Please read this carefully as this policy is legally binding when you purchase our products and use our service.
At M-KOPA we take the privacy of our customers and their data very seriously. M-KOPA’s business model is premised on ‘upgrading the lives’ of our customers and we seek to ensure that our customers’ personal and device data is kept secure and used legally and in a transparent and fair manner.
The Policy explains:
- How we collect, use, store, transfer and share your personal information (hereinafter referred to as “Processing” in relation to personal and device information).
- How we process information related to your devices, (hereinafter referred to as “device information”).
- Why we process your personal and device information.
- What we need from you in relation to your personal information.
- Your rights in relation to the processing of your personal information.
This Policy is available on our website at www.m-kopa.com and it applies to all M-KOPA group companies including, but not limited to, M-KOPA Kenya Limited, M-KOPA Uganda Limited, M-KOPA Solar Nigeria Limited, M-KOPA Ghana Limited and M-KOPA Solar Tanzania Limited.
When does MKOPA collect personal and device information?
We collect your personal and device information when you:
- Sign up to purchase our products and services and fill out our customer registration form.
- Respond to our know-your-customer screening questions.
- Possess or use our products.
- Make payments to us.
- Apply to us for employment.
- Call or otherwise contact us including via SMS, USSD, website or an in-store visit to report a problem or discuss an issue.
- Participate in market studies, surveys or promotions.
- Participate in discussions on our social media platforms.
Why does MKOPA process personal and device information?
We process your personal and device information to gather data which is necessary for the performance of the contract which you will enter with us. We may also process your personal and device information from time to time to enable us to improve the quality of the devices and services that we offer and to offer you additional products and services.
In addition, M-KOPA is required to undertake know-your-customer (KYC) and due diligence measures to verify the identity of all customers that M-KOPA interacts with. Therefore, the processing of your personal and device information by M-KOPA to avoid instances of identity theft and to comply with anti-money laundering legislation is mandatory.
What personal information and device information does M-KOPA process?
We process the following information about you:
a) Information you give us when we enter into a contract:
- When you purchase our products or services you provide us with your personal details in our customer agreement. These include your name, email address, occupation, birth date, gender, mobile number, national identity number (or other similar identification numbers as applicable), geographical location, photograph, and physical address.
- When you purchase our product, we will also need additional KYC information from you such as your daily income/purchase potential or any information needed to comply with the terms and conditions of our contract with you, for the service.
The collection of the above information is mandatory. The failure to freely consent and provide any of the above-listed information would prevent us from entering into an agreement with you and would prohibit us from providing any products or services to you.
b) Information we collect about you from the continued use of our products and services:
- We process the payments you make to us and your account information when using our services.
- We process your overall account balance and payment history.
- We process your information when you call or otherwise contact us via SMS or USSD, website or an in-store visit to either report a problem or discuss an issue.
- We process your product location when analyzing your product performance, during repairs and replacement of the products and services, and while investigating loss or fraud.
The collection of the above information is mandatory. The failure to freely consent and provide any of the above-listed information would prevent us from entering into an agreement with you and would prohibit us from providing any products and services to you
c) Information from our website:
If you visit our website, we may collect information about you to distinguish you from other users and to improve your experience. Please review the cookies policy on our website.
d) Information from third parties:
We process information about you that we receive from third parties including Credit Reference Bureaus, Mobile Network Providers, Data and Analytics Firms, Business Process Outsourcing Firms, Financial Institutions and Firms performing credit scoring, KYC, fraud, money- laundering, anti-financial crime or similar screening directly or on our behalf.
e) Information obtained from analytic tools in our products:
- We process information related to your devices including temperature settings, battery life, SIM communications and performance, and customer usage.
- We may process information from your M-KOPA Televisions including viewing history, channel availability and signal strength.
How does M-KOPA process my personal information and device information?
We process your personal information for the following purposes:
- To carry out our obligations relating to your contract including communicating with you, providing you with our products and services under our contract and related information.
