We BK TecHouse, (“BK TECHOUSE”, “we,” “our” or “us”), are committed to protecting and respecting the privacy of our customers. This Privacy Notice applies to all persons using our services or website. 

We recognize the expectations of its customers regarding privacy confidentiality and security of their personal information that resides with the us. Keeping personal information of customers secure and using it solely for activities related to our services and preventing any misuse thereof is a top priority of the Company. We have adopted this privacy Notice aimed at protecting the personal information entrusted and disclosed by the customers. This Privacy Notice governs our data collection, processing and usage of your data and it describes your choices regarding use, access, and correction of your personal information. 

Definitions

“Biodata” means Biographical information i.e., Personal information regarding gender, nationality, contact information, physical location, and any other.

“Data Controller” means the natural or legal person, authority, organization, or other agency that makes decisions individually or together with other parties regarding the purposes and means for processing Personal Data.

“Data Protection Act” means the Data Protection Law n°058/2021 of 2021 under the laws of Rwanda as amended

“Personal Data” means any information identifying you or information relating to you that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data excludes anonymous data or data that has had the identity of you as an individual permanently removed.

“Data Processor” means a natural or legal person, authority, organization, or other agency that processes Personal Data on behalf of the Data Controller.

“Responsible Person” means Data Protection Officer

Purpose

We established this Privacy Notice for the purposes of compliance with the applicable data protection laws in Rwanda.

This Privacy Notice sets our standards towards the access and use of any personal data, or any other information provided from you or any other sources to us.

Please also read Terms and Conditions ("Terms"), which describe the terms under which you access and use our Services.

What Information We Collect About You

We are required to receive or collect some personal information to operate, provide, improve, understand, customize, support, and market our Services. This also includes when you apply for, install, access, or use our Services. The types of information we receive and collect depend on how you use our Services.

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped as follows:

(a) Contact details, such as your name, email address, postal address, social media handle and phone number.

(b) Account login credentials, such as usernames and passwords, password hints and similar security information.

(c) Comments, feedback and other information you provide to us, including information that you send to customer support and messages, appointment inquiries and other information that you wish us to share; and/or

(d) Interests and communication preferences, including preferred language.

(e) Technical data which includes internet protocol (IP) address, your login identity data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our systems.

(f) Profile data which includes your profile identification information, purchases or orders made by you, your interests, preferences, feedback and survey responses.

(g) Usage data which includes information about how you use our website, products and services.

(h) Marketing and communications data which should you opt-in in to receiving marketing information from us and our third parties and your communication preferences.

(i) Customer support or Communication data including copies of your messages, and how to contact you so we can provide you with customer support.

Our Service may automatically collect information about how you and your device interact with the Service, including:

(a) Computer, device and connection information, such as IP address, browser type and version, operating system, platform and other software installed on your device, unique device identifier and other technical identifiers, error reports and performance data.

(b) Usage data, such as the features you used, the settings you selected, your URL click stream data, including date and time stamp and referring and exit pages, and pages you visited on the Service; and/or

(c) After you’ve set up your account, you may choose to provide additional information which may be shared through public profiles. Such information can be your photograph or avatar, biographical content, and other information (collectively, “Profile Information”).

(d) For location-aware Services, your location.

We collect this data through our servers and the use of cookies and other technologies. You can control cookies through your browser’s settings and other tools. However, if you block certain cookies, you may not be able to register, login, access certain parts or make full use of the Service.

Data From Other Sources

We also may obtain personal information about you from other third parties, including:

(a) Service providers that help us determine a location based on your IP address in order to customize certain products to your location.

(b) Partners with which we offer co-branded services or engage in joint marketing activities; and/or Publicly available sources and data suppliers from which we obtain data to validate or supplement the information we hold. 

When the Data is Collected

We will collect and process data about you from the following sources:

(a) This includes information you provide us: This is information about you that you give us by filling in application forms that We give to you or by corresponding with us by phone, e-mail or otherwise. We use different methods to collect data from and about you including through direct interactions. This includes the personal data you provide when you:

• apply for our products or services.
• open an account(s) with us.
• subscribe to our services or publications.
• download our mobile application.
• request marketing information to be sent to you.
• enter a competition, promotion, or survey; or
• give us feedback or contact us.

