Privacy Policy


  1. We Value Your Privacy

    At Access Bank (Kenya) PLC (hereinafter called “Access”), we treat your personal information as private and confidential. We are dedicated to protecting your privacy and providing you with the highest level of security at any point of interaction with us. This Privacy Policy describes what personal information we collect, what we do with it and how we protect it.


    This policy (together with our Terms and Conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By continuing to visit our website (https://kenya.accessbankplc.com) and other Access customer touchpoints, you accept and consent to the practices described in this policy.


    You consent to our use of your personal information when you (voluntarily) provide us with them to access any of our products online or in any of our banking outlets. You also consent when you sign forms or documents enabling us to provide certain services to you.

     

    This Privacy Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. It is important that you read this Privacy Policy together with our terms and conditions, and any other policies and notices we may provide on specific occasions when we are collecting or processing personal data about you so that you are aware of how and why we are using your data.


    Information we collect and use

    We will collect and process data about you from the following sources:

    1) Information you give us

    This is information about you that you give us by filling in forms that we give to you or by corresponding with us by phone, e-mail or otherwise. This includes the personal data you provide when you:

    1. Apply for or use our products or services
    2. Open an account(s) with us
    3. Subscribe to our services or publications
    4. Request marketing information to be sent to you
    5. Enter a competition, promotion or survey
    6. Give us feedback or contact us
    7. Pay using our services

     

    2) Information we collect about you

    With regard to each of your user visits to our Website and your use of the

    1. Online and Mobile Banking Services we will automatically collect the following information
    2. Technical information, including the Internet protocol (IP) address used to connect your computer or mobile phone to the Internet
    3. if you visit other websites employing our cookies
    4. Information about your visit, including the full Uniform Resource Locators (URL),
    5. clickstream to through and from our site (including date and time), products you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number; and 
    3) When you visit one of our branches or facilities (hereinafter premises), your image may be captured via one or more closed circuit television (CCTV) cameras located within the premises. These images are collected mainly to help us address security issues. The images may be used in the event of an incident occurring in one of our premises and may help to clarify what happened. Our use of CCTV relies on the lawful basis of legitimate interest in preventing crime and protect our employees, users and customers.


    It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If case you wish to correct or update your Personal Data that we hold, you may do so by visiting us at any of our branches or writing to us at contactcentrekenya@accessbankplc.com


    HOW WE USE YOUR PERSONAL DATA

    We will only use your Personal Data where we have your consent or a legal basis to process the same.

    We will use your Personal Data in the following circumstances:

    • Where we need to undertake certain processes in order to enter an agreement with you, and where we need to perform the agreement, we have entered with you;
    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service or product and the best and most secure experience: and/or
    • Where we need to comply with a legal obligation.
    • We have set out below, in a table format, a description of all the ways we plan to use your Personal Data and the basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data.


    Cookies

    Cookies are small text files stored on your computer or mobile devices whenever you visit a website. Cookies have many uses, such as memorizing your preferences to tailor your experiences while on our site– or to help us analyze our website traffic.


    Access uses cookies to improve your experience while on this website. We would like to let you know a few things about our cookies:

    • Some cookies are essential to access certain areas of this site;
    • We use analytics cookies to help us understand how you use our site to discover what content is most useful to you.


    Use of Your Personal Information

    The collection and use of personal data by Access is compliant with the Kenya Data Protection Act 2019 which indicates that data shall be processed in accordance with the following principles:

    • In accordance with the right to privacy
    • Lawfully, fairly and in a transparent manner
    • Collected for explicit, specified and legitimate purpose
    • Adequate, relevant and limited to what is necessary
    • Collected only where a valid explanation is provided
    • The data must be accurate and where necessary kept up to date with every reasonable step being taken to ensure that any inaccurate data is erased or rectified without delay.
    • Kept for no longer than is necessary for the purposes which it was collected
    • Not transferred outside Kenya unless consent is obtained or there is proof of adequate data protection safeguards


    Any personal information provided by you to Access Bank will be used with your consent, or under the following underlisted instances:

    • You provide consent for a specified purpose(s).
    • The processing is necessary to perform a contract, comply with a legal obligation, to protect vital interests of the data subject or other natural person or for legitimate interests pursued by the data controller/processor without prejudice to the rights and freedoms of data subjects.
    • The collection, storage or use of personal data is for a purpose which is lawful, specific and explicitly defined.
    • For historical, statistical, journalistic, literature, art or scientific research purposes
    • Where the data relates to a child, consent is given by the child’s parent or guardian.


