Privacy Policy
Introduction
Welcome to Chapeo Credit products and services. Through the “Chapeo Credit Privacy Policy” (hereinafter referred to as “this policy”), we (see “Appendix 1: Definitions of Key Terms”) will explain how we collect, use, store, and share your personal information, as well as how you can manage your personal information. We value your privacy and are committed to protecting the security of your personal data. This privacy policy will explain how we collect, use, and share your personal data, as well as the rights you have under the General Data Protection Regulation (GDPR).
This policy applies to all services provided by Chapeo Credit (hereinafter collectively referred to as “Chapeo Credit Services”). This policy also applies to Chapeo Credit affiliates or third party partners who provide products or services directly to you.
We will protect your personal information according to the personal information protection laws and regulations of Kenya and the financial industry. This policy explains the purposes, methods, and scope of collecting, using, storing, sharing, and transferring your personal information when providing you with platform products and/or services, as well as the information security protection measures we implement. It also outlines how we provide you with methods to access, update, and delete your personal information. To make it easier for you to read and understand, we have used simple and clear language and defined key terms. Please refer to “Appendix 1: Definitions of Key Terms” in this policy to understand these definitions.
You acknowledge and confirm that you have read all the contents of this policy at the time of registration and agree to our lawful processing of your personal information in accordance with this policy. To facilitate your reading of this policy, we have highlighted in bold and italics any terms that may have a significant impact on your legal rights and any content involving sensitive information. We have also provided examples of sensitive information categories in “Appendix 1: Definitions of Key Terms”. Before providing us with any sensitive personal information, please carefully consider the appropriateness of such provision and confirm whether you agree to the processing of your sensitive personal information as described in this policy. We will collect and use your sensitive information with your consent to achieve functions related to Chapeo Credit Services. You may refuse to provide us with this sensitive information, but doing so may affect your ability to use certain features under Chapeo Credit Services.
If you do not agree with or do not understand part or all of this policy, please immediately stop using our products and/or services. You can contact and consult us regarding this policy through our customer service hotline at +254 (0)717286320.
The products and/or services covered by this policy are for use by adults only. Please ensure that you are 18 years of age or older before using the relevant products and/or services. If you are under the age of 18, please immediately stop using Chapeo Credit Services.
This policy will help you understand the following content:
- How we collect and use your personal information
- How we use cookies and similar technologies
- How we share, transfer, and publicly disclose your personal information
- How we store your personal information
- How we protect your personal information
- How we ensure your rights to manage your personal information
- Protection of minors’ information
- How we update and modify this policy
- How to contact us
- Appendix 1: Definitions of Key Terms
- Appendix 2: Chapeo Credit Information Sharing List
How We Collect and Use Your Personal Information
We will collect and use your personal information following the relevant laws and regulations mentioned in the introduction, adhering to the principles of fairness, legality, and necessity, for the purposes described in this policy. This includes personal information you voluntarily provide during your use of Chapeo Credit services, information generated as a result of using Chapeo Credit services, and information obtained from third parties. Regardless of how we collect and use your personal information, we generally do so with your consent unless certain situations require us to collect personal information due to legal obligations or to protect your or others’ vital interests. However, we will not collect any personal information prohibited by law. You may choose not to provide certain information. If you decide not to provide certain information, it may prevent you from using or properly using some Chapeo Credit services, but this will not affect your use of other services on the platform.
We collect the following permissions:
SMS Permission
- Purpose: We collect your mobile SMS messages to identify financial SMS information to assess your cash flow. This helps us identify your bank accounts and transaction records, detect potential fraud, or prevent the illegal use of our services. You can choose to grant or deny this permission. Denying SMS permissions may affect our ability to accurately assess your risk and creditworthiness.
- Usage: Upon your consent, we collect SMS content, sending date, and sender’s phone number to identify your banking information and transaction patterns. We also gather and process your phone data, including SMS logs.
- Security: Your SMS data is encrypted using HTTPS (https://rest.chapeo.credit) and will not be shared with any third parties without your explicit consent.
Application List Permission
Purpose:
Assessing user behaviour: By analysing the types of applications installed by users, it is possible to gain a better understanding of their behavioural patterns. For example, users who have installed more financial apps may have higher credit qualifications.
Identify suspicious apps: By using the installation list, it is possible to detect the presence of known malware, fake apps or tools that may be used for fraud in the user’s device, thus improving the protection of the user’s account security.
Enhance user experience: Analysing the apps installed by users helps the platform to understand user interests and thus optimise the user experience.
