1.    Introduction

At SecurrHold, we are committed to safeguarding your privacy and ensuring that your personal data is protected in accordance with applicable data protection laws, including Kenya's Data Protection Act, 2019 and any other relevant privacy regulations.

This Privacy Policy outlines how we collect, use, share and protect personal information from our users and anyone who interacts with SecurrHold. By using our services, you agree to the terms of this Privacy Policy. We recognize the importance of your privacy and are dedicated to providing transparency regarding how we handle your information.

Our Privacy Policy applies to all users including customers, vendors, partner and other stakeholders who access our website, platform and services. It is important that you read this document carefully to understand your rights and our responsibilities when it comes to your personal data.

2.    Data Collection

Types of Data Collected

SecurrHold collects various types of personal data to provide and enhance our services. The types of personal information we collect include, but are not limited to:

- Identification Information: Full name, national identification number, passport number.

- Contact Information: Email address, phone number, mailing address.

- Payment and Financial Information: Bank account details, payment method, transaction history.

- Business Information: Company name, registration details and any other relevant information for business transactions.

- Technical Information: IP address, device information, login details, browser type and usage data related to interactions with our platform.

- Communication Records: Messages or inquiries sent to our customer support, feedback or any interactions with SecurrHold representatives.

- Geolocation Data (if applicable): Location information related to the use of our services.

How Data is Collected

SecurrHold collects personal data through various means to ensure we can deliver secure and effective escrow services. The methods we use to gather data include:

- User Registration: Information is collected when you create an account on our platform, providing identification, contact and payment details.

- Transaction Processes: Data such as bank details, transaction history and payment information are collected when facilitating escrow agreements between parties.

- Communication with Customer Support: When you contact us for support, inquiries or feedback, we collect and store relevant information from those interactions.

- Automatic Data Collection: Technical and usage data, such as your IP address and device information, are automatically collected when you visit our website or use our services, to ensure security and improve your experience.

3.    Purpose of Data Use

SecurrHold collects and processes personal data to ensure the security, efficiency and compliance of our services. The key purposes for which we use your personal data include:

Identity Verification (KYC): We collect personal information to verify your identity as part of our Know Your Customer (KYC) procedures, which helps prevent fraud, money laundering and other illicit activities.

Fulfilling Transactions: Your data is used to facilitate escrow transactions, including processing payments, maintaining transaction history and communicating with both parties involved in the transaction.

Regulatory Compliance: We are required by law to collect certain types of data to comply with applicable laws and regulations, such as Kenya's Data Protection Act, 2019, anti-money laundering (AML) laws, tax regulations and other statutory requirements.

Customer Support and Communication: Personal data is used to respond to your inquiries, resolve issues and provide updates related to your use of our services. This ensures smooth and efficient communication with our support team.

Improving Our Platform: We use technical and usage data to monitor and analyze trends, usage and activity on our platform. This helps us improve user experience, enhance the security of our services and introduce new features or updates.

Marketing and Communication (with consent): If you have opted to receive marketing communications, we may use your data to send promotional content, special offers or relevant updates about our services. You can opt out of these communications at any time.

4.    Data Sharing and Disclosure

SecurrHold respects your privacy and only shares your personal data with third parties under specific circumstances, in accordance with Kenya’s Data Protection Act, 2019 and relevant regulations. We do not sell, rent or trade your personal information to third parties for their marketing purposes.

Third Parties We May Share Data With

We may share your personal data with trusted third parties to provide our services efficiently and comply with legal obligations. These third parties include:

- Payment Processors and Financial Institutions: To facilitate escrow transactions, we may share relevant data, such as bank account details and transaction history, with payment processors, banks and other financial institutions.

- Regulatory Authorities: We may disclose personal data to government agencies, regulators or other authorities when required to comply with legal obligations, such as anti-money laundering (AML) laws, tax requirements or upon lawful requests by regulatory bodies.

- Service Providers and Business Partners: We work with third-party service providers to support our platform operations, such as hosting providers, IT service providers, customer support platforms and fraud prevention services. These partners process personal data on our behalf and are bound by strict confidentiality agreements and security protocols.

