loader image

Privacy Notice

 PRIVACY POLICY  FOR SALAAM MICROFINANCE BANK LIMITED WEBSITE

 

Effective Date 08th December 2025, 08:00EAT 

 

At Salaam Microfinance Bank Limited, accessible from www.salaammfbank.co.ke, one of our main priorities is the data protection, maintenance of data privacy and confidentiality of use to our services (Bank technology applications and website(s)). 

This Privacy Policy applies to personal information collected that is collected by Salaam Microfinance Bank Limited on its site and how we use the information, with whom it is shared with, and the choices available to users of our site. 

This Privacy Policy applies solely to our site and is applicable to the users of our site. This policy is not applicable to any information collected offline or via channels other than the site. All information collected through the site shall be processed by adhering to the principles of data protection provided in Section 25 of the Data Protection Act, 2019 (“DPA”) 

You MUST read our disclaimer policy statement and terms and Conditions Statement for use of this site. 

We are bound by the Acts and Regulations relating to Privacy and will protect your non-public personal information against unauthorized disclosure, misuse, reuse or use in unrestricted manner in accordance with the law. Respecting and maintaining your online privacy and the security of your personal information is extremely important to us. These principles govern how we can collect, use, hold and disclose your personal information. This Privacy Policy is designed to inform you of our online and offline information privacy practices, the types of information we collect, how the information is used, and to assure you that we maintain strict security procedures to protect your information. 

 

What type of Information?  

Information can be broadly categorized as publicly available information and nonpublic (both personal and financial) information. Non-public information is covered under this privacy policy. Publicly available information is any information Bank reasonably believes is lawfully publicly available. The nature of the information, not the source of the information, determines whether it is publicly available information for purposes of the privacy policy.  

 

To whom it applies?  

It applies to all our customers, account holders, consumers, clients, service providers, contractors, sub-contractors, affiliates, and their clients. 

 

What is personal information or Personally Identifiable Information?  

Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from the information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it. 

What kinds of personal information do we collect and hold?  

When you apply for our products or services, we collect information that is necessary to be able to properly identify you, to know your requirements, expectations, and instructions to provide you with those products or services. For instance, we may ask for identification information such as your name, address, date of birth, details of services etc.  

 

Each time you visit our website, we collect information about your use of the website, which may include the date and time of visits, pages visited, location information, device used and IP addresses etc.  

 

We, including our service providers, may monitor, record electronically, and retain telephone conversations and electronic communications between you (including anyone acting on your behalf) and us. We have electronic surveillance systems like closed circuit TV and video recording of certain sensitive locations where your images may be captured.  

 

Other Online Information We Collect, and Use  

We may collect and use other information, such as: 

  • Cookies: Cookies are pieces of data stored directly on the device/browser you are using when you visit our website. We may read cookies to collect information such as browser type, date and time spent on our website, and pages visited. Information collected through cookies may be used for security purposes, to facilitate navigation, to display information more effectively, to personalize and enrich your experience, to recognize your device, gather statistical information about the usage of the website, to monitor responses to our advertisements and to assist us with resolving website questions.  

 

  • The cookies in your computer cannot read your hard drive, obtain any information from your browser, or command your computer to perform any action. They are designed so that they cannot be sent to another site or be retrieved by any server  or any other application that does not belong to Salaam Microfinance Bank in Kenya.  

 

  • Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.  

 

You can disable use of cookies through your browser settings. In this case our services may not be optimally effective.  

 

  • IP Address: Your IP Address is a number that is automatically and dynamically assigned to the device that you are using by your Internet Service Provider (ISP) or it is statically obtained by you. An IP Address is identified and logged automatically in our server log files whenever a user visits the website, along with the time of the visit and the page(s) that were visited. We use IP Addresses for keeping activity logs and having forensic capabilities if required for investigation purposes.  

