Coop Bank Logo
Executive Banking
Sustainability
E-Citizen
Sign in to Internet Banking

YEA Privacy Policy

PRIVACY POLICY

This privacy policy outlines how the YEA APP, developed by The Co-operative Bank of Kenya Ltd (hereinafter “the Bank”, “We”, “Us” or “Our” in this policy), processes your personal data. Our commitment to respecting your privacy and safeguarding your personal data remains a top priority.

1. Introduction

This policy provides information on how we collect, use, share, and protect your personal data when you use the YEA APP. By using the YEA APP, you agree to the terms outlined in this privacy policy.

2. Terms Used in this Policy

  • YEA APP (or APP): Refers to this application developed by The Co-operative Bank of Kenya Ltd, used for digital account opening and related services.
  • Personal Data: is any information that relates to an identified or identifiable individual during the use of this APP.
  • Processing Data: Any action performed on personal data, including collection, storage, use, transfer, and removal.
  • Cookies:  are small files that are placed on Your computer, mobile device or any other device by, containing the details of Your browsing history on this among its many uses.
  • You, Your: terms used to describe the individual accessing or using this APP, or other legal entity on behalf of which such individuals is accessing or using the APP, as applicable. 
  • Usage Data: refers to data collected automatically, either generated by the use of the APP or from the APP infrastructure itself (for example, the duration of a page visit).
  • Service:  refers to the activities provided by the YEA APP, including the functionalities, features, and assistance offered through the YEA APP, including but not limited to digital account opening and related services. The Service may be accessed via the YEA APP on mobile devices or through the website, depending on the context in which it is utilized.

3. Whose Personal Data Does the YEA APP Process and How Is It Collected?

We process personal data for individuals who use the YEA APP to open a digital account or show interest in the APP’s services and features. We collect personal data directly from you when you:

– Open an account using the YEA APP.

– Use the APP’s services and features.

4. Data Collection and Usage

4.1 Types of Data Collected

4.1.1 Personal Data

While using this APP, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to;

  • First and last name
  • National identity card document
  • Phone Number
  • Kenya Revenue Authority (KRA) PIN
  • Email address
  • Date of birth
  • Postal address, Nationality, county, town, physical address
  • Marital status
  • Source of income

4.1.2 Sensitive Data

  • Facial Images: Photos/pictures Video images
  • Financial information
  • Payment recipient contact from contact list

4.1.3 Usage Data

Usage Data is automatically collected when you are using the YEA APP on your mobile device.

This data may include but not limited to your device’s Internet Protocol (IP) address, browser type, pages visited within the app, duration of visits, and unique device identifiers, Type of mobile device, Unique ID of your mobile device, IP address of your mobile device, Mobile operating system, Type of mobile Internet browser used, Unique device identifiers and other diagnostic data.

We may also collect the above information that Your browser sends whenever You visit our Service or when You access the Service by or through a website.

Permissions for Location data: During your use of the APP, and with your prior consent, we may also collect information regarding your location. This information is utilized to enhance and tailor the features of our service. It may be stored on your device or uploaded to our servers or those of our service providers. 

You retain the option to enable or disable access to this information at any time through your device settings.

5. Storage of Your Personal Data

Your data is securely stored on our premises, within our servers, and backed up regularly to ensure its integrity and availability. We employ industry-standard security measures to protect your information from unauthorized access, and access to your data is strictly controlled and limited to authorized personnel only.

6. Use of Your Personal Data

The Bank may use Personal Data for the following purposes:

  • To provide and maintain our service, including to monitor the usage of our service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the service that are available to You as a registered user.
  • To verify your identity, we will require you to take a picture and upload your government-issued Identity Card.
  • To ensure that you are a real person and not a robot, we will perform liveness checks using the photo of your Identity Card and a picture/video selfie that you provide.
  • To Validate part of your personal data: We may also use other government systems, such as Integrated Population Registration System(IPRS), iTax and any other system, to validate the information you provide including but not limited to your National Identity Number and KRA PIN.
  • To assist you in selecting your payment or transaction recipient from your phone, the app may request access to your contacts list. This process is conducted with your explicit consent and is aimed at enhancing your payment experience. It is the responsibility of the sender to verify the recipient’s details before completing any transaction.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with promotional offers, marketing and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience. 

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of the Bank’s assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.
  • Processing with AWS: We use Amazon Web Services (AWS) to process the captured ID image and video selfie for image comparison and liveness checks. AWS helps us ensure the accuracy and security of these verifications. Your data is processed in compliance with all relevant data protection regulations.

7. Retention of Your Personal Data

The Bank will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Generally, the Central Bank of Kenya requires Us to retain financial information for a minimum of seven years post-termination of the business relationship.

The Bank will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

8. Transfer of Your Personal Data 

Your information, including Personal Data, is processed at the bank’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to, and maintained on computers located outside of Your town, country, or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. 

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. 

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including security of Your data and other personal information.

9. Disclosure of Your Personal Data 

Business Transactions: If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy. 

Law enforcement:  Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). 

Other legal requirements: The Company may disclose Your Personal Data in the good faith belief that such action is necessary to: 

  • Comply with a legal obligation 
  • Protect and defend the rights or property of the Company 
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability
  • Use the app’s services and features.

10. Processing of Special Categories of Data

We may process special categories of data, such as biometric data (e.g., fingerprints, facial recognition data), with your explicit consent and as the purposes highlighted in this privacy policy. This processing is important for enhancing security measures, ensuring accurate identity verification, and providing you with a seamless and secure user experience.

Your consent to process this data can be withdrawn at any time, and we will cease processing your biometric data upon receiving such a request. However, please note that withdrawing your consent may impact your ability to use certain features of the APP that rely on biometric data for authentication and security purposes.

11. Automated Decision-Making and Profiling

We may use automated decision-making and profiling technologies to deliver personalized services and enhance your overall user experience. These processes involve analyzing your personal data, such as your usage patterns, preferences, and behavior, to make informed decisions and provide you with relevant recommendations, offers, and content.

Automated decision-making and profiling help us to:

  • Customize the services and features available to you within the APP.
  • Improve the efficiency and accuracy of our services by swiftly processing your data to make real-time decisions.
  • Enhance fraud detection and prevention by identifying unusual activities and patterns.
  • Provide targeted marketing and promotional offers that are tailored to your interests and needs.

These automated processes are conducted in compliance with all relevant legal requirements and with your explicit consent.

12. Your Rights

You have the following rights regarding your data:

  • Right to Access: Request access to your personal data.
  • Right to be Deletion: Request data erasure under certain conditions.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Rectification: Request corrections to your data.
  • Right to Restriction: Request limited processing of your data.
  • Right to Object to Direct Marketing: Request cessation of marketing communications.

Before you can exercise your rights, we may require you to provide identity information in order to fulfill the know your customer (KYC) requirements in accordance with the Central Bank of Kenya guidelines.

13. Security of Personal Data

Your personal data security is a top priority for us. We employ robust measures to safeguard your information, utilizing industry-leading encryption and security protocols. While we continuously strive to ensure the highest level of protection, it’s important to recognize that absolute security is a shared responsibility. We are committed to maintaining the integrity and confidentiality of your data throughout your interactions with Us.

14. Children’s Privacy

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us.

15. Links to Other Websites 

Our APP may contain links to other websites that are not operated by Us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

16. Contact for Complaints or Inquiries

For any questions or to exercise your rights, contact us as follows:

  • Email: dataprotection1@co-opbank.co.ke
  • Visit any of our branches countrywide for support
  • Contact your Relationship Manager: Through your designated branch or manager.

17. Amendments to this Privacy Policy

We reserve the right to amend this policy. Any changes will be posted on our APP and website, and the current version will supersede previous versions.

× How can I help you?