
This cover is suitable for you and your employees. You can now have peace of mind together with your employees with our medical cover. Credit Afya Health product is designed for both individuals and SMEs and offers the following:
Travelling the world? This cover is for you if you are travelling for leisure or business and offers you the following:
The cost of this cover is normally dependent on number of days of travel, country of destination, country of destination, your age and type of visit.
eHub is a platform designed to enable your small and medium sized enterprise (SMEs) scale and become competitive across industries. eHub provides a platform for you to network, learn and do business. Non-financial service package include access to e-hub for free/discounted rates:
Learn more here.
If you have run a small and growing enterprise for at least three years, this term loan is designed to meet your financing needs.
If you have run a micro and small enterprise between one and three years, this term loan is designed to meet your financing needs.
Sometimes cashflows are tight. This solution is meant to ease your cash operations in the short term. Access this financing with your LPO/LSO contracts. Open an elev8HER account for business transactions to build your business banking record.
Need quick cash? CB Konnect, our mobile banking app, gives you access to quick loans based on your transaction history with no security required.
HER Personal Account features:
HER Business Account features:
~No charges for Cheque Book
~Access to a Visa Debit Card*