Page 1 of 15
Elink Solutions Privacy Notice
Effective Date: 1
st
January 2023
1. SCOPE OF THIS PRIVACY NOTICE
1.1 This Privacy Notice applies to your use of:
a) The Elink mobile and web application software (“Apps) available on our
site or hosted on the Google Play Store (“App Site”), once you have
downloaded or streamed a copy of the Apps onto your mobile telephone or
handheld device (“Device); and
b) any of the services accessible through the Apps which are available on
the App Site or any of our other sites (“Services Sites”).
1.2 Elink Solutions is a legal entity incorporate in Kenya. When we mention ELINK
in this document, we are referring to Elink Solutions Limited, which is the data
controller responsible for processing and storing your data when you use our
Apps.
1.3 If you have any questions about this Privacy Notice, please contact us via
email at solutions.elink@gmail.com
1.4 Our Privacy Policy also applies to your use of our Apps and explains what
personal data we collect, with whom we share it, how we may use your data and
how you (the user of the Service) can prevent us from sharing certain information
with certain parties.
1.5 This Privacy Notice informs you as to how we look after your personal data
when you download our Apps, use our products or services and tells you about
your privacy rights and how the law protects you. Please read our Privacy Policy
and this Privacy Notice carefully to understand our views and practices regarding
your personal data and how we will treat it in accordance with the Data Protection
Act, 2019 of the laws of the Republic of Kenya.
1.6 By accepting the terms of this Privacy Notice and our Privacy Policy, you
accept and consent to the practices described in this Privacy Notice and our
Privacy Policy. This Privacy Notice shall always prevail over the Privacy Policy in
relation to how we use your information for our Apps.
Page 2 of 15
1.7 The all Elink Apps are not intended for children, and we do not knowingly
collect data relating to children.
2. DEFINITIONS
Terms used in this Privacy Notice shall have the following meanings, and
reference to the singular includes the plural (and vice versa).
2.1Authorities” includes any judicial, administrative, government, public or
regulatory body, securities or futures exchange, court, central bank or law
enforcement body, or any of their agents with jurisdiction over Elink.
2.2Child” means an individual who has not attained the age of eighteen (18)
years.
2.3Comply with a legal obligationmeans processing your Personal Data where
it is necessary for compliance with a legal obligation that we are subject to, such
as (a) Laws or international guidance and internal policies or procedures, (b) any
demand from Authorities or reporting, disclosure or other obligations under Laws,
and (c) Laws requiring us to verify the identity of our customers.
2.4Consentmeans processing your Customer Information where you have
signified your agreement by a statement or clear opt-in to processing for a specific
purpose. Consent will only be valid if it is a freely given, specific, informed and
unambiguous indication of what you want. You can withdraw your consent at any
time by contacting us via solutions.elink@gmail.com
2.5Customer” orUser means any individual within the Republic of Kenya to
which Elink provides its products or services.
2.6Customer Informationmeans your Personal Data, Sensitive Personal Data,
and/or Relevant Information including relevant information about you, your
transactions, your use of our products and services, and your relationships with
Elink.
2.7 Lawsinclude any local or foreign law, regulation, judgment or court order,
voluntary code, sanctions regime, an agreement between any member of Elink
and an Authority, or agreement or treaty between Authorities and applicable to
Elink.
Page 3 of 15
2.8Legitimate Interestmeans the interest of our business in conducting and
managing our business to enable us to give you the best service/product and the
best and most secure experience. We make sure we consider and balance any
potential impact on you (both positive and negative) and your rights before we
process your personal data for our legitimate interests. We do not use your
personal data for activities where our interests are overridden by the impact on
you (unless we have your consent or are otherwise required or permitted to by
law).
2.9Performance of Contractmeans processing your data where it is necessary
for the performance of a contract to which you are a party or to take steps at your
request before entering into such a contract.
2.10 Personal Dataor “Personal Informationrefers to any information whether
recorded in a material form or not, from which the identity of an individual is
apparent or can be reasonably and directly ascertained by the entity holding the
information, or when put together with other information would directly and
certainly identify an individual.