- Law Enforcement and Legal Compliance: SecurrHold may disclose personal data if required to respond to legal processes (e.g. court orders, subpoenas) or to protect the rights, property or safety of SecurrHold, our users or the public. This includes sharing data to prevent or investigate potential illegal activities such as fraud or data breaches.

Data Transfer and International Disclosure

In certain cases, your personal data may be transferred outside of Kenya for processing (e.g. when engaging with international service providers). In such instances, SecurrHold ensures that appropriate safeguards are in place, including compliance with international data protection standards and any local legal requirements.

We take all necessary measures to ensure that the third parties with whom we share data handle it in accordance with this Privacy Policy and applicable laws. Data shared with third parties is limited to the information necessary for them to perform their services on our behalf.

5.      Data Security

SecurrHold is committed to ensuring the security and confidentiality of your personal data. We have implemented industry-standard measures to protect your information from unauthorized access, disclosure, alteration or destruction, in accordance with Kenya’s Data Protection Act, 2019, and other applicable regulations.

Protection Measures

To safeguard your personal data, SecurrHold employs the following security practices:

- Encryption: Sensitive personal data, such as payment and financial information, is encrypted during transmission using industry-standard encryption protocols (e.g. SSL/TLS). This ensures that your data is protected as it travels over the internet.

- Secure Storage: Personal data is stored in secure environments, with access restricted to authorized personnel only. We use secure servers and implement physical, electronic and administrative safeguards to protect against unauthorized access and potential threats.

- Access Controls: We enforce role-based access control (RBAC) within our systems, ensuring that only authorized employees or third parties have access to personal data necessary for their role.

- Regular Security Audits: SecurrHold conducts regular security assessments, including vulnerability scans and penetration tests, to identify and mitigate any security risks. We continuously review and update our security practices to stay ahead of emerging threats.

- Data Minimization: We only collect and store the minimum amount of data necessary for the purpose it was collected. We ensure that data retention policies are in place to prevent the unnecessary storage of personal information.

User Responsibilities

While SecurrHold is committed to protecting your data, users also play an important role in safeguarding their accounts. We encourage you to follow these best practices:

- Account Credentials: Keep your login credentials, including your password, secure. Do not share your password with others and ensure you use a strong password that is unique to SecurrHold.

- Two-Factor Authentication (2FA): If offered, enable two-factor authentication (2FA) for added security on your account.

- Suspicious Activity: Immediately report any suspicious activity or unauthorized access to your account by contacting SecurrHold’s support team.

- Device Security: Ensure that the devices you use to access SecurrHold are secure, with updated antivirus software and operating systems and avoid using public or unsecured Wi-Fi networks.

By taking these steps, you help protect your personal data and maintain the security of your account.

6.    User Rights

SecurrHold respects your rights as a data subject under the Kenya Data Protection Act, 2019 and other relevant privacy laws. As a user, you are entitled to exercise the following rights regarding your personal data:

Access, Correction, and Deletion

Right to Access: You have the right to request information about the personal data SecurrHold holds about you. This includes details of how your data is being processed and the purposes for which it is used. You may request a copy of your personal data by contacting us through the channels provided in this policy.

Right to Correction: If you believe that any personal information, we hold about you is inaccurate, incomplete or outdated, you have the right to request that we correct or update the data. SecurrHold will promptly rectify any errors upon verification.

Right to Deletion (Right to be Forgotten): You have the right to request the deletion of your personal data under certain circumstances, including if:

- The data is no longer necessary for the purposes it was collected.

- You withdraw your consent (where consent was the legal basis for processing).

- You object to the processing of your data and there are no overriding legitimate grounds.

- The data was unlawfully processed or must be deleted to comply with a legal obligation.

However, some data may need to be retained to comply with legal obligations or for legitimate business purposes (e.g. records required for regulatory compliance).

Opt-out Options

SecurrHold provides users with control over how their personal data is used in specific situations.