- To develop your credit profile and determine your eligibility for additional products and services that we may offer from time to time.
- To communicate with you about any delinquencies in payments.
- To investigate cases of fraud or illegal activity.
- To improve, test, and monitor the effectiveness of our products and services.
- To develop and test new features and notify you about changes to our services.
- To improve the safety and security of our services.
- To comply with any applicable legal and/or regulatory requirements.
We may also combine the information we receive from third party sources with the information you give to us and the information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We process information about your devices for the following purposes:
- To develop your credit profile.
- To activate or de-activate your device depending on its credit status.
- To monitor and investigate whether your device is being used in accordance with our terms and conditions found on our website and in the relevant product manual.
- To investigate cases of fraud or illegal activity.
- To monitor device performance including battery performance and charging information for the purposes of troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To analyze customer usage in order to improve efficiency of the device features.
- To determine use location information to tailor our services according to the needs of a specific location.
Does M-KOPA share my information with any third parties?
We may share your information with selected third parties including:
- Business processing outsourcing firms including those handling customer care, customer communications (such as WhatsApp Business) and payment collections.
- Credit reference bureaus and other similar third parties offering credit scoring information, including reporting your credit histories with such parties.
- IT service providers including Software developers, platform providers or cloud providers.
- Firms performing Credit Scoring or similar services directly or on our behalf.
- Firms performing KYC, fraud, money- laundering, anti-financial crime or similar screening directly or on our behalf.
- Data processing firms, analytics firms or search engines to help us analyze our customer data.
- Academic or research institutions.
- Other business partners, suppliers and sub-contractors for the performance and execution of any contract we enter into with them or you.
- Advertisers and advertising networks to market products and services to you.
- Other affiliated entities within the M-KOPA group of companies. Any person or entity who invests in or finances (or may potentially invest in or finance), directly or indirectly, M-KOPA, and any of such person’s affiliates, officers, directors, employees, professional advisers, auditors, insurers or insurance brokers, service providers, partners and any delegate, agent, manager, administrator, nominee, attorney, trustee or custodian of any such person.
- When required by law, regulation, court order or other court proceedings.
What happens to my personal information if there was a change of control?
If we sell or otherwise transfer part or the whole of M-KOPA or our assets to another organization (in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information may be among the items sold or transferred. The buyer or transferee will have to honor the commitments we have made in this Policy.
How do we store and transfer our personal information and device information?
- The personal information and device information that is collected through the provision of our services may be stored and processed in any country in which M-KOPA, its affiliates or service providers maintain facilities, subject to the requirements of any applicable laws.
- By using the services and as part of our customer agreement, you consent to the transfer, storing or processing of your personal information and device information to any country in which M-KOPA, its affiliates or service providers maintain facilities. In these cases, we ensure that both ourselves and our service providers take adequate and appropriate technical, physical and organizational security measures to protect your personal information and device information and the use and disclosure of your personal information and device information as described in this policy.
- We use appropriate, reasonable safeguards to help keep your personal information and device information secure. We also take reasonable steps to verify your identity before granting you access to the service. As you will know, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data during transmission, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
How long do we keep your personal information and device information?
We store your personal information and device information for the duration of your repayment period. This period can be found on your customer agreement. Once your device has been re-paid or upon the termination or deactivation of your account, M-KOPA, its affiliates, or its service providers may retain your personal and device information for as long as is required under applicable law in order to determine your eligibility for additional products or services, to perform analytics and help improve future product offerings and services or otherwise for backup, archival, and/or audit purposes or to comply with any applicable law.
Profiling and automated decision making
As part of being a highly technical and innovative company, we may use Automated Decision Making (ADM) in order to improve your experience or to help fight financial crime. For example, so that we can provide you with fast and efficient services, we may use ADM to verify your identity documents or to confirm the accuracy of the information you have provided to us. None of our ADM processes have a legal effect on you.
Subject to applicable data privacy laws:
- You have the right to correct any personal information we hold on you that is inaccurate, incorrect, or out of date.
