Privacy Notice

Privacy Notice
This privacy notice was last updated on 5th July 2022.
This Privacy Notice (the “Notice”) governs how I&M Bank Limited (hereafter, “I&M Bank”), collects, uses, and discloses personal data from and about consumers of I&M Bank services, website and web applications that link to this Notice (collectively referred to as, the “Services”). Personal data in this context means information relating to an identified or identifiable natural person.
We advise you to read the Notice in its entirety, including the region-specific [1]provisions in this Notice, which will apply to users in certain regions or jurisdictions.
Personal data collected through the services
I&M Bank collects and uses certain personal data in order to operate and provide you with access to the Services. This includes information that you provide to us and information that we collect automatically when you visit or interact with the Services.
Information that you provide to us
We collect personal data that you voluntarily provide to us when you use the Services. This information includes, without limitation: your email addresses, telephone numbers, and other contact details; biographical information; audio and visual data, social media information; submissions to our customer service; feedback on our website, web or mobile app; online preferences, such as alerts; and business information, such as your company name and industry.
Information that we collect about your use of the services
We collect information about your use of the Services and about the device you use to access the Services, including: the pages you request and visit; the posts you submit; information on your interaction with other users; information obtained in the course of maintaining or supporting the Services; information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider; and, if you access the Services via your mobile device, we may also collect information about your mobile provider, IMSI, IMEI and type of mobile device.
We (and our data processors) use different technologies to collect this information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
For more information about cookies and how to disable them, please visit this-page
Advertising and analytics services provided by others
We may allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile applications, to enhance our Services. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by us and our data processors to, among other things, analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity.
Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” or “Opt Out of Ads Personalization” on Android) that allows you to opt out of having certain information collected through apps used for behavioural advertising purposes.
How personal data is used
We use the personal data we collect to provide, maintain, and improve the Services. We also use it to:
- Send you technical notices, general updates, goodwill messages, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
- Receive and respond to your submissions on the Services such as submissions on I&M Bank website, web applications and mobile applications, social media and submissions to Customer Service Contacts;
- Permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfil the incentive offer);
- Communicate with you about products, services, and events offered by I&M Bank and others, and provide news and information we think will be of interest to you
- Monitor and analyse trends, usage, and activities in connection with our Services;
- Develop new products and services and enhance current products and services;
- Detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of I&M Bank and others; and
- Carry out any other purpose described to you at the time of collecting information.
How personal data is shared
We may share your personal data as follows or as otherwise described in this Notice:
- With our data processors that host, maintain, manage, or provide other services to us in relation to the Services;
- To co-operate with public and government authorities and law enforcement, to respond to a request, or to provide information in accordance to existing laws;
- For other legal reasons, such as to monitor compliance with and enforce our terms and conditions, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, to protect against criminal activities, and for risk management purposes; and
- In connection with a sale or business transaction, such as to an acquiring entity or its advisors in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
We may also share aggregated pseudonymised or anonymised information that cannot reasonably be used to identify you.
Children
All our Services provided to children align to the data protection requirements for Minors. These include consent provided by the child’s parent/guardian and age verification. If you have reason to believe that a child has provided personal data to us, please contact us[2] and we will endeavour to delete that information from our databases.
Links to other websites
The Services may contain links to other websites. Please note that I&M Bank Limited is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you click through to via the Services. This Notice applies solely to your personal data collected by the Services.
Security
We seek to use appropriate technical and organizational measures to safeguard personal data within our organization against loss, theft, breach, and unauthorized use, disclosure, or modification.
Please refer to the content below to note your obligations in controlling your privacy and data.
Control Your Privacy & Data
Marketing emails and alerts
If you no longer want to receive marketing-related emails and alerts from I&M Bank, you may opt out/ unsubscribe by following the instructions contained within each such email or through I&M Bank’s call centre. We will endeavour to comply with your request as soon as is reasonably practicable. Please note that if you opt-out of receiving
marketing-related emails and alerts, we may still send you administrative messages, from which you cannot opt out or unsubscribe.
Cookies
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. For more information about cookies and how to disable them, please visit this-page[3]
Changes to this notice
From time to time, we may revise this Notice. Changes may be made for any number of reasons, including to reflect industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services.
Contact us
If you have any other questions concerning this Notice, please contact us
Appendix
Provisions regarding the Data Protection Act and General Data Protection Regulations (GDPR) which applies to European Union (EU) residents.
Legal basis for processing
When we process your personal data we will only do so in the following situations:
- When we need to use your personal data to perform our responsibilities under our terms and conditions (e.g., to facilitate your participation in voluntary polls and surveys);
- When we have a legitimate interest in processing your personal data. For example, we may process your personal data to send you marketing communications, to communicate with you about changes to the Services, and to provide, secure, and improve our Services;
- When we find such processing is necessary to comply with our legal obligations; and
- When we have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time, in accordance to applicable laws and regulations.
