/images/lady-with-cup.png

Arvocap Protection and Privacy Statement

1. This protection and privacy statement set out the basis which Arvocap Asset Managers Limited (Arvocap, we, us, our or the Company) may collect, use, disclose or otherwise process your personal data during or after your relationship with us, in accordance with the Data Protection Act, 2019 (the DPA), its attendant regulations, and with all other relevant legislation in all the jurisdictions that we operate in and applicable global legislations.

2. For purposes of this statement, a Data subject means our clients including you or any person that you authorise to give us instructions, employees, service providers, agents, visitors, anyone who accesses our website, portals and applications and other stakeholders. The DPA defines personal information as “information relating to a natural person who is or can be identified, directly or indirectly.

3. We are a leading fund manager providing investment management services to both institutional and retail investors. We also offer investment advisory for wealth and treasury management.

4. We commit to apply the principles of data protection in processing personal data and in compliance with the DPA, its attendant regulations, and with all other relevant legislation in all the jurisdictions that we operate in and applicable global legislation. We shall ensure that your personal data is:

  • Processed in accordance with your right to privacy;
  • Processed lawfully, fairly and in a transparent manner;
  • Collected for explicit, specified, and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • Adequate, relevant, limited to what is necessary in relation to the purposes for which it is processed;
  • Collected only where a valid explanation is provided whenever information relating to family or private affairs is required;
  • Accurate and, where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data is erased or rectified without delay;
  • Kept in a form which identifies the data subjects for no longer than is necessary for the purposes which it was collected; and
  • Not transferred outside Kenya or any other jurisdiction that we operate in unless there is proof of adequate data protection safeguards or consent from you.

5. We may collect, process, store, and transfer different kinds of personal data about you. Below is a table that outlines the type of personal data including sensitive (special) data that we collect and process about you

No.Category of personal data  Examples
a)IdentifiersName, nationality, age, date of birth, postal address, e-mail address, social medial accounts, physical address, passport number; National Identification (ID) number, Personal Tax Identification Number (PIN), National Social Security Number (NSSF), National Hospital Insurance Fund Number (NHIF), etc.
b)Sensory dataPhotographs, video recordings and voice recordings
c)Internet or similar network activityPersonal data obtained due to you interacting with our website and other application software.
d)Geolocation dataGeolocation data means data taken from a user’s device or online activity (web or app) which indicates the geographical location of that device, including GPS data.
e)Professional, educational and employment        related informationProfessional membership details, educational level and qualifications, employment history etc.
f)Sensitive / special personal dataDependent, family, and beneficiary details, contact or next of kin details, marital status, gender, biometric data and financial information.

6. We collect personal data about you or and any other person whose details you provide to us in accordance with the relevant laws, either directly when you:

  • Fill out application form for any of our products or services in hard copy, through our website, our mobile apps, from our agents etc;
  • Apply for employment. Attend a sponsored event by Arvocap or register for the event through our website;
  • Subscribed and/or visited any of our online services, newsletter, Short Message Service (SMS), email or social media platforms;
  • Ask for more information about our products or services;
  • Indirectly when you visit our website, mobile app, office, agent, you have been identified as a next of kin and or beneficiary by our client or employee; or
  • From third parties such as other Arvocap entities, public databases, credit bureaus and fraud prevention agencies.

7. Additionally, if you start filling out information on our website or other online forms and abandon, we will still collect the information you started with. We may use this information to contact you to remind you to complete any outstanding information and if requested by you will delete this information or limit its use to sharing new products and offerings with you.

8. In offering our products and services, our customers are obliged to provide us with personal data as per the relevant legal and regulatory requirements and obligations. Your failure to provide us with the required information may result in us not being able to provide you with our products or services or undertaking a contractual obligation with you.

9. Personal data collected by us will be used, but not limited, for the following purposes:

  • Performing customer due diligence as per the regulations and guidelines issued by the Capital Markets Authority in relation to our conduct as a market intermediary and supported by our internal policies and procedures;
  • Complying with applicable regulatory requirements and obligations on Know Your Customer (KYC);
  • Providing you with our products and services and establish a relationship with you;
  • Login and authorization into our interactive features when you opt to do so;
  • Staff onboarding and human resource management;
  • To execute a transaction in accordance with your instructions;
  • To fulfil our contractual obligations with you or take the actions required to establish a relationship with you;
  • To provide customer service and support;
  • Providing marketing information;
  • Anti-money laundering/counter terrorism financing and sanctions monitoring;
  • To provide you with investment advice; and or
  • Planning, conducting, and monitoring our business including research and statistical analysis with the aim of improving our interactive systems, products, and services.

10. We reserve the right to monitor all internet communications including web and email traffic into and out of our domains, to safeguard the security of our digital channels and systems, protect our staff, record transactions and for the detection and prevention of unlawful activity and fraud.

11. We will only disclose or share with third parties your personal data, subject to your request or consent and if there is a legitimate reason to do so. Examples of third parties that we may disclose or share your personal data with:

  • Group companies and entities within Arvocap;
  • Service providers such as administrators, custodians, agents, securities brokers or external auditors and other third-party businesses who we have contracted to conduct some aspects of our business; and or
  • Governmental agencies, self-regulatory organizations, industry associations and similar bodies in order to fulfil legal and regulatory requirements.

12. However, please note that we are also legally obligated to disclose or share your personal data without your consent, to comply with any relevant legislation, to comply with legal process and if required by any regulatory authority.

