We are committed to protecting your privacy in accordance with Article 31 of the Constitution of Kenya, 2010 and the Data Protection Act, 2019 and its subsidiary Legislation. This privacy statement sets out how CPF Financial Services Limited, the Schemes it administers and all its subsidiaries (“CPF Group”) uses, processes, transfers and protects personal data provided by any user. This Privacy Statement applies to all website managed by CPF Group.
Please read the privacy statement for additional details into how CPF Group relates with its users on its website.
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
For the purposes of this privacy statement:
While using our website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:
Usage data is collected when using the website upon accepting the necessary cookies. Usage data may include information such as your device IP address, browser type, browser version, the pages that you visit on the website, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
If you access the website using a mobile device, we collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique device identifiers and other diagnostic data.
We also collect information that your browser sends whenever you visit our website or access the website using an electronic device.
We allow you to create an account and log in to use the website through third-party media services. If you decide to register through or otherwise grant us access to a third-party social media service, we may collect personal data that is already associated with your third-party social media service’s account, such as your name, your email address, your activities, or your contact list associated with that account.
You also have the option of sharing additional information through your third-party social media service’s account. If you choose to provide such information and personal data, during registration or when contacting us, you are giving us permission to use, share, and store such data in a manner consistent with this privacy statement.
Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser. We use both session and persistent cookies for the purposes set out below:
For more information about the cookies we use and your choices regarding cookies, please visit our cookies statement at https://cpf.or.ke/cookies-statement/.
You can also make choices about the collection and use of your data by CPF group. You can control your personal data that has been obtained, and exercise your data privacy rights, by contacting us or using various tools we provide. In some cases, your ability to access or control your personal data will be limited, as required, or permitted by applicable law. How you can access or control your personal data will also depend on which products or services you have subscribed to or accessed. For example, you can Opt-out of receiving promotional emails, SMS messages, telephone calls, and postal mail from us.
The company may use personal data for the following purposes:
We may share your personal information with your consent in the following situations:
The company will retain your personal data only for as long as is necessary for the purposes set out in this privacy statement. We will also retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable Kenyan laws), resolve disputes, and enforce our legal agreements. The company will also retain usage data for internal data analysis purposes. Usage data is generally retained for a shorter period, except when this data is used to strengthen the security, prevent fraud, or to improve the functionality of our website, or where we are legally obligated to retain this data for a longer period.
Your information, including personal data, is processed at the company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to and maintained on computers located outside your State, Province, Country, or other Governmental Jurisdiction where the Data protection Laws may differ from those within your Jurisdiction. The company will take all steps reasonably necessary to ensure that your data is transferred securely and in accordance with this privacy statement and no transfer of personal data will take place to any organization or Country unless there are adequate safeguards and measure in place to protect your privacy and personal data and other personal information.
The security of your personal data is important to us. However, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
CPF Group will notify you of any significant breach of personal data by third parties that would cause undue harm to you. We will also notify the Office of the Data protection Commissioner of any security breach of personal data that may occur. Further, will also be Should there be a breach of security that causes harm
We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without parental consent, we will take the necessary steps to remove that information from our servers. If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.
Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy statement of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. We are not responsible for the privacy or security practices of our users, which may differ from those set forth in this privacy statement.
We may update our privacy statement from time to time. We will notify you of any changes by posting the new privacy statement on this page. We will let you know via email and/or a prominent notice on our website, prior to the change becoming effective and update the “last updated” date at the top of this privacy statement. You are advised to review this privacy statement periodically for any changes. Changes to this privacy statement are effective when they are posted on this page.
You should direct your privacy inquiries, including any requests to exercise your data protection rights, to us through our Data protection officer:
CPF Financial Services