  • Details of device used for online banking: For secure online banking we provide you the facility of multifactor authentication. One of the factors can be the endpoint devices used by you to do the banking. For security reasons, we obtain the endpoint details to bind it to your account so that this endpoint device acts as a second factor. 

  • Private Security Keys: For security reasons we may use PKI based authentication / digital certificate technologies. We may place a private key on your PC or mobile device to help us identify you or the device as belonging to you.  

  • Biometrics: We may use some customer biometric information with the use of your fingerprint, facial, or eye biometric information or behavioral biometric like how you use keyboard, mouse, or move your finger on the screen etc. 

 

We never ask for the information like passwords, PIN (Personal identification No.), OTP (One-time passwords), card numbers, CVV / CVC, and expiry date from anyone. We advise all not to share this with anyone including Bank officials nor keep it in any readable form. 

 

We advise you not to disclose the information about date of birth, ID No, driving license number, huduma number, passport no, account number and balance, address to anyone without a valid reason and reasonable assurance that the information would not be misused. 

 

Mobile Applications  

Salaam Microfinance Bank Ltd mobile banking applications allow you access to your account balances, transfer funds, pay bills, and make deposits on your mobile device. This Policy applies to any personal or other information that we may collect through the mobile applications. 

 

Where from and how We Collect Information about You?  

To help us serve your financial needs, provide services, and offer new products and services to you, we collect personally identifiable information about you from:  

  • – Information you disclose when you visit our branch/office or our website. 

  • – Information you disclose on phone or direct conversation or through email. 

  • – Information we receive from you on online applications, forms, and instructions. 

  • – Information we receive from you from the written documents submitted to us. 

  • – Information about your transactions with us, our affiliates, and others.  

  • – Other organizations, who jointly with us, provide products or services to you. 

  • – Information we receive from Govt. organizations like IPRS, KRA etc.  

  • – Information we receive from consumer reporting agencies.  

  • – Publicly available sources of information, such as public registers.  

  • – Your representatives (including your legal adviser, mortgage broker, financial adviser, executor, administrator, guardian, trustee, solicitor, or attorney).  

  • – Your employer.  

  • – Commercial information service providers, such as companies that provide fraud prevention reports, credit scores, land records etc.  

 

We won’t ask you to supply personal information publicly over Facebook, Twitter, or any other social media platform or any public site in internet. 

Why do we collect, hold, use and disclose personal information?  

The purposes are:  

  • – to evaluate your eligibility for accounts, loans, and other products and services for which you apply.  

  • – to respond to your inquiries and fulfil your requests.  

  • – to administer, manage and service your accounts, products, and services.  

  • – to send you marketing communications on products and services that we believe may be of interest to you, and/or to prequalify you for such products and services.  

  • – to personalize your experience on our website by presenting products and offers tailored to you.  

  • – to verify your identity to allow you online access to your accounts, conduct online transactions and to maintain measures aimed at preventing fraud and protecting the security of your account and personal information.  

  • – to facilitate your transactions.  

  • – to send you important information about your account(s), products, and services.  

  • – to comply with applicable law and regulation, other legal process, and law enforcement requirements; and  

  • – for our business purposes, such as data analysis, audits, developing new and improving our existing products and services, enhancing our website, identifying usage trends, and determining the effectiveness of promotional campaigns 

 

How do we hold personal information?  

Much of the personal information we hold are stored electronically in our data center or with our trusted partners. These data centers are in Kenya. Also, personal information is stored in paper forms. We use a wide range of security measures, to protect the personal information we hold. 

 

  

Protecting Your Information, Integrity, Confidentiality, and Security 

We protect information we collect about you by maintaining physical, logical, administrative, electronic, and procedural safeguards. These safeguards restrict access to your confidential information to only authorized personnel with specific need to access and utilize your information. We train our employees on how to handle your information to maintain confidentiality and privacy. To protect your personal information from unauthorized access and use, we use security measures that comply with law and industry level best practices. These measures include computer and system safeguards, strong access controls, network and application controls, security policies, processes, trained personnel and secured repositories and buildings etc. We regularly monitor and review our compliance with internal policies, regulatory guidelines, and industry best practice. We educate our employees to protect the information. The same policy applies to our trusted partners through contracts and agreements.  

