Last updated September 20, 2023

DATA PRIVACY POLICY

Leja mobile application (the Service).

This Policy is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service. If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible herein unless otherwise defined in this Privacy Policy

Personal data means any information relating to an identified or identifiable natural person.

Sensitive personal data means data that reveals the natural person’s race, health status, ethnic, social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person’s children, parents, spouse or spouses sex, or the sexual orientation of the data subject.

Processing data means any operation or sets of operations performed on personal data whether or not by automated means, such as;

  • collection, recording, organization, structuring;
  • storage, adaptation or alteration;
  • retrieval, consultation or use;
  • disclosure by transmission, dissemination, or otherwise making available; or
  • alignment or combination, restriction, erasure or destruction.

We are committed to complying with all relevant Kenyan legislation and applicable global legislations. We recognize that the protection of individuals through lawful, legitimate, and responsible processing and use of their personal data is a fundamental human right. We will ensure that it protects the rights of data subjects and that the data it collects, and processes is done in line with the required legislation. Our staff must comply with this policy, breach of which could result in disciplinary action.

We will ensure that data is:
  • Processed lawfully, fairly and in a transparent manner and in line with the right to privacy.
  • Collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with that purpose.
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is to be processed.
  • Accurate and where necessary kept up to date.
  • Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed.
  • Processed in a manner that ensures its security using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.
  • Not transferred out of Kenya unless there is proof of adequate data safeguards/ measures or consent from the data subject.
We may collect information about you in a variety of ways. The information we may collect via the Application depends on the content and materials you use, and includes:
  1. Personal Data

    2. Personal Data, Sensitive Personal Data, Demographic and other personally identifiable information (such as your name and email address) that you voluntarily give to us when choosing to participate in various activities related to the Application, such as chat, posting messages in comment sections or in our forums, liking posts, sending feedback, and responding to surveys. If you choose to share data about yourself via your profile, online chat, or other interactive areas of the Application, please be advised that all data you disclose in these areas is public and your data will be accessible to anyone who accesses the Application.

  2. Derivative Data

    3. Information our servers automatically collect when you access the Application, such as your native actions that are integral to the Application, including liking, re-blogging, or replying to a post, as well as other interactions with the Application and other users via server log files.

  3. Financial Data

    4. Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Application. [We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, MPESA, and you are encouraged to review their privacy policy and contact them directly for responses to your questions.

  4. Facebook Permissions

    5. The Application may by default access your Facebook basic account information, including your name, email, gender, birthday, current city, and profile picture URL, as well as other information that you choose to make public. We may also request access to other permissions related to your account, such as friends, check ins, and likes, and you may choose to grant or deny us access to each individual permission. For more information regarding Facebook permissions, refer to the Facebook Permissions Reference page.

  5. Data from Social Networks

    6. User information from social networking sites, such as [Apple’s Game Center, Facebook, Google+ Instagram, Pinterest, Twitter], including your name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks. This information may also include the contact information of anyone you invite to use and/or join the Application.

  6. Geo-Location Information

    7. We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using the Application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.

  7. Mobile Device Access

    8. We may request access or permission to certain features from your mobile device, including your mobile device’s [camera, contacts, SMS messages, social media accounts, storage, location] and other features.

    • READ SMS permission is required to aid your loan appraisal during loan application. Upon the users’ consent, READ SMS permission is also required to enable the user to view a detailed transaction summary of MPESA transactions within the application when a transaction is completed. Leja application will only read and upload and update SMS originating from MPESA.
    • CAMERA permission will be required to upload demographic data during the loan application process which will be used in your loan appraisal. CAMERA permission is also required to enable the user to capture and upload photos of their businesses during the business wallet application.
    • READ CONTACT permission will be required if you wish to select a contact from your phone’s contact list to initiate a transaction within the application.
    • STORAGE permission is required to upload files through the application. STORAGE permission is also required to enable the user to upload photos of their businesses during the business wallet application.
    If you wish to change our access or permissions, you may do so in your device’s settings.

  8. Mobile Device Data

    9. Device information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you choose to provide.

  9. Push Notifications

    10. We may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

  10. App background data
    11. Leja application will only read and upload and update SMS originating from MPESA for:
    1. Credit scoring to determine your loan limit
    2. Fraud detection
    3. Displaying a financial summary of M-PESA transactions alongside Leja in-app transactions.
    SMS data collection will begin upon user consent and every subsequent app launch.

    Leja collects the device make and model when the app is in the foreground and is used in debugging errors that may occur within the application. All data collection requested will begin only upon user consent.