2.11 Relevant Information means information that Elink requires for purposes of
providing the Services, including, but not limited to, data relating to your phone
from your Equipment (meaning your mobile phone handset, SIM Card and/or
other equipment which when used together enables you to access the Network),
from any SMS (meaning a short message service consisting of a text message
transmitted from your mobile phone to another) and such other information
as may be described in Section 3.1 below;
2.12 Sensitive Personal Information refers to Personal Data about an individuals
race, ethnic origin, marital status, age, color, and religious, philosophical or
political affiliations; health status, education, biometric data, genetic data, sex or
the sexual orientation of a person, property details, family details including names
of the person’s children, parents, spouse or spouses; any proceeding for any
offense committed or alleged to have been committed by such person, the
disposal of such proceedings, or the sentence of any court in such proceedings;
issued by government agencies peculiar to an individual which includes, but not
limited to, social security numbers, previous or current health records, licenses or
its denials, suspension or revocation, and tax returns; and specifically established
by an executive order or other legislative act to be kept classified.
Page 4 of 15
2.13 Services” refers to the products and features provided through our Apps or
the App Site, including the maintenance of the Apps, once you have downloaded
or streamed a copy of the App onto your Device.
2.14 We, Ourand “Us refer to Elink.
3. THE DATA WE COLLECT ABOUT YOU
3.1 We may collect, use, process, store and transfer different kinds of Personal
Data and Relevant Information about you including but not limited to:
3.1.1. Identity Data: first name, last name, maiden name, photograph,
username or similar identifier, marital status, title, date of birth, gender,
identity document type, number, and age.
3.1.2. Contact Data: billing address, delivery address, email address, and
telephone numbers.
3.1.3. Financial Data: bank account, payment card details and codes or
other banking information.
3.1.4. Transaction Data: includes details about payments to and from you
and details of in-App transactions.
3.1.5. Device Data: includes the type of mobile device you use, device
specifications (such as screen size, resolution, or CPU capacity) a unique
device identifier (for example, your Device’s IMEI number, IP address,
Google Play Services ADID, the MAC address of the Devices wireless
network interface, or the mobile phone number used by the Device), mobile
network information, your mobile operating system.
3.1.6. Content Data: includes information stored on your Device, such as
contact lists, call and SMS logs, photos, list of installed applications, or other
digital content and check-ins.
3.1.7. Network Data: includes information about Elink users in your network,
such as volume, repayment behavior, and demographics.
3.1.8. Profile Data: includes your username and password, in-App
transaction history, your interests, preferences, feedback and survey
responses, name, family details, age, profiling information such as level of
education, bank account status, income brackets, credit information etc.
collected as part of surveys conducted by Elink and our agents on behalf of
Elink.
3.1.9. Usage Data: includes details of your use of any of our Apps or your
visits to any of our Sites including, but not limited to, traffic data and other
communication data, whether this is required for our own billing purposes or
otherwise and the resources that you access.
Page 5 of 15
3.1.10. Account Servicing Data: includes records of messages received
from you, your account, or your device, including customer service tickets
filed through the App or via email, call logs and call recordings, and records
of other interactions between you or your representatives and Elink or its
agents.
3.1.11. Marketing and Communications Data: includes your preferences in
receiving marketing from us and our third parties and your communication
preferences, as well as data provided by you in relation to special offers and
promotional activities conducted by Elink.
3.1.12. Location Data: includes your current location disclosed by GPS
technology.
3.1.13. Third Party Data: includes information obtained from credit reference
agencies or bureaus, external collection agencies, identity verification and
sanctions screening service providers, mobile network providers and
marketing partners.
3.2 We also may collect other information about you, your device and your use of
the App in ways that we describe to you at the time of collection or otherwise with
your consent.
3.3 The collection of your data by us includes but is not limited to the following
sources:
3.3.1. Information you give us. This is information you consent to giving us
about you by opting in in our Apps, filling in forms in the Apps, or by
corresponding with us (for example, by email or chat). It includes
information you provide when you register to use the App Site, download or
register an App, subscribe to any of our Services, sharing data via an Apps
social media functions, entering a competition, promotion or survey, search
for an App or Service and when you report a problem with an App, our
Services, or any of our Sites. If you contact us, we will keep a record of that
correspondence.
3.3.2. Information we collect about you and your device. Each time you use
our Apps we will automatically collect personal data including Device,
Content, Identity and Usage Data. We collect this data using cookies and
other similar technologies.
3.3.3. Device-linked Location Data. We also use GPS technology to
determine your current location. Some of our location-enabled Services
require your personal data for the feature to work. If you wish to use the
particular feature, you will be asked to consent to your data being used for
Page 6 of 15
this purpose. You can withdraw your consent at any time by disabling
Location Data in your settings.
3.3.4. Information we receive from other sources including third parties and
publicly available sources. We will receive personal data about you from
various third parties and public sources as set out below:
3.3.4.1. Contact, Financial, Profile and Transaction Data from third parties
which include but are not limited to providers of technical, payment, delivery
and general financial services such as credit reference agencies, identity
verification and sanctions screening service providers, mobile network
providers, and collection agencies.
3.3.4.2. Identity and Contact Data from publicly available sources such as
news reports and reported cases.
3.3.4.3. Marketing partners and analytics providers: they may use mobile
tracking technologies and/or website cookies to distinguish you from other
users of our Apps, App Site or Service Site
3.3.4.4. Other Relevant Information supplied by third parties through the
contact information that you have provided to us.
3.4 Our Apps may access the following device permissions, depending on your
Equipment’s operating system and the version of the App that you have
downloaded. Keep your App updated to make sure you can experience the latest
and most secure features.
3.4.1. Camera: We may request you to upload photos as part of our identity
verification process. We may also request you to upload copies of
documents as proof of income.
3.4.2. Contacts: We will retrieve information about your contact lists (such
as contact names and numbers, contact frequency, and date of last
contact). We use this information in our credit and underwriting models to
determine whether you are eligible for our Services. We use automated
processing to understand your network relationships, and this also helps our
fraud models verify your identity. We will never reach out to any of your
contacts or provide any of your information to your contacts unless you
separately and expressly direct us to do so.
3.4.3. Accounts on your device: We check the list of user accounts created
on your device and the email address used to create each account. This
helps our fraud models verify your identity. We also use this information in
its credit and underwriting models to determine whether you are eligible for
our Services.
3.4.4. Location: This helps our fraud models verify your identity. We also
use location data for research purposes.
Page 7 of 15
3.4.5. Phone status and identity: When you sign up for an Elink account, we
will retrieve your phone number from your device automatically. This
ensures that the mobile number is active and accurate, and that it is linked
to the device you are using to open the account.
3.4.6. Receive text messages: This is used to automatically confirm the
one-time password (OTP) sent to the user via SMS.
3.4.7. Read, modify, or delete the contents of your SD card: We may
request you to upload photos of your identification document. We may also
request you to upload photos of documents as proof of income.
3.4.8. Run foreground service: This permission is needed by our Apps to
upload photos.
3.4.9. View and change network connectivity: This is used to notify the Elink
Apps when network connectivity changes so that we can determine whether
you are connected to the internet or not.
3.4.10. View Wi-Fi connections: We use the IP address and network type of
your device to detect and prevent fraud.
3.4.11. Receive data from the internet. We need this permission in order to
send requests through the Apps and to allow the Apps to access the
internet.
3.4.12. Prevent phone from sleeping: This permission is required by some
of the features and services within the Apps, such as in-app messaging.
3.5 We also collect, use and share Aggregated Data such as statistical or
demographic data for any purpose. Aggregated Data could be derived from your
Personal Data but is not considered personal data in law as this data will not
directly or indirectly reveal your identity. For example, we may aggregate your
Usage Data to calculate the percentage of users accessing a specific App feature.
However, if we combine or connect Aggregated Data with your personal data so
that it can directly or indirectly identify you, we treat the combined data as
Personal Data which will be used in accordance with this privacy notice.
