Privacy policy

Privacy Notice

This Privacy Notice informs you about how and for which purposes MyZola App (also referred to here as ‘MyZola’ , ‘we’ or ‘us’) will process your personal data and explains your rights under The Data Protection Act 2019 of Kenya. We remain dedicated to handling your personal data responsibly, diligently and in compliance with all legal requirements to ensure the integrity and security of your personal data. MyZola App is operated by Raison Capital Limited, the Data Controller for your Personal Data.

1. Introduction

1.1. At MyZola, we offer a transformative financial experience by seamlessly blending tools like automated account aggregation, intelligent budgeting, and personalized investment insights. To provide these services, we process and use personal data to support you on your journey to financial peace.

1.2. We respect your privacy and understand the importance of the personal data you entrust to us. Whether you are a user, an employee, or another stakeholder, we are committed to processing and protecting all personal data in a relevant and appropriate manner in compliance with the Data Protection Act 2019.

1.3. This Privacy Notice details the personal data we collect, how we process it, the purposes for which we use it, and to whom your personal data may be disclosed in connection with your use of MyZola. It also describes the controls we have established to safeguard your data and provides information on your rights regarding the processing of your personal dat

1.4. We may update this Privacy Notice periodically to reflect changes in legislation or our business practices. All changes will be posted on our app and website, and the most recent version will supersede all previous versions unless otherwise stated. We will notify you of significant changes to this Notice via a notification on our app, website, or any other effective communication method.

1.5. This Privacy Notice applies to all users of the MyZola app, our website visitors, and other stakeholders.

2. Definition of terms

2.1. We/our/ours/us/ means MyZola App.

2.2. Data Protection Officer is a person designated or appointed by The Company to monitor compliance with the Data Protection Act 2019.

2.3. Data Collection means gathering of information that relates to you.

2.4. Personal data means information about you that identifies you directly or indirectly as a unique individual such as name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. The personal data that we collect will depend on the context of our relationship with you. We may collect, use, store and transfer different kinds of personal data about you or people connected to you depending on your app usage.

2.5. Processing means any operation or sets of operations which is performed on your personal data whether by automated means, such as: collection, recording, organization or structuring; Storage, adaptation or alteration; Retrieval, consultation or use; Disclosure by transmission, dissemination, or otherwise making available; Alignment or combination, restriction, erasure or destruction.

2.6. Sensitive personal data is data revealing your racial or ethnic origin, political opinions, professional membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's gender.

2.7. Third Party - means a natural or legal person, public or private authority, agency or body other than you and MyZola, who under the direct authority of MyZola are authorized to process your personal data.

2.8. You/ Your (s) means:

2.8.1. Any person who has downloaded and uses the MyZola mobile application.

2.8.2. Any person who has created an account or entered into any agreement through the MyZola app.

2.8.3. Any individual who interacts with the MyZola app, including users who engage with its features, services, and tools.

2.8.4. Any service provider, partner, or third party who is involved in delivering services through the MyZola app.

2.9. “Processing” collectively means handling, collecting, using, altering, merging, linking, organizing, disseminating, storing, protecting, retrieving, disclosing, erasing, archiving, destroying, or disposing of your personal data.

3. Data Collection

3.1. Information We Collect

Personal Data that we process includes

3.1.1. Identification information such as name, date and place of birth, national identity card number,

3.1.2. Contact information such as email address, postal address, physical address, residential address, and telephone number.

3.1.3. Financial information such as bank account details, payment card details, mobile money statements.

3.1.4. Marketing and communications information including your preferences in receiving marketing information from us and communication from us.

3.1.5. Online data whenever you access our website and mobile applications such as cookies, login data, IP address (your computer’s internet address), browser type and version, ISP or operating system, domain name, access time, page views and location data.

3.1.6. Geolocation Information - We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings.

3.1.7. Mobile Device Access - We may request access or permission to certain features from your mobile device, including your mobile device's SMS messages, and other features. If you wish to change our access or permissions, you may do so in your device's settings.

3.1.8. Mobile Device Data - We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.

3.1.9. Push Notifications - We may request you to allow us to send you push notifications regarding your account or certain features of the application. If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.