- You have the right to request that we stop processing your personal information if this processing causes or is likely to cause unwarranted substantial damage or distress.
- You have the right to request that we stop processing your personal information for direct marketing purposes.
- You may have the right to confirm which of your personal information we possess and to request the identity of any third parties who have access to this information.
- You have the right to request that any decision which significantly affects you is not based solely on automated decision making.
How to contact us
M-KOPA may modify or update this policy from time to time, so please review it periodically. We may provide you additional forms of notice of modifications or updates as appropriate under the circumstances. Your continued use of our products and services after any modification to this policy will constitute your acceptance of such modification.Download PDF
M-KOPA Recruitment Privacy Notice
Effective date November 15 2021; last updated November 12, 2021
M-KOPA, and its subsidiaries and affiliates (“M-KOPA”, “us,” or “we”) are committed to respecting your privacy and protecting your personal data. We define personal data broadly as information that directly identifies an individual or that makes an individual identifiable when combined with other information.
This Recruiting Privacy Notice (“Privacy Notice”) describes how we handle and protect your personal data in connection with M-KOPA’s recruiting processes and programs. In case of a conflict between this Privacy Notice and applicable law, applicable law will govern.
This Privacy Notice only applies to the personal data of job applicants, potential candidates for employment or partnership, and those who participate in our recruiting programs and events. This personal data is submitted directly to M-KOPA through the online application process and follow-up communications and/or through alternative channels (e.g., via professional recruiting firms). M-KOPA may also collect and process your personal data regarding employment when we engage in due diligence related to a potential corporate acquisition of your current employer (e.g., if you are part of the senior leadership team of a target company). This Privacy Notice does not apply to the personal data of our employees, partners, clients, vendors or any other person from whom M-KOPA collects personal data for other purposes.
By submitting your personal data to us, you acknowledge that:
- You have read and understood this Privacy Notice and agree to the use of your personal data as set out in this notice.
- Your personal data may be transferred and processed worldwide, including in countries that may not be deemed to provide the same level of data protection as your home country, for the purposes and in the manner specified in this Privacy Notice.
- You are not required to provide any requested information to us, but your failure to do so may result in our not being able to continue your candidacy for the job for which you have applied.
- All of your representations are true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related information of an adverse nature. Providing any inaccurate information may make you ineligible for employment.
- This Privacy Notice does not form part of any contract of employment offered to candidates hired by M-KOPA.
Personal Data We Collect
The types of personal data that we request from you and the ways that we process it are determined by the requirements of the country in which the role you apply for is located, and not the country in which you reside. Should you apply to more than one location or should the role to which you apply be available in more than one country, the types of personal data we request from you and the ways that we process it are determined by the requirements of all the countries in which the position is located.
We usually collect personal data directly from you when you apply for a role with us, such as the information you have provided on our application form or from you resume, including, though not limited to, name, title, address, telephone number, personal email address, physical address, date of birth, photographs, videos, gender, employment history, qualifications, achievements, work authorization information, passport number, national identification number, driver’s license, test results, any applicable certifications and any information you provide us during an interview. If you receive an offer from us, we may then conduct a background check and, to the extent permitted by applicable law, we may also collect data related to criminal offences and proceedings. We also collect similar personal data about you from third parties, such as professional recruiting firms, your references, prior employers, M-KOPA employees with whom you have interviewed or who recommended your candidacy, and, to the extent permitted by applicable law, employment background check providers. We may also collect personal data about you online to the extent that you have chosen to make this information publicly available. For example, we may find your profile on professional social media websites (such as LinkedIn), and contact you about suitable roles.