 

We take reasonable steps to destroy or permanently de-identify any personal information after which it can no longer be used. 

 

Who do we disclose your personal information to, and why? Categories of Third Parties with Whom Salaam Microfinance Bank Ltd May Share Information  

Salaam Microfinance Bank shares personal information with third-parties only as permitted and required by law, as per Bank’s approved guidelines and your consent in connection with the administration, processing, and servicing of account and account-related transactions, in order to perform services for you and on your behalf, for example, credit reporting agencies, bill payment processors, credit, debit and ATM card processing networks, data processing companies, insurers, marketing and other companies in order to offer and/or provide financial products and services to you, and in response to legal or regulatory requirement, court order and/or other legal process or investigation.  

 

For all third-party outsourcing of services, the information is shared and used as per the service level agreement and non-disclosure agreement.  

 

To be more specific the information may be shared with the following: 

  • – our agents, contractors, valuers, solicitors, and external service providers.  

  • – authorized representatives and agents who sell products and services on our behalf. 

  • – insurers, re-insurers, and health care providers.  

  • – payment systems operators (for example, merchants receiving card payments).  

  • – other organizations, who jointly with us, provide products or services to you.  

  • – other financial services organizations, including banks, mutual funds, stockbrokers, custodians, fund’s managers, and portfolio service providers.  

  • debt collectors.  

  • – our financial advisers, legal advisers, or auditors.  

  • – your representatives (including your legal heirs, legal adviser, accountant, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney);  

  • – fraud bureaus or other organizations to identify, investigate or prevent fraud or other misconduct.  

  • – agencies providing credit scores.  

  • – Govt. agencies for verification of land records etc.  

  • – external dispute resolution schemes.  

  • – regulatory bodies, government agencies and law enforcement bodies in any jurisdiction 

  • – we are required or authorized by law or where we have a public duty to do so.  

  • – your express instructions or consent to the disclosure with specific entities.  

  • – any act or regulation which force us to disclose the information to any specified entity, law enforcement and judicial entities.  

  • – for international transactions, such as currency exchanges, we may need to disclose your information to the corresponding international party to process the transaction. – – The countries we disclose your information will depend on the details of the transaction you ask us to carry out. 

 

Change / Correction / Modification of your information. 

Keeping your Bank account information up to date is very important. If your account information is inaccurate, incomplete, or not current, you should update it immediately by contacting us. You can ask us at any time to change the personal information with reasonable proof to justify the change.  

 

A fee may be charged for the change, or it can be free as per the Banks rules at the time of the change. There may be circumstances in which we may not be able to give you access to your personal information or make changes/corrections due to restraint orders by regulators, judicial bodies, law-enforcement bodies, or orders from the Government.  

 

Advertising and Marketing  

We use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be directly offered by the Bank or an outsourced service provider for the Bank. The products and services may be offered by various means, including by mail, telephone, email, SMS, or other electronic means, such as through social media or targeted advertising etc.  

 

If you prefer that Salaam Microfinance Bank Ltd, not to send you advertisements and other marketing information you can opt-out by calling our help desk number or opting out of the campaign by replying to the email.  

 

Links to Other Websites  

We may provide links to other websites. Within our websites, there may be embedded applications, plug-ins, widgets, as well as links to third-party sites that may offer you goods, services, or information. Some of these sites may appear within our site. When you click on one of these applications, plug-ins, widgets, or links, you will leave our site and will no longer be subject to Salaam Microfinance Bank Privacy Policy and privacy practices. We are not responsible for the information collection practices of the other sites that you visit, and we urge you to review their privacy policies before you provide them with any non-public information about you. Third-party sites may collect and use information about you in ways that are different from Salaam Microfinance Bank Ltd privacy policy. Thus, if you follow links to websites not controlled by the Bank, you take the responsibility of reviewing their privacy policies and other terms and provide your information, as they may be different from our website and Salaam Microfinance Bank Ltd will not be liable for any disclosure of information resulting from such activity. 

