OPESA PRIVACY POLICY

(Updated July 5, 2021)

Please read carefully before using this service

Welcome to Opesa.

At Opesa we take your privacy seriously. This privacy policy explains why we collect data, what data we collect, how we store and transfer that data as well as who we may share the data with. You specifically authorize us to collect and process data in accordance with this privacy policy. Collection of data by us shall be conducted in accordance with the Data Protection Act of 2019 (“the Act”) as may be applicable and/or amended from time to time.

1. By your use of our services and products you hereby irrevocably and expressly agree that we may collected your data as both a data controller and data processor as defined in the Act and consent to the use of your personal data as indicted in this policy.

1.1. Why we collect data. You acknowledge that we are required to collect certain data to be able to provide the Service to you. We also collect data for use in verifying your identity and creating credit scoring models to determine what Loans can be offered to you. Further, we use this data for purposes of collections and credit scoring and reporting. We will only collect and process your personal information for the reason you provided it to us, or to enable us to comply with the requirements of specific laws that we are governed by.

1.2. We will not collect and process personal information about you that we do not need for offering the services to you. The general purposes for which we collect and process your personal information include, but are not limited to:

1.2.1. Creating a record of you on our system to verify your identity, provide you with the products and/or services you have applied for and then communicate with and keep you informed about these products and/or services;

1.2.2. Assessing whether you qualify for credit, or an increase or decrease of your credit limit;

1.2.3. Identifying you and verifying your physical address, source of income and similar information;

1.2.4. Any purpose related to the prevention of financial crime, including sanctions screening, monitoring of anti-money laundering and any financing of terrorist activities;

1.2.5. Further processing for historical, statistical or research purposes where the outcomes will not be published in an identifiable format;

1.2.6. Providing income tax-related information to tax authorities if required to do so; and Any legitimate purpose.

1.3. For the purposes outlined in paragraph B (above), we will, in most instances, collect and process your personal information internally. However, there are times when we need to outsource these functions to third parties, either internally or externally to us, including parties in other countries. Where your personal information is shared internally, such sharing will be carried out only for the purposes outlined in in this policy. Internally we may share your personal information with our parent and group companies within the globe since we share certain resources. We may also need to share your personal information with external organisations, such as credit bureaus, tax authorities or other regulatory or industry bodies, so that we can meet our due diligence or regulatory requirements, and which sharing you hereby consent to. We may need to share your personal information with our business partners or counter-parties, where we are involved in corporate transactions relating to the sale or transfer of any of our businesses, legal entities or assets. We will not share your personal information with third parties who do not need your personal information, or where we are not legally permitted to do so. When we decide to transfer your personal information to third parties, we will only provide it to organisations that have the same data privacy policies as us or those who are subject to laws relating to the processing of personal information that are similar to those that apply to us. You expressly agree that, as part of the Service, you may, from time to time, receive communications from us via text message (SMS) or email, including our promotional newsletters or other information about the Service. We may from time to time send you advertisements, and promotional data to market new services, products and updates on current services. You hereby consent to receiving these advertisements and are encouraged to try the new products. You may stop receiving promotional messages by following the opt-out instructions in the message. Even if you choose to opt out of receiving promotional messages, you may not opt out of receiving service-related messages.

1.4. The data we collect. When you register for the Service, we will collect your:

1.4.1. National Identity Card Number

1.4.2. Date of Birth

1.4.3. Email address

1.4.4. Registered mobile or telephone Number

1.4.5. Monthly income and pay day

1.4.6. Other outstanding loans

1.4.7. Details of two emergency contacts: Full legal names and Telephone Numbers

1.4.8. Your level of education

1.4.9. Your monthly income and pay date

1.4.10. Employment detail: Whether permanent or contract or unemployed

1.4.11. Residential status: Whether rented or owned

1.4.12. Primary Account or other contact information.

1.5. The information listed above shall be used to conduct due diligence and determine that you are the authorized user as well as assess your credit worthiness. We may also collect other information from your phone as below for which we seek permission from yourself to process the information.

1.5.1. SMS: We also collect and monitor SMS to enable disbursement of the funds to you. You receive an acknowledgement message for receipt of the fund. This information also assists to reduce risks associated with your application and provide customized offers. We also collect and monitor SMS to enable disbursement of the funds to you.

1.5.2. Storage: We collect and require access to your storage to enable you upload documents/pictures for due diligence purposes during registration.

1.5.3. Phone: We seek permissions to access your phone details as we collect and monitor specific information about your device including your hardware model, operating system and version, unique device identifier, installed software applications user profile information, wi-fi information, mobile network information as a safety measure to uniquely identify the devices and ensure that unauthorised devices are not able to act on your behalf helping us to prevent fraud. This information may be used for our credit scoring system.

1.5.4. Location: We Collect and monitor information about the location of your device to ensure that you are within the Kenyan geographical location, for loan applicability. We also use the information to provide serviceability of your loan application, to reduce risks associated with your application and also provide you with customized offers for all products available.

1.5.5. Contacts: We collect and read your phone contact list to detect emergency references and allow you to auto-fill data during loan application process. We upload your emergency contact’s name and phone number for due diligence purposes and may cross- check your identity with them.

1.5.6. Contact list: We collect your phone contact list. We collect your emergency contacts name and phone number for due diligence purposes and may cross-check your identity with them.

1.5.7. Software Applications: We may collect information through the software applications on your phone.

1.5.8. Phone Number: Your phone number is collected for registration and sign-in purpose.

1.5.9. Primary Account: Your Primary Account is collected for better receiving your feedback.

1.6. In most cases, personal information will be collected directly from you or through your device, but there may be other instances when We will collect personal information from other sources. These may include, but is not limited to, public records, places where you may already have made your personal information public (for example, on social media) or credit bureaus. We will only collect your personal information from other sources where we are legally entitled or obliged to do so, and you are entitled to ask us which sources we used to collect your personal information. By registering for the Service, you authorize the collection and processing of the foregoing data.

1.7. We may use tracking pixels, and other tracking technologies on the application to update our credit scoring system, help customize the application, and improve your experience.When you access the Application, your personal information may be collected through the use of tracking technology.

1.8. You acknowledge that this information is defined as Sensitive Personal Data (“SPD”) in the Act and through your use of the services expressly consent to us collecting, using, storing and relying upon such data. If you currently or later object to the collection, usage and storage of your SPD you shall be required to immediately cease using the services and delete the application from any of your devices. You shall furthermore be required to transmit an and email to help@opesa.com notifying us of your cessation of the services as well as requesting us to deleted your SPD. Deletion of your SPD shall occur in accordance with the provisions of the Act. You acknowledge that where we are required to retain your personal data in accordance with any legislation we shall be under no obligation to delete that information.Furthermore, we will not process your SPD unless:

1.8.1. You have consented to us processing it;

1.8.2. It is necessary in order for us to make the services available to you;

1.8.3. It is necessary to exercise or defend a right or obligation in law;

1.8.4. It is necessary to comply with an international legal obligation of public interest;

1.8.5. It is for certain historical, research or statistical purposes that would not adversely affect your privacy; or

1.8.6. You have deliberately made your information public.

1.9. There may be instances where we will process your personal information through a secure automated tool, or perform profiling resulting in a decision that may affect you. You hereby acknowledge that such automated collection methods are necessary to ensure the services are rendered to you in a timely manner and as such hereby irrevocably agree to such automated tool being utilized. In the provision of our services, we employ strict security measures to guarantee data integrity and confidentiality. We protect personal data against unauthorized disclosure or access, accidental or unlawful destruction or accidental loss, alteration, and all forms of unlawful intrusion. Such measures include encryption, intrusion detection and prevention systems, database security check, firewalls amongst other mechanisms.

1.9.1. How we transfer and store data. Because we are a part of an international group of companies with data-centers around the world, Opesa may process and store your data locally in the Kenya or in a foreign country. We will, however, ensure that we implement security measures and your data is protected to a strict standard. You hereby consent to the foreign processing or storage of your personal data on our own, through affiliates or third party service providers such as the Cloud Service and international transfers. Where we use foreign data centers or use foreign third party service providers we shall ensure and mandate that our partners ensure a level of protection of such data comparable to that provided for under Kenyan Law as well as best practice standards. By your use of our service and products you irrevocably agree that we may process or transfer your data, be it SPD or otherwise, to other countries as may be necessary in order for us to make the services and products available to you.

1.9.2. Who we share data with. We may share your data with third parties in certain circumstances. We may, for example, share data with:

(i)credit bureaus and other lenders and lending platforms, in requesting credit histories or reporting loan defaults and deducing credit scoring;

(ii)collections agencies, in seeking to collect overdue Loans;

(iii)government bodies and law enforcement agencies, to comply with the law or conduct due diligence;

(iv)professional advisers, to enforce or defend our legal rights; or

(v)Group affiliate companies

(vi)with a purchaser or seller in connection with a corporate event such as a merger, business acquisition or insolvency situation.

2. To the extent that local legislation permits, you have the following rights regarding your personal information:

2.1. The right to access your personal information that we have on record.

2.2. You have the right to ask us to rectify any of your personal information that is incorrect.

2.3. You can ask us to delete or destroy your personal information. You can also object to us processing your personal information. These requests must be sent to us in writing. However, the result of such a request will be that we may have to suspend the provision of products and/or services for a period of time, or even terminate our relationship with you. If our records are subject to regulatory retention periods, we may not be able to delete or destroy your personal information immediately upon request as your data shall be archived until end of the statutory period.

3. If you have a complaint relating to the protection of your personal information, including the way in which it has been collected or processed by us, please contact us using our contact details as listed below. If you have not had your complaint dealt with satisfactorily, you may lodge a complaint with in terms of the Act.

4. Contact information. If you have any questions about this privacy policy or other privacy issues, we can be reached at help@opesa.com.

5. We have the right to amend these terms. We reserve the right to change this policy at any time. All changes to this policy will be posted on our website and/or via our application. Unless otherwise stated, the current version shall supersede and replace all previous versions of this policy.