Preventing multiple borrowing and lending: By collecting the lending and borrowing apps installed by users, it can identify whether users borrow frequently and prevent the risk of multiple borrowing and lending or over-indebtedness.
- Usage: We collect details such as version number, application name, installation time, last update time, and package name to prevent unauthorized access to your personal information and to enhance fraud prevention and account security.
- Security: This data is protected by HTTPS (https://rest.chapeo.credit) encryption and will not be shared with any third parties.
Phone State Permission
- Purpose: Knowing your device model allows us to optimise application performance and ensure compatibility with your device. By collecting operating system version information, we can provide targeted updates and support to ensure that the application runs properly on your device. We collect information such as your IMEI, MAC address, device ID, etc. to identify your device and, if necessary, prevent fraud.
- Usage: We collect your mobile number, IMEI, IMSI, device model, network status, and IP address.
- Security: This information is encrypted using HTTPS (https://rest.chapeo.credit) and will not be shared without your consent.
Contact List Permission
- Purpose: In the event of an emergency (e.g. account security issues or authentication needs), we may use the emergency contact information you provide to get in touch with a designated contact person to ensure your safety and continuity of service.
- Usage:
- Contact Name: Used to identify your emergency contact.
- Contact Phone Number: Used to reach the designated contact in case of emergency.
- Relationship to you: to understand your relationship to your emergency contact so that you can make more accurate decisions in the event of an emergency.
- Security: The data is encrypted with HTTPS (https://rest.chapeo.credit) and will not be shared with any third parties without your consent.
This version is tailored for inclusion in a privacy policy, ensuring that each section clearly addresses the purpose, usage, and security of the permissions requested.
Please understand that due to changes in national policies and business strategies, the functions of Chapeo Credit services may also evolve and develop. If we intend to use your personal information for any purpose not specified in this policy or for a purpose different from the original one, we will notify you reasonably (e.g., via a pop-up notification in the app) and obtain your consent before using the information.
1.1 Account Association and Login
When you use the Chapeo Credit app and Chapeo Credit services, to verify your account and enable login, Chapeo Credit will collect your personal information as agreed in the “Chapeo Credit Privacy Policy.” Please review the relevant content under the “Chapeo Credit Privacy Policy” when using the Chapeo Credit account login feature. Additionally, during your use of Chapeo Credit services, to associate your Chapeo Credit account with your activities on the platform, we will provide your phone number to Chapeo Credit for registration or verification purposes. We will also collect your account information, including your phone number, IP address, and risk assessment results of your account, to provide account login services and ensure account security. If you do not provide this information, you will not be able to log in or use Chapeo Credit services normally. For any issues arising from using Chapeo Credit services, please contact Chapeo Credit customer service at +254 (0)717286320. For more details on the rights and responsibilities associated with registering or using a Chapeo Credit account, please read the “Chapeo Credit Privacy Policy” carefully.
1.2 Financial Products and/or Services (Including Credit Products and Investment Services)
1.2.1 Real-Name Verification
When using Chapeo Credit services, for real-name verification and to assist financial institutions in anti-money laundering efforts, you need to provide us with your real name, gender, nationality, occupation, residence or occupation information, emergency contact information, identification number, and payment account information in addition to the information provided during registration to complete identity verification and bank account binding. If you choose to log in using your Chapeo Credit account, the name and ID information provided to Chapeo Credit will be linked with your Chapeo Credit account. We will also collect the name, ID number, and phone number linked to your account for identity verification. When performing significant account operations (e.g., account cancellation or unfreezing), to confirm it is you, we may request a photo of you holding your identification document.
To verify the accuracy and completeness of the information provided and ensure account security, we may cross-verify your identity information with authorized state agencies or financial institutions. If you do not provide the necessary personal information for identity verification, we will be unable to offer you loan services under the platform’s loan agreement.
1.2.2 Credit Assessment and Risk Evaluation
When using our credit products or services, to accurately assess your risk level, credit eligibility, and repayment capability and to better manage business risks, you need to provide or authorize us to collect your education, occupation, income, marital status, call records (only for credit products or services), device information, and emergency or frequently used contact information (only for credit products or services). For this purpose, we may require you to enable access to your contacts, SMS, and phone permissions. We may also query or verify your personal information or processed de-identified information from our affiliates (including but not limited to Chapeo Credit) and other third-party institutions to reflect your qualifications, creditworthiness, and repayment ability.