4. HOW WE USE YOUR PERSONAL DATA
4.1. We will only use your Personal Data when we are legally permitted to do so.
Most commonly we will use your Personal Data in the following circumstances:
4.1. 1. Where you have given your consent before the processing of the
data.
4.1. 2. Where we need to perform a contract we are about to enter or have
entered with you.
Page 8 of 15
4.1. 3. Where it is necessary for our legitimate interests (or those of a third
party) and your interests and fundamental rights do not override those
interests.
4.1. 4. Where we need to comply with a legal or regulatory obligation.
4.2 We will only send you direct marketing communications by push notification,
email or text if we have your consent. You have the right to withdraw that consent
at any time by contacting us via email at solutions.elink@gmail.com
5. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
Purpose/activity
Type of data
Lawful basis for processing
1. To install the App and register you as a new
App user
Identity
Contact
Device
Your consent
1. To determine your eligibility for our Services
through the use of automated processing
2. To process in-App transactions and deliver
Services including collecting payments for
your use of the Service
3. To verify your identity with the Mobile
Money Providers in relation to your Mobile
Money Account pursuant to the agreement
between you and the relevant Mobile
Money Provider for the provision of its
products and services and the Mobile
Money Service
4. To verify your identity with identity
verification service providers
Identity
Contact
Financial
Transaction
Device
Account Servicing
Marketing and
Communications
Location
Third Party
Performance of a contract
with you
Necessary for our legitimate
interests (to recover debts
due to us)
1. To manage our relationship with you
including notifying you of changes to the
App or any Services
2. To analyze customer behavior
Identity
Contact
Financial
Profile
Your consent
Performance of a contract
with you
Page 9 of 15
Purpose/activity
Type of data
Lawful basis for processing
3. To contact you by telephone using auto-
dialed or pre-recorded message calls or
text (SMS) messages
Account Servicing
Marketing and
Communications
Necessary for our legitimate
interests (to keep records
updated and to analyze how
customers use our products/
Services)
Necessary to comply with
legal obligations (to inform
you of any changes to our
terms and conditions)
To enable you to participate in a prize draw,
competition or complete a survey
Identity
Contact
Device
Profile
Marketing and
Communications
Your consent
Performance of a contract
with you
Necessary for our legitimate
interests (to analyze how
customers use our
products/Services and to
develop them and grow our
business)
To administer and protect our business and this our
Apps including troubleshooting, data analysis and
system testing
Identity
Contact
Device
Account Servicing
Necessary for our legitimate
interests (for running our
business, provision of
administration and IT
services, network security)
Performance of a contract
with you
1. To deliver content and advertisements to
you
2. To make recommendations to you about
goods or services which may interest you
Identity
Contact
Device
Content
Profile
Consent
Necessary for our legitimate
interests (to develop our
products/Services and grow
our business)
Page 10 of 15
Purpose/activity
Type of data
Lawful basis for processing
3. To send you marketing notices, service
updates, and promotional offers
4. To measure and analyze the effectiveness
of the advertising we serve you
5. To monitor trends so we can improve the
Apps
Usage
Marketing and
Communications
Location
1. To comply with applicable laws, regulations,
and rules, such as those relating to “know-
your-customer”, sanctions screening, and
anti-money laundering requirements
2. To detect and prevent fraud and other
illegal uses of the Service
3. To exchange information with any local or
international law enforcement or competent
regulatory or governmental agencies to
assist in the prevention, detection,
investigation or prosecution of criminal
activities or fraud
Identity
Contact
Device
Content
Profile
Usage
Marketing and
Communications
Location
Financial
Necessary to comply with
legal obligations
Necessary for our legitimate
interests (for running our
business)
1. To allow our partners to fulfill their
obligations to you
2. To fulfill our obligations to our partners
3. To exchange relevant information with
Elink’s service providers, dealers, agents or
any other company that may be or become
Elink’s subsidiary or holding company for
reasonable commercial purposes relating to
the Services
Identity
Contact
Device
Content
Profile
Usage
Account Servicing
Marketing and
Communications
Location
Financial
Your consent
Performance of a contract
with you
Necessary for our legitimate
interests (for running our
business)
Necessary to comply with
legal obligations
Page 11 of 15
6. DISCLOSURES OF YOUR PERSONAL DATA
When you consent to providing us with your Personal Data, we will also ask you
for your consent to share your Personal Data with the third parties set out below
for the purposes set out in the table above.