3.2. How we collect Data

We collect your personal information with your knowledge and consent. We may collect your personal data through any of the following ways:

3.2.1. Directly from You

We collect data directly from you when you create an account, register on the MyZola app, use our services, update your profile, or communicate with us through customer support, feedback forms, surveys, or other direct interactions.

3.2.2. Automated Means

We use cookies and similar tracking technologies to automatically collect data about your usage patterns, preferences, and interactions with the MyZola app. This includes information such as your device type, operating system, IP address, location data, and browsing behavior to enhance your experience and improve the functionality of our services.

4. General Principles for Protecting Personal Data at MyZola

4.1. Transparency

We are committed to being fully transparent about how we comply with applicable data protection laws, ensuring you are always informed about how your data is handled.

4.2. Purpose Limitation

We only collect and process the Personal Data necessary to deliver our services. The data we collect is used for specified, legitimate purposes, and we do not process it in ways that are incompatible with those purposes.

4.3. Lawful Processing

We only process sensitive Personal Data when there is a clear and justified legal basis for doing so, ensuring that your privacy is respected at all times.

4.4. Data Minimization

We collect only the Personal Data that is essential for achieving the intended purposes. Our data collection is carefully tailored to meet the specific needs of our services.

4.5. Informed Consent

We provide clear information about the Personal Data we collect, including how it will be stored, used, and protected. We ensure that you understand the reasons for data collection and how your data will be managed.

4.6. Confidentiality and Security

Your Personal Data is treated with the utmost confidentiality. We implement robust technical and organizational security measures to safeguard your data against loss, unauthorized access, and unlawful processing.

4.7. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws. Once it is no longer needed, we securely delete or anonymize the data.

5. Why do we collect your personal data?

We use your Personal Data to deliver a seamless and personalized financial management experience through the MyZola app. Our data usage aims to enhance our services, communicate effectively, and ensure compliance with legal requirements.

5.1. Providing & Improving our Services

5.1.1. To manage your account, facilitate secure login, and authenticate your identity.

5.1.2. To process transactions, such as deposits, withdrawals, and payments, ensuring they are completed efficiently and securely.

5.1.3. To provide personalized financial insights, budgeting tools, and investment

5.1.4. To enhance your overall experience by analyzing usage patterns and improving the app’s features, functionality, and performance.

5.1.5. To offer timely and effective customer support, responding to your inquiries and resolving any issues you may encounter.

5.2. Communication

5.2.1. To send you essential transactional messages, such as confirmations, alerts, and notifications related to your account and activities.

5.2.2. To provide updates on new features, services, and changes to our policies that might affect your experience.

5.2.3. To deliver marketing materials, promotions, and personalized offers based on your preferences and usage patterns.

5.2.4. To engage with you regarding your feedback, suggestions, and satisfaction to continuously improve our services.

5.3. Legal & Regulatory Compliance

5.3.1. To comply with applicable laws, regulations, and legal processes, including the Data Protection Act 2019 of Kenya.

5.3.2. To fulfill our obligations related to anti-money laundering (AML), combating financing to terrorism (CFT), and other regulatory requirements.

5.3.3. To detect, investigate, and prevent fraudulent activities, unauthorized access, and other illegal activities.

5.3.4. To assist in resolving disputes, enforcing our terms and conditions, and protecting the rights and safety of MyZola, our users, and third parties.

5.4. Other Purposes

5.4.1. To generate aggregated, anonymized data for analytics, research, and reporting purposes, enabling us to understand trends and improve our services.

5.4.2. To create a more personalized experience by analyzing your preferences, habits, and behavior, allowing us to customize content, tools, and recommendations that align with your financial objectives.

5.4.3. To facilitate product development, enhancements, and the testing of new features and functionalities to provide innovative solutions for your financial well-being.

6. Legal Basis for Processing Personal Data

We process your Personal Data on the following legal grounds to ensure that our services are provided lawfully, transparently, and with respect to your privacy.

6.1. Consent

We process your data when you have given explicit consent, such as when you agree to receive marketing communications, personalized financial insights, or participate in optional features and services. You have the right to withdraw your consent at any time.

6.2. Contract Performance

Your data is processed to fulfill our contractual obligations to you, including creating and managing your MyZola account, processing financial transactions, and delivering the personalized budgeting, investment, and financial management services you have requested.

