INTERNET BANKING

Need Help?

Privacy Policy

NCBA GROUP PLC (including direct and indirect subsidiaries) respects your privacy and is committed to protecting your personal data. This privacy policy (and any other documents referred to on it) sets out the basis on which any personal data we collect from you, that you provide to us, or that is otherwise made available to us will be processed by us.

PRIVACY POLICY

NCBA GROUP PLC (including direct and indirect subsidiaries) respects your privacy and is committed to
protecting your personal data. This Privacy Policy (and any other documents referred to on it) sets out the basis on
which any personal data we collect from you, that you provide to us, or that is otherwise made available to us will be
processed by us.

This Privacy Policy will inform you as to how we look after your personal data when you hold an account with us, use our
products or services, or visit our website (regardless of where you visit it from) and tell you about your privacy
rights and how the law protects you. Please read the following carefully to understand our views and practices regarding
your personal data and how we will treat it.

This Privacy Policy may be amended or updated from time to time to reflect changes in our practices with respect to the
processing of personal data, or changes in applicable law. It is important that you read this Privacy Policy together
with our terms and conditions, and any other policies and notices we may provide on specific occasions when we are
collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This
Privacy Policy supplements other notices and related policies and is not intended to override them.

 

    1. DEFINITIONS AND INTERPRETATION.
    2. THE DATA WE COLLECT.
    3. HOW YOUR PERSONAL DATA IS COLLECTED.
    4. HOW WE USE YOUR PERSONAL DATA.
    5. MARKETING.
    6. HOW WE USE “COOKIES” ON OUR WEBSITE.
    7. THE USE OF HYPERLINKS.
    8. CHANGE OF PURPOSE.
    9. DISCLOSURE OF PERSONAL INFORMATION
    10. TRANSFER OF YOUR PERSONAL DATA OUTSIDE KENYA
    11. HOW WE KEEP YOUR INFORMATION SECURE.
    12. HOW LONG WE SHALL RETAIN YOUR PERSONAL DATA.
    13. DATA SUBJECT’S RIGHTS
    14. COLLECTION OF PERSONAL DATA ON CHILDREN
    15. INTERNAL COMPLAINT HANDLING PROCEDURE
    16. NON-COMPLIANCE WITH THE PRIVACY POLICY.
    17. CHANGES TO THIS PRIVACY POLICY.
    18. HOW TO CONTACT US

 

  1. DEFINITIONS AND INTERPRETATION
    • For the purposes of this Privacy Policy, the following definitions apply:
      • “Applicable Law” means the Constitution of the Republic of Kenya, all Acts of
        Parliament including regulations, rules, guidelines, guidance notes issued pursuant to any Act
        of Parliament, legislative and regulatory requirements, and codes of practice applicable to the
        processing of personal data and/or applicable to a data controller or data processor as may be
        amended from time to time;
      • “Personal Data” means any information relating to an identified or identifiable
        natural person (hereinafter “Data Subject”). For clarity, an identifiable
        person is one who can be identified, directly or indirectly, in particular by reference to an
        identifier such as a name, an identification number, location data, an online identifier, or to
        one or more factors specific to the physical, physiological, genetic, mental, economic,
        cultural, or social identity of such a natural person;
      • “Controller”  means the natural or legal person, authority, organization or
        other agency that makes decisions individually or together with other parties regarding the
        purposes and means for processing personal data;
      • “NCBA GROUP PLC”  includes all the subsidiaries and affiliates of NCBA Group
        PLC (hereafter referred to as “NCBA”, “we”, “us” or “our”);
      • “Processing” means an operation or activity or set of operations or activities
        performed on personal data whether or not by automated means;
      • “Processor” is a natural or legal person, authority, organization or other
        agency that processes Personal Data on behalf of the Controller.
      • “Sub-processor” is the contractual partner of the Processor, engaged to carry
        out specific processing activities on behalf of the Processor;
      • “Third Party” means a natural or legal person, public authority, agency or body
        other than the Data Subject, Controller, Processor, Sub-processor, and persons who, under the
        direct authority of the Controller, Processor or Sub-processor, are authorized to process
        Personal Data;
      • “Website” means the website of NCBA which is accessible through [ncbagroup.com];
      • “Online and Mobile Banking Services”  means the services we offer on our online
        and mobile platforms;
    • In addition to the definitions above, unless the context requires otherwise:
      • Definitions of terms in our general terms and conditions shall be applicable to this Policy;
      • The singular shall include the plural and vice versa; and
      • A reference to any one gender, whether masculine, feminine or neuter, includes the other; and
      • All the headings and sub-headings in this policy are for convenience only and are not to be
        taken into account for the purposes of interpreting it.
  1. THE DATA WE COLLECT
    • We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped
      as follows:

      • Identity data which includes name, username or similar identifier, Identity card/Passport
        number, PIN number, photo, marital status, property details, family details including names of
        your children and parents, fingerprints, race, nationality, ethnic or social origin, color, age,
        title, date of birth and gender, and any other similar information;
      • Contact data which includes billing address, postal address, physical address, email address and
        telephone numbers;
      • Financial data which includes any bank account details, card payment details and other
        electronic or non-electronic payment details;
      • Transaction data which includes details about payments to and from you and other details of
        products and services you have acquired from us;
      • Technical data which includes internet protocol (IP) address, your login identity data, browser
        type and version, time zone setting and location, browser plug-in types and versions, device
        information, operating system and platform, and other technology on the devices you use to
        access our systems;
      • Profile data which includes your profile identification information, purchases or orders made by
        you, your interests, preferences, feedback and survey responses;
      • Usage data which includes information about how you use our website, products and services;
      • Marketing and communications data which includes your preferences in receiving marketing
        information from us and our third parties and your communication preferences;
      • Visitors’ personal information/identification details on our premises;
      • Biometric data such as fingerprints, images, voice and other similar information, surveillance
        footage by CCTV cameras on our premises;
      • Employment information such as employment history and educational background.
    • We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data
      could be derived from your personal data but is not considered personal data in law as this data will
      not directly or indirectly reveal your identity. For example, we may aggregate your usage data to
      calculate the percentage of users accessing a specific website feature. However, if we combine or
      connect aggregated data with your personal data so that it can directly or indirectly identify you, we
      treat the combined data as personal data which will be used in accordance with this Privacy Policy.
    • Minor’s personal information is not collected/processed unless with the consent of a legal guardian or
      parent.
  1. HOW YOUR PERSONAL DATA IS COLLECTED
    • We will collect and process data about you from the following sources:
      • Information you give us: This is information about you that you give us by filling in forms that we
        give to you
        or by corresponding with us by phone, e-mail or otherwise. We use different methods to collect data
        from and
        about you including through direct interactions. This includes the personal data you provide when
        you

        • Apply for or use our products or services;
        • Open an account(s) with us;
        • Subscribe to our services or publications;
        • Request marketing information to be sent to you;
        • Enter a competition, promotion or survey;
        • Give us feedback or contact us;
        • Use NCBA guest/ visitor’s Wi-Fi on our premises; or
        • Pay using our services.
      • Information we collect about you: With regard to each of your user visits to our Website and your
        use of the
        Online and Mobile Banking Services we will automatically collect the following information:

        • Technical information, including the Internet protocol (IP) address used to connect your
          computer or
          mobile phone to the Internet, your login information, browser type and version, time zone
          setting,
          browser plug-in types and versions, operating system and platform. We collect this personal
          data by
          using cookies, server logs and other similar technologies. We may also receive technical
          data about you
          if you visit other websites employing our cookies;
        • Information about your visit, including the full Uniform Resource Locators (URL),
          clickstream to,
          through and from our site (including date and time), products you viewed or searched for
          page response
          times, download errors, length of visits to certain pages, page interaction information
          (such as
          scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone
          number used
          to call our customer service number; and
      • Information we receive from other sources:
        • We receive your Personal Data from third parties who provide it to us. We will receive
          Personal Data
          about you from various third parties to whom you have consented and public sources including
          but not
          limited to: companies registry, lands registry and other government registries; service
          providers we
          interact or integrate with now or in the future; Integrated Personal Registration Systems,
          Kenya Revenue
          Authority and the National Transport and Safety Authority database.
        • We may collect information about you from other publicly accessible sources not listed
          above. We may
          also collect information about you from trusted partners, not listed above, who provide us
          with
          information about potential customers of our products and services;
        • We receive your Personal Data from third parties, where you purchase any of our products or
          services
          through such third parties; and
        • We collect Personal Data that you manifestly choose to make public, including via social
          media (e.g., we
          may collect information from your social media profile(s), to the extent that you choose to
          make your
          profile publicly visible.
      • Our Website may include links to third-party websites, plug-ins, cookies and applications. Clicking
        on those
        links or enabling those connections may allow third parties to collect or share data about you. We
        do not
        control these third-party websites or influence the data collected and are not responsible for their
        privacy
        policies. When you leave our Website, we encourage you to read the privacy policy of every website
        you visit and
        understand your rights therein.
      • When you visit one of our branches or facilities (hereinafter premises), your image may be captured
        via one or
        more closed circuit television (CCTV) cameras located within the premises. These images are
        collected mainly to
        help us address security issues. The images may be used in the event of an incident occurring in one
        of our
        premises and may help to clarify what happened. Our use of CCTV relies on the lawful basis of
        legitimate
        interest to prevent crime and protect our employees, users and customers.
      • It is important that the Personal Data we hold about you is accurate and current. Please keep us
        informed if
        your personal data changes during your relationship with us. If case you wish to correct or update
        your Personal
        Data that we hold, you may do so by visiting us at any of our branches or writing to us at contact@ncbagroup.com
  1. HOW WE USE YOUR PERSONAL DATA
    • We will only use your Personal Data where we have your consent or a legal basis to process the same.
      Most commonly, we will use your Personal Data in the following circumstances:

