As a user of Safaricom products, you have allowed the telecommunications company to legally collect and use your personal data.
Many users have raised question about how Safaricom collects and uses data after receiving notifications for offers for specific locations.
Some have questioned whether the telecom giant is spying on them or tracking their location while others have wondered whether Safaricom has an inbuilt system to alert them when users change location.
However, the truth is that Safaricom actually collects a lot more of your personal information and is legally allowed to use that information.
The Safaricom data privacy statement, which includes how and where they collect the data and why, applies to all customers, suppliers, agents, merchants, dealers and all visitors frequenting any of Safaricom premises.
The Kenya Times spoke with a tech expert who indicated that it is important for one to read the terms and conditions of any tools before using them.
“Once you accept the terms and conditions, then a legal battle will not hold any water,” stated the expert.
Also Read: Safaricom Takes Full Ownership of M-PESA
The Type of Information Safaricom Collects
The Peter Ndegwa-led institution collects information about your identity and SIM-card registration data, including your name, photograph, address, location, and phone number.
Others include, identity document type and number, date of birth, email address, age, gender and mobile number portability records.
Additionally, they collect data about your credit or debit-card, information about your bank account numbers and SWIFT codes or other banking information and all the transaction information when you use MPESA services.
At the same time, the company collects data about your preferences for particular products and services, based on information provided by you or from your use of Safaricom’s (or third party) network, products and services.
They also store data like you “family details, age, profiling information such as level of education, bank account status, income brackets, your call data records including phone numbers that you call or send messages to (or receive calls and messages from),
“Your account information, such as your handset type/model, tariff, top-ups; subscriptions, billing statements, cloud hosting registration details, e-commerce registration and usage, M-PESA and mobile money transactions,” Safaricom data privacy statement reads in part.
How Your Data is Collected
The information is collected when you register for a specific product or service, including but not limited to SIM-card registration, Post Pay subscriptions, e-commerce platforms, M-PESA and M-PESA-powered services.
Also Read: MPESA Services Back, Safaricom Apologizes
Additionally, Safaricom collects your information when you buy, subscribe to or use a Safaricom product or service online, on the cloud, on a mobile or other device, in a Safaricom Shop or other retail outlet,
Or, when you subscribe to Safaricom or third-party premium rates services, Short Message Service (SMS), email or social media platforms.
Other instances include when you ask the company for more information about a product or service, respond to or participate in a survey, marketing promotion, prize competition or special offer, visit, access or use Safaricom or third-party websites.
According to their privacy statement, they may also collect your information from other organizations including credit-reference bureaus, fraud prevention agencies and business directories.
“We may collect your information when you interact with us as a supplier, agent, merchant or dealer as prescribed in this statement. We also collect information when you visit any of our premises,” reads the statement in part.
Also, the company collects CCTV data when you visit its shops or premises and additional data when you log into its WIFI. The company records the device address and also log traffic information in the form of sites visited, duration and date sent or received.
How the Information is Used
The information collected may be used for processing products and services that you have bought from the institution or from third parties on Safaricom’s ecommerce platforms.
Likewise, it can be used for verifying your identity information through publicly available and or restricted government databases in order to comply with applicable regulatory requirements.
In addition, the information may be used for carrying out credit checks and credit scoring and keeping you informed generally about new products and services and contacting you with offers or promotions.
“To comply with any legal, governmental or regulatory requirement or for use by our lawyers in connection with any legal proceedings, in business practices including to quality control, training and ensuring effective systems operations.
“To protect our network including to manage the volume of calls, texts and other use of our network, to understand how you use our network, products and services for purposes of developing or improving products and services, for research, statistical, survey and other scientific or business purposes,” the statement further notes.
Kenyan Law on Data Protection
The Data Protection Act 2019 regulates the processing of personal data (a) entered in a record, by or for a data controller or processor, by making use of automated or non-automated means.
Provided that when the recorded personal data is processed by non-automated means, it forms a whole or part of a filing system.
The Act also regulates the processing of data (b) by a data controller or data processor who (i) is established or ordinarily resident in Kenya and processes personal data while in Kenya; or (ii) not established or ordinarily resident in Kenya but processing personal data of data subjects located in Kenya.
Notably, the act requires the controller to register and detail the type of data it will be processing in Kenya.