Sensitive personal data is a subset of personal data that includes race, ethnicity, health, gender, age, trade union membership, religious and philosophical beliefs, political opinions, sexual orientation, and other categories as prescribed by law, as well as information about criminal convictions and offences. We may collect sensitive personal data about a candidate to the extent permitted to do so by applicable laws (e.g., relevant equal opportunity laws) and to support our efforts to create an inclusive and diverse work environment. We may also collect sensitive personal data to the extent that a candidate chooses, without being asked, to voluntarily disclose it during the recruiting process. Under limited circumstances and to the extent permitted by applicable law, we may also collect sensitive personal information, with your consent, relating to health and medical characteristics, such as medical condition, health and sickness records, status of infection, test results, and vaccination status, to address our public health and workplace safety obligations and to protect our company and its employees, clients, and third parties.
Use Of Your Personal Data
We collect and use your personal data for legitimate human resources and business management reasons, including:
- identifying and evaluating candidates for potential employment, as well as for future roles that may become available;
- maintaining records in relation to recruiting and hiring;
- ensuring compliance with legal requirements, including those relating to public health and workplace safety;
- fostering our diversity and inclusion programs and practices;
- conducting background checks, including, to the extent permitted by applicable law, and if you receive an offer from us, criminal history checks in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role;
- protecting our legal rights to the extent authorized or permitted by law; and
- protecting the workplace and communicating with medical professionals, law enforcement, or other public authorities in the event of an emergency or public health event, such as when the health or safety of you or one or more individuals may be endangered, including, to the extent permitted by applicable law, sharing data about the status of an infection, test results, and vaccination status.
- considering whether we need to provide appropriate adjustments during the recruitment process related to disability status information, for example whether adjustments need to be made during your interview.
- ensuring meaningful equal opportunity monitoring and reporting as relates to information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation as appropriate.
We may also use your personal data for M-KOPA analytics purposes, including in aggregated/pseudonymized form, to improve our recruitment and hiring process and augment our ability to attract successful candidates.
Legal Basis For Processing Your Personal Data
Our processing of your personal data for the purposes mentioned above is based:
- in part, on our legitimate business interests in evaluating your application to manage our relationship with you, to ensure that we recruit appropriate employees, and to evaluate and maintain the efficacy of our recruiting process more generally; and in operating our business and protecting the company and its employees, clients, and third parties.
- in part, on our performing contractual and precontractual measures relating to our potential employment relationship with you;
- in part, on our complying with applicable law with regard to personal data necessary to satisfy our legal and regulatory obligations, including with regard to public health and workplace safety;
- in part, on your consent, if we offer you the opportunity to participate in our optional recruiting programs or if we collect sensitive personal data for legally permitted purposes other than compliance with our legal obligations regarding public health and workplace safety.
If you receive an offer from us, we may conduct a background check on you or instruct a third party to do so on our behalf. Background screening will only be done where permitted by the law applicable to the location where the position is located and to the extent necessary and proportionate to the role that you are being offered. A background check will include criminal background data to the extent permitted by law. Our legal basis for background screening is our need to perform precontractual measures related to establishing our employment relationship. If a background screening is required, you may be contacted by a third-party background screening service provider to request authorization for the release of your information, and at that time you will be provided with further information about the process and what personal data it might involve.
Data Recipients And International Data Transfers
Your personal data may be accessed by recruiters and interviewers working in the country where the position for which you are applying is based, as well as by recruiters and interviewers working in different countries within the M-KOPA global organization. Individuals performing administrative functions and IT personnel within M-KOPA may also have limited access to your personal data to the extent necessary perform their jobs. In some countries, you may have fewer rights under local law than you do in your country of residence, but we have put in place legal mechanisms designed to ensure adequate data protection for your personal data when it is processed by M-KOPA subsidiaries and affiliates within the M-KOPA global organization and by M-KOPA’s service providers, including the transfer of your personal data to countries other than the one in which you reside.
We use third-party service providers to provide a recruiting applicant tracking software system (ATS). With your consent, w may also share your personal data with other third-party service providers that may assist us in identifying and recruiting talent, administering, and evaluating pre-employment screening and testing, and improving our recruiting practices.
Except to the extent necessary to accomplish the uses and purposes described in this Privacy Notice, we do not disclose your personal data to third parties. We also prohibit our service providers from using your personal data for non-M-KOPA purposes. We do not otherwise share or sell your personal data to third parties.