      • Where we need to undertake certain processes in order to enter an agreement with you, and where
        we need to perform the agreement we have entered with you;
      • Where it is necessary for our legitimate interests (or those of a third party) and your
        interests and fundamental rights do not override those interests. Legitimate Interest means the
        interest of our business in conducting and managing our business to enable us to give you the
        best service or product and the best and most secure experience. We make sure we consider and
        balance any potential impact on you (both positive and negative) and your rights before we
        process your personal data for our legitimate interests; and/or
      • Where we need to comply with a legal obligation.
    • We have set out below, in a table format, a description of all the ways we plan to use your Personal
      Data and the basis we rely on to do so. We have also identified what our legitimate interests are where
      appropriate. Note that we may process your Personal Data for more than one lawful ground depending on
      the specific purpose for which we are using your data.
How we use your Personal Data Lawful Basis for Processing Your Personal Data
Registration and On-boarding Compliance with a legal obligation

Processing is necessary for the performance of our contractual obligations to you or to take steps to
enter into an agreement with you.

Our legitimate interests in operating our business and providing banking services to you

We have obtained your prior consent to the use and processing of your Personal Data.

Provision of the Banking Services (including processing transactions and operation of accounts) Compliance with a legal obligation

Processing is necessary for the performance of our contractual obligations to you

Our legitimate interests in operating our business and providing banking services to you

KYC, Fraud and Crime Prevention; Compliance with a legal obligation

Our legitimate interests in operating our business and providing banking services to you

Business Operation and Maintenance (including operation of the Bank’s website and other platforms,
troubleshooting, incident management, data analysis, product and system testing, system maintenance,
support, reporting etc.)
Our legitimate interests in operating our business and providing banking services to you
Customer Relationship Management (including notifying the client about their use of the Bank’s products
and services and any changes to applicable Terms and Conditions; responding to customer enquiries,
correspondence, technical support requests and complaints handling etc.)
Processing is necessary for the performance of our contractual obligations to you or to take steps to
enter into an agreement with youOur legitimate interests in operating our business and providing banking
services to youWe have obtained your prior consent to the use and processing of your Personal Data.
Business Development (including data analytics to improve our website, API, products, services, customer
relationships and experiences etc.)
Our legitimate interests in operating our business and providing banking services to you

We have obtained your prior consent to the use and processing of your Personal Data.

Business Management (including preparing financial records, audits, testing, compliance with our
regulatory reporting and other corporate governance requirements.
Compliance with a legal obligation

Our legitimate interests in operating our business and providing our services to you

Marketing (including marketing of our products & services and recommendations of other products
& services, promotions, campaigns etc.)
Our legitimate interests in operating our business and providing banking services to you

We have obtained your prior consent to the use and processing of your Personal Data.

 

  • We may collect special categories of Personal Data about you (this includes details about your race or
    ethnicity, trade union membership, next of kin or family details, information about your health, criminal
    convictions and offences and biometric data.)
How we use your special category data Basis for processing your special category data
For Know Your Customer (KYC) formalities;

To carry out verification, anti-money laundering and sanctions checks;

To detect, monitor, investigate and report fraud and criminal activity;

To manage security, risk and crime prevention for us and our customers by way of ongoing due diligence,
monitoring and screening

We have obtained your prior consent to the use and processing of your special category data.

We have a legitimate interest in carrying out the processing for the purpose of providing products and
services to you.