    Your personal information is used in:

    • Updating and enhancing Access’ records
    • Executing your instructions.
    • Establishing your identity and assessing applications for our products and services
    • Pricing and designing our products and services
    • Administering our products and services
    • Managing our relationship with you
    • Managing our risks
    • Identifying and investigating illegal activity (i.e.), such as fraud
    • Contacting you, for example in instances where we suspect fraud on your account or when the need arises to tell you about recent occurrences in the banking sector or some event(s) of significance.
    • Conducting and improving our businesses and improving your experience with us
    • Reviewing credit or loan eligibility.
    • Preventing money laundering or terrorism financing activities.
    • Complying with our legal obligations and assisting government and law enforcement agencies or regulators/supervisors
    • Identifying and informing you about other products or services that we think may be of interest to you.
    • Processing your job application if you apply for a job with us.


    We may also collect, use and exchange your information in other ways permitted by law.

    Automated Processing

    We sometimes use automated systems and software to help us reach decisions about you, for example, to make credit decisions, to carry out security, fraud and money laundering checks, or to process your data when you apply for some of our products and services.


    This type of processing is carried out under lawful basis, and you can contact us to request that automated processing be reviewed by a human being if you detect any inaccuracies in your personal data.


    You have the right not to be subject to a decision based solely on automated processing including profiling except where:

    1. Decision is necessary for entering or performing a contract between the Bank and you.
    2. Authorized by a law to which the Bank is subject.
    3. You have given consent.


    Where the Bank takes a decision based solely on automated processing:

    1. The Bank must as soon as reasonably practicable notify you in writing that a decision has been taken based solely on automated profiling.
    2. The Bank must upon request from you, reconsider the decision or take a new decision that is not solely based on automated processing.


    Information We Share

    We may share the information about you and your dealings, to the extent permitted by law, with the following:

    • Access Branches and Subsidiaries
    • Regulators/Supervisors, Government Agencies/courts - It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for Access to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate:
    • External Auditors;
    • Access staff;
    • Credit Agencies;
    • Correspondent banks;
    • Access’ strategic partners/service providers – for the purpose of improving and providing our products and services to you. Your Personal information will not be shared with third parties for their marketing purposes.


    We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

    Information about our customers and their usage of our website is not shared with third parties for their marketing purposes. We do not disclose any information about any user’s usage of our web site except in specific cases, and we do not share information with any unaffiliated third parties for marketing purposes unless you expressly give us permission to do so.

    How We Protect Your Information

    We take appropriate technical and organizational measures to prevent loss, unauthorized access, misuse, modification or disclosure of information under our control. This may include the use of encryption, access controls and other forms of security to ensure that your data is protected. We require all parties including our staff and third-parties processing data on our behalf to comply with relevant policies and guidelines to ensure confidentiality and that information is protected in use, when stored and during transmission. Our security controls and processes are also regularly updated to meet and exceed industry standards.

    Where we have provided you (or where you have chosen) a password which grants you access to specific areas on our site, you are responsible for keeping this password confidential. We request that you do not to share your password or other authentication details (e.g. token generated codes) with anyone.

    Where We Store Your Information

    All Personal Information you provide to us is stored on our secure servers as well as secure physical locations and cloud infrastructure (where applicable). Whenever your information is transferred to another location, we will take all necessary steps to ensure that your data is handled securely and in accordance with this privacy policy.

    Transfer of Personal Data outside Kenya

    We may need to transfer or store your information in another jurisdiction to fulfill a

    legal obligation, for our legitimate interest and to protect the public interest.

    Insofar as is required for providing our services, we use third-party service providers

    who are located outside Kenya or store your information (including your sensitive

    personal data) outside Kenya.

     

    When we, or our permitted third parties transfer or store information outside Kenya, we

    or they will ensure that it is lawful and that it has an appropriate level of protection, including transfer to jurisdictions that have established data protection laws, and entering legally binding agreements to ensure the security of your Personal Data.

     

    Where your information is transferred to affiliates of Access in other countries, we

    ensure that your Personal Data is protected by requiring that they follow the same rules

    when processing your Personal Data.