Due to the nature of the Services, which we provide, we are required to work with a number of third parties (including credit reference agencies and mobile network providers) and we may receive information about you from them. They may include:
  1. Third-Party Data

    2. Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Application permission to access this information.

  2. Data From Contests, Giveaways, and Surveys

    3. Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.

We collect certain data to be able to provide the Service to you. Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. We also collect data for use in verifying your identity and creating credit-scoring models to determine what Loans can be offered to you. We also use this data for purposes of collections and credit reporting.

LEJA uses the collected data for various purposes:
  • To provide and maintain the Service.
  • To notify you about changes to our Service.
  • To allow you to participate in interactive features of our Service when you choose to do so.
  • To provide customer care and support.
  • To provide analysis or valuable information so that we can improve the Service.
  • To monitor the usage of the Service
  • To detect, prevent and address technical issues.
  • Administer sweepstakes, promotions, contests.
  • Compile anonymous statistical data and analysis for use internally or with third parties.
  • Create and manage your account.
  • Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Application to you.
  • Email you regarding your account or order
  • Fulfill and manage purchases, orders, payments, and other transactions related to the Application.
  • Generate a personal profile about you to make future visits to the Application more personalized.
  • Increase the efficiency and operation of the Application.
  • Monitor and analyze usage and trends to improve your experience with the Application
  • Notify you of updates to the Application.
  • Offer new products, services, mobile applications, and/or recommendations to you.
  • Perform other business activities as needed.
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  • Process payments and refunds.
  • Request feedback and contact you about your use of the Application.
  • Resolve disputes and troubleshoot problems.
  • Respond to product and customer service requests.
  • Send you a newsletter.
  • Solicit support for the Application.

We will process sensitive personal data only when:

The processing is carried out in the course of legitimate activities with appropriate safeguards and that the processing relates solely to the staff or to persons who have regular contact with us, and the personal data is not disclosed outside Leja without the consent of the data subject.

The processing relates to personal data that has been made public by the data subject.

Processing is necessary for:

  • The establishment, exercise or defense of a legal claim
  • The purpose of carrying out the obligations and exercising specific rights of the controller or of the data subject
  • Protecting the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent.

The data that we collect from you may be transferred to, and stored at, a destination outside your country of origin or residence (as applicable) or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

If you are located outside KENYA and choose to provide information to us, please note that we transfer the data, including Personal Data, to KENYA and process it there.

We will transfer personal data out of Kenya only when they have:
  • Proof of appropriate measures for security and protection of the personal data, and the proof provided to the Data Protection Commissioner in accordance with Kenya’s Data Protection Act, 2019, such measures include that data is transferred to jurisdictions with commensurate data protection laws.
  • The transfer is necessary for the performance of a contract, implementation of pre- contractual measures such as:
    • For the conclusion or performance of a contract to which the data subject is part of.
    • For matters of public interest.
    • For legal claims.

To protect the vital interests of data subjects

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Leja will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

You are required to give consent immediately you install the Leja app and before using the service on the Registration page shown below. Where necessary we will maintain adequate records to show that consent was obtained before processing your personal information. Data will not be processed after the withdrawal of your consent.

We want to inform you that whenever you use our Service, in the case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
  1. By Law or to Protect Rights

    2. If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

  2. Third-Party Service Providers

    3. We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.

  3. Marketing Communications

    4. With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.

  4. Interactions with Other Users

    5. If you interact with other users of the Application, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.

  5. Online Postings

    6. When you post comments, contributions or other content to the Applications, your posts may be viewed by all users and may be publicly distributed outside the Application in perpetuity.

  6. Third-Party Advertisers

    7. We may use third-party advertising companies to serve ads when you visit the Application. These companies may use information about your visits to the Application and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.

  7. Affiliates

    8. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

  8. Business Partners

    9. We may share your information with our business partners to offer you certain products, services or promotions.

  9. Offer Wall

    10. The Application may display a third-party-hosted “offer wall.” Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for acceptance and completion of an advertisement offer. Such an offer wall may appear in the Application and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will leave the Application. A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account.

  10. Social Media Contacts

    11. If you connect to the Application through a social network, your contacts on the social network will see your name, profile photo, and descriptions of your activity.

  11. Other Third Parties

    12. We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.

  12. Sale or Bankruptcy

    13. If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline honor commitments we made in this Privacy Policy.

    We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

Leja may disclose your Personal Data in the good faith belief that such action is necessary to:
  • To comply with a legal obligation
  • To protect and defend the rights or property of Leja
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect against legal liability

  1. Cookies and Web Beacons

    2. We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Application to help customize the Application and improve your experience. When you access the Application, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Application. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

  2. Internet-Based Advertising

    3. Additionally, we may use third-party software to serve ads on the Application, implement email marketing campaigns, and manage other interactive marketing initiatives. This third-party software may use cookies or similar tracking technology to help manage and optimize your online experience with us. For more information about opting-out of interest-based ads, visit the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.