6.1 Internal Third Parties being other companies affiliated to Elink acting as joint
controllers or processors and who are based in locations outside of Kenya and
provide IT and system administration services and undertake leadership reporting.
6.2 External Third Parties such as Service providers acting as processors who
include:
6.2.1. Mobile Money Providers whom we use for verification in relation to
your Mobile Money account pursuant to the agreement between you and
the relevant Mobile Money Provider for the provision of its products and
services and the Mobile Money Service;
6.2.2. Any local or international law enforcement or competent regulatory or
governmental agencies information exchange in connection with a formal
request so as to assist in the prevention, detection, investigation or
prosecution of criminal activities or fraud;
6.2.3. Elinks service providers, external collection agencies, dealers, agents
or any other company that may be or become Elink’s subsidiary or holding
company for reasonable commercial purposes relating to the Services with
whom only relevant information will be exchanged;
6.2.4. Elinks professional advisors and consultants including lawyers and
auditors or to any court or arbitration tribunal in connection with any legal or
audit proceedings;
6.3 Third parties to whom we may choose to sell, assign, transfer or merge parts
of our business or our assets. Alternatively, we may seek to acquire other
businesses or merge with them. If a change happens to our business, then the
new owners may use your Personal Data in the same way as set out in this
Privacy Notice.
6.4 In business practices including but not limited to quality control, training and
ensuring effective systems operation.
6.5 Any other person that we deem legitimately necessary to share the data with.
Page 12 of 15
7. INTERNATIONAL TRANSFERS
7.1 Your Personal Data collected by Elink may be stored and processed outside
Kenya in a location which Elink or its agents maintain facilities.
7.2 Whenever we transfer your personal data out of Kenya, we ensure a similar
degree of protection is afforded to it by ensuring adequate safeguards are
implemented. We ensure your personal data is protected by requiring all our
affiliate companies and agents to follow the same rules when processing your
personal data.
8. AUTOMATED PROCESSING
We use automated processing to determine your eligibility for our Services based
on the Personal Data and Relevant Information that we collect. Our fraud
prevention and credit models utilize data science and machine-learning
technology with little to no human intervention and are regularly tested to ensure
they remain fair, accurate, and unbiased. You may object to the automated
processing of your Personal Data, but doing so will prevent us from providing you
with our Services. If you wish to request a reconsideration of an automated
decision, you may contact us via email a t solutions.elink@gmail.com Please note
that human intervention does not guarantee that the automated decision will be
overturned.
9. DATA SECURITY
9.1 All information you provide to us is stored on our secure servers. Any payment
transactions carried out by us or our chosen third-party provider of payment
processing services will be secured. Where we have given you (or where you
have chosen) a password that enables you to access certain parts of Our Apps,
you are responsible for keeping this password confidential. We ask you not to
share this password with anyone.
9.2 Once we have received your information, we will use strict procedures and
security features to try to prevent your Personal Data from being accidentally lost,
used or accessed in an unauthorized way.
9.3 We will collect and store your Personal Data on your Device using application
data caches and browser web storage (including HTML5) and other technology.
Page 13 of 15
9.4 We have put in place procedures to deal with any suspected personal data
breach and will notify you and any applicable regulator when we are legally
required to do so.
10. DATA RETENTION
10.1 To determine the appropriate retention period for personal data, we consider
the amount, nature and sensitivity of the personal data, the potential risk of harm
from unauthorized use or disclosure of your personal data, the purposes for which
we process your personal data and whether we can achieve those purposes
through other means, the need to comply with our internal policy and the
applicable legal, regulatory, tax, accounting or other requirements.