(b) Information we collect about you: With regard to each of your user visits to our website and your use of our Services we will automatically collect the following information:

• Technical information, including the Internet protocol (IP) address used to connect your computer or mobile phone to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
• Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for’ page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number; and

(c) Information we receive from other sources:

• We receive your Personal Data from third parties who provide it to us. We will receive Personal Data about you from various third parties to whom you have consented and public sources including but not limited to: companies registry, and other government registries; any service providers we interact or integrate with now or in future.
• We may collect information about you from other publicly accessible sources not listed above. We may also collect information about you from trusted partners, not listed above, who provide us with information about potential customers of our products and services.
• We receive your Personal Data from third parties, where you purchase any of our products or services through such third parties.

How We Will Use Your Information

 We will only use your Personal Data where we have your consent or a legal basis to process the same. We will use your Personal Data in the following circumstances:

(a) To perform the contractual agreement, we are about to enter into or have entered into with you.

(b) For purposes of our legitimate interests (or those of a third party) in instances where your interests and fundamental rights do not override those interests. Legitimate interest refers to our interest in running and controlling our operations in order to provide the best service or product and the safest experience possible. Here we make sure to examine and balance any potential impact on you (both positive and negative) as well as your rights; and/or 

(c) To comply with a legal obligation.

We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are processing your data. Additionally, we use your personal data as outlined below: 

(a) To deliver, administer, and personalize our services for you as a customer.

(b) To manage risk, security and crime prevention which will include:

• Detection, prevention, investigation and reporting of fraud and money laundering.
• Security detection to verify your identity and to ensure compliance with Laws and regulations.

(c) To administer and protect our business and our website, ensure business continuity, manage complaints, undertake remediation activities, and resolve queries (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(d) To study how our customers use our products and services, communication about our products and services as well as testing of new products and managing our brand

(e) To undertake surveys or reviews

(f) To use data analytics to better understand your credit risk needs and preferences; to improve our website, products, services, marketing, customer relationships and experiences.

(g) To facilitate payment instructions and account information services regarding accounts you hold with other providers or where third-party providers request that we provide account information or payment instructions in relation to accounts you hold with us.

(h) To enforce our rights under the agreement with you for instance, debt recovery and indemnification.

(i) For Know Your Customer (KYC) formalities, we may review your political affiliations to determine politically exposed persons or criminal records to help prevent and detect criminal behavior, postpone debt repayments, and consider restructured repayments or for legal claims.

(j) We may collect special categories of Personal Data about you including details about your race or nationality, information about your health, and biometric data.

To Whom We May Disclose Your Information

We may disclose your Personal Data to other entities with the affiliates of BK TECHOUSE, for legitimate business purposes (including providing services to you and operating our sites and systems), in accordance with applicable law. In addition, we may disclose your Personal Data to:

(a) The Government (including law enforcement) authorities and regulators.

(b) other financial institutions through which your transactions are processed.

(c) other companies and financial institutions that we work with to provide services to you e.g., credit card service providers, mobile technology service providers, credit reference bureaus, employers, debt collection agencies and outsourced services vendors.

(d) third parties with accruing legal obligations e.g., trustees and executors, guarantors, anyone holding a power of attorney to operate an account on your behalf and joint account holders.

(e) In the instance of a merger or acquisition. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Notice; and

(f) third parties who are service providers acting as data processors, professional advisers including lawyers, bankers, auditors, and those who provide consultancy, banking, legal, insurance and accounting services.

All third parties are required to protect the security of your Personal Data and to treat it lawfully. We do not allow our third-party service providers to use your Personal Data for their own interests; instead, we only allow them to process it for certain purposes and according to our instructions.

Marketing

We strive ensure your consent regarding certain personal data uses, specifically in so far as marketing and advertising. We have established the following personal data control mechanisms:

(a) Promotional offers from us: We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant to you. You will receive marketing communication from us if you have requested such information and provided express consent to receiving such information based on the use of our products and services.

(b) Third-party marketing: we may share your Personal Data with any third party for marketing purposes where we believe that the marketing information from such third parties will be relevant to you and where we have obtained your prior consent.

Opting Out

(a) You can ask us or third parties to stop sending you marketing messages at any time by writing to us or logging into the relevant website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time through the provided contacts.