1.2.3 Transaction Records
When using financial products and/or services, to facilitate future account reconciliation or operations (such as loan repayment), we will, within the scope permitted by laws and regulations, collect/record your transaction information related to Chapeo Credit services during your use of Chapeo Credit services, including loan information, repayment information, and settlement information, stored on the platform or with specific product or service providers.
1.3 Risk Management
When you need to review account settings and rights information, we will provide information review services. To ensure the security of these review activities, you agree and authorize us to collect commonly used device information (including device brand, device model, device screen specifications, operating system version, unique device identifiers, OPEN UDID, IDFA, device location information, device connection information) during your use of Chapeo Credit services to determine whether the review activities are initiated from the same device.
To obtain your IDFA information, we need to access your device’s UserTracking permissions.
To ensure the safe and stable operation of the services we provide to you, prevent transaction and fund risks, conduct device risk environment detection, and provide application protection functions and services, we will collect your device application installation list information and other device information (including device sensor status).
1.4 Marketing Services and Others
To make your service experience more convenient, smooth, and targeted, we may collect your device information (including MAC address, unique device identifier, IDFA, OAID, IP address), browsing information, interest information, network behavior information, account operation records, and/or device information, account information, network behavior information, profile information, transaction information, and account operation records retained on our affiliates’ (including but not limited to Chapeo Credit) websites, apps, and other platforms that reflect your status. We may combine de-identified personal information from one service with de-identified personal information from another service or process it through a model to conduct data analysis and form user profiles, enabling us to recommend products and/or services that are more suitable for you.
We may make marketing calls to you or send marketing activity information. If you do not wish to receive our marketing calls or activity information, you can contact our customer service at +254 (0)717286320. After you cancel the marketing service, we will stop collecting and using your personal information based on marketing services.
1.5 Rules for Using Your Personal Information
- We will use your personal information to achieve the Chapeo Credit services as agreed in this policy. When we need to use your personal information for other purposes not specified in this policy, we will seek your consent again following the relevant laws, regulations, and national standards.
- We will only collect and use the minimum necessary personal information needed to operate specific business functions at a reasonable frequency.
- We will de-identify your personal information through technical means, and de-identified information will not be able to identify specific individuals. Please understand and agree that we may analyze, process, or statistically aggregate de-identified information and may share these statistics with third parties or the public. However, these statistics will not include any of your personal information.
- If you have any confusion or objections regarding how we use and process your information, you can provide feedback using the contact information provided in Section IX, “How to Contact Us,” of this policy. If we violate the provisions of laws and regulations in this process and cause you any loss, we will bear the corresponding liability arising therefrom.
1.6 Exceptions to Authorized Consent
According to relevant laws and regulations, in the following situations, we may collect and use the necessary personal information without your consent:
- Related to our obligations under laws and regulations;
- Directly related to national security and defense security;
- Directly related to public safety, public health, and major public interests;
- Directly related to criminal investigation, prosecution, trial, and judgment enforcement;
- To protect your or others’ significant legal rights such as life and property when it is difficult to obtain consent;
- Personal information disclosed by you to the public on your initiative;
- Necessary for signing and performing contracts based on your request;
- Personal information collected from legally publicly available information, such as legal news reports, government information disclosure, etc.;
- Necessary for maintaining the safe and stable operation of our products and/or services, such as detecting and addressing product or service failures;
- Other circumstances as stipulated by laws and regulations.
Here’s the translation of the section “II. How We Use Cookies and Similar Technologies” from the “Chapeo Credit Personal Information Protection Policy”:
How We Use Cookies and Similar Technologies
When you use our services, to ensure the proper functioning of the website, we may store small data files called cookies on your computer or mobile device. Cookies typically contain identifiers, site names, and some numbers and characters. The main function of cookies is to facilitate your use of Chapeo Credit services and help the website count the number of unique visitors. By using cookie technology, we can provide you with more thoughtful, personalized services and allow you to set specific service options.
When you use Chapeo Credit services, cookies will be sent to your device. When you interact with services provided to partners (such as advertising and/or promotional services, or Chapeo Credit services that may appear on other websites), we allow cookies (or other anonymous identifiers) to be sent to our servers.
We will not use cookies for any purpose other than those described in this policy. You can manage or delete cookies according to your preferences. You can clear all cookies stored on your computer, and most web browsers have features that block cookies. However, if you do so, you will need to manually change user settings every time you visit our website, and you may be unable to log in or use services or functions provided by Chapeo Credit that rely on cookies.
