Safaricom Data Privacy Statement
Download PDF Version
Your privacy is important to us. This privacy statement explains the personal data Safaricom
Plc (Safaricom)collects, how Safaricom processes it, and for what purposes.
This statement should be read together with the Terms and Conditions of Use for other
Safaricom products and services. Where there is a conflict, this statement will prevail.
This statement applies to all customers, suppliers, agents, merchants, dealers and all
visitors frequenting any of Safaricom premises.
- customer- the person who subscribes to, uses or purchases any of our products
and services or accesses our websites and includes any person who accesses
any of the products and services you have subscribed to.
- Any agent, dealer and/or merchants who has signed an agreement with us
and is recognised as a merchant or agent in accordance with any applicable
laws or Regulations.
- Any visitor that is a person (including contractors/subcontractors or any third
parties) who gains access to any Safaricom premises.
- Any supplier who has been contracted by Safaricom and executed a
“Safaricom”, “we” or “us”, “our” and “ours” means Safaricom Plc
The word "includes” means that what follows is not necessarily exhaustive and
therefore the examples given are not the only things/situations included in the
meaning or explanation of that text.
3.0 Statement Details
Collection of Information
We collect your personal information with your knowledge and
consent when you do any of the following (please note that this
list is not exhaustive):
- Register for a specific product or service, including but not
limited to SIM-card registration, PostPay subscriptions, ecommerce
M-PESA and M-PESA-powered
- Buy, subscribe to or use a Safaricom product or service
online, on the cloud, on a mobile or other device, in a
Safaricom Shop or other retail outlet;
- Subscribe to Safaricom or third-party premium rates
services, Short Message Service (SMS), email or social
- Ask Safaricom for more information about a product or
service or contact Safaricom with a query or complaint;
- Respond to or participate in a survey, marketing
promotion, prize competition or special offer;
- Visit, access or use Safaricom or third-party websites;
- We may also collect your information from other
organisations including credit-reference bureaus, fraud
prevention agencies and business directories;
- We may collect your information when you interact with
us as a supplier, agent, merchant or dealer as prescribed
in this statement;
- We also collect information when you visit any of our
We do not onboard minors (any person under 18 years of age)
except where you additionally register on their behalf as their
parent and/ or legal guardian. If you allow a child to use our
services, you should be aware that their personal information
could be collected as described in this statement.
What Information is collected?
The information we collect and store about you includes but is not limited to
- Your identity and SIM-card registration information, including your
name, photograph, address, location, phone number, identity
document type and number, date of birth, email address, age,
gender and mobile number portability records.
- Your credit or debit-card information, information about your
bank account numbers and SWIFT codes or other banking
- Your transaction information when you use our MPESA service.
- Your preferences for particular products and services, based on
information provided by you or from your use of Safaricom’s (or
third party) network, products and services.
- Name, family details, age, profiling information such as level of
education, bank account status, income brackets, etc. collected
as part of surveys conducted by Safaricom and their agents on
behalf of Safaricom.
- Your contact with us, such as when you: call us or interact with us
through social media, our chatbot Zuri, ‘snail mail’, email (we may
record your conversations, social media or other interactions with
us), register your biometric information such as your voice, finger
prints etc, visit a Safaricom Shop or other retail outlet.
- Your account information, such as your handset type/model,
tariff, top-ups; subscriptions (including third party subscriptions),
billing statements, cloud hosting registration details, e-commerce
registration and usage, M-PESA and mobile money transactions.
- Your call data records: phone numbers that you call or send
messages to (or receive calls and messages from), log of calls,
messages or data sessions on the Safaricom network and your
approximate location (save for customer service interactions as
noted above we do not record or store message or call
- We use Closed Circuit Television (CCTV) surveillance recordings.
CCTV Devices are installed at strategic locations to provide a
safe and secure environment in all Safaricom premises as a part
of our commitment to community safety, security and crime
- When you request us to reserve parking for you, wwe will collect
and retain your personal data (name, telephone number, and
vehicle registration details) when you request Safaricom to
reserve parking space for you and where you use any of our
parking facilities as a contractor. We use the data you provide to
ensure effective visitor, contractor and car park management,
Health and Safety compliance (orderly entry and exiting to and
from the car parks and buildings) and inventory management.
- We maintain a register of visitors in which we collect and keep
your personal data such as names, company/institution details,
telephone number, vehicle registration details and National ID number. This
collected for health, safety and
- When you use Safaricom WIFI for guest and visitors, we collect
email IDs and will provide user name and password. We record
the device address and also log traffic information in the form of
sites visited, duration and date sent/received.