     

    We may also transfer your information across country borders where you have consented to the transfer.

     

    If we transfer your information outside Kenya in other circumstances, we will ensure to put on place appropriate safeguards to ensure that your information remains adequately protected.

     

    How Long We Store Your Information

    We retain your data for as long as is necessary for the purpose(s) that it was collected. Storage of your data is also determined by legal, regulatory, administrative or operational requirements. We only retain information that allows us to comply with legal and regulatory requests for certain data, meet business and audit requirements, respond to complaints and queries, or address disputes or claims that may arise.

    Data which is not retained is securely destroyed when it is identified that is no longer needed for the purposes for which it was collected.

    Your Rights

    Subject to legal and contractual exceptions, you have rights in relation to your Personal Data. These are listed below:

    • Right to be informed that we are collecting your personal information and how we are processing it
    • Right to rectify your personal data where it is inaccurate or incomplete
    • Right to withdraw your consent to the processing of your personal data. However, we may continue processing your personal data for legitimate interests or legal grounds
    • Right to object to processing of all or part of your personal data. However, we may decline your request if we are obliged by law or entitled to do so
    • Right of erasure of your personal data held by us, noting that we may continue to retain your information if we are entitled to do so or obliged by law
    • Right to access your personal data in our possession
    • Right to not be subjected to profiling or automated decision making in regards to processing of your Personal Data. However, we may decline your request if we are obliged by law or entitled to do so
    • Right to request your personal data to be processed in a restricted manner. Note that we may continue processing data and reject the request if we are entitled to or are legally obliged
    • Right to data portability in a manner we may deem appropriate such as electronic format


    Exercising Your Data Protection Rights: We are committed to ensuring that you can easily exercise your data protection rights in compliance with applicable regulations. To exercise any of the above rights you can make a request through the Contact Us page on the website, by populating and submitting to us the Data Subject Rights Request Form that can be downloaded from Here, or by contacting our Data Protection Office (DPO) using Kenyadpo@ACCESSBANKPLC.com. If you believe that:

    • we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the appropriate regulatory authority. 
    • During this process, we may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
    • We try to respond to all legitimate requests within reasonable time.
    • Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
    • To be informed of the use for which personal data is to be put;
    • To access personal data in the custody of the Bank or the Bank’s data processors. Your right of access can be exercised by sending an email to 
    • To object to processing of personal data. We might continue to process your data if there are valid legal or operational reasons;
    • To correction of false or misleading information;
    • To deletion of false or misleading information;
    • To receive personal data in a portable format where personal data is requested;
    • Receive compensation where one suffers damage by reasons of contravention of the Act

    You also have the right to:

    • Receive personal data concerning you in a structured, commonly used and machine – readable format and to transmit the said data to another data controller without any hindrance;
    • The Bank will comply within a period of 30 days or longer depending on the nature of the request. 


    Maintaining Accurate Information

    Keeping your account information accurate and up to date is very important. You have access to your account information, which includes your contact information, account balances, transactions and similar information through various means, such as account statements, mobile Banking and Internet Banking.

    If you discover any inaccuracies in your personal information, please promptly notify us, via our e-channels, branch network or Contact Centre, and provide the required documentary evidence, to enable us to implement the necessary updates or changes.

     

    How To Contact Us

    If you have any questions about this Privacy Policy, our privacy practices, the data we hold regarding you, or would like to exercise any of your rights to your Personal Data, please do not hesitate to contact us at:

    Kenyadpo@accessbankplc.com 

    Access Bank (Kenya) PLC

    The Address, 11th Floor,

    Muthangari Drive,

    P.O. Box 34353-00100

    Nairobi, Kenya.

     

    Right to Amend This Privacy Statement

     

    We reserve the right to amend this privacy statement at any time. All amendments to this privacy statement will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this privacy.

     

Latest News

Access Bank PLC and KCB Group PLC Sign Binding Offer on Acquisition of National Bank of Kenya (NBK) Public Notice: Change In Loan Interest Rate PUBLIC ANNOUNCEMENT - RATE INCREASE ANNOUNCEMENT OF US$300 MILLION INVESTMENT INTO ACCESS BANK PLC Discontinuation of Acquisition of Sidian Bank Ltd