We maintain processes designed to help ensure that any processing of personal data by third-party service providers is consistent with this Privacy Notice and protects the confidentiality, availability, and integrity of your personal data in compliance with applicable law. Where required by law, we put in place additional legal mechanisms designed to help ensure adequate data protection for your personal data when transferred to another country. If you would like more information about these legal mechanisms, please contact us at email@example.com.
In addition, we may disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
Automated Sorting Of Applications
In certain jurisdictions, we may use data analytics and algorithms to help us to review the large quantities of candidates and application data that we receive. These algorithms help us prioritize the application review process and sort candidates on the basis of professional characteristics that suggest strengths and capabilities necessary to perform the relevant role. The algorithms are designed to analyze the candidate’s application data and compare it to our historical data on previously successful and unsuccessful candidates.
The automated results are always considered in tandem with, and not in lieu of, human judgement. We evaluate each individual candidate on their own merits.
Certain roles may require specific prerequisites or skills (for example, fluency in a certain language, particular professional qualifications or certifications, or number of years in a similar role). Applications that do not meet those requirements will be automatically rejected.
If you accept an offer of employment with us, any relevant personal data collected during your pre-employment period will become part of your personnel records and will be retained in accordance with specific country requirements and with the privacy notice applicable to M-KOPA employees, which will be provided during the on-boarding process.
If we do not employ you, we may nevertheless continue to retain and use your personal data for a period of time (which may vary depending on the country) for system administration purposes, to consider you for potential future roles, and to perform research. Thereafter, we retain a minimal amount of your personal data to record your recruiting activity with us.
To the extent that we have collected personal data, including sensitive personal data, for the specific purpose of fulfilling our legal obligations regarding public health or workplace safety, we will retain that data for the duration of those legal obligations. Thereafter, we retain a minimal amount of your personal data to establish our compliance with those obligations.
We may want to remain in contact with you and consider you for future employment opportunities. In such an event, we will seek your consent to include you in one of our recruiting programs that provides you ways to further learn about and stay in touch with M-KOPA, either prior to or after you formally apply for a job opportunity. Participation in these recruiting programs is entirely optional.
If you join a recruiting retention program, we retain your personal data for a period of time specific to that program, but if you wish to withdraw at any time, please contact us at HRsupport@m-kopa.com with a copy to firstname.lastname@example.org.
We use generally accepted standards of technical and operational security to secure your personal data. Only authorized personnel of M-KOPA and of our third-party service providers are permitted to access personal data, and these employees and third-party service providers are required to treat this information as confidential. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal data. Should any unauthorized access to your personal data become apparent, M-KOPA will abide by statutory reporting obligations under applicable law.
We take reasonable steps that are designed to keep your personal data accurate, complete, and up-to-date for the purposes for which it is collected and used. We also have implemented measures that are designed to help ensure that our processing of your personal data complies with this Privacy Notice and applicable law.
In accordance with applicable law, you may have one or more of the following rights:
- a right to request information about the personal data we hold about you, including the details of how we use that information and who we share it with;
- a right to request a copy of the personal data that we hold about you;
- a right to amend or rectify your personal data if any of the information held about you is incorrect or out of date;
- a right to portability of your personal data;
- a right to request erasure of your personal data;
- a right to demand that we cease the processing of your personal data or that we restrict the processing of your personal data;
- a right to withdraw your consent to the processing of your personal data, to the extent our processing relies on your consent as the lawful basis for processing. This right may not apply if there are other legal justifications to continue processing or we need to retain certain personal data where required or permitted under applicable law; and/or
- a right to provide us with instructions as to the processing of your personal data in case of death.
In addition, and where granted by applicable law, you may have the right to lodge a complaint with a competent data protection authority.
If you would like to make a request to access, review, correct, delete or port the personal data we have collected about you, to assert a right regarding your personal data, or to discuss how we process your personal data, please reach out to email@example.com.