 

Resolving Your concerns about your information  

If you are concerned about how your personal information is being handled or if you would like to make a complaint, please contact us. We will handle your complaints in a time bound manner. You may also inform the Central Bank of Kenya or any other authorities.  

 

Opting out of Information Sharing  

You (a consumer, customer, account holder etc.) cannot opt out of all information sharing in all cases.  

 

You cannot opt out of information sharing with others where it is required to service you and your interest, market bank’s service and products, market services and products of affiliated companies, protect against fraud, protect national interest, against judicial, law enforcement orders and Govt. orders and such processes etc.  

 

Bank can stop sharing of your information with anyone to comply with orders of competent authorities, to protect its interest or the interest of its affiliate companies.  

 

Terminated Relationships  

If your Bank account relationship is terminated, we will not share information we have collected about you, except as permitted or required by law. We will irretrievably destroy the information after the limitation period as mandated by law or court order.  

 

Protecting Children’s Privacy 

The same policy applies to minor account holders.  

 

Updates to this Policy 

This privacy policy is subject to change. It would be reviewed periodically, at least once in a year or upon any major changes in Acts / Rules/ guidelines/ technologies/ processes/ services/ banking products etc. Any changes and the reviewed policy will become effective when published and it will come into effect immediately. 

 

Sharing and distribution of the Policy 

This policy is available to all customers in printed form on demand. It is published on the Bank’s website www.salaammfbank.co.ke. 

 

Authority 

The Board of the bank has approval for this policy. Any changes to this effective only after approval of the Board. 

 

Disclaimer 

You might have provided the same non-public information to other entities without the knowledge or permission of Salaam Microfinance Bank. Salaam Microfinance Bank will not be held liable for disclosure or sharing of such information from these sources. 

 

Contact Us 

If you have any questions regarding this kindly contact Salaam Microfinance Bank, Kenya.  

 

Operations Manager, Salaam Microfinance Bank Limited, Head Office, Park Plaza, Muindi Mbingu Street Nairobi, Kenya 

 

Privacy Notice — Salaam Microfinance Bank
Data Protection Act, 2019

Your Privacy,
Our Responsibility

Salaam Microfinance Bank is committed to protecting your personal data and upholding your rights under Kenya's Data Protection Act, 2019.

Last updated: June 2026
Regulated by the Central Bank of Kenya
Shari'ah Compliant
01 — Purpose & Scope

Why This Notice Exists

Salaam Microfinance Bank Limited ("Salaam" or "We") is committed to protecting the personal data of all our clients and other data subjects ("You"). This Privacy Notice informs you of:

  • Who we are and how to contact us
  • What personal information we collect about you
  • How we collect, use, store and share your personal data
  • Your privacy and related rights under the Data Protection Act, 2019
  • How to contact us or the ODPC if you have a complaint

We are committed to preserving the privacy of your data so that we can deliver high-quality services, comply with the law at all times, preserve the confidentiality of your information, meet your expectations as a customer, and protect our brand reputation.

We advise that you read and understand this Notice carefully to ensure you are aware of how and for what purposes we utilise your data. The terms of this Notice may be updated from time to time, and we will inform you of any material changes.

02 — Who We Are

About Salaam Microfinance Bank

Salaam Microfinance Bank Limited is a Microfinance Bank licensed and regulated by the Central Bank of Kenya. Our Head Office is located at I&M Tower, 12th Floor, Muindi Mbingu Street, Kenyatta Avenue, P.O. Box 1654-00100, Nairobi, Kenya.

To provide services that exceed your expectations, we need to collect, use, and process certain personal information about you. When we do so, we are subject to the provisions of the Kenya Data Protection Act, 2019.