6.3. Legitimate Interests

We process your data based on our legitimate interests, such as improving our app’s functionality, enhancing user experience, providing customer support, and ensuring the security and integrity of our platform. We always ensure that our legitimate interests do not override your fundamental rights and freedoms.

6.4. Legal Obligations

We process your data to comply with applicable laws, regulations, and legal requirements, such as anti-money laundering (AML) and combating financing to terrorism (CFT) regulations, and data protection laws like the Data Protection Act 2019 of Kenya. This includes cooperating with regulatory authorities, responding to legal requests, and maintaining appropriate records for auditing and compliance purposes.

7. Data Sharing & Disclosure

At MyZola, we are committed to protecting your privacy. However, in certain circumstances, we may need to share your Personal Data with third parties to provide our services and comply with legal obligations.

7.1. Sharing with Third Parties

7.1.1. Service Providers

We may share your Personal Data with trusted service providers who assist us in delivering our services, such as payment processors, cloud storage providers, customer support agents, and data analytics companies. These providers only have access to the data necessary to perform their specific functions and are obligated to keep your information confidential and secure.

7.1.2. Business Transactions

In the event of a merger, acquisition, reorganization, or sale of assets, your Personal Data may be transferred as part of the business transaction. If such a change occurs, we will ensure that your privacy rights are respected, and you are informed of any changes to this Privacy Notice.

7.1.3. Legal Requirements

We may disclose your Personal Data when required by law, regulation, or court order, or to protect the rights, property, or safety of MyZola, our users, or others. This includes cooperating with regulatory authorities, law enforcement, and other entities as necessary to comply with legal obligations and to prevent fraud or other illegal activities.

7.2. Peer to Peer Sharing

7.2.1. We provide a secure way for users to share financial data with others while maintaining control over their privacy. Our peer-to-peer sharing feature allows you to share specific modules—such as budgets, income, expenses, savings, investments, assets, and loans—with friends, family, or other users for viewing only.

7.2.2. When you share a module (e.g., your budget) with another user, they receive an in-app notification with the option to accept or reject. Once accepted, they can view the details of the shared module, but only in a read-only format. This ensures your data remains protected while allowing transparency and collaboration.

7.2.3. We ensure that shared data is view-only and handled securely. You retain full control over what you share, and we encourage you to share responsibly, based on your privacy preferences.

7.3. International Data Transfers

7.3.1. Your Personal Data may be transferred to and processed in countries outside your jurisdiction, including those that may not provide the same level of data protection as your home country. In such cases, we implement appropriate safeguards, such as standard contractual clauses or other legally approved mechanisms, to ensure that your data remains protected and that your privacy rights are upheld during these transfers.

8. Data Security

At MyZola, safeguarding your Personal Data is our top priority. We have implemented a comprehensive set of security measures to ensure your data remains protected from unauthorized access, misuse, and breaches.

8.1. Security Measures

8.1.1. Data Encryption

We use advanced encryption techniques to protect your sensitive data both during transmission and while stored on our servers, ensuring that your information remains secure and confidential at all times.

8.1.2. Access Controls

Access to your data is strictly limited to authorized personnel based on their roles and responsibilities. We enforce rigorous access controls to ensure that only those who need to handle your data have access to it.

8.1.3. Regular Audits

We conduct regular security audits and assessments to identify potential vulnerabilities in our systems. These audits help us proactively address any security issues and continuously improve our defenses.

8.2. Data Breach Response

In the unlikely event of a data breach, MyZola is dedicated to taking immediate, transparent, and effective action to protect your personal data and minimize any potential impact. We have a comprehensive incident response plan in place to manage and contain data breaches promptly.

8.2.1. Immediate Assessment and Containment

Upon detecting a breach, our security team will swiftly assess the situation to understand the nature and scope of the breach. We will immediately take steps to contain the breach, secure our systems, and prevent any further unauthorized access.

8.2.2. User and Authority Notification

We are committed to keeping you informed. If your data is affected, we will notify you as soon as possible, providing details about the breach, the type of data involved, and the steps we are taking to mitigate the impact. We will also notify relevant regulatory authorities, in accordance with legal requirements.

