Toll Free 0800724600
info@cargen.com
Branch Locator
Select Country
shop online
Product has been added to your cart.

DOCUMENT CONTROL REVISION HISTORY

This document is version controlled, all amendments to be tracked in the table below:

Title: Car and General Kenya Plc – Privacy Policy
Author: Legal and Compliance Department
Date Created: May 2024
Custodian: Legal and Compliance Department
Version No: Modified by Reviewed and approved by Date

Modified

 Status
1.0 Draft

 

Introduction

We are committed to ensuring we respect your right to privacy and shall ensure all necessary measures are implemented to protect personal information you entrust to us. This policy describes the practices that the Car and General Kenya Plc (C&G, “we”, “us”, or “our”) follow when handling personal information that we collect or receive on you in conducting our business. It describes how we will treat your personal information provided to us by you through use of our services, products, websites and user applications or collected by us through other means when you engage with us.

Definition of personal information

Personal Information means any information relating to an identified or identifiable natural person (known as the data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location information, an online identifier or by one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of the natural person.

Personal information does not include information that is anonymised, i.e. where the data subject is no longer identifiable. Personal information also does not include corporate information that relates to an organisation but not to an individual, such as a corporate name, corporate address or general corporate phone number.

For whom is this Privacy Policy for

Our employees, contractors or consultants will be required to act consistently with this Privacy Policy on our behalf and will be made aware of the Privacy Policy in our dealings with them.

Customer- Any person who subscribes to, uses or purchases any of our products and services or accesses our websites and includes any person who accesses any of the products and services you have subscribed to.

Any agent, dealer and/or merchants who have signed an agreement with us and is recognised as a agent in accordance with any applicable laws or Regulations.

Any visitor that is a person (including contractors/subcontractors or any third parties) who gains access to any Car and General premises.

Any supplier who has been contracted by Car and General and executed a Supplier contract.

1. What Personal Data we collect

We may collect and process different types of personal data while operating our business and providing our services. These include:

  • Basic personal details such as your name, Pin, ID and job
  • Contact data such as your telephone number and postal or email
  • Financial data such as payment-related information or bank account
  • Demographic data such as your address, preferences, or interests.
  • Website usage and other technical data such as details of your visits to our websites or information collected through cookies and other tracking
  • Personal data provided to us by or on behalf of investors or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data.
  • Identification and other background verification data such as a copy of passports/ID, Copy of Pin and VAT numbers, or utility bills or evidence of beneficial ownership or the source of funds to comply with client due diligence/”know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring
  • Recruitment-related data such as your curriculum vitae, your education and employment history, details of professional memberships, and other information relevant to potential recruitment to C&G.
  1. Data that you may provide to us in the course of registering for and attending events or
  2. Any other personal data relating to you that you may

2. Collection of personal information

We may collect or receive your personal data in several ways:

Where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions with us such as completing a form manually or on our website or registering for and using one of our online tools.

Where we monitor use of, or interactions with, our websites, any marketing we may send to you, or other email communications sent from or received by Car and General Kenya Plc.

Third party sources, for example, where we collect information about you to assist with “know your client” checks as part of our client onboarding /acceptance procedures or where we receive information about you from recruitment agencies for recruitment purposes.

Publicly available sources – we may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes, e.g., LinkedIn.

3. Use of Personal Information

We will only use your personal data where we are permitted to do so by applicable law. Under the Kenyan Data Protection Act, the use of personal data must be justified under one of several legal grounds. The principal legal grounds that justify our use of your personal data are:

  • Contract performance: where your information is necessary to enter or perform our contract with you.
  • Legal obligation: where we need to use your information to comply with our legal
  • Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection
  • Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third
  • Consent: where you have consented to our use of your information (you will have been presented with a consent form or facility in relation to any such use and may withdraw your consent through an unsubscribe or similar facility).

4. Disclosure/Sharing of Your Personal Information

When necessary, we may share your personal data with:

  • Our dealers and authorized service centres who are involved in delivering Car and General products and services you order or use;
  • Tax, Government, and any relevant regulatory authorities if Car and General becomes aware of a violation of law or regulation;
  • Prosecuting authorities and courts, and/or other relevant third parties connected with legal proceedings or claims to which Car and General is a party;
  • Law-enforcement agencies with notification to you where possible;
  • Fraud prevention and Anti money laundering agencies, credit reference agencies;
  • Publicly available and/or restricted government databases to verify your identity information in order to comply with regulatory requirements;
  • Debt collection agencies or other debt-recovery organizations;
  • Survey agencies that conduct surveys on behalf of Car and General;
  • Our professional advisors (e.g., transactions, legal, financial, tax, risk management or other advisors), bankers, and
  • Our insurers and insurance
  • Some of your data may be passed on to third parties that host our mobile money payment platforms;
  • Our professional advisors (e.g., transactions, legal, financial, tax, risk management or other advisors), bankers, and
  • Our insurers and insurance
  • Other third-party external advisors or experts engaged in the course of the services we provide to our clients and with their prior consent, such as technology service providers including cloud service
  • Any other person that we deem legitimately necessary to share the data

5. International Data Transfers

From time to time we may need to transfer your personal information outside the Republic of Kenya to our trusted Partners.

