Privacy policy for Mobile Banking Application


Welcome to Mombasa Port Sacco!

We respect your right to privacy. This Privacy Policy sets out details of the information that we may collect from you and how we may use that information. This Privacy Policy should be read alongside, and in addition to, the Data Protection Policy. Please read this Privacy Policy carefully.

Unless otherwise defined in this Privacy Policy, terms used have the same meaning as in the Terms.

1. About Us

Mombasa Port SACCO is a Tier 1 licensed deposit taking SACCO regulated by the SACCO Society Regulatory Authority (SASRA). It was started in the year 1966 by employees of the then East African Harbours & Railways corporation. The SACCO opened its common bond in the year 2010 and now has diverse membership coming from salaried and non-salaried individuals, investment groups (chamas), corporates, sole businesses, and from people in the diaspora.

2. Use of the Application

This Privacy Policy applies only to your use of the M-Port application.

3. Collection of Information

We use your personal data to provide our services, improve the quality of services and products offered, send notifications, offers and promotional materials, protect our rights and interests as well as the rights and interests of third parties, and comply with generally applicable laws.

When you download the M-Port app, we shall ask for your permission (consent) to view your messages in order to verify your identity

To register or make an application on the application, we ask for your name, email address, ID/Passport number, sacco member number, and financial details. If you contact us, we may also keep a record of that correspondence.

We may also collect data relating to your visits to the application that cannot identify you but records your use of the application including, for example, details of how long you have used the application for.

We may also collect your device’s location data in order to help us tailor the service to your location or collect the data for marketing research.

Please be informed that we use a tool that allows us to make automatic decisions. Making decisions in an exclusively automated way is the ability to make decisions using technological tools without human involvement. We use the above technology to reduce the risk of making a mistake, verify your identity in open an account and while accessing our services and it allows a credit decision to be made in a shorter period of time.

Finally, we may receive information about you from third parties (such as credit reference bureaus) who are legally entitled to disclose that information.

 4. Use of Your Information
By using the application, you agree that your personal information may be collected, stored, used and shared by us our partners or third parties we work with, for any of the following purposes:
  1. To provide, maintain, protect, and improve the quality of the application and our products and services; including opening of membership accounts, booking deductions with your employer, anonymized market research, and to protect us and our users.
  2. To fulfill any contractual agreements between you and us.
  3. If you have applied and or are utilizing any of our products, to send you details of our other products and services which we think may interest you, unless you opt out as described at clause 9 below.
  4. To manage your membership account that you hold with us.
  5. To allow you to use the full range of features on or via the application.
  6. To send you product/service-specific email notifications and updates the product/service you are enrolled on.
  7. To comply with legal and regulatory requirements.
  8. To contact you occasionally in order to invite you to share your opinions and experiences of Mombasa Port Sacco.
  9. To collect, moderate and present reviews and ratings of our products/services to be published on our M-Port application; and
  10. In order to provide Mombasa Port Sacco products or services available through our M-Port application.
  11. We may use your email address to send you course notices and updates about our products/services.
  12. With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and/or telephone with information, news, and offers on the relevant product/services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Act No. 24 of 2019, and you will always have the opportunity to opt-out.
 5. Storage of Information
  1. All information is stored on secure servers. When you register, we will ask you to choose a password which enables you to access the application, where applicable. You are responsible for keeping this password confidential. We ask you not to share this password with anyone.
  2. In addition, we (or third parties acting on our behalf) may also store or process information that we collect about you in countries outside Kenya, which may have lower standards of data protection. We have put in place technical and organizational security measures to prevent the loss or unauthorized access of your personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet.
 6. Legal Basis for Processing Your Information
  1. Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
  2. However, we will normally collect personal information from you only
    1. where we have your consent to do so
    2. where we need the personal information to perform a contract with you (provide you with a product/service you have applied for)
    3. where the processing is in our legitimate interests and not overridden by your rights. In some cases, we may also have a legal obligation to collect personal information from you.
    4. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your information).
    5. Similarly, if we collect and use your personal information in reliance on our legitimate interests, we will make clear to you at the relevant time what those legitimate interests are.
 7. Disclosure of Your Information

We may disclose your personal information to third parties when permitted by law including:

  1. with your consent;
  2. to our suppliers in order for them to help us provide our product/services to you, this includes:
    1. loyalty program providers;
    2. where you have agreed, to our refer-a-member program provider, solely to enable your participation in the program;
    3. suppliers of channel and integrated services we require in order to provide you with our products and services;

These suppliers’ use of your personal data may be subject to their own privacy policies, which are available on their websites, and which we suggest you familiarize yourself within the relevant circumstances set out above.

  1. If we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets, provided that they continue to use your information substantially in accordance with the terms of this Privacy Policy and the Data Protection Policy;
  2. If all, or substantially all of our assets or the assets of our subsidiary, are acquired by a third party provided that they continue to use your information substantially in accordance with the terms of this Privacy Policy and the Data Protection Policy, in which case information held by us will be one of the transferred assets; and
  3. If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect our rights, property, or safety, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
 8.  Data Retention
  1. We retain personal information we collect from you where we have an ongoing legitimate business need to do so and in line with relevant laws and our Records Policy (for example, to provide you with a product service you have requested, you continue to be a member of Mombasa Port Sacco or to comply with applicable legal, tax or accounting requirements).
  2. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. 
9. Your Rights

You have the following data protection rights:

  1. You can edit your personal details via the Member Update Forms at our branches.  We maintain a procedure in order to help you confirm that your personal information remains correct and up-to-date or choose whether or not you wish to receive material from us or some of our partners.
  2. In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by filling appropriate forms at the Sacco
  3. You may unsubscribe from certain email communications by following the Unsubscribe link in the email communication itself. You may also email us at in order to access, correct, or update your personal information on our systems. We will answer every email as promptly as possible.
  4. Similarly, if we have collected and process your personal information on the basis of your consent, then you can withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  5. If you have any privacy-related questions or unresolved problems, you may contact us using the information provided at clause 14 below.
  6. You have the right to complain to the Data Commissioner about our collection and use of your personal information.
  7. The application may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Please check these policies before you submit any personal information to these websites.
10. Children

We strongly believe in protecting the privacy of children. In line with this belief, we may only collect and maintain personal information regarding persons under 18 years of age where consent of the parent/guardian is given.

No part of the application is directed to persons under 18 years of age. If you are under 18 years of age, then please do not use or access the application at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 18 years of age.

11. Updating this Privacy Policy

We may update or amend this Privacy Policy from time to time, to comply with law or to meet our changing business requirements. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Any updates or amendments will be posted on the privacy statement as captured in this application. By continuing to access the application your access and use will be subject to these updates and amendments.

12. Contacting Mombasa Port Sacco

If you have any questions, comments, or complaints about this Privacy Policy, please contact us using the details below:

The Data Protection Officer: