Data Privacy Notice
(on the duties of disclosure upon the collection and processing of personal data)
The following information is intended to provide you with an overview of how your data is processed by Habib Bank AG Zurich- Kenya (‘Habib Bank’) and your rights according to data privacy laws. The details of what data will be processed and which method will be used depend significantly on the services applied for or agreed upon. We therefore ask you to familiarize yourself with this Data Privacy Notice
Who is responsible for data processing and how can I contact them?
The legal entity responsible is:
Habib Bank AG Zurich
Koinange Street
P.O BOX 30584-00100
NAIROBI- KENYA
Our Privacy Officer can be reached at:
Phone: +254 20 3341172/6/7
Email: dataprivacyke@habibbank.com
What data does Habib Bank use?
Habib Bank processes data that it receives from its clients and that it generates as part of the business relationship with its clients. In order to facilitate, enable and / or maintain our business relationship, Habib Bank collects and otherwise processes personal data relating to clients and any other person(s) involved in the business relationship, as the case may be, such as authorized representative(s), person(s) holding a power of attorney and beneficial owners, if different from the client (collectively, an ‘Authorized Person’).
Personal data is the personal information of a client or an Authorized Person, identification data and authentication data. Furthermore, this can also be order data, data from the fulfilment of our contractual obligations, information about a client’s or Authorized Person’s financial situation, marketing data, sales data and / or documentation data.
In addition to data that Habib Bank receives directly from its clients, it also obtains and processes data on its clients that is available in the public domain or from other entities within the Habib Bank Group of companies (the ‘Habib Bank Group’).
In summary, personal data processed by Habib Bank may include the following:
- personal details (e.g. name, address and other contact data, date and place of birth, as well as nationality)
- identification data (e.g. identification documentation data)
- authentication data (e.g. specimen signature)
- order data (e.g. payment orders)
- data arising from the fulfilment of obligations (e.g. data required for payment transactions)
- information regarding a client’s financial situation (e.g. credit reports, scoring / rating data, origin of
assets) - record-keeping data (e.g. minutes of consultation)
- Data available from the public domain (e.g. internet, social media, debtor directories, land register, trade association registers, media, etc.)
- Other comparable data in line with the criteria outlined above.
For what purpose and on what legal basis does Habib Bank use your data?
For the fulfilment of contractual obligations
The processing of your data allows Habib Bank to provide you with the contractually agreed services or to carry out pre-contractual measures that occur as part of a request from an interested party. The purposes of data processing comply with specific banking products (e.g. accounts, loans, securities, deposits,). Your data will be used, among other purposes, for the analysis of any potential needs, the provision of advice, and to support the execution of transactions.
Further details can be found in your contract documents or in the General Terms & Conditions.
For the safeguarding of Habib Bank’s and third party interests
Where required, we process your data beyond the actual fulfilment of the contract for the purposes of the legitimate interests pursued by us or a third party. For example:
- Consulting with credit rating agencies to investigate creditworthiness and credit risks.
- Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions.
- Obtaining personal data from publicly available sources for client acquisition purposes.
- Testing and optimization of processes for requirement analysis or client contact.
- Measures for business management and further development of services and products.
- Risk control at Habib Bank and Habib Bank Group.
- Asserting legal claims and a defense in legal disputes.
- Guarantee of Habib Bank Group’s IT security and IT operations.
- Prevention and investigation of crimes.
- Video surveillance and measures to protect the rights of an owner of premises to keep out trespassers and to provide security (e.g. access controls).
On the basis of your consent
As long as you have granted us consent to process your personal data purposes (e.g. analysis of trading activities for marketing purposes), this processing is legal based on your consent. Consent can be withdrawn at any time.
Withdrawal of consent does not affect the legality of data processed prior to withdrawal.
On the basis of statutory requirements or in the public interest
We are subject to various legal obligations, meaning statutory requirements (e.g.CBK Regulations, POCAMLA, Constitution of Kenya and newsletters, tax laws, etc.) and Habib Bank has to fulfil requirements outlined by banking specific regulation. The processing of data is used, among others, for the verification of creditworthiness as well as identity and age, the prevention of fraud and money laundering, the fulfilment of tax-related monitoring and reporting obligations as well as the assessment and management of risks of Habib Bank and the Habib Bank Group.
Who can access your data?
Habib Bank Group
We may share your data with other entities in the Habib Bank Group where required to fulfil our contractual and legal obligations. We may transfer your personal data to other members of the Habib Bank Group for risk control purposes in connection with statutory / regulatory obligations. We may also share information with other members of the Habib Bank Group in connection with services that we believe may be of interest to you.
External recipients of data
We will transfer personal data about you in the course of conducting our usual business or if legal, regulatory or market practice requirements demand it to the following external recipients or if you have given consent (e.g. to process a financial transaction you have ordered us to fulfil) for the following purposes:
- to public entities and institutions (e.g. financial authorities, Central Bank of Kenya, law enforcement authorities)
- to other credit and financial services institutions or similar institutions to which Habib Bank transfers personal data within the context of its business relationship with you (e.g. correspondent banks, custodian banks, brokers, information agencies)
- to third parties (for example correspondent banks, brokers, exchanges, trade repositories, processing units and third party custodians issuers, authorities and their representatives) for the purpose of ensuring that we can meet the requirements of applicable law, contractual provisions, market practices and compliance standards in connection with transactions you enter into and the services that we provide you with, or
- to a natural or legal person, public authority, agency or body for which you have given us your consent to transfer personal data to or for which you have released us from banking confidentiality.