The processing of your special category data is necessary for compliance with legal and regulatory
obligations.

The processing of the special category data is vital in protecting public interests.

 

We may use your medical information to manage our services and products to you e.g. to apply for
quotations for an insurance product, postpone your debt repayments etc.
The processing of the special category data is vital in protecting public interests.

The processing is necessary to protect the vital interests of any individual.

We have obtained your prior consent to the use and processing of your special category data.

 

  1. MARKETING
    • We strive to provide you with choices regarding certain personal data uses, particularly around
      marketing and advertising. We have established the following personal data control mechanisms;

      • Promotional offers from us: We may use your identity, contact, technical, usage and profile data
        to form a view on what we think you may want or need, or what may be of interest to you. This is
        how we decide which products, services and offers may be relevant to you. You will receive
        marketing communication from us if you have requested information or used our products and
        services and have not opted out of receiving such information.
      • Third-party marketing: we may share your Personal Data with any third party for marketing
        purposes where we believe that the marketing information from such third parties will be
        relevant to you and where we have obtained your prior consent.
    • Opting Out
      • You can ask us or third parties to stop sending you marketing messages at any time by writing to
        us or logging into the relevant website and checking or unchecking relevant boxes to adjust your
        marketing preferences or by following the opt-out links on any marketing message sent to you or
        by contacting us at any time through the provided contacts.
      • Where you opt-out of receiving these marketing messages, this will not apply to Personal Data
        provided to us as a result of product or service subscribed to, warranty registration, product
        or service experience or other transactions.
  1. HOW WE USE “Cookies” ON OUR WEBSITE
    • We may place electronic “cookies” in the browser files of your computer when you access our
      Website. Cookies are pieces of information that our website transfers to your computer to enable
      our systems to recognize your browser and to tailor the information on our Website to your
      interests. For example, if you previously visited our Website and inquired about particular
      services over the Website, cookies enable us to present information tailored to your account
      and/or those particular interests the next time you visit the Website. Moreover, we, or our
      third-party service providers or business partners may place cookies on your computer’s hard
      drive that can be matched to other personal information we maintain about you to pre-populate
      certain online forms for your convenience. We also use cookies to analyze visitors’ use of our
      Website. This analysis helps us better understand which areas of our sites are most useful and
      popular, to enable us to plan improvements and updates accordingly.
    • Many web browsers are automatically set to accept cookies. You may change your computer’s web
      browser settings to either reject cookies or notify you when a cookie is about to be placed on
      your computer. Please note, however, that rejecting cookies while visiting our Website may
      result in certain parts of the website not operating as efficiently as if the cookies were
      allowed. Please refer to our Cookie Policy
      for more details.
  1. THE USE OF HYPERLINKS
    • Other URLs may be referenced through hyperlinks on our website. Clicking on these links
      may open webpages operated by third parties not associated with us. These hyperlinks are
      for the dissemination of information and for you to have a good user experience.
    • By clicking on a hyperlink, you will leave the NCBA webpage and accordingly, you shall
      be subject to the terms of use, privacy and cookie policies of the other website that
      you choose to visit. By navigating to an externally linked website on the NCBA webpage,
      you will be exiting our website and you will be exposed to new terms of use, privacy
      policy and cookie policies of the website you have visited. We do not in any way
      promote, recommend, endorse, guarantee or approve third-party products and services
      offered through hyperlinks for external web pages. Material or content found in
      hyperlinks for external websites is not in our control and data processing is in
      accordance to their privacy policy.
  1. CHANGE OF PURPOSE
    • We will only use your Personal Data and special category data for the purposes for which
      we collected it as indicated in this Privacy Policy or for reasons we give you during
      the collection of the data.
    • If we need to use your Personal Data for an unrelated purpose, we will notify you and
      seek your consent where necessary.
    • Please note that we may process your Personal Data without your knowledge or consent if
      this is required or permitted by law.
  1. DISCLOSURE OF PERSONAL INFORMATION
    • We may disclose your Personal Data to other entities, the affiliates of NCBA, for
      legitimate business purposes (including providing services to you and operating our
      sites and systems), in accordance with applicable law. In addition, we may disclose your
      Personal Data to:

      • Government (including law enforcement) authorities and regulators e.g. Central
        Bank of Kenya
      • Other financial institutions through which your transactions are processed;
      • Other companies and financial institutions that we work with to provide services
        to you e.g. Credit card service providers, technology service providers, credit
        reference bureaus, employers, debt collection agencies and outsourced services
        vendors; fraud prevention/detection, private investigators, agencies tasked with
        conducting surveys on behalf of NCBA group
      • Third parties with accruing legal obligations e.g. Trustees and executors,
        guarantors, anyone holding a power of attorney to operate an account on your
        behalf and joint account holders;
      • Third parties with reference to acquisition, merger, asset sales, restructuring
        or by legal obligation or otherwise. We may also transfer your personal data to
        any of our subsidiaries, new owners, or successor entities, or in case of a
        change of business; your personal data may be used in the same way as in this
        Privacy Policy;
      • Third parties who are service providers acting as processors, and professional
        advisers including lawyers, bankers, auditors and those who provide consultancy,
        banking, legal, insurance and accounting services.
      • Restricted or publicly accessible government repository as a verification
        procedure in compliance with regulations.
      • Regulatory authorities, police or security agencies, courts of law or statutory
        authorities in response to litigation and demand issued on legal/regulatory
        grounds in accordance to the law.
      • Agencies tasked with conducting surveys on behalf of NCBA
      • Emergency and disaster response providers in cases where a person’s health and
        safety is at stake when an emergency call is made.
      • Persons involved in delivering NCBA products and services you use or order.
    • We require all third parties to respect the security of your Personal Data and to treat
      it in accordance with the law. We do not allow our third-party service providers to use
      your Personal Data for their own purposes and only permit them to process your Personal
      Data for specified purposes and in accordance with our instructions.
  1. TRANSFER OF YOUR PERSONAL DATA OUTSIDE KENYA
    • We may need to transfer or store your information in another jurisdiction to fulfill a
      legal obligation, for our legitimate interest and to protect the public interest.
    • Insofar as is required for providing our services, we use third-party service providers
      who are located outside Kenya or store your information (including your sensitive
      personal data) outside Kenya.
    • When we, or our permitted third parties transfer or store information outside Kenya, we
      or they will ensure that it is lawful and that it has an appropriate level of
      protection, including transfer to jurisdictions that have established data protection
      laws, and entering legally binding agreements to ensure the security of your Personal
      Data.
    • Where your information is transferred to affiliates of NCBA in other countries, we
      ensure that your Personal Data is protected by requiring that they follow the same rules
      when processing your Personal Data.
    • We may also transfer your information across country borders where you have consented to
      the transfer.
    • If we transfer your information outside Kenya in other circumstances (for example,
      because we have to provide such information by law), we will use best endeavours to put
      on place appropriate safeguards to ensure that your information remains adequately
      protected.
  1. HOW WE KEEP YOUR INFORMATION SECURE
    • We have put in place appropriate security measures to prevent your Personal Data from
      being lost, used or accessed in an unauthorized way, altered or disclosed. In addition,
      we limit access to your Personal Data to those employees, agents, contractors and other
      third parties who have a business need to know. They will only process your Personal
      Data on our instructions and they are subject to a duty of confidentiality.
    • We have put in place procedures to deal with any suspected personal data breach and will
      notify you and any applicable regulator of a breach where we are legally required to do
      so.
  1. HOW LONG WE SHALL RETAIN YOUR PERSONAL DATA
    • We will only retain your Personal Data for as long as reasonably necessary to fulfill
      the purposes we collected it for, including for the purposes of satisfying any legal,
      regulatory, tax, accounting or reporting requirements. We may retain your Personal Data
      for a longer period in the event of a complaint or if we reasonably believe there is a
      prospect of litigation in respect of our relationship with you.
    • To determine the appropriate retention period for Personal Data, we consider the amount,
      nature and sensitivity of the Personal Data, the potential risk of harm from
      unauthorized use or disclosure of your Personal Data, the purposes for which we process
      your Personal Data and whether we can achieve those purposes through other means, and
      the applicable legal, regulatory, tax, accounting or other requirements.
    • By law we have to keep basic information about our customers (including contact,
      identity, financial and transaction data) for a minimum of seven years after they cease
      being customers. Our internal policy as amended from time to time may also require us to
      keep customer data for a longer period.
    • In some circumstances, we will anonymize your Personal Data (so that it can no longer be
      associated with you) for research or statistical purposes, in which case we may use this
      information indefinitely without further notice to you.
  1.  DATA SUBJECT’S RIGHTS
    • Subject to legal and contractual exceptions, you have rights under applicable
      laws in relation to your Personal Data. These are listed below:

      • Right to be informed that we are collecting your personal information and how we
        are processing it;
      • Right to rectify your personal data where it is inaccurate or incomplete;
      • Right to withdraw your consent to the processing of your personal data. However,
        we may continue processing your personal data for legitimate interests or legal
        grounds;
      • Right to object to processing of all or part of your personal data. However, we
        may decline your request if we are obliged by law or entitled to do so;
      • Right of erasure of your personal data held by us, noting that we may continue
        to retain your information if we are entitled to do so or obliged by law;
      • Right to access your personal data in our possession;
      • Right to not be subjected to profiling or automated decision making in regards
        to processing of your Personal Data. However, we may decline your request if we
        are obliged by law or entitled to do so;
      • Right to request your personal data to be processed in a restricted manner. Note
        that we may continue processing data and reject the request if we are entitled
        to or are legally obliged; and
      • Right to data portability in a manner we may deem appropriate such as electronic
        format;
    • Exercising Your Data Protection Rights: We are committed to ensuring that you
      can easily exercise your data protection rights in compliance with applicable
      regulations. To exercise any of the above rights you can make a request through the Contact Us page on the website, by
      populating and submitting to us the Data Subject Rights Request Form that can be
      downloaded from Here, or by contacting our Data Protection
      Officer (DPO) using the contact details provided in this Policy. If you believe that we
      have not adequately addressed your data protection concerns, you have the right to lodge
      a complaint with the appropriate regulatory authority. Our Data Protection Officer will
      guide you through the complaint process.
    • We may need to request specific information from you to help us confirm your
      identity and ensure your right to access your Personal Data (or to exercise any of your
      other rights). This is a security measure to ensure that Personal Data is not disclosed
      to any person who has no right to receive it. We may also contact you to ask you for
      further information in relation to your request to speed up our response.
    • We try to respond to all legitimate requests within reasonable time.
      Occasionally it could take us longer if your request is particularly complex or you have
      made a number of requests. In this case, we will notify you and keep you updated.
  1.  COLLECTION OF PERSONAL DATA ON CHILDREN
    • Protecting the privacy of children is of utmost importance to us. NCBA recognizes that processing
      children’s data carries inherent risks due to its sensitive nature, hence the need for heightened
      protection. As minors lack the legal capacity to provide informed consent and are vulnerable to identity
      theft, fraud and exploitation, the Bank has implemented robust safeguards to ensure children’s privacy
      and data security.
    • At NCBA, we only process personal data relating to children as provided by their parents or legal
      guardians. We acknowledge the importance of parents’ and legal guardians’ consent and supervision in
      children-related bank activities, and therefore require that they provide their signature as
      authorization and/or consent for the use of minors’ details for the provision of the Bank’s products and
      services, or involvement in the Bank’s activities. If you believe that we have inadvertently collected
      Personal Data relating to a minor, please contact our Data Protection Officer (DPO) using the provided
      contact details.
  1.  INTERNAL COMPLAINT HANDLING PROCEDURE
    • We take data protection seriously and strive to address any concerns promptly and effectively. If you
      have concerns regarding the handling of your Personal Data, you can reach out to our Data Protection
      Officer (DPO) using the contact details provided in this Policy.
    • Upon receiving your complaint, our DPO will initiate an internal review process to investigate and
      resolve the issue. We will respond to your questions or concerns within seven (7) days of receipt. If
      you are dissatisfied with the outcome of our internal resolution process, you have the right to escalate
      your complaint to the appropriate regulatory authority.
  1. NON-COMPLIANCE WITH THE PRIVACY POLICY
    • NCBA reserves the right to discontinue any agreement in case of compliance failure for
      the provisions in this Privacy Policy and decline any application for information that
      contradicts this Privacy Policy.
  1. CHANGES TO THIS PRIVACY POLICY
    • A copy of this policy can be downloaded Here. We may modify or update
      this policy from time to time. Where the changes will have a fundamental impact
      on the nature of the processing of your data or your rights, we shall notify you
      in advance.
  1.  HOW TO CONTACT US

    In case you would like to contact us with reference to the terms of this privacy
    policy, or in
    order to exercise any of your rights in relation to your Personal Data, you can reach us
    through the below
    contacts.

    NCBA Center, Mara Road, Upper Hill
    P.O Box 44599-00100, Nairobi
    Tel: +254 20 2884444
    Email: contact@ncbagroup.com
    NCBA Data Protection Officer/ Data Protection Team: DataProtection@ncbagroup.com

Last updated: 26th Feb 2024.