10.2 In adherence to the law, we have to keep basic information about our
customers (including Contact, Identity, Financial and Transaction Data) for certain
periods after they cease being customers.
10.3 Details of retention periods for different aspects of your personal data are
available in our retention policy which you can request by contacting us.
10.4 In some circumstances you can ask us to delete your data: see Your Data
Subject Rights below for further information.
10.5 In some circumstances we will anonymize your personal data (so that it can
no longer be associated with you) for research or statistical purposes, in which
case we may use this information indefinitely without further notice to you.
11. YOUR DATA SUBJECT RIGHTS
11.1. Under certain circumstances you have the following rights under data
protection laws in relation to your personal data.
You have the right to:
11.1.1. Request access to your personal data (commonly known as a “data
subject access request”). This enables you to receive a copy of the personal
data we hold about you and to check that we are lawfully processing it.
11.1.2. Request correction or rectification of the personal data that we hold
about you. This enables you to have any incomplete or inaccurate data we
Page 14 of 15
hold about you corrected, though we may need to verify the accuracy of the
new data you provide to us.
11.1.3. Request erasure of your personal data. This enables you to ask us
to delete or remove personal data where there is no good reason for us
continuing to process it. You also have the right to ask us to delete or
remove your personal data where you have successfully exercised your
right to object to processing (see below), where we may have processed
your information unlawfully or where we are required to erase your personal
data to comply with local law. Note, however, that we may not always be
able to comply with your request of erasure for specific legal reasons which
will be notified to you, if applicable, at the time of your request.
11.1.4. Object to processing of your personal data where we are relying on
a legitimate interest (or those of a third party) and there is something about
your particular situation which makes you want to object to processing on
this ground as you feel it impacts on your fundamental rights and freedoms.
You also have the right to object where we are processing your personal
data for direct marketing purposes. In some cases, we may demonstrate
that we have compelling legitimate grounds to process your information
which override your rights and freedoms.
11.1.5. Request restriction of processing of your personal data. This
enables you to ask us to suspend the processing of your personal data in
the following scenarios:
11.1.6. if you want us to establish the data’s accuracy;
11.1.7. where our use of the data is unlawful but you do not want us to
erase it;
11.1.8. where you need us to hold the data even if we no longer require it as
you need it to establish, exercise or defend legal claims; or
11.1.9. you have objected to our use of your data but we need to verify
whether we have overriding legitimate grounds to use it.
11.1.10. Request the transfer of your personal data to you or to a third party.
We will provide to you, or a third party you have chosen, your personal data
in a structured, commonly used, machine-readable format. Note that this
right only applies to automated information which you initially provided
consent for us to use or where we used the information to perform a
contract with you.
11.1.11. Withdraw consent at any time where we are relying on consent to
process your personal data. However, this will not affect the lawfulness of
any processing carried out before you withdraw your consent. If you
withdraw your consent, we may not be able to provide certain products or
services to you. We will advise you if this is the case at the time you
withdraw your consent.
Page 15 of 15
11.2 You also have the right to ask us not to continue to process your personal
data for marketing purposes.
11.3 You can exercise any of these rights at any time by contacting us via email at
solutions.elink@gmail.com
12. CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US
OF CHANGES TO YOUR DATA
12.1 We keep this Privacy Notice under regular review. It may change and if it
does, these changes will be posted on this page and, where appropriate, notified
to you when you next start the Apps or log onto one of the Services Sites. The
new notice may be displayed on-screen and you may be required to read and
accept the changes to continue your use of the Apps or the Services.
12.2 It is important that the Personal Data we hold about you is accurate and
current. Please keep us informed if your personal data changes during our
relationship with you.
13. THIRD PARTY LINKS
Our Sites may, from time to time, contain links to and from the websites of our
partner networks, advertisers and affiliates. Please note that these websites and
any services that may be accessible through them have their own privacy policies
and that we do not accept any responsibility or liability for these policies or for any
personal data that may be collected through these websites or services, such as
Contact and Location Data. Please check these policies before you submit any
personal data to these websites or use these services.