(b) Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us because of product or service subscribed to, warranty registration, product or service experience or other transactions.

Data Retention Policy

We will only retain your Personal Data for as long as is reasonably required to fulfil the purpose for which it was obtained, including any legal, regulatory, tax, accounting, or reporting obligations. In the case of a complaint or if we reasonably believe there is a risk of litigation arising from our engagement with you, we may preserve your Personal Data for a longer length of time.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

Legally we are required to retain basic information about our customers (including contact, identity, financial and transaction data) for a minimum of ten years after they cease being customers. Our internal policy as amended from time to time may also require us to keep customer data for a longer period.

In some circumstances, we will deidentify your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 

Automated Decision Making

If you apply to us for a service e.g., your application may be processed by an automated decision-making process which may carry out credit and affordability assessment checks to determine whether your application will be accepted. Where these automated processes suggest that your application should be rejected, we will manually review your application before making a final decision. 

We may also carry out automated anti-money laundering and sanctions checks. This means that we may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behaviour to be inconsistent with anti-money laundering requirements. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk: 

(a) we may refuse to provide the services you have requested, or we may stop providing existing services to you; and 

(b) a record of any fraud or money laundering risk will be retained by the fraud prevention agencies.

If you have any questions about this, please contact us on the details set out below. bktechouse@bktechouse.rw

Data Involving Children

We do not knowingly collect personally identifiable information from anyone under the age of 18 without verification of parental consent. We additionally employ the use of age-gating to ensure this. If we become aware that we have collected Personal Data from children without verification of parental consent, we shall take steps to securely dispose the information from our servers.

Change of purpose

We will only use your Personal Data and special category data for the purposes for which we collected it as indicated in this Privacy Notice or for reasons we give you during the collection of the data.

If we need to use your Personal Data for an unrelated purpose, we will notify you and seek your consent where necessary.

Please note that we may process your Personal Data without your knowledge or consent if this is required or permitted by law.

Transfer Of Your Personal Data

We may need to transfer or store your information in another jurisdiction to fulfill a legal obligation, for our legitimate interest and to protect the public interest.

If the other jurisdiction does not have the same level of protection for Personal Data, when we do process the data, we shall put in place appropriate safeguards e.g., contractual commitments to ensure the data is adequately protected.

We ensure your Personal Data is protected by requiring all our related companies to follow the same rules when processing your Personal Data.

Where third parties are based in other jurisdictions, their processing of your Personal Data will involve a transfer of data to their jurisdictions.

How to Exercise Your Rights

Subject to legal and contractual limitations as well as legitimate interests, you have rights under applicable laws in relation to your Personal Data. These are listed below:

(a) right to access Personal Data that we hold about you.

(b) right to request that we correct your Personal Data where it is inaccurate or incomplete.

(c) right to request that we erase your Personal Data noting that we may continue to retain your information if obligated or entitled to do so.

(d) right to object and withdraw your consent to the processing of your Personal Data. 

(e) right to request restricted processing of your Personal Data noting that we may be entitled to continue processing your data and refuse your request; and

(f) right to request transfer of your personal data in a format we shall determine from time to time.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within a reasonable time. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How We Secure Your Data

We have put in place appropriate security measures to prevent your Personal Data from being lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The collection of your personal data shall be adequate, relevant and limited to the strict minimum. Before processing personal data, we will determine whether and to what extent the processing of personal data is necessary to achieve the purpose for which it is performed. 

Data Protection Officer

If you have any questions or concerns regarding this Privacy Notice or your rights related to protection of your personal information may be sent via email at jmurenzi@bk.rw. 

To ensure effective and legal handling of our customers’ Information we have appointed a Data Protection Officer. you can reach our Data Protection Officer by sending an email at bktechouse@bk.rw 

 

Changes To This Privacy Notice

We reserve the right to modify, alter or otherwise update this Privacy Notice at any time, by either posting such changes, updates or modifying the Privacy Notice on our Website and/or mobile app. We will provide you with notice period of two months for any such changes to this Privacy Notice, by email at the same email address you have provided to us. 

If we do not hear from you, your continued use of our services constitutes your acceptance of any amendment of this Privacy Notice.

Last updated: April 2023