8.2.3. Mitigation and Remediation

Our team will work quickly to address the breach, mitigate any potential harm, and implement remedial measures to strengthen our security protocols. This may include conducting a thorough investigation, enhancing existing safeguards, and providing guidance on steps you can take to protect yourself.

8.2.4. Continuous Improvement

After a breach, we will perform a detailed analysis of the incident to understand its root cause. We will use these insights to further improve our security measures and prevent similar incidents in the future, ensuring your data remains secure.

9. Your Rights and Choices

At MyZola, we respect your privacy and are committed to providing you with control over your Personal Data. You have several rights that allow you to understand and manage how your data is used.

9.1.1. Right to Access

You have the right to request access to the Personal Data we hold about you. This includes information about the types of data we process, the purposes for which we use it, and any third parties with whom it has been shared.

9.1.2. Right to Correction

If any of your Personal Data is inaccurate or incomplete, you have the right to request corrections or updates to ensure that it is accurate, up-to-date, and complete.

9.1.3. Right to Deletion

Under certain circumstances, you have the right to request the deletion of your Personal Data. This may include situations where the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal ground for processing.

9.1.4. Right to Object

You have the right to object to the processing of your Personal Data in specific situations, such as for direct marketing purposes or when processing is based on our legitimate interests, and you feel it impacts your fundamental rights and freedoms.

9.1.5. Right to Restrict Processing

You can request that we temporarily suspend the processing of your Personal Data if, for example, you contest its accuracy or object to its processing. This right allows you to limit the use of your data while a dispute is resolved.

9.1.6. Right to Data Portability

You have the right to request your Personal Data in a structured, commonly used, and machine-readable format. This enables you to transfer your data to another service provider easily.

9.1.7. Right to Withdraw Consent

If you have provided consent for the processing of your Personal Data, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before your withdrawal.

9.1.8. Exercising Your Rights

To exercise any of these rights or for any questions regarding your rights, please contact us at hello@myzola.io . We will respond promptly to your

10. Children’s Privacy

10.1. MyZola is committed to protecting the privacy of all users, especially children. Our app is not designed for or directed at individuals under the age of 18. We do not knowingly collect, store, or process Personal Data from children. If we become aware that we have inadvertently gathered Personal Data from a child under 18, we will take immediate steps to delete such information from our records. We encourage parents and guardians to monitor their children's online activities to ensure their safety and privacy.

11. Third Party links and services

11.1. MyZola may include links to third-party websites, apps, or services for your convenience and information. However, please be aware that these third-party platforms operate independently of MyZola and are governed by their own privacy policies. We do not assume responsibility for the content, privacy practices, or terms of use of these external sites or services. We strongly recommend that you review the privacy policies of any third-party websites or services you access through our app to understand how your Personal Data may be handled.

12. How long do we store your personal data?

12.1. We will only retain your personal data for as long as may be reasonably necessary to fulfill the purpose we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting information.

12.2. We may retain your personal data for a longer period if the retention is:

12.2.1. required or authorized by law.

12.2.2. reasonably necessary for a lawful purpose.

12.2.3. authorized or consented by you.

12.2.4. is necessary for the purpose of responding to a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

12.2.5. for historical, statistical, journalistic, literature and art or research purposes.

13. Consequences of not providing personal data

13.1. Your decision to share Personal Data with MyZola is voluntary; however, certain features and functionalities of the MyZola app rely on specific types of Personal Data to operate effectively. If you choose not to provide the necessary data, you may be unable to access some of our app's key features, such as personalized financial insights, automated budgeting tools, secure transactions, or other services designed to enhance your financial management experience.

13.2. By not providing the required data, your use of the app may be limited, and the overall functionality and user experience may be affected.

14. Contact

Your privacy is important to us, and we are here to help with any questions or concerns you may have about this Privacy Policy or how your Personal Data is handled. If you have any inquiries, require clarification, or wish to raise a complaint, please feel free to reach out to us through any of the following channels:

Email: hello@myzola.io –Our team is available to assist you with any privacy-related questions or issues.

Address: The Atrium Building, Chaka Road Kilimani 4th Floor.Suite 4.07– You can write to us at our physical address for any formal correspondence.

We are committed to resolving any concerns promptly and ensuring your experience with MyZola remains secure and transparent.

Notice Effective Date: 1st October 2024

This Data Privacy Notice was last updated on 1st October 2024