Your rights
We want to make sure you are aware of your rights in relation to the personal information we process about you.
We have described your rights and the circumstances in which they apply in the table below.
If you wish to exercise any of these rights, if you have any queries about how we use your personal information that are not answered here, or if you wish to complain regarding your rights, please contact us as provided herein.
Your Rights | Description |
Informed – You have a right to be informed of how we use your personal data. | For you to be informed of how the bank uses personal data collected about you, please refer to clauses 2-6 of this privacy notice. |
Access – You have a right to get access to the personal information we hold about you. | If you would like a copy of the personal information we hold about you, you can request for a Data Subject Access Request by following the following steps: Email: [email protected] or [email protected] Phone: +254 719 088 000, +254 20 322 1000 or +254 732 100 000 Or: Visit your nearest I&M Bank Branch. |
To object – You have the right to object to the processing of all or part of your personal data. | If you feel that the bank is processing your personal data in a way that you do not consent or agree to, please send an email to: [email protected] or write to us in the following address: I&M Bank Limited Data Protection Officer Kenyatta Avenue P.O. Box 30238-00100 Nairobi, Kenya. Please note that your right to object to processing your personal data may affect the services offered to you by the bank. |
Correction of false or misleading data - You have a right to rectification of inaccurate personal information and to update incomplete personal information we hold about you. | If you believe that any of the information that we hold about you is false or misleading, you have a right to request that we restrict the processing of that information, and to correct it. To exercise your right, please contact us as follows: Email: [email protected] or [email protected] Phone: +254 719 088 000, +254 20 322 1000 or +254 732 100 000 Or: Visit your nearest I&M Bank Branch. You may be required to provide documentation proof to support the rectification request. |
Deletion of false or misleading data – You have a right to request us to delete false or misleading data we hold about you. | If you believe that any of the information that we hold about you is false or misleading, you have a right to request that we delete it. To exercise your right, please contact us as follows: Email: [email protected] or [email protected] Phone: +254 719 088 000, +254 20 322 1000 or +254 732 100 000 You may be required to provide documentation proof to support the deletion request. |
Data portability – You have a right to request us to send a copy your personal data to another organisation. | At your request, we shall port your personal data that we hold to an organization of your choice, in a machine-readable format. To exercise your right to data portability, please contact us as follows: Email: [email protected] or [email protected] Phone: +254 719 088 000, +254 20 322 1000 or +254 732 100 000 Or: Visit any I&M Bank Branch. |
Erasure – You have a right to request that we delete your personal information. | Subject to provisions of existing laws, you may request that we delete your personal information if you believe that: • We are no longer authorised to retain it. • It is irrelevant, excessive or obtained unlawfully. • We have requested your permission to process your personal information for a particular purpose and you wish to withdraw your consent. • Where you have objected to direct marketing. • To comply with a legal obligation. To exercise your right, please contact us as follows: Email: [email protected] or [email protected] Phone: +254 719 088 000, +254 20 322 1000 or +254 732 100 000 Or: Visit any I&M Bank Branch. Please note that if you request that we erase your information, we may have to suspend the operation of your account and/or the products and services we provide to you. |
Marketing – You have a right to object to direct marketing. | You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing. You may exercise your right by clicking the unsubscribe link at the bottom of the email or you can contact us on: Email: [email protected] or [email protected] Phone: +254 719 088 000, +254 20 322 1000 or +254 732 100 000 Or: Visit your nearest I&M Bank Branch. |
Withdraw consent – You have a right to withdraw your consent. | Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. You may exercise your right by following the using the following means: Email: [email protected] or [email protected] Phone: +254 719 088 000, +254 20 322 1000 or +254 732 100 000 Or: Visit your nearest I&M Bank Branch. Please note that if you withdraw your consent, we may have to suspend the operation of your account and/or the products and services we provide to you. |
It is important to note that the above rights are subject to the applicable laws and regulations.
Data retention
We retain personal data for as long as required by applicable laws and regulations.
Data controller
Except as otherwise specified on any subsections within sites or apps that comprise the Services, your personal data will be controlled by I&M Bank.
Data transfer
Your personal data may be stored and processed in any country where we have facilities or in which we engage data processors in accordance to the applicable data protection laws and regulations.
Acceptance
Your use of the Services signifies that you agree to the use of your personal data by I&M Bank for the specific purposes mentioned in this privacy notice. You also agree not to hold I&M Bank liable for use of your personal data from the Services as envisaged herein. Your use of the Services signifies your consent to allowing I&M Bank to disclose personal data as envisaged herein. You agree not to hold I&M Bank liable for any disclosure of such information.
DPO Contact Details
Telephone: +254 719 088000 / +254 732 100000 / 0203221000
Email: [email protected]
I&M Tower
Kenyatta Avenue
P.O. Box 30238-00100
Nairobi, Kenya.
[1] https://ec.europa.eu/info/law/law-topic/data-protection_en