This Privacy Notice (the “Notice”) governs how I&M Bank Limited (hereafter, “I&M Bank”), collects, uses, and discloses personal data from and about consumers of I&M Bank services, website and web applications that link to this Notice (collectively referred to as, the “Services”). Personal data in this context means information relating to an identified or identifiable natural person.
Personal data collected through the services
I&M Bank collects and uses certain personal data in order to operate and provide you with access to the Services. This includes information that you provide to us and information that we collect automatically when you visit or interact with the Services.
Information that you provide to us
We collect personal data that you voluntarily provide to us when you use the Services. This information includes, without limitation: your email addresses, telephone numbers, and other contact details; biographical information; audio and visual data, social media information; submissions to our customer service; feedback on our website, web or mobile app; online preferences, such as alerts; and business information, such as your company name and industry.
Information that we collect about your use of the services
We collect information about your use of the Services and about the device you use to access the Services, including: the pages you request and visit; the posts you submit; information on your interaction with other users; information obtained in the course of maintaining or supporting the Services; information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider; and, if you access the Services via your mobile device, we may also collect information about your mobile provider, IMSI, IMEI and type of mobile device.
We (and our data processors) use different technologies to collect this information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
For more information about cookies and how to disable them, please visit this-page
Advertising and analytics services provided by others
Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through apps used for behavioural advertising purposes.
How personal data is used
We use the personal data we collect to provide, maintain, and improve the Services. We also use it to:
- Send you technical notices, general updates, goodwill messages, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
- Receive and respond to your submissions on the Services such as submissions on I&M Bank website, web applications and mobile applications, social media and submissions to Customer Service Contacts;
- Permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfil the incentive offer);
- Communicate with you about products, services, and events offered by I&M Bank and others, and provide news and information we think will be of interest to you
- Monitor and analyse trends, usage, and activities in connection with our Services;
- Develop new products and services and enhance current products and services;
- Detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of I&M Bank and others; and
- Carry out any other purpose described to you at the time of collecting information.
How personal data is shared
We may share your personal data as follows or as otherwise described in this Notice:
- With our data processors that host, maintain, manage, or provide other services to us in relation to the Services;
- To co-operate with public and government authorities and law enforcement, to respond to a request, or to provide information in accordance to existing laws;
- For other legal reasons, such as to monitor compliance with and enforce our terms and conditions, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, to protect against criminal activities, and for risk management purposes; and
- In connection with a sale or business transaction, such as to an acquiring entity or its advisors in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
We may also share aggregated pseudonymised or anonymised information that cannot reasonably be used to identify you.
All our Services provided to children align to the data protection requirements for Minors. These include consent provided by the child’s parent/guardian and age verification. If you have reason to believe that a child has provided personal data to us, please contact us and we will endeavour to delete that information from our databases.
Links to other websites
The Services may contain links to other websites. Please note that I&M Bank Limited is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you click through to via the Services. This Notice applies solely to your personal data collected by the Services.
We seek to use appropriate technical and organizational measures to safeguard personal data within our organization against loss, theft, breach, and unauthorized use, disclosure, or modification.
Please refer to the content below to note your obligations in controlling your privacy and data.
Control Your Privacy & Data
Marketing emails and alerts
If you no longer want to receive marketing-related emails and alerts from I&M Bank, you may opt out/ unsubscribe by following the instructions contained within each such email or through I&M Bank’s call centre. We will endeavour to comply with your request as soon as is reasonably practicable. Please note that if you opt-out of receiving
marketing-related emails and alerts, we may still send you administrative messages, from which you cannot opt out or unsubscribe.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. For more information about cookies and how to disable them, please visit this-page
Changes to this notice
From time to time, we may revise this Notice. Changes may be made for any number of reasons, including to reflect industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services.
If you have any other questions concerning this Notice, please contact us
Provisions regarding the Data Protection Act and General Data Protection Regulations (GDPR) which applies to European Union (EU) residents.
Legal basis for processing
When we process your personal data we will only do so in the following situations:
- When we need to use your personal data to perform our responsibilities under our terms and conditions (e.g., to facilitate your participation in voluntary polls and surveys);
- When we have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to the Services, and to provide, secure, and improve our Services;
- When we find such processing is necessary to comply with our legal obligations; and
- When we have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time, in accordance to applicable laws and regulations.
Data subject requests
In your use of the Services, I&M Bank aims to give you more control of your personal data. We conform to the data protection principles that provide you with the following rights:
- Right to access – you can ask us whether we are processing your personal data, including where and for what purpose. You can also access an electronic copy of your personal data.
- Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data.
- Right to rectification – you can ask us to correct inaccurate personal data we hold about you.
- Right to erasure (right to be forgotten) – under certain circumstances, you can ask us to erase your personal data.
- Right to data portability – at a cost, you can ask us to provide you with a copy of your personal data in a commonly used electronic format, so that you can transfer it to other businesses.
- Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data, which produce significant legal effects.
It is important to note that the above rights are subject to the applicable laws and regulations.
We retain personal data for as long as required by applicable laws and regulations.
Except as otherwise specified on any subsections within sites or apps that comprise the Services, your personal data will be controlled by I&M Bank.
Your personal data may be stored and processed in any country where we have facilities or in which we engage data processors in accordance to the applicable data protection laws and regulations.
Your use of the Services signifies that you agree to the use of your personal data by I&M Bank for the specific purposes mentioned in this privacy notice. You also agree not to hold I&M Bank liable for use of your personal data from the Services as envisaged herein. Your use of the Services signifies your consent to allowing I&M Bank to disclose personal data as envisaged herein. You agree not to hold I&M Bank liable for any disclosure of such information.
DPO Contact Details
Telephone: +254 719 088000 / +254 732 100000 / 0203221000
P.O. Box 30238-00100