Where we act as a data controller, we are responsible for how your personal information is collected, stored, used, and shared. This may include your name, date of birth, address, contact information, financial information, employment details, and electronic device identifiers such as IP addresses.

03 — Your Personal Data

What Information We Collect

Personal data refers to any information about an individual from which that person may be identified. We primarily collect information directly from you when you:

  • Apply for a new product or service
  • Contact us via email, telephone, social media, or any other channel

The information we hold includes the following categories:

  1. Personal details — your name, date of birth, national ID number, or other identification information
  2. Contact details — your postal address, phone number, email, or mobile number
  3. Transaction details — payments you make and receive
  4. Financial information — bank account number, debit card numbers, financial history
  5. Property details — records of personal property, where applicable to a product application
  6. Next of kin details — contact information for use in the event of death or incapacity
  7. Proof of income — pay slips or bank statements, where applicable to a product application

We may also collect information about you from third parties, including people appointed to act on your behalf, credit reference bureaus, fraud prevention agencies, former employers (for references), and publicly available sources such as land and company registries.

Please keep your information current. It is important that we hold accurate and up-to-date information. Kindly inform us of any changes to your personal data during your relationship with Salaam.

04 — Sensitive Personal Data

Special Category Data

Sensitive personal data includes details about your race or ethnicity, conscience, belief, sex life, sexual orientation, health, and genetic data. We only process such data where it is strictly necessary and most relevant.

Such data will only be used where it is necessary for the public interest, as part of a legal proceeding, or where we have obtained your explicit and verifiable consent. We ensure all legal requirements are met when handling this category of information.

05 — How We Use Your Data

Purposes & Lawful Bases

We only collect your personal information for the purposes for which it was collected, or where we have a proper legal reason for using it. Our lawful bases include:

  • Consent — where you have given explicit consent for one or more specific purposes, including marketing
  • Contract performance — where processing is necessary for a contract you are party to
  • Legal obligation — where we are required to process your data to comply with the law, including fraud prevention and regulatory obligations
  • Vital interests — where processing is necessary to protect your vital interests or those of another person
  • Public interest — where the use is necessary for a task carried out in the public interest
  • Legitimate interests — where we or a third party have a legitimate interest, provided it does not override your rights and freedoms
Lawful BasisKey Purposes
ConsentKeeping in touch about your accounts; marketing communications about products and services; biometric verification for due diligence checks
Contractual ObligationsMaintaining your account; responding to complaints; handling enquiries; complying with specific product requirements; executing transactions
Legal ObligationsDetecting and preventing fraud; sharing data with regulatory agencies, law enforcement, and tax authorities as required; CCTV surveillance at our premises
Legitimate InterestAccount management; product and service updates; credit assessments; debt collection; CCTV monitoring; call recording for training and compliance; business development and analytics
06 — How Your Data Is Stored

Retention & Security

We will keep your personal data secure at all times. We ordinarily retain your information for a minimum period of seven (7) years from the end of your relationship with us. During this period, we implement security measures to protect your data from loss, misuse, or unauthorised access.

We may retain your personal information for longer where required, including in cases of legal hold — a process used to preserve all forms of relevant information when litigation is reasonably anticipated.

Your personal information will only be accessible to those individuals with a valid need to access it. When it is no longer necessary to retain your data, we will securely delete or anonymise it.

07 — Your Legal Rights

Rights Under the Data Protection Act, 2019

The Kenya Data Protection Act, 2019 affords you several rights in relation to the personal data we hold. These rights are yours by virtue of your status as a data subject, and we are bound to respond to your requests within reasonable time limits.

Right to Access

Seek confirmation that your data is being processed and obtain access to it, including purpose, recipients, and retention period.

Right to Portability

Request that we provide an electronic copy of your personal data to you or a nominated third party.

Right to Rectification

Ask us to correct any inaccurate or incomplete personal data we hold about you.

Right to Restriction

Restrict how we use your personal data in specific circumstances, such as when you dispute its accuracy.

