1. This protection and privacy statement set out the basis which Arvocap Asset Managers Limited (Arvocap, we, us, our or the Company) may collect, use, disclose or otherwise process your personal data during or after your relationship with us, in accordance with the Data Protection Act, 2019 (the DPA), its attendant regulations, and with all other relevant legislation in all the jurisdictions that we operate in and applicable global legislations.
2. For purposes of this statement, a Data subject means our clients including you or any person that you authorise to give us instructions, employees, service providers, agents, visitors, anyone who accesses our website, portals and applications and other stakeholders. The DPA defines personal information as “information relating to a natural person who is or can be identified, directly or indirectly.
3. We are a leading fund manager providing investment management services to both institutional and retail investors. We also offer investment advisory for wealth and treasury management.
4. We commit to apply the principles of data protection in processing personal data and in compliance with the DPA, its attendant regulations, and with all other relevant legislation in all the jurisdictions that we operate in and applicable global legislation. We shall ensure that your personal data is:
5. We may collect, process, store, and transfer different kinds of personal data about you. Below is a table that outlines the type of personal data including sensitive (special) data that we collect and process about you
No. | Category of personal data | Examples |
a) | Identifiers | Name, nationality, age, date of birth, postal address, e-mail address, social medial accounts, physical address, passport number; National Identification (ID) number, Personal Tax Identification Number (PIN), National Social Security Number (NSSF), National Hospital Insurance Fund Number (NHIF), etc. |
b) | Sensory data | Photographs, video recordings and voice recordings |
c) | Internet or similar network activity | Personal data obtained due to you interacting with our website and other application software. |
d) | Geolocation data | Geolocation data means data taken from a user’s device or online activity (web or app) which indicates the geographical location of that device, including GPS data. |
e) | Professional, educational and employment related information | Professional membership details, educational level and qualifications, employment history etc. |
f) | Sensitive / special personal data | Dependent, family, and beneficiary details, contact or next of kin details, marital status, gender, biometric data and financial information. |
6. We collect personal data about you or and any other person whose details you provide to us in accordance with the relevant laws, either directly when you:
7. Additionally, if you start filling out information on our website or other online forms and abandon, we will still collect the information you started with. We may use this information to contact you to remind you to complete any outstanding information and if requested by you will delete this information or limit its use to sharing new products and offerings with you.
8. In offering our products and services, our customers are obliged to provide us with personal data as per the relevant legal and regulatory requirements and obligations. Your failure to provide us with the required information may result in us not being able to provide you with our products or services or undertaking a contractual obligation with you.
9. Personal data collected by us will be used, but not limited, for the following purposes:
10. We reserve the right to monitor all internet communications including web and email traffic into and out of our domains, to safeguard the security of our digital channels and systems, protect our staff, record transactions and for the detection and prevention of unlawful activity and fraud.
11. We will only disclose or share with third parties your personal data, subject to your request or consent and if there is a legitimate reason to do so. Examples of third parties that we may disclose or share your personal data with:
12. However, please note that we are also legally obligated to disclose or share your personal data without your consent, to comply with any relevant legislation, to comply with legal process and if required by any regulatory authority.
13. We will only transfer personal data outside Kenya or any other jurisdiction that we operate in only when:
14. Information passing over the internet may be transmitted internationally (even when sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than in your country of residence. In this regard, we cannot be held responsible or liable for the confidentiality, security, or integrity of your information in connection with its transmission over the internet.
15. We will retain personal data for as long as it is necessary in order for us to fulfil the purpose for which we collected it for, including satisfying any legal, regulatory, tax, accounting or reporting requirements. In this regard, data will be stored in a secure, accurate and complete form as we have implemented appropriate physical, technical and organisational information security measures.
16. We will continually endeavour to update our information systems, physical and organisational security measures to secure your personal data from vulnerability of the Information Communication Technology (ICT) Systems from unforeseen and emerging risks and threats. However, please note there is no method of transmission over the internet or method of electronic storage that is completely secure hence we do not guarantee absolute security. It is your responsibility to maintain the secrecy of any user ID and login password you hold.
17. Generally, the law requires us to retain personal data for a period of 7 years upon which the personal data will be deleted or erased from our systems or physical storage space in accordance with our record retention and destruction policy.
18. Your personal data may be retained for a longer period in the event of a complaint and there is reasonable belief that there is a prospect of litigation in respect to our relationship with you.
19. In the event that we have contracted third parties to process your information, we will ensure that a service level agreement is in place obligating them to apply the appropriate security practices on retained data.
20. Subject to legal and contractual exceptions, you have a right to;
21. If you wish to exercise any of the rights set out above, please fill in the statutory forms and contact us on invest@arvocap.com. The statutory forms are available in the ODPC website.
22. Arvocap will try to respond to all legitimate requests in a timely manner. However, if your request is particularly complex or if you have made several requests, it may take us a little longer to respond to you. In this case, we will notify you and keep you informed.
23. Where you withdrawal consent to any part of the processing, we shall restrict the part of the processing in respect of which consent is withdrawn. We will inform you of the implications of withdrawing consent.
24. However, please note that there are instances when we may process data without your consent if the processing is necessary for any reason set out in the DPA Act, its attendant regulations, and with all other relevant legislation in all the jurisdictions that we operate in and applicable global legislations.
25. If you feel that your right to privacy has been violated or not complied to, with regards to personal data, you have a right to complain. You can exercise this right by filing the complaint form available in our website and send to our Data Protection Officer on invest@arvocap.com or you can visit our offices and fill the complaint form. We endeavour to handle and resolve all complaints received in a fair, prompt, and effective manner. You also have a right to lodge the complaint with the ODPC in Kenya.
26. We may occasionally send you marketing information of our financial products and services through the personal information that you have provided but always subject to your right to opt out of receiving such marketing information. You can opt out of receiving such marketing communication when you are providing your data or in subsequent marketing communications. This can be done by clicking “unsubscribe” in the email or text message you receive from us or through our other contact channels.
27. We will not knowingly process data relating to a child unless consent is given by the child’s guardian or parent and the processing is in such a manner that protects and advances the rights and best interests of the child.
28. Arvocap will institute adequate mechanisms, such as request for birth certificate, to verify the age and obtain parental or guardian consent before processing personal data of children.
29. This data protection and privacy statement was last updated in March 2024. Please note that we may update this statement from time to time and especially if there are significant changes in regulatory landscape on data protection in any jurisdiction that we operate in. Updated version will be posted on our website. We shall notify you on any material changes via email or through our website. However, we advise that you regularly check our website to ensure that you are aware of the updated protection and privacy statement.
30. If you have any enquiries, request or feedback on your personal data or queries or feedback about our personal data protection policies, and procedures, please contact our DPO on invest@arvocap.com. You may also visit our offices.