Where we send your information outside Kenya, we will make sure that the necessary safeguards are in place prior to transfer of such data and your data is properly protected in accordance with the applicable Data Protection Laws.

6. Retention of Personal Information

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

If your personal data is used for two purposes, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. Our retention periods are also based on our business needs and good practice

7. Safeguarding and Protection of Information

Car and General has put in place technical and operational measures to ensure integrity, confidentiality and to protect your data from unauthorized access, accidental loss or destruction.

We recognize that information security is an integral element of data privacy. While no data transmission (including over the Internet or any website) can be guaranteed to be secure from intrusion, we implement a range of commercially reasonable physical, technical, and procedural measures to help protect personal data from unauthorized access, use, disclosure, alteration, or destruction in accordance with data protection law requirements.

Information that you provide to us is stored on our or our service providers’ secure servers and accessed and used subject to our security policies and standards, or those agreed with our service providers.

Everyone at Car and General and any third-party service providers we may engage that process personal data on our behalf (for the purposes listed above) are also contractually obligated to respect the confidentiality of personal data.

Alongside our role, please also note that where we have given you (or where you have chosen) a password which enables you to access certain parts of our online services, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

8. Your Data Privacy Rights and How to Exercise Them

Subject to legal and contractual exceptions, you have rights under data protection laws in relation to your personal data and we encourage you to exercise them as listed below:

  • Right to be informed: We are obliged to provide clear and transparent information about our processing activities of your personal data;
  • Right to access to your personal data: You have the right to understand what personal data we hold about you and why;
  • Right to request rectification of your personal data: If you believe that we hold inaccurate or incomplete personal data, you have the right to request us to rectify your personal
  • Right to request that we erase your personal data: You may ask us to delete or remove personal data where there is no good reason for us to continue to process Please note however that we may continue to retain it if obligated by the law or entitled to do so;
  • Right to request restriction of processing of your personal data: You may ask us to stop processing your personal We will still hold the data, but we will not process it any further. You may exercise the right to restrict processing when one of the following conditions applies:
  • The accuracy of the personal data is contested
  • Processing of the personal data is unlawful
  • We no longer need the personal data for processing, but the personal data is required as part of a legal process
  • The right to object has been exercised and processing is restricted pending a decision on the status of the processing
  • Right to data portability: You may request to receive your personal data or transfer to another data controller or processor, provided the data is in a structured, commonly used and machine-readable format.
  • Right to withdraw your consent: You may withdraw your consent at any However, your withdrawal won’t affect any processing already carried out before you withdraw your consent or processing under other grounds that mandate us by law to process your data.
  • Right to object: You have the right to object to our processing of your personal data where:
    • Processing is based on legitimate interest, unless the data controller or data processor demonstrates compelling legitimate interest for the processing which overrides the data subject’s interests
    • Processing is for the purpose of direct

We may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within reasonable time. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. Direct Marketing

You may be required to opt in or give any other form of explicit consent before receiving marketing messages from us. You can ask us to stop sending you marketing messages at any time by writing to us or logging onto our website, www.cargen.com and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt out links on any marketing message sent to you or by attending to us or contacting us at any time through the provided contacts.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of [a product, service already taken up, warranty registration, product or service experience or other transactions].

10. The Use of Cookies

We may store some information (using “cookies”) on your computer when you visit our websites to help you personalize your online experience. This enables us to recognize you during subsequent visits. Kindly read our cookie policy here.

11. The Use of Hyperlinks

Our website may provide hyperlinks to other locations or websites on the internet. These hyperlinks lead to websites published or operated by third parties who are not affiliated with or in any way related to us and may have been included in our website to enhance your user experience and are presented for information purposes only.

We do not endorse, recommend, approve or guarantee any third-party products and services by providing hyperlinks to an external website or webpage and do not have any co-operation with such third parties unless otherwise disclosed. We are not in any way responsible for the content of any externally linked website or webpage.

By clicking on the hyperlink, you will leave the Car and General webpage and accordingly you shall be subject to the terms of use, privacy and cookie policies of the other website that you choose to visit.

12. Right to Lodge a Complaint

If you have any concerns about the use of your personal data or the way we handle your requests relating to your rights, you can raise a complaint directly with us by using the contact details provided in this notice or write to us on info@cargen.com.

13. Applicable & Governing Law

Your data will be controlled and processed as per this Notice within the Republic of KENYA and therefore KENYAN law governs the operation and enforceability of this Notice.

14. Amendments to this Notice

We may change the content of our websites and how we use cookies without notice and consequently our Privacy notice and Cookie Policy may change from time to time in the future. We, therefore, encourage you to review them when you visit the website to stay informed of how we are using personal data.

Speak to one of our Representatives?

    X
    REQUEST A CALL BACK
    This website uses cookies to improve your experience. If you continue to use this site, you agree with it.