Service providers and agents
We will transfer your personal data to service providers and agents appointed by us for the purposes given, subject to maintaining banking confidentiality. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting and sales and marketing.
Habib Bank will implement appropriate organizational and technical safeguards to protect the personal data for which it acts as data controller at all times.
Does Habib Bank transfer data across borders?
Data transfer to legal entities in countries outside of KENYA takes place so long as:
- it is necessary for the purpose of carrying out your orders (e.g. payment and other orders)
- it is required by law (e.g. reporting obligations under financial regulation), or
- if you have given your consent.
- If we have a legitimate interest in doing so
These data transfers are secured through corresponding guarantees of the recipients to ensure an appropriate level of data protection.
How long will your data be stored?
We will process and store your information as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations. It should be noted here that our business relationship is a long-term obligation, which is set up based on periods of years
We will assess and respond to requests to delete data. We will delete data provided that the data is no longer required in order to fulfil contractual, regulatory or statutory obligations, or the fulfilment of any obligations to preserve records according to commercial and tax law
We will normally retain your records for a minimum of seven years to comply with regulatory and contractual requirements unless there is a particular reason to hold records for longer, including legal hold requirements, which require us to keep records for an undefined period.
What are your rights?
Your data protection rights include the following:
- Right of access: requesting that information on your personal data that Habib Bank holds on record
be shared with you. - Right to rectification: demanding that the information be rectified should it be incorrect.
- Right to delete/ erasure: asking that your data be deleted if Habib Bank is not permitted or is not legally obliged to retain your data.
- Right to restrict processing: demanding that the processing of your data be restricted if:
– you have disputed the accuracy of your data stored by Habib Bank and it has not yet completed its assessment
– you object to the deletion of your data although Habib Bank is obligated to delete it, or
– you have objected to the processing of your data but it has not yet been established whether this outweighs Habib Bank’s reasons for processing your data
- Right to object: objecting to the processing of your data by Habib Bank if it processes your data on the basis of its legitimate interest (it will cease this processing unless it is outweighed by compelling and legitimate grounds).
- Right to data portability: demanding that your personal data that you have provided to Habib Bank be transferred in a generally useable, machine-readable and standardized format
You also have the right of appeal (as far as this affects you) to your respective Data Protection Supervisory Authority.
What data are you asked to supply?
In the context of your relationship with Habib Bank, you must provide all personal data that
- Is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations, and
- Habib Bank is legally required to collect
Without this data, Habib Bank will most likely be unable to enter into a contractual relationship with you.
Under the regulations on combatting money laundering and the financing of terrorism, Habib Bank is obligated to verify your identity on the basis of your identification documents and, in this context, to collect and store your address, nationality, name, date and place of birth, and identification data prior to the commencement of a business relationship. In order for Habib Bank to comply with these regulations, you are required to supply it with the necessary information. If this information changes during the course of the business relationship, you are obliged to notify Habib Bank without delay. If you do not provide Habib Bank with the necessary information, it will not be able to commence or continue a business relationship with you.
Is the decision-making automated?
No. Habib Bank does not use automated decision-making.
Will cookies be collected?
Yes. Habib Bank does collect cookies.
What are cookies?
Cookies are information packages sent by a web server (in this case this website) to your internet browser, saved on your computer and checked by the server on each subsequent visit to the website. To gain full benefit from this website, we recommend that you configure your browsers to accept cookies.
Why do we use them?
Cookies are used to facilitate navigation within the website and correct use. They also serve a statistical purpose, making it possible to establish which areas of the website have been visited, and to improve and update user procedures.
Type of cookies used
For further information about the types of cookies used please refer to our “Cookies Notice” on our website.
How should I manage my settings with respect to cookies?
To optimise your use of our website, we recommend that you accept the cookies. Most internet browsers are initially set to accept cookies. You can at any time set your browser to accept all cookies, just some cookies or no cookies. In the latter case, you would disable use of part of the websites. Additionally, you can set your preferences in the browser so that you will be notified whenever a cookie is saved on your device. Please note that if you disable the cookies, you may not have optimum use of the website.
Will your data be automatically processed?
We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). For example we may use profiling in the following ways:
- In order to combat money laundering, the financing of terrorism, and criminal acts, Habib Bank also conducts data assessments (among others in payment transactions). The aim of these measures is to protect you.
- Habib Bank uses assessment tools to provide clients with relevant and appropriate information on its products and services. These allow communications and marketing to be tailored, as needed, including market and opinion research.
- Habib Bank uses assessment tools in order to be able to specifically notify you and advise you regarding products. These allow communications and marketing to be tailored as needed, including market and opinion research.
Will biometric data be used?
No. Habib Bank does not collect biometric data.
Where can you find the current privacy notices?
This Data Privacy Notice can be adapted at any time in accordance with corresponding regulations. You can find the applicable version at www.habibbank.com/kenya/
How can you contact Habib Bank?
Should you have any questions about the treatment of your data, please contact your Branch Manager or Habib Bank’s Privacy Officer under the email- address provided in this notice, who will be happy to assist you