Here’s the translation of the section “III. How We Share, Transfer, and Disclose Your Personal Information” from the “Chapeo Credit Personal Information Protection Policy”:
How We Share, Transfer, and Disclose Your Personal Information
3.1 Sharing
We will not share your personal information with any company, organization, or individual, except in the following situations:
With Your Explicit Authorization or Consent: We will share your personal information with relevant parties after obtaining your explicit consent. The scope and purpose of sharing personal information will be explained when your authorization or consent is obtained.
Sharing as Required by Law: We may share your personal information in accordance with applicable laws, regulations, legal processes, judicial rulings, mandatory government orders, or industry self-regulation requirements. The scope of shared personal information will be determined according to the requirements of the law and relevant administrative or judicial departments.
Protecting Interests and Safety: Within the limits of the law, we may provide your personal information to third parties if it is necessary to protect our interests, your interests, or public safety, except where explicitly prohibited by law.
Mergers, Acquisitions, and Capital Market Activities: In the event of a merger, acquisition, or other capital market activities involving Chapeo Credit, or in other circumstances where Chapeo Credit is subject to due diligence by another entity, you agree that we may provide your information to necessary entities (such as external professional intermediaries like auditors or legal institutions) based on business needs. We will require these entities to take confidentiality measures equivalent to those in this policy and to delete your information within a reasonable period after the necessary work is completed.
Sharing with Our Affiliated Companies: Your personal information may be shared within our affiliated companies (as defined in Appendix 1). We will only share your personal information with our affiliated companies within the necessary scope for the purposes described in this policy:
- Some products or services may be provided by affiliated companies or jointly by us and affiliated companies (e.g., account login, payment services). Therefore, only by sharing your personal information can we provide the products or services you need.
- With your explicit consent, we will share your personal information with affiliated companies within the authorized scope as permitted by law and not contrary to public order and good morals. We will require affiliated companies that share your personal information to store and process it as agreed in this policy. Before sharing information, we will conduct a reasonable commercial review to assess the legality, legitimacy, and necessity of sharing your personal information and urge the relevant parties to process your information according to legal and regulatory requirements. If our affiliated companies change the purpose of processing personal information, they will seek your explicit consent again.
Sharing with the Public: To improve our products and/or services and those of our affiliated companies and third-party partners, we may conduct statistical analysis on product usage. We may share these statistics with the public to show overall usage trends of our services, but these statistics will not contain any identifiable information about you.
Sharing with Third-Party Partners: Certain products and/or services on the platform will be provided by our suppliers and partners (collectively referred to as “third-party partners”). For this purpose, we may share your relevant personal information with third-party partners to provide specific products or services to you.
We will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes and only share the personal information necessary to provide services. We will also sign strict confidentiality agreements, data processing agreements, and other relevant agreements with third-party partners, requiring them to process your personal information strictly according to our instructions, this policy, and other relevant confidentiality and security requirements. We will also ensure compliance with legal and regulatory requirements by conducting technical inspections and security audits. We will require our third-party partners not to use the shared personal information for any other purpose than those outlined in this policy.
We may obtain your authorization and consent through pop-up windows, which will form an effective part of this policy. If you refuse to allow us to share your necessary personal information with third-party partners for service provision, it may result in you being unable to use the services provided by these third-party partners, but it will not affect your use of other services on the platform.
3.2 Transfer
We will not transfer your personal information to external parties, except in the following situations:
- With your prior explicit authorization or consent;
- When required by applicable laws, regulations, industry standards, legal processes, or mandatory administrative or judicial requirements;
- If we or our affiliated companies are involved in mergers, divisions, liquidations, acquisitions, or sales of assets or businesses, your personal information may be transferred as part of such transactions. We will ensure the confidentiality of the information during the transfer and require the new company or organization holding your personal information to continue being bound by this policy, or we will require that company or organization to seek your authorization and consent again.
3.3 Public Disclosure
We will not publicly disclose your personal information unless we obtain your explicit consent.
In cases where disclosure is required by law, legal processes, litigation, or mandatory requests from government authorities, we may disclose your personal information to competent authorities. However, we guarantee that in such cases, we will require the requesting party to provide valid legal documents and will ensure that the disclosed information is protected with security measures in compliance with legal and industry standards.
3.4 Exceptions to Obtaining Authorization and Consent for Sharing, Transferring, or Publicly Disclosing Personal Information
According to relevant laws and regulations, we may share, transfer, or publicly disclose your personal information without obtaining your authorization and consent under the following circumstances:
- When related to the fulfillment of our obligations under laws and regulations;
- When directly related to national security or national defense;
- When directly related to public safety, public health, or significant public interests;
- When directly related to criminal investigations, prosecutions, trials, or the execution of judgments;
- When it is necessary to protect your or other individuals’ vital legal rights and interests, such as life and property, it is difficult to obtain your consent;
- When the personal information has been publicly disclosed by yourself;
- When personal information is collected from legally publicly disclosed information, such as legal news reports, government information disclosure, etc.
4. How We Store Your Personal Information
To comply with laws, regulations, and regulatory requirements, and to facilitate your access to related transaction records and other personal information, we will retain the necessary information that you provide or generate during the application or use of Chapeo Credit services. We will use physical or logical isolation mechanisms to store your general personal information separately from sensitive personal information. For sensitive personal information, we will implement special protection measures such as encryption.
4.1 Storage Location
The personal information we collect and generate within Kenya will be stored in Kenya. If, in the future, some services involve cross-border operations requiring the transmission of your personal information to overseas institutions, we will comply with laws, regulations, and the requirements of relevant regulatory authorities. We will conduct a security assessment in advance, inform you of the purpose of the transfer, the types of personal information involved, the identity and data security capabilities of the recipient, and any potential security risks. We will seek your consent and define the obligations and responsibilities of all parties through agreements, supervision, inspection, and security audits, requiring the overseas institution to keep the obtained personal information confidential.
4.2 Storage Duration
Unless otherwise required by laws and regulations, we will retain your personal information for the shortest necessary period to achieve the purposes described in this policy, which is five years from the date you terminate the business relationship. However, if there are judicial investigations or anti-money laundering investigations, we will extend the retention period until the relevant investigations are concluded. Once your personal information exceeds the retention period, we will delete or anonymize your personal information.
5. How We Protect Your Personal Information
The security of your personal information is crucial to us. We strictly comply with relevant laws and regulations and take industry-recognized, reasonable, and feasible security measures to protect your personal information. This is done to prevent unauthorized access, disclosure, use, modification, damage, or loss of information.
5.1 Technical Measures and Data Security Measures
- We strive to adopt various physical, electronic, and administrative security measures that meet industry standards to protect the security of your personal information. These measures include SSL/application layer encryption technology, HTTPS two-way authentication technology, digital signatures, SHA256 desensitization technology, and more, to prevent personal information from being leaked, damaged, or lost during collection, storage, and transmission. We will inform you of the purposes and scope of information use through the user agreement and this policy.
- We actively establish data classification and grading systems, data security management standards, and data security development standards to manage and regulate the storage and use of personal information, ensuring that no personal information unrelated to the services we provide is collected.
- We provide data security awareness training and safety capability assessments for our employees to enhance their understanding of the importance of protecting personal information. We deploy access control mechanisms, authenticate and control the access rights of employees handling personal information. We sign confidentiality agreements with information handlers and partner institutions, clearly defining job responsibilities and conduct guidelines, ensuring that only authorized personnel can access personal information. Any violation of confidentiality agreements will be subject to accountability. We also implement comprehensive security controls through monitoring and auditing mechanisms to fulfill approval and control measures for personal information access, preventing unauthorized access, disclosure, use, modification, damage, or loss of your personal information.
- We conduct regular data security capability assessments and information security risk assessments to ensure that the security protection system remains in a sound state.
- We have established a dedicated team responsible for the research, development, and application of various security technologies and procedures. We conduct security background checks on security management personnel and key security positions. We have established comprehensive information security management systems and internal security incident response mechanisms. We will take reasonable and feasible security measures and technical means that meet industry standards to store and protect your personal information, preventing its loss, unauthorized access, public disclosure, use, modification, destruction, loss, or leakage. We will take all reasonable and feasible measures to protect your personal information. We will use encryption technology to ensure data confidentiality and reliable protection mechanisms to prevent malicious attacks on data.
- We remind you to note that the internet is not an absolutely secure environment. When you interact with other users via email, SMS, etc., it’s uncertain whether third-party software fully encrypts the transmission of information. Please ensure the safety of your personal information, and we advise you not to send personal information via these methods to avoid information leakage. Please use complex passwords to help us secure your account and personal information.