- We may use your medical information to manage our services
and products to you e.g. when you use our services designed for
persons with disabilities such as our braille watch for the visually
- Where you use our voice recognition platform (IVR) we may
collect and process your voice biometrics.
- We collect your personal information when you visit us for
purposes of accident and incident reporting. Safaricom will
collect personal data from the injured party or person suffering
from ill health, such as, Name, Address, Age, next of kin, details of
the incident to include any relevant medical history. The data is
collected as Safaricom has a legal duty to document workplace
incidents/accidents and to report certain types of accidents,
injuries and dangerous occurrences arising out of its work activity
to the relevant enforcing authority.
- Incidents and accidents will be investigated to establish what
lessons can be learned to prevent such incidents/accidents reoccurring including
introduction of additional safeguards,
procedures, information instruction and training, or any
combination of these. Monitoring is undertaken but on an
anonymised basis. The information is also retained in the event of
any claims for damages.
Use of Information
We may use and analyse your information for the following purposes:
- Processing products and services that you have bought from
Safaricom or from third parties on our ecommerce platforms;
- Billing you for using our or third-party products or services or taking
the appropriate amount of credit from you;
- Responding to any of your queries or concerns;
- Verifying your identity information through publicly available
and/or restricted government databases in order to comply with
applicable regulatory requirements;
- Carrying out credit checks and credit scoring;
- Keeping you informed generally about new products and
services and contacting you with offers or promotions based on
how you use our or third-party products and services unless you
opt out of receiving such marketing messages (you may contact
Safaricom at any time to opt out of receiving marketing
- to comply with any legal, governmental or regulatory
requirement or for use by our lawyers in connection with any legal
- In business practices including to quality control, training and
ensuring effective systems operations;
- To protect our network including to manage the volume of calls,
texts and other use of our network;
- To understand how you use our network, products and services
for purposes of developing or improving products and services;
- Preventing and detecting fraud or other crimes and for debt
- For research, statistical, survey and other scientific or business
- Provide aggregated data (which do not contain any information
which may identify you as an individual) to third parties for
research and scientific purpose;
- Administer any of our online platforms/websites.
Sensitive (Special Categories) Data
We may collect Special Categories of Personal Data about you (this includes details
about your race or ethnicity, religious or philosophical beliefs, political opinions, trade
union membership, information about your health, criminal convictions and offences,
gender, sexual orientation and biometric data). We will rely on any of the legal basis
provided in clause 3.5(Legal Basis) below for such collection.
Lawful Basis for processing your information
We will process your personal information based on any of the lawful basis provided
for under the Data Protection Law:
- The performance of a Product/Service Agreement with you;
- Safaricom’s legitimate business interests;
- Compliance with a mandatory legal obligation;
- Consent you provide;
- Public interest;
- Your vital interest.
Retention of Information
We will only retain your personal data for as long as reasonably necessary to fulfil the
purposes we collected it for, including for the purposes of satisfying any legal,
regulatory, tax, accounting or reporting requirements. We may retain your personal
data for a longer period in the event of a complaint or if we reasonably believe there
is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the
amount, nature and sensitivity of the personal data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we
process your personal data and whether we can achieve those purposes through
other means, the need to comply with our internal policy and the applicable legal,
regulatory, tax, accounting or other requirements.
Anonymised information that can no longer be associated with you may be held
4.0 Disclosure of Information
Any disclosure of your information shall be in accordance with applicable law
and regulations. Safaricom shall assess and review each application for
information and may decline to grant such information to the requesting party.
We may disclose your information to:
- law-enforcement agencies, regulatory authorities, courts or other
statutory authorities in response to a demand issued with the
appropriate lawful mandate and where the form and scope of the
demand is compliant with the law.
- our subsidiaries, associates, partners, software developers or agents who
are involved in delivering Safaricom products and services you order or
- Fraud prevention and Anti money laundering agencies, creditreference agencies;
- publicly available and/or restricted government databases to verify
your identity information in order to comply with regulatory requirements;
- debt-collection agencies or other debt-recovery organisations;
- Survey agencies that conduct surveys on behalf of Safaricom;
- Emergency service providers when you make an emergency call (or
where such disclosure to emergency service providers is necessary for
your rescue, health and safety) including your approximate location;
- Any other person that we deem legitimately necessary to share the data
Some of your information may be passed on to any person whom you receive
mobile money from, or send or intend to send mobile money to. Your
information may be available to any third party involved in the operation of the
mobile money service including Lipa Na M-PESA Merchants, mobile money
interoperability partners, ATM Switch providers and vendors of the M-PESA
money transfer technology platform.
We shall not release any information to any individual or entity that is acting
beyond its legal mandate.
We will get your express consent before we share your personal data with any
third party for direct marketing purposes.
- You may be required to opt in or give any other form of explicit
consent before receiving marketing messages from us.
- You can ask us to stop sending you marketing messages at any
time by writing to us or logging into our website,
www.safaricom.co.ke and checking or unchecking relevant
boxes to adjust your marketing preferences or by following the optout links on any marketing
message sent to you or by attending to
us or contacting us at any time through the provided contacts.
- Where you opt out of receiving these marketing messages, this will
not apply to personal data provided to us as a result of [a product,
service already taken up, warranty registration, product or service
experience or other transactions].
We may store some information (using "cookies") on your computer
when you visit our websites. This enables us to recognise you during
subsequent visits. The type of information gathered is non-personal (such
as: the Internet Protocol (IP) address of your computer, the date and
time of your visit, which pages you browsed and whether the pages
have been delivered successfully.
We may also use this data in aggregate form to develop customised
services - tailored to your individual interests and needs. Should you
choose to do so, it is possible (depending on the browser you are using),
to be prompted before accepting any cookies, or to prevent your
browser from accepting any cookies at all. This will however cause
certain features of the web site not to be accessible.
6.0 The Use of Hyperlinks
Our websites may provide hyperlinks to other locations or websites on
the Internet. These hyperlinks lead to websites published or operated by
third parties who are not affiliated with or in any way related to us and
have been included in our website to enhance your user experience
and are presented for information purposes only.
We do not endorse, recommend, approve or guarantee any third- party
products and services by providing hyperlinks to an external website or
webpage and do not have any co-operation with such third parties
unless otherwise disclosed. We are not in any way responsible for the
content of any externally linked website or webpage.
By clicking on a hyperlink, you will leave the Safaricom webpage and
policies of the other website that you choose to visit.
7.0 Access to and Updating your Information
To update your information, go to https://selfcare.safaricom.co.ke/and sign in
to my Safaricom self-care to look at your personal information. You can
change how we get in touch with you and your account details whenever you
8.0 Safeguarding and Protection of Information
Safaricom has put in place technical and operational measures to protect
your information from unauthorised access, accidental loss or destruction.
9.0 International Data Transfers
From time to time we may need to transfer your personal information outside
the Republic of Kenya.
Where we send your information outside Kenya, we will make sure that your
information is properly protected in accordance with the applicable Data
10.0 Your Rights
Subject to legal and contractual exceptions, you have rights under data
protection laws in relation to your personal data. These are listed below:
- Right to be informed that we are collecting personal data about you;
- Right to access personal data that we hold about you and request for
information about how we process it;
- Right to request that we correct your personal data where it is
inaccurate or incomplete;
- Right to request that we erase your personal data noting that we may
continue to retain your information if obligated by the law or entitled to
- Right to object and withdraw your consent to processing of your
personal data. We may continue to process if we have a legitimate or
legal reason to do so;
- Right to request restricted processing of your personal data noting that
we may be entitled or legally obligated to continue processing your
data and refuse your request;
- Right to request transfer of your personal data in [an electronic format].
If you wish to exercise any of the rights set out above, please contact us on
We may need to request specific information from you to help us confirm your
identity and ensure your right to access your personal data (or to exercise any of
your other rights). This is a security measure to ensure that personal data is not
disclosed to any person who has no right to receive it. We may also contact you to
ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within reasonable time. Occasionally it
could take us longer if your request is particularly complex or you have made a
number of requests. In this case, we will notify you and keep you updated.
11.0 How to Contact Us
on firstname.lastname@example.org or submit a request via our digital platforms.
Data Protection Officer
As a Data Controller and Processor, below are the contact details of our Data
Waiyaki Way, Westlands
P.O Box 66827, 00800 Nairobi Tel: +254
722 00 4524/4260
12.0 Right to Lodge Complaint
You have the right to lodge a complaint with the relevant supervisory authority
that is tasked with personal data protection within the Republic of Kenya
13.0 Non-Compliance with this Statement
Safaricom shall have the right to terminate any agreement with you for failure
to comply with the provisions of this statement and reject any application for
information contrary to this statement.
14.0 Amendments to this Statement
Safaricom reserves the right to amend or modify this statement at any time. If
Safaricom amends this statement, You can access the most current version of the privacy
you will always know how your personal information is being used or shared.
Any amendment or modification to this statement will take effect from the
date of notification on the Safaricom website.
Statement Effective Date
1st October 2019