To help protect your privacy and security, we will take reasonable steps to verify your identity before granting you access to your personal data. We will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or to deny your requests where, in the our discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.
Social Media Tools
Our application process allows you to provide us with relevant personal data from information you have on third-party websites (such as LinkedIn, Google Drive and Dropbox). If you choose to incorporate your personal data from third-party websites, it will be used in accordance with this Privacy Notice.
Cookies And Other Tracking Technologies
If you have any questions about this Privacy Notice or if you would like to communicate with any of our Data Protection Officer or the Data Privacy Team, please contact us at firstname.lastname@example.org or through written request dropped off at any of our registered corporate offices. Written requests be addressed to: M-KOPA Legal Department, Attn: Privacy Office.
M-KOPA reserves the right to modify this Privacy Notice. We will post any changes to our Privacy Notice on this page. Please check this page regularly to keep up-to-date.Download PDF
Frequently Asked Questions
What has happened?
On 16th August, M-KOPA became aware of a breach to our Facebook social media pages. Personal data belonging to Facebook users that have contacted M-KOPA on Facebook may have been temporarily exposed. Please be reassured that M-KOPA, in close collaboration with Meta Support Team, has now resolved the issue and have restored the security and confidentiality of your personal data. To date, there are no reports that any of the data has been misused as a result of this incident. We can confirm that no sensitive information was compromised.
We regret this incident and would like to reassure you that we are doing everything, and have taken the necessary security measures to avoid this happening in the future.
What does personal data mean?
Any data that can be used to identify someone can be personal. In this specific case, the affected personal data might include names, phone numbers and M-KOPA account numbers. This would depend on the information shared with M-KOPA on Facebook.
What is the impact on me?
Personal data belonging to Facebook users that have contacted M-KOPA on Facebook may have been temporarily exposed. We suggest that you review your Facebook communications with M-KOPA to understand what information you may have shared and take appropriate action as necessary. For example, in the unlikely situation that you had included a password in your communications with M-KOPA, please change this password.
What information was compromised?
In this specific case, the personal data may include names, phone numbers and Facebook IDs. Please be reassured that this issue has been fixed and we have restored the security and confidentiality of your personal data. To date, there are no reports that any of the data has been misused as a result of this incident. We can confirm that no sensitive data or financial data were affected by this.
Is there a risk to my finances?
No. We have not seen any evidence that this incident would cause you any financial harm. Generally, M-KOPA does not collect financially sensitive information for social media.
What do I need to do?
We would encourage you to be vigilant and aware of potential scams from people pretending to be from M-KOPA.
If you have any doubts as to authenticity, please contact us via email@example.com.
How does M-KOPA use my information?
When a Facebook user contacts M-KOPA on Facebook, M-KOPA uses the information (name, phone number and/or Facebook ID, as applicable) provided by the user to respond to the user’s queries, share information about M-KOPA and its products and services, and improve its customer service to better understand the products and services our customers like and are particularly interested in.
Does M-KOPA keep my sensitive personal data?
No. M-KOPA does not hold sensitive personal data about its customers or potential customers. However, M-KOPA may hold personal data (name, phone number and Facebook ID) when a Facebook User contacts us in order to respond to the user’s queries and offer them relevant information and support on M-KOPA’s products and services.
How does M-KOPA process personal data?
M-KOPA only collects and processes personal data lawfully and transparently. Information on how we collect and process customer personal data is available in our Privacy Notice.
What does M-KOPA do to ensure personal data is safe?
M-KOPA has dedicated Cyber Security and Data Protection teams. These teams work together to ensure your personal data is handled responsibly and securely. We have adopted industry standard security controls to protect your data and prevent unauthorized access to it from our systems. We provide regular mandatory training to all our staff and have internal policies in place for our staff to comply with when dealing with your data. In response to this issue, we have added additional controls to our social media accounts to further limit the potential for a similar incident in future.
At M-KOPA, we are committed to protecting the privacy of your data. For this reason, we are constantly reviewing our processes for improvement, and to adapt to new threats and risks.