Country Annex - Kenya
This annex applies where Jamborow processes personal data of Kenyan residents, works with Kenyan SACCOs/cooperatives, supports payment or lending technology, or targets Kenyan users.
Key framework: Kenya Data Protection Act 2019, Office of the Data Protection Commissioner guidance, Central Bank of Kenya requirements for regulated payment and digital credit providers, SACCO/cooperative rules, consumer protection, AML/CFT and cyber laws.
Jamborow should assess registration obligations with the Office of the Data Protection Commissioner as controller or processor, maintain privacy notices, lawful processing records, processor contracts, data transfer safeguards and data subject rights procedures.
Any digital credit activity should be reviewed against Central Bank of Kenya digital credit provider requirements. If Jamborow provides only technology to licensed lenders or partners, product wording must clearly state the lender, the regulated provider, fees, interest, complaints route and Jamborow's role.
SACCO/cooperative integrations should include member notice, data sharing agreements, consent where needed, fair collection practices, audit trails and secure administrator access.