5.2 Handling Security Incidents
- We will do our best to ensure the security of any information you send to us. However, please understand that due to technical limitations and the existence of various malicious means in the internet industry, it is impossible to guarantee absolute security of information at all times. You should be aware that the systems and communication networks you use to access our services may encounter issues due to factors beyond our control. To prevent security incidents, we have developed an emergency plan for cybersecurity incidents, promptly addressing security risks such as system vulnerabilities, computer viruses, network attacks, and network intrusions. If an event occurs that endangers cybersecurity, we will immediately initiate the emergency plan and take appropriate remedial measures to minimize losses, reporting the situation to the relevant authorities as required.
- The leakage, damage, or loss of personal information is considered a major security incident at the company level. We will regularly organize workgroup members to conduct security drills to prevent such incidents. In the unfortunate event of an incident, we will initiate the emergency plan with the highest priority, forming an emergency response team with members from the security department, government relations department, legal department, and other departments. The team will trace the cause in the shortest possible time and minimize losses.
- In the unfortunate event of a personal information security incident, we will promptly inform you according to legal and regulatory requirements. We will provide you with information on the basic situation of the incident, possible impacts, measures we have taken or will take, suggestions for self-protection and risk reduction, and remedial measures for you. We will notify you of the situation promptly through your reserved contact methods, such as site notifications, SMS notifications, phone calls, emails, etc. If it is difficult to notify each person individually, we will take reasonable and effective measures to release a public announcement.
- At the same time, we will proactively report the handling of the personal information security incident to regulatory authorities and closely cooperate with government agencies. If we fail to effectively fulfill our obligation to protect personal information, resulting in damage to your legitimate rights and interests, we will bear corresponding responsibilities.
6. How We Ensure Your Rights to Manage Your Personal Information
We highly value your concern for your personal information and make every effort to protect your rights to access, correct, delete, withdraw, and deactivate your account, so you have full control over the security of your personal information. Your rights include:
6.1 Access and Correction of Your Personal Information
You have the right to access your personal information, except in situations specified by law. You can access and correct your personal information on the Chapeo Credit Finance App through the following methods:
- Home → My: Here, you can access your Chapeo Credit account settings, including checking the privacy policy, FAQ, about us, and clearing memory. You can also deactivate your account here.
- Home → My Credit Limit: Access your credit limit.
- Home → Bills: Access your transaction records.
If you cannot access this personal information through the above methods, you can contact us via customer service at +254 (0)717286320. For other personal information generated during your use of Chapeo Credit services that you may need our assistance to provide, we will do our best to meet your needs within a reasonable scope. However, to protect your information security and our legal rights, you may not access or authorize third parties to access or collect your personal information stored on the platform without our consent.
6.2 Deletion of Your Personal Information
You may request the deletion of your personal information in the following situations, and we will respond to your request:
- If we collect or use personal information in violation of laws, regulations, or agreements with you;
- If we share or transfer your personal information to third parties in violation of laws, regulations, or agreements with you, we will immediately cease such sharing or transferring actions and notify the third parties to delete it promptly;
- If we disclose your personal information in violation of laws, regulations, or agreements with you, we will immediately cease the disclosure and issue a notice requiring relevant recipients to delete the information accordingly;
- If you no longer use our products or services, or you deactivate your account, or we terminate services and operations.
You can contact customer service at +254 (0)717286320 to request the deletion of your personal information. Once your deletion request is responded to, your personal information will be promptly deleted unless required to be retained by law or regulations. When you delete information from our services, we may not immediately remove the information from our backup systems but will delete it during the next backup update.
6.3 Restriction of our processing of your data
You have the right to ask us to restrict the processing of your personal data in certain circumstances. These circumstances include, but are not limited to:
- You challenge the accuracy of the data and ask us to restrict the processing for the duration of the verification;
- The data processing is unlawful, but you object to the deletion of the data and request that its use be restricted;
- We no longer need your personal data for the purposes of processing, but you need the data to establish, exercise or defend legal rights;
- You have objected to data processing, but we need to verify whether there are legitimate grounds for overriding your rights.
During the period in which you request the restriction of processing, we will continue to process your data only with your consent or for the establishment, exercise or defence of legal rights or the protection of the rights of others.
6.4 Objection to the processing of your personal data
You have the right to object to our processing of your personal data in specific circumstances, including:
- You have the right to object on the basis of your particular situation when the data processing is based on our legitimate interests or public interest tasks;
- You have the right to object at any time if we are processing your data on the basis of direct marketing purposes.
Once you have objected, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for continuing to process your data which override your interests, rights and freedoms or the data is processed for the establishment, exercise or defence of legal rights.
6.5 Withdraw your consent at any time
If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal. You can withdraw your consent in the following ways:
- Contacting our customer support team;
- Visiting our privacy settings page;
- By email or other channels we provide.
Withdrawing consent may affect some of the services we provide to you, but we will endeavour to ensure that you can still enjoy the core features and services.
6.6Changing the Scope of Your Authorization and Consent
Please understand that each business function usually requires enabling certain permissions and collecting necessary personal information to operate. For the management of your personal information collection, usage, and device permissions, you can request to withdraw consent or delete it through your device system settings or by contacting customer service at +254 (0)717286320. You can also operate to delete the information or stop using the corresponding service through the methods provided in this policy.
When you withdraw consent or authorization, we will no longer be able to provide you with the services corresponding to the withdrawn consent or authorization and will no longer process your related personal information. However, your decision to withdraw consent or authorization will not affect the processing of personal information previously carried out based on your consent or authorization.
6.7 Deactivating the Chapeo Credit Finance Function
Please understand that the Chapeo Credit Finance function is linked to the payment account you opened with Chapeo Credit Wallet. If you wish to deactivate the Chapeo Credit Finance function, you need to deactivate your payment account as well. You can access the Chapeo Credit App via Chapeo Credit Home → My → Settings → Account Deactivation and follow the relevant prompts to proceed. Deactivating the above accounts is irreversible, and we will stop providing you with Chapeo Credit services, no longer collect your personal information, and delete or anonymize your account-related personal information upon your request, except where laws, regulations, or regulatory bodies have specific retention requirements.
To protect your or others’ legitimate rights and interests, we need to verify your identity when you submit a deactivation request. We will also assess whether your deactivation request is supported, considering your usage of the platform’s products and/or services (e.g., whether there are any pending loans or unresolved disputes). However, we will not impose unnecessary or unreasonable conditions or barriers to your deactivation request.
6.8 Obtaining a Copy of Your Personal Information
In accordance with laws, regulations, and relevant national standards, you have the right to obtain a copy of your basic personal information and identity information. You can contact us via customer service at +254 (0)717286320.
6.9 Advance Notification of Product and/or Service Discontinuation
We are committed to being with you, but if special circumstances force us to discontinue products and/or services on the platform, we will notify you via the main page of the product and/or service, or through in-app messages, emails, or other appropriate methods as required by law. We will stop collecting your personal information and delete or anonymize the personal information we hold in accordance with legal requirements.
6.10 Responding to Your Requests
To ensure security, we may require you to verify your identity before processing your request. You may need to submit a written request or provide other means of verifying your identity. For all reasonable requests under this section, we will, in principle, complete the verification and processing within 15 working days of receiving your request and verifying your user identity.
For reasonable requests, we generally do not charge fees. However, for repeated or excessive requests, we may charge a fee based on the situation. We may refuse requests that are unreasonable, require excessive technical means (e.g., developing a new system or fundamentally changing existing practices), pose risks to others’ legitimate rights, or are highly impractical.
In the following circumstances, as required by laws and regulations, we will not be able to respond to your requests:
- Related to fulfilling our legal obligations;
- Directly related to national security or defense security;
- Directly related to public safety, public health, or major public interests;
- Directly related to criminal investigations, prosecutions, trials, or enforcement of judgments;
- If we have sufficient evidence to show that you have subjective malice or are abusing your rights (e.g., your request endangers public safety and others’ legitimate rights, or your request exceeds the scope of what can be covered by general technical means and business costs);
- For the protection of the significant legitimate rights and interests of the personal information subject or others, but it is difficult to obtain your consent;
- Responding to your request would cause serious damage to your or other individuals’ or organizations’ legitimate rights;
- Involves trade secrets;
- Other situations stipulated by laws and regulations.
If you have further requirements regarding your data subject rights or have any questions, opinions, or suggestions, you can contact us using the methods described in this policy to exercise your related rights.
7. Protection of Minors’ Information
We place great importance on protecting the information of minors. You understand and agree that we only provide Chapeo Credit services to individuals who are fully capable of exercising civil rights and performing civil acts according to the law, and who can independently assume civil responsibilities. If you are a minor under the age of 18, we will not provide services to you (except for limited browsing under non-registered circumstances).
We recommend that you carefully read the specific personal information protection policies, and we will also fulfill the necessary review obligations. Additionally, we commit to ensuring the confidentiality and security of information for minor users according to relevant national laws, regulations, and this policy. If we find that we have collected personal information from a minor without obtaining verifiable consent from their parent or legal guardian in advance, we will take necessary steps to promptly delete the relevant information.