13. We will only transfer personal data outside Kenya or any other jurisdiction that we operate in only when:

  • We have proof of appropriate measures for security and protection of the personal data. Our measures also include ensuring data is transferred to jurisdictions with commensurate data protection laws. For example, when we store your personal data in cloud applications, we will ensure that the service provider is based in a jurisdiction that is compliant with the international General Data Protection Regulations (GDPR);
  • The Office of the Data Protection Commissioner (ODPC) will publish a list of countries with appropriate data protection measures from time to time. We will ensure that we only transfer data to these countries;
  • We have your consent to the processing and storing of personal data outside the country of jurisdiction;
  • The transfer is necessary for (i) the performance of a contract, (ii) the implementation of pre-contractual measures such as for matters of public interest, (iii) for the establishment, exercise, or defence of a legal claim, and (iv) to protect your vital interests or of other persons vital interest, where you are physically or legally incapable of giving consent; and or
  • For compelling legitimate interests pursued by Arvocap, which are not overridden by your interests, rights under the DPA or for the conclusion or performance of a contract to which you are part of.

14. Information passing over the internet may be transmitted internationally (even when sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than in your country of residence. In this regard, we cannot be held responsible or liable for the confidentiality, security, or integrity of your information in connection with its transmission over the internet.

15. We will retain personal data for as long as it is necessary in order for us to fulfil the purpose for which we collected it for, including satisfying any legal, regulatory, tax, accounting or reporting requirements. In this regard, data will be stored in a secure, accurate and complete form as we have implemented appropriate physical, technical and organisational information security measures.

16. We will continually endeavour to update our information systems, physical and organisational security measures to secure your personal data from vulnerability of the Information Communication Technology (ICT) Systems from unforeseen and emerging risks and threats. However, please note there is no method of transmission over the internet or method of electronic storage that is completely secure hence we do not guarantee absolute security. It is your responsibility to maintain the secrecy of any user ID and login password you hold.

17. Generally, the law requires us to retain personal data for a period of 7 years upon which the personal data will be deleted or erased from our systems or physical storage space in accordance with our record retention and destruction policy.

18. Your personal data may be retained for a longer period in the event of a complaint and there is reasonable belief that there is a prospect of litigation in respect to our relationship with you.

19. In the event that we have contracted third parties to process your information, we will ensure that a service level agreement is in place obligating them to apply the appropriate security practices on retained data.

20. Subject to legal and contractual exceptions, you have a right to;

  • Be informed that we are collecting personal data from you;
  • Be informed of the purpose for which we are collecting your personal data;
  • Withdraw consent at any time;
  • Access personal data in our custody;
  • Object to the processing of all or part of your personal data;
  • Restrict processing of personal data;
  • Correction of false, inaccurate, or misleading data;
  • Deletion of false or misleading data about you;
  • Data portability in a universally machine-readable format or for that data to be ported to another service;
  • Compensation for the damage – material or non-material suffered if your rights have been found to be violated;
  • Right to an effective judicial remedy where you consider that your personal data was not processed in compliance with the law;
  • Right not to be subjected to a decision based solely on our automated processing, including profiling, which legally and significantly affects you; and
  • Right to complain to the ODPC or the data protection authority/office in the jurisdiction that we have offices in.

21. If you wish to exercise any of the rights set out above, please fill in the statutory forms and contact us on invest@arvocap.com. The statutory forms are available in the ODPC website.

22. Arvocap will try to respond to all legitimate requests in a timely manner. However, if your request is particularly complex or if you have made several requests, it may take us a little longer to respond to you. In this case, we will notify you and keep you informed.

23. Where you withdrawal consent to any part of the processing, we shall restrict the part of the processing in respect of which consent is withdrawn. We will inform you of the implications of withdrawing consent.

24. However, please note that there are instances when we may process data without your consent if the processing is necessary for any reason set out in the DPA Act, its attendant regulations, and with all other relevant legislation in all the jurisdictions that we operate in and applicable global legislations.

25. If you feel that your right to privacy has been violated or not complied to, with regards to personal data, you have a right to complain. You can exercise this right by filing the complaint form available in our website and send to our Data Protection Officer on invest@arvocap.com or you can visit our offices and fill the complaint form. We endeavour to handle and resolve all complaints received in a fair, prompt, and effective manner. You also have a right to lodge the complaint with the ODPC in Kenya.

26. We may occasionally send you marketing information of our financial products and services through the personal information that you have provided but always subject to your right to opt out of receiving such marketing information. You can opt out of receiving such marketing communication when you are providing your data or in subsequent marketing communications. This can be done by clicking “unsubscribe” in the email or text message you receive from us or through our other contact channels.

27. We will not knowingly process data relating to a child unless consent is given by the child’s guardian or parent and the processing is in such a manner that protects and advances the rights and best interests of the child.

28. Arvocap will institute adequate mechanisms, such as request for birth certificate, to verify the age and obtain parental or guardian consent before processing personal data of children.

29. This data protection and privacy statement was last updated in March 2024. Please note that we may update this statement from time to time and especially if there are significant changes in regulatory landscape on data protection in any jurisdiction that we operate in. Updated version will be posted on our website.  We shall notify you on any material changes via email or through our website. However, we advise that you regularly check our website to ensure that you are aware of the updated protection and privacy statement.

30. If you have any enquiries, request or feedback on your personal data or queries or feedback about our personal data protection policies, and procedures, please contact our DPO on invest@arvocap.com. You may also visit our offices.

Arvocap Protection and Privacy Statement