Privacy Notice


  1. Introduction


Welcome to Litsa Credits Limited. ("we," "our," or "us"). At Litsa Credits, we are committed to safeguarding your personal information and respecting your privacy. This Privacy Notice explains how we collect, use, disclose, and protect your personal data when you interact with our services or visit our website (www.litsacreditsltd.com).


We adhere to the requirements of the Kenya Data Protection Act, 2019, and any other relevant data protection laws to ensure your personal information is handled with the utmost care.


  1. Scope of the Privacy Notice


This Privacy Notice applies to:


  • Visitors to our website.

  • Clients using our financial products and services.

  • Any other individuals whose personal data we process in the course of our business.


By using our website or engaging with our services, you consent to the practices outlined in this Privacy Notice.



  1. Personal Data We Collect


We may collect the following categories of personal data:


  1. Data You Provide Directly


  • Identification Data: Your Full name, national ID/passport number, date of birth, and gender.

  • Contact Information: Your phone number, email address, postal address, and physical address.

  • Financial Information: Bank account details, income, credit history, and loan repayment records.

  • Employment Details: Employer name, job title, and salary information.


  1. Data Collected Automatically


When you visit our website, we collect your:


  • Technical Data: IP address, browser type, device type, and operating system.

  • Usage Data: Pages visited, time spent on the site, and links clicked.

  • Cookies and Tracking Technologies: For session management and personalization.


  1. Data from Third Parties


We may receive personal data from:


  • Credit reference bureaus (CRB).

  • Employers (where applicable).

  • Business partners or service providers.


  1. How We Collect Your Personal Data


We collect your data in the following ways:


  1. Directly from you when you register on our platform, sign up for services, fill out forms, or communicate with us.

  2. Automatically as you navigate through our website, certain technical and usage data is collected automatically through cookies, web beacons, and similar tracking technologies.


  1. How We Use Your Data


Litsa Credit Limited uses your personal data for the following purposes:

  1. To assess loan applications, manage accounts, and process repayments.

  2. To provide you with our services, including account management, customer support, and other related services.

  3. To communicate with you regarding your account, our services, or any inquiries you may have.

  4. To inform you about new products, services, or promotions (with your consent).

  5. To monitor and analyze the use of our website and improve its functionality and user experience.

  6. To ensure compliance with legal obligations, such as the Kenya Data Protection Act, 2019.

  7. To comply with legal obligations, including anti-money laundering (AML) and regulatory requirements.

  8. To detect and prevent fraudulent activity or misuse of our services.


  1. Legal Basis for Processing


We process your personal data based on:


  1. Where you provide clear and explicit consent for us to process your data for a specific purpose (e.g., marketing communications).

  2. When processing your data is necessary to fulfill our contractual obligations (e.g., loan agreements).

  3. Where we are required to process your data to comply with applicable laws and regulations (e.g., tax records).

  4. Where processing your data is necessary for our legitimate interests (e.g., to improve our services, ensure security, and prevent fraud), provided these do not override your rights and freedoms.


  1. Data Sharing and Disclosure


Litsa Credit Limited may share your personal data with the following parties:


  1. We may share data with third-party vendors who provide services such as payment processing, data hosting, analytics, IT, or marketing support.

  2. Where required by law, we may disclose your information to regulatory or governmental bodies (e.g., to the Central Bank of Kenya or the Office of the Data Protection Commissioner).

  3. Credit Reference Bureaus for credit scoring and reporting.

  4. In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction.


We ensure that third parties with whom we share personal data are bound by confidentiality obligations and comply with data protection laws.


  1. International Data Transfers


Your personal data may be transferred and stored outside Kenya. Where we transfer your data to countries that do not have equivalent data protection laws, we will ensure that appropriate safeguards (e.g., standard contractual clauses) are in place to protect your data.


  1. Data Security


We implement robust technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. These measures include, but are not limited to:


  1. Technical measures


  1. Encrypting data both at rest and in transit using strong encryption algorithms to protect it from unauthorized access and interception.

  2. Firewalls and intrusion detection systems (IDS),  monitoring and protecting our network from potential security threats.

  3. Implementing Multi-factor authentication (MFA) before granting access to sensitive data.

  4. Data anonymization/masking personal data when used for analysis or processing to protect individual identities.

  5. Following secure coding practices during application development to prevent vulnerabilities. 

  6. Conducting regular security testing, including penetration testing to identify and address potential weaknesses.

  7. Regular updating of our software and systems with security patches and updates to protect against known vulnerabilities.

  8. Classification of data based on sensitivity and importance, and appropriate security measures are applied based on the classification level.

  9. Securely deleting or destroying data that is no longer needed in accordance with our Data Retention Policy and Procedures to prevent unauthorized access or recovery.


  1. Organizational measures:


  1. Access restriction of data to authorized personnel based on job roles and responsibilities. Role-based access controls (RBAC) are implemented to ensure that only individuals with a need-to-know have access to sensitive information.

  2. Regular backups of critical data are performed and stored securely. 

  3. Data storage facilities and offices are protected by physical security measures, including access controls, lockable storage cabinets with restricted access, and secure entry points.

  4. When selecting cloud service providers for data storage, we ensure that they meet the highest standards of security, reliability, and compliance with the Kenya Data Protection Act, and our internal policies. We prioritize providers with strong encryption protocols, both during transfer and at rest, as well as comprehensive access controls to protect the personal and sensitive data we handle. Additionally, we ensure that our cloud service providers support data localization requirements, so that data remains within required jurisdictions where necessary.

  5. Regularly training our staff on data protection practices and the importance of compliance with policies.

  6. Implementing a structured procedure for responding to data breaches or security incidents.

  7. Conducting periodic audits to review data handling and ensure compliance with privacy laws and regulations.


While we strive to protect your data, no security system is foolproof. We cannot guarantee the absolute security of your information.


  1. Data Retention


We retain your personal data only for as long as necessary to:


  • Fulfill the purposes outlined in this Privacy Notice.

  • Comply with legal, regulatory, or accounting obligations.

  • Resolve disputes and enforce agreements.


Once the retention period expires, we securely delete or anonymize your data.


  1. Your Data Protection Rights


Under the Kenya Data Protection Act, 2019, you have the following rights regarding your personal data:


  1. You have the right to request access to the personal data we hold about you.

  2. You may request corrections to any inaccurate or incomplete personal data.

  3. You may request the deletion of your personal data where there is no legal basis for its retention.

  4. You have the right to object to the processing of your data in certain circumstances.

  5. You have the right to request that we transfer your data to another service provider.

  6. Where processing is based on your consent, you can withdraw that consent at any time.


To exercise any of these rights, please contact us at the details provided below.


  1. Cookies and Tracking Technologies


Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze site traffic. You can control cookies through your browser settings but disabling them may affect your ability to use certain features of our website.


For more information on how we use cookies, please see our Cookie Policy.


  1. Changes to This Privacy Notice


We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We encourage you to review this policy periodically to stay informed of how we are protecting your personal data.

  1. Contact Information


If you have any questions or concerns about this Privacy Notice or your personal data, please contact us via our website at CONTACT US or contact our data Protection Officer via the address below:


Data Protection Officer

Josphat Otieno

data@litsacreditsltd.com

Litsa Credit Limited

For formal complaints, you may also contact the Office of the Data Protection Commissioner (ODPC) in Kenya.


By using our website and services, you acknowledge that you have read and understood this Privacy Notice and agree to the collection and use of your information as outlined.