If you are a guardian of a minor and notice that the minor under your guardianship is using our platform’s products and/or services or has independently provided us with personal information, please contact us promptly.
8. Complaints and Contacts
If you have any questions or complaints about our privacy policy, or wish to exercise your rights, please contact us at:
- Email address: cs.help@chapeo.credit
- Telephone Number: +254 (0)717286320
- Company address: P.O BOX 12143-00400 NAIROBI,KENYA
9 . How We Update and Modify This Policy
To provide you with better services and to meet the needs of business development, we reserve the right to update this policy from time to time. Without your explicit consent, we will not reduce the rights you are entitled to under this policy. If this policy is updated, we will notify you through reasonable means (including but not limited to pop-up prompts, prominent notices on pages, app push notifications, sending you emails/SMS, or announcements on the Chapeo Credit official website) to ensure that you are promptly informed of any changes to this policy.
For significant changes, depending on the circumstances, we may provide more prominent notices explaining the specific changes in this policy. Please note that only after you reauthorize will we collect, use, share, and store your personal information according to the updated personal information protection policy. Significant changes include but are not limited to:
- Major changes in our service model and business forms, such as changes in the purpose of processing personal information, the type of personal information processed, or the way personal information is used;
- Major changes in our ownership structure or organizational structure, such as changes in ownership due to business adjustments, bankruptcy, mergers, etc.;
- Changes in the primary recipients of personal information sharing, transfer, or public disclosure;
- Significant changes in your rights regarding personal information processing and how you exercise those rights;
- Changes in the contact information or complaint channels responsible for handling personal information security;
- When the personal information security impact assessment report indicates high risks.
If you continue to use Chapeo Credit services after this policy is updated, it will be deemed that you have fully read and accepted the modifications to the relevant terms of this policy. If there is any inconsistency or conflict between the terms of this policy and any personal information protection and authorization terms stipulated in the service agreements adopted by the platform, the relevant terms of this policy shall prevail. You can view this policy on the Chapeo Credit official website. We encourage you to review the personal information protection policy each time you use Chapeo Credit services. We will also archive the old versions of the personal information protection policy, and you can contact us through the channels provided by the Chapeo Credit app to review them.
Here’s the translation for Appendix 1: Definition of Key Terms:
Appendix 1: Definition of Key Terms
The specific terms used in this policy have the following meanings:
- “We” or “Chapeo Credit”: Refers to Chapeo Capital Co., Ltd.
- “You”: Refers to the registered user of Chapeo Credit.
- “Control”: Refers to the ability to directly or indirectly influence the management of the mentioned company, whether through ownership, voting shares, contracts, or other legally recognized means.
- “Third-Party Partners”: Refers to legal entities and other forms of economic organizations that provide services and/or products to users through the Chapeo Credit Financial App, excluding affiliates of Chapeo Credit.
- “Personal Information”: Refers to various information recorded electronically or otherwise that can identify a specific natural person either alone or in combination with other information, or reflect the activities of a specific natural person. Personal information includes basic personal information, personal identity information, personal biometric information, online identity information, personal health and physiological information, personal education and work information, personal property information, personal communication information, contact information, personal internet records, personal device information, personal location information, etc. For the avoidance of doubt, personal information includes but is not limited to personal sensitive information.
- “Personal Information Subject”: Refers to the natural person identified by the personal information.
- “Personal Sensitive Information”: Refers to personal information that, if leaked, illegally provided, or misused, may endanger personal and property safety, easily lead to damage to personal reputation, mental and physical health, or discriminatory treatment.
- “Device Information”: Device information can be categorized into device attribute information, device location information, device connection information, and device status information. Device attribute information refers to the software and hardware characteristics of the user’s terminal device when accessing the Chapeo Credit platform, such as the device brand and model, device screen specifications, operating system version, device settings, and unique device identifiers. Device location information refers to the geographical location information obtained through the user’s terminal device when accessing the Chapeo Credit platform, such as location information obtained via GPS, Bluetooth, or WiFi signals. Device connection information refers to the IP address displayed when the user accesses the Chapeo Credit platform using a terminal device, browser type, telecommunications operator, applicable language, and the date and time of access. Device status information refers to the sensor data of the device, the application installation list (Applist) information of the device when accessing the Chapeo Credit platform.
- “De-identification”: Refers to the process of technically processing personal information so that it cannot identify the personal information subject without the help of additional information.
- “Anonymization”: Refers to the process of technically processing personal information so that the personal information subject cannot be identified, and the processed information cannot be restored.