Marketing Communications: If you have opted to receive marketing materials or promotional content from SecurrHold, you can opt out at any time. We include an "unsubscribe" option in all marketing communications. You can also contact our support team to update your preferences or stop receiving such communications.

Data Processing Objections: In certain cases, you may object to the processing of your personal data such as for direct marketing purposes or where the processing is based on our legitimate interests. If you object, we will stop processing your data for those purposes unless there are compelling legitimate grounds or it is required for legal reasons.

How to Exercise Your Rights

To exercise any of your rights under this Privacy Policy please contact us via email or through the communication channels provided on our website. We will respond to your request in accordance with applicable legal timelines and ensure your rights are upheld.

7.    Data Retention

SecurrHold retains personal data only for as long as it is necessary to fulfill the purposes for which it was collected, comply with legal and regulatory obligations, resolve disputes and enforce our agreements.

Retention Policy

Service Fulfillment: We retain personal data for the duration of your relationship with SecurrHold. This includes the time during which you maintain an account, engage in transactions or use our services.

Regulatory and Legal Obligations: In some cases, we are required to retain personal data for a specific period to comply with laws such as anti-money laundering (AML) regulations, tax requirements and other statutory obligations. For example, we may be required to retain transaction records for a minimum number of years, as dictated by local laws.

Business Purposes: Personal data may be retained for as long as necessary to protect the legitimate business interests of SecurrHold, such as to resolve disputes, prevent fraud or enforce our terms and conditions.

Deletion of Data

Once personal data is no longer required for the purposes for which it was collected and there is no legal requirement or legitimate interest to retain it, SecurrHold will take steps to securely delete or anonymize the data.

Permanent Deletion: Data that is no longer needed is securely erased from our systems using industry-standard deletion methods that ensure the data cannot be recovered or reconstructed.

Anonymization: In some cases, we may anonymize your personal data so that it no longer identifies you directly or indirectly. Anonymized data may be retained for statistical or research purposes without further notice to you.

Account Deletion Requests: If you request the deletion of your account or personal data, we will comply with your request, provided there are no legal or regulatory requirements that mandate its retention. Any data that is no longer required will be deleted in line with our internal procedures.

8.    International Data Transfers

As part of providing our services, SecurrHold may transfer your personal data to countries outside of Kenya, especially in the case of cross-border transactions or when we engage with international service providers. We are committed to ensuring that such transfers comply with Kenya's Data Protection Act, 2019 and other applicable data protection regulations.

Cross-border Transfers

When your personal data is transferred to or processed in a country other than Kenya, we ensure that appropriate safeguards are in place to protect your information. These safeguards include:

- Adequate Data Protection Standards: We only transfer personal data to countries that are recognized as having adequate data protection laws, ensuring a similar level of protection as required under Kenyan law.

- Standard Contractual Clauses (SCCs): For countries that do not have adequate data protection regulations, SecurrHold ensures that appropriate legal mechanisms, such as Standard Contractual Clauses (SCCs), are in place. These contractual agreements ensure that your data is treated in accordance with Kenyan data protection principles, even when processed abroad.

- Service Providers and Partners: When engaging third-party service providers located outside Kenya, we require them to implement similar security measures and comply with applicable data protection regulations including international data protection standards.

User Rights in Cross-border Transfers

Regardless of where your data is processed, your rights remain the same as outlined in the User Rights section of this policy. You retain the right to access, correct or request deletion of your data and we will take all reasonable steps to ensure your data is securely handled in any jurisdiction.

9.    Cookies and Tracking Technologies

SecurrHold uses cookies and other tracking technologies to enhance user experience, improve our platform and ensure security. This section explains how these technologies are employed and how users can control their preferences.

Use of Cookies

Cookies are small text files stored on your device when you visit our website or use our platform. SecurrHold uses cookies for various purposes, including:

- Essential Cookies: These cookies are necessary for the proper functioning of our platform such as enabling you to log into secure areas, access transaction pages and use essential features.

- Performance and Analytics Cookies: We use these cookies to collect anonymous data on how users interact with our platform. This helps us monitor website performance, identify usage trends and improve the overall user experience.

