Privacy Policy
1. Who we are
This Privacy Policy explains how Jamborow Ltd / Jamborow.co.uk collects, uses, stores, shares and protects personal data when individuals visit jamborow.co.uk, use our platform, join a savings group or cooperative programme, communicate with us, apply for partnership, request product information, participate in onboarding, or interact with Jamborow through a bank, microfinance institution, payment service provider, cooperative, SACCO, credit union, VSLA, enterprise customer or other partner.
2. Scope
This policy applies to website visitors, customers, prospective customers, group members, cooperative members, agents, community administrators, investors, suppliers, employees, contractors, partner institutions and other contacts whose personal data is processed by Jamborow. Where a regulated financial institution, bank, microfinance bank, payment service provider, lender, capital markets institution or partner acts as an independent controller, its own privacy notice will also apply.
3. Personal data we may collect
We may collect identity data such as name, title, date of birth, gender where legally required, national identity number, passport number, voter number, tax identification number, BVN/NIN or equivalent identifier where lawful and necessary; contact data such as address, email, telephone and emergency contact; financial data such as account, wallet, cooperative contribution, savings, loan, repayment, transaction, settlement and payment information; KYC/AML data including screening results, sanctions checks, politically exposed person information and adverse media indicators; device and technical data including IP address, device identifier, browser, operating system, cookie identifiers, analytics information and usage logs; business data including organisation name, role, partnership records and due diligence information; communications data including emails, call notes, support tickets, complaints and survey responses; and special category or sensitive data only where lawful, necessary and subject to appropriate safeguards.
4. How we collect personal data
We collect data directly from individuals, through website and app forms, onboarding journeys, partner referrals, savings group or cooperative administrators, financial institution partners, API integrations, payment processors, KYC providers, credit reference or fraud prevention agencies, sanctions screening providers, public registers, business directories, investor communications, cookies and similar technologies.
5. Purposes of processing
We process personal data to provide and improve Jamborow services; create and manage accounts; onboard customers and organisations; verify identity and eligibility; support financial inclusion programmes; enable savings group, cooperative, credit union, SACCO and VSLA operations; facilitate wallet, payment, settlement, lending, remittance, embedded finance, Banking-as-a-Service or marketplace services where available through authorised partners; prevent fraud, money laundering, terrorist financing and sanctions breaches; comply with regulatory, tax, audit, accounting and legal obligations; manage complaints and disputes; communicate with users; send permitted marketing; conduct analytics; maintain platform security; test and develop technology; manage enterprise, bank and investor relationships; and protect Jamborow, users, partners and the public.
6. Lawful bases
Depending on the context, we rely on contract, legitimate interests, legal obligation, consent, vital interests, public interest where applicable, and substantial public interest conditions for certain financial crime and regulatory purposes. Consent may be used for optional marketing, non-essential cookies and certain data sharing choices. Consent can be withdrawn at any time where processing depends on consent.
7. Automated decision-making and profiling
Jamborow may use automated tools to support onboarding, fraud monitoring, risk assessment, affordability indicators, eligibility checks, credit pre-screening, segmentation, platform security and service personalisation. We will not make solely automated decisions with legal or similarly significant effects unless permitted by law, necessary for contract, authorised by law, or based on explicit consent with appropriate safeguards. Users may request human review where legally available.
8. Sharing personal data
We may share data with hosting providers, cloud providers, payment processors, banks, microfinance institutions, credit unions, SACCOs, cooperatives, VSLAs, capital market partners, KYC/AML providers, credit reference agencies, fraud prevention agencies, analytics providers, professional advisers, auditors, insurers, regulators, law enforcement, courts, tax authorities, corporate transaction counterparties and suppliers acting under appropriate confidentiality and data protection obligations.
9. International transfers
Because Jamborow operates across the UK and African markets, personal data may be transferred internationally. We will use appropriate safeguards, which may include adequacy arrangements, standard contractual clauses, international data transfer agreements, transfer risk assessments, contractual controls, encryption, access restrictions and due diligence on processors and partners.
10. Retention
We keep personal data only for as long as necessary for the purposes described in this policy, including legal, regulatory, tax, accounting, audit, AML/KYC, dispute and security purposes. KYC, AML and transaction records may need to be retained for several years after the end of the relationship, depending on the applicable jurisdiction and partner requirements. Where data is no longer needed, it will be deleted, anonymised or securely archived.
11. Rights
Subject to applicable law, individuals may have rights to access, rectify, erase, restrict, object to processing, port data, withdraw consent, complain to a supervisory authority, and challenge certain automated decisions. Requests should be sent to privacy@jamborow.co.uk. We may need to verify identity before acting on a request.
12. Children and vulnerable users
Jamborow services are not intended for children unless expressly provided through a lawful programme, school, parent, guardian, cooperative or authorised institution with appropriate safeguards. We also seek to design inclusive services for vulnerable users and underserved communities with proportionate fairness, transparency and support.
13. Security
We apply technical and organisational measures designed to protect personal data, including access controls, encryption, monitoring, logging, secure development practices, supplier due diligence, staff training, incident response and business continuity procedures. No internet service can be guaranteed to be completely secure.
14. Changes to this policy
We may update this policy from time to time. Material changes will be communicated through the website or other appropriate channels.