Skip links

Data Privacy Policy


1. Introduction

Maisha Bora Sacco Limited (‘us’, ‘we’ or ‘our’) is a Savings and Credit Co-operative Society (SACCO) regulated by SASRA to offer financial services. We operate the website, which provides more information of us and our various services/facilities as well as the MBORA and MSACCO mobile application. As an organization, we take our responsibility regarding the management of our stakeholders’ data very seriously. This document informs you of our policy as a Data Controller and Data Processor regarding the collection, use and disclosure of Personal Data when you use our services. It sets out how we manage our responsibility in the use of your data and the choices you have associated with that data as the Data Subject.

2. Definitions 

  • ‘Data Controller’ means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purpose and means of processing of personal data.
  • ‘Data Processor’ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller.
  • ‘Data Subject’ means an identified or identifiable natural person who is the subject of Personal Data.
  • ‘Personal Data’ means any information relating to an identified or identifiable natural person.
  • ‘MBS’, ‘us’, ‘we’, ‘our’ or ‘ours’ or ‘the SACCO’ means Maisha Bora Sacco Limited.
  • ‘The Act’ means the Data Protection Act of Kenya, Act number 24 of 2019.
  • You’ means.
    1. A member of Maisha Bora Sacco Limited.
    2. Any agent, dealer   and/or   merchants   who   has   signed   an   agreement   with   us and is recognized as a merchant   or   agent   in   accordance with   any applicable laws or Regulations.
    3. Any visitor that is a person (including contractors/subcontractors or any third parties) who gains access to any Maisha Bora Sacco premises.
    4. Any supplier who has been contracted by Maisha Bora Sacco and executed a Supplier contract.

3. Legal Basis/Lawful purposes Data Collection

  1. All data processed by the us will be done on one of the following lawful basis: consent, contract, legal obligation, vital interests, public task, or legitimate interests
  2. Where consent is relied upon as a lawful basis for processing data, evidence of express written or opt-in consent shall be kept with the corresponding personal data.
  3. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems shall be in place to ensure such revocation is reflected accurately in our systems.

4. Data Collection

We collect your personal information during the following instances (this list may not  be  exhaustive). When you :-

  1. join the Sacco and fill a membership form.
  2. apply for a loan.
  3. register for a specific product or service offered by us, including but not limited to; Mcash, ATM cards, Salary agreement, Toto junior or any other Maisha Bora Sacco product.
  4. request us for more information about a product or service or contact the Sacco with a query or complaint.
  5. respond to or participate in a survey, marketing promotion, prize competition or special offer.
  6. interact with us as a supplier, agent, merchant or dealer.
  7. apply for job applications and interviews.
  8. visit any of our premises, website, mobile application, and other digital platforms.

We may also collect your information from other organizations including credit-reference bureaus, fraud prevention agencies and business directories where you are listed.

5. What information is collected

The information we collect and store about you includes but is not limited to the following:

  1. Name, I.D./Passport Number, personal identification number (PIN), photograph, date of birth, gender, marital status, next of kin details, property details, postal address and telephone number.
  2. Your transaction information.
  3. Salary details.
  4. Closed Circuit Television (CCTV) surveillance recordings
  5. We maintain a register of visitors in which we collect and keep your personal data such as your name, company/institution details, telephone number, vehicle registration details and National ID number.

6. Use of Information

Some of the purposes for which we collect and process your data includes (this list may not be exhaustive):

  1. To provide and maintain our Services to members, suppliers and customers.
  2. To notify you about our Services and changes thereto.
  3. To allow you to participate in interactive features of our Service when you choose to do.
  4. To provide member support.
  5. To gather analysis or feedback so that we can improve our Services.
  6. To monitor the usage of our Services by members.
  7. To detect, prevent and address technical issues and/or fraud.
  8. To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

7. Disclosure of Information

We may disclose your Personal Data to 3rd Parties as necessary including for the following purposes -:

  1. To comply with a legal obligation.
  2. To protect and defend the rights or property of Maisha Bora Sacco Limited.
  3. To prevent or investigate possible wrongdoing in connection with our Services.
  4. To protect the personal safety of users of our Services or the public.
  5. To protect ourselves from legal liability.
  6. To improve the customer /member experience.

8. Retention of Information

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy.  In addition, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

9. Your data rights

As a Data Subject you have the following Rights as set out in the Act:

  1. The right to be informed of the use of your information/data.
  2. The right to access, update or to delete the information or data in our custody – this right is not absolute and maybe be subject to the nature of the data and other prevailing laws.
  3. The right of rectification – you have the right to have your information/data rectified or deleted if that information is misleading, inaccurate, or incomplete.
  4. The right to object to our processing of your Personal Data.
  5. The right of restriction – you have the right to request that we restrict the processing of  your personal information.
  6. The right to data portability – y ou have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
  7. The right to withdraw consent – you also have the right to withdraw your consent at any time where Maisha Bora Sacco Society Limited relied on your consent to process your personal information, without any detriment to your interests.

10. Data minimization

We shall ensure that any Personal Data we collect is adequate, relevant and limited to what is absolutely necessary in relation to the purposes for which the data is required and processed.

11. Accuracy

  1. We shall take reasonable steps to ensure Personal Data has integrity and is kept accurate at all times.
  2. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that Personal Data is kept up to date.

12. Security

  1. The SACCO shall ensure that Personal Data is stored securely to guarantee confidentiality, integrity, and availability of the Personal Data.
  2. Access to Personal Data shall be limited to personnel who need access and appropriate security shall be in place to avoid unauthorized sharing of information.
  3. When Personal Data is deleted, it shall be done safely such that the data is irrecoverable across the data value chain.

13. Data Breach

In the event of a Personal Data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, the SACCO shall promptly assess the risk to data subjects’ rights and freedoms and appropriately report the Data Commissioner as per the provisions of the Act.

14. Data Protection Officer (DPO) Contacts

  1. If you wish to exercise any of the rights set out above, please contact us on either of the following: The DPO,
    Maisha Bora Sacco Limited, Commercial Street 
    P.O. Box 72713 – 00200 Nairobi.
    Email or Tel No: +254 709446000.
  2. Please note that we may ask you to verify your identity and provide signed instructions before responding to such requests. This is to ensure that your Personal Data is not disclosed to any person who has no right to access it.
  3. We shall endeavor to respond to all legitimate requests   within   a reasonable time. Occasionally it could take us longer if your request is particularly complex or you   have   made several requests. In this case, we will notify you and keep you updated.

15. Amendments to this Policy

We may update this Data Privacy Policy from time to time. We will notify you of any changes by posting the new Data Privacy Policy on our website. You can also find a copy of the Policy at our premises. We will let you know via email and/or a prominent notice on our platforms, prior to the change becoming effective and update the “effective date” on this Privacy Statement.

16. Governing Law and Jurisdiction

This Statement shall be governed by and construed in accordance with the laws of the Republic of Kenya.

Updated: August 2022

Join Us