- Security Cookies: These cookies help detect potential security risks, such as fraudulent activity or unauthorized access, ensuring the protection of your data.

- Functionality Cookies: These cookies remember your preferences (e.g., language settings) and personalize your experience on the platform.

- Targeting and Advertising Cookies (if applicable): If we engage in advertising activities, these cookies may be used to deliver relevant ads to you based on your interactions with our platform or across other websites.

User Control

SecurrHold provides users with options to manage or disable cookies:

- Browser Settings: Most web browsers allow you to control cookies through their settings. You can modify your browser to notify you when cookies are being set or to block cookies altogether. However, please note that disabling essential cookies may affect your ability to access certain features of the platform.

- Cookie Consent Banner: When you first visit our website, you will be presented with a cookie consent banner, giving you the option to accept or reject non-essential cookies. You can update your preferences at any time by accessing the cookie settings link provided on our site.

- Third-party Tools: You may also use third-party tools or browser extensions to manage or block cookies from specific websites, including SecurrHold.

By using our platform, you consent to our use of cookies unless you have disabled them. For more information on how to manage cookies, please refer to your browser’s help section or the support pages of commonly used browsers.

10.                       Regulatory Compliance

SecurrHold is committed to complying with all applicable data protection and privacy regulations, including Kenya’s Data Protection Act, 2019 and other relevant international laws that govern the handling of personal data.

Data Protection Laws

SecurrHold processes personal data in strict accordance with the Kenya Data Protection Act, 2019. This means that we ensure your personal data is:

- Collected and processed lawfully, fairly and transparently.

- Used for specific, legitimate purposes outlined in this policy.

- Stored securely, with appropriate measures to protect your privacy and security.

- For international users, SecurrHold ensures compliance with relevant international data protection laws such as the General Data Protection Regulation (GDPR) in the European Union. Where applicable, we implement additional safeguards for cross-border data transfers, as described in the International Data Transfers section.

Regulatory Obligations

As a financial platform, SecurrHold also adheres to regulatory obligations related to financial transparency and security, including:

- Anti-Money Laundering (AML) Laws: We comply with AML laws that require us to monitor transactions and report suspicious activities. This involves collecting, storing, and when necessary, disclosing information about the identity of our users and the nature of their transactions to the relevant authorities.

- Know Your Customer (KYC) Requirements: As part of our KYC processes, we collect and verify personal information to confirm the identities of our users before transactions can take place. This is a critical measure to prevent identity theft, fraud and illegal financial activities on our platform.

By adhering to these regulatory requirements, SecurrHold ensures that all data processing activities are compliant with the laws governing privacy, financial transparency and user security.

11.                       Changes to the Privacy Policy

SecurrHold reserves the right to update or modify this Privacy Policy as necessary to reflect changes in our practices, legal requirements or industry standards. We are committed to ensuring transparency when such updates occur and to keeping you informed about how we handle your personal data.

Policy Updates

When we make significant changes to this Privacy Policy, we will notify users through one or more of the following methods:

- Email Notification: We will send an email to the address associated with your account informing you of the changes and providing a link to the updated policy.

- Platform Notifications: We may post notices on the SecurrHold platform prompting users to review the changes before continuing to use the services.

- Effective Date: The revised Privacy Policy will include an updated effective date at the top indicating when the changes come into force.

We encourage users to review this Privacy Policy periodically to stay informed about how we protect your privacy.

User Consent

By continuing to use SecurrHold's platform after the updated Privacy Policy takes effect, you acknowledge and agree to the new terms. If you do not agree with any changes, you may discontinue using our services and request the deletion of your account.

12.                       Contact Information

If you have any questions, concerns or complaints about this Privacy Policy or how SecurrHold handles your personal data or if you wish to exercise any of your data rights (e.g. access, correction, deletion), please contact us at:

SecurrHold Escrow Limited

contact@securrhold.com

+254 715 295 515

www.securrhold.com

We are committed to addressing your inquiries promptly and ensuring that your privacy rights are protected.