Right to Erasure

Request the deletion of your personal data where there is no compelling reason for its continued processing.

Right to Object

Object to particular ways we are using your personal data, including for direct marketing purposes.

Object to Automated Decisions

Object to decisions made solely through automated processing that significantly affects you.

Withdraw Consent

Withdraw previously granted consent at any time without affecting the lawfulness of prior processing.

08 — Sharing Your Information

Who We Share Your Data With

We will from time to time share your information with third parties. We always ensure that those with whom data is shared process it appropriately and take all necessary measures to protect it.

  • Government institutions & regulators — KRA, EACC, CBK, FRC, and fraud prevention agencies, for lawful purposes such as criminal investigations and crime prevention
  • Credit Reference Bureaus (CRB) — for due diligence, identity checks, and credit decisions
  • Insurance providers — underwriters, brokers, and claims handlers, to enable delivery of requested services
  • Representatives & advisers — accountants, lawyers, and other professional advisers you have authorised to act on your behalf
  • Third party payers — we may share your name to confirm a payment is being directed to the correct account
  • Payment processors — companies assisting with transaction processing and financial scheme members
  • Service providers & agents — third parties engaged to provide services on our behalf, including their subcontractors
09 — International Transfers

Transfer of Personal Data Outside Kenya

We may be required to transfer your personal information outside Kenya to meet our legal and contractual obligations on a case-by-case basis.

In the event your personal information is required to be transferred outside Kenya, we are bound by the Kenya Data Protection Act to ensure that the receiving entities provide a reasonable, if not equivalent, level of protection. Any contract we form with such organisations will specify the conditions they must meet to adequately protect the information they receive.

10 — Automated Decision Making

Automated Processing & Profiling

We may implement automated decision-making processes using your personal information in specific situations that fulfil legal or contractual obligations, or that serve to prevent crime or fraud. These may include:

  • Making decisions about which services are suitable for you based on your customer portfolio, or whether to offer you credit based on an assessment of your credit history
  • Conducting financial crime checks and fraud examination tests

We also analyse your personal information through profiling, which helps us provide personalised experiences unique to you as our valued customer — including personalised offers, rewards, and service recommendations. You have the right to object to automated decision-making as outlined in the Rights section above.

11 — Withdrawal of Consent

Withdrawing Your Consent

You have the right to withdraw your consent for the processing of your personal data at any time. To do so, please contact us using the details provided in the Complaints section below, or complete and submit the Consent Withdrawal Form.

Withdrawing your consent does not affect the lawfulness of any processing carried out before the withdrawal. In some cases, we may be required to continue processing your personal data despite your withdrawal — for example, where we have a legal obligation to do so.

12 — Cookies

Cookies & Similar Technologies

We employ the use of cookies and similar technologies across our website. Cookies are small text files stored on your computer or mobile device when you visit a website or use an online application.

Cookies are used for information gathering primarily aimed at enhancing your online experience by remembering your preferences, enabling efficient navigation between pages, and improving your overall experience on our digital platforms. We have implemented a cookie policy on our websites and applications which provides further information on how you can control your preferences.

13 — Complaints

How to Raise a Concern

Should you have any complaints or queries about the privacy of your personal data or any other data protection matter, please contact our Data Protection Officer:

Data Protection Officer

Salaam Microfinance Bank Limited — I&M Tower, 12th Floor, Muindi Mbingu St, Nairobi

P.O Box 1654-00100, Nairobi

Office of the Data Protection Commissioner (ODPC)

You also have the right to make a complaint at any time to the ODPC, the supervisory authority for data protection in Kenya. Lodge a complaint at: www.odpc.go.ke/file-a-complaint/

This Privacy Notice was last reviewed in June 2026  ·  Salaam Microfinance Bank Limited  ·  salaammfbank.co.ke  ·  Regulated by the Central Bank of Kenya  ·  Securing the future together

Important Updates