  3. Website Analytics
    4. We may also partner with selected third-party vendors[, such as [Adobe Analytics,] [Clicktale,] [Clicky,] [Cloudfare,] [Crazy Egg,] [Flurry Analytics,] [Google Analytics,] [Heap Analytics,] [Inspectlet,] [Kissmetrics,] [Mixpanel,] [Piwik,] and others], to allow tracking technologies and remarketing services on the Application through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Application, determine the popularity of certain content, and better understand online activity. By accessing the Application, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can install and/or update your settings for one of the following:
    • [Adobe Privacy Choices Page]
    • [Clicktale Opt-Out Feature]
    • [Crazy Opt-Out Feature]
    • Digital Advertising Alliance Opt-Out Tool
    • [Flurry Analytics Yahoo Opt-Out Manager]
    • [Google Analytics Opt-Out Plugin]
    • [Google Ads Settings Page]
    • [Inspectlet Opt-Out Cookie]
    • [Kissmetrics Opt-Out Feature]
    • [Mixpanel Opt-Out Cookie]
    • Network Advertising Initiative Opt-Out Tool
    You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

The Application may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Application, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Application.

Personal Information will be protected by security safeguards that are appropriate to the sensitivity level of the information will protect personal Information. We take all reasonable precautions to protect your Personal Information from any loss or unauthorized use, access or disclosure. Except for the aforementioned, we shall not share the provided data with any other third parties.

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information or market to children under the age of 18. If you are a parent or guardian and you are aware that your Child(ren) has/have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Most web browsers and some mobile operating systems [and our mobile applications] include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Account Information

You may at any time review or change the information in your account or terminate your account by:
  • Logging into your account settings and updating your account
  • Contacting us officially using our support email: support@leja.co.ke

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by:
  • Noting your preferences at the time you register your account with the Application
  • Logging into your account settings and updating your preferences.
  • Contacting us using the contact information provided below
    • If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

In line with regulatory requirements, we will report to the Data Protection Commissioner and/or the relevant authorities any data breach within 72 hours of being aware. We will also communicate the data breach to the data subject as soon as is practical unless the identity of the data subject cannot be established.

We have a designated Data Protection Officer (DPO). Accordingly, the DPO will:
  • Advise our staff on requirements for data protection, including data protection impact assessments.
  • Ensure that we have complied with the legal requirements on data protection.
  • Facilitate capacity building of staff involved in data processing operations.
  • Cooperate with external regulators on matters relating to data protection.

We will not process any personal data for a purpose for which it did not obtain consent. Should such a need arise, then consent must be obtained from you. We will collect and process data that is adequate, relevant, and limited to what is necessary. Our staff must not access data which they are not authorized to access nor have a reason to access. Data must only be collected for the performance of duties and tasks; staff must not ask data subjects to provide personal data unless that is strictly necessary for the intended purpose. Staff must ensure that they delete, destroy, or anonymise any personal data that is no longer needed for the specific purpose for which they were collected.

We shall ensure that the personal data we collect and process is accurate, kept up to date, corrected or deleted without delay. All relevant records must be updated should staff be notified of inaccuracies. Inaccurate or out of date records must be deleted or destroyed.

Data protection impact assessment

We will undertake a data protection impact assessment whenever we identify that the processing of personal information will likely result in a high risk to your rights and freedoms.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Application after the date such revised Privacy Policy is posted. This Privacy Policy does not apply to the third-party online/mobile store from which you install the Application or make payments, including any in-game virtual items, which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.

If you have questions or comments about this Privacy Policy, please contact us at:
  • Noting your preferences at the time you register your account with the application
  • Logging into your account settings and updating your preferences.
  • Contacting us using the contact information provided below:

Leja

24 Chalbi Drive, Lavington, Nairobi

+254 111 052280

support@leja.co.ke

Asilimia Shape

WE ARE THE FUTURE. NOW.

phone mockup

Leja App

About Us

Blog

FAQS

Privacy Policy

Terms and Conditions

Complaints Policy

Awards:

Visa everywhere initiative

Regulated by:

Visa everywhere initiative

Kenya

24 Chalbi Drive, Lavington, Nairobi

France

5 rue Frédéric Phélypeaux, 78640 Villiers-Saint-Frédéric France

United Kingdom

20 St Andrews St, Holborn Circus, EC4A 3AG

+254 111 052280

support@leja.co.ke

get in touch

Phone