1. Introduction

BFS Microfinance Ltd ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, visit our website, or interact with us.

We comply with the Data Protection Act of Tanzania and other applicable data protection laws to ensure your personal data is handled with care and respect.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Identification Data: Full name, date of birth, national ID number, passport details
• Contact Information: Physical address, email address, phone numbers
• Financial Information: Income details, bank account information, credit history
• Employment/Business Data: Employment status, business details, source of income
• Demographic Information: Age, gender, marital status

2.2 Automatically Collected Information

• Technical Data: IP address, browser type, device information
• Usage Data: Website browsing patterns, pages visited, time spent on site
• Cookies: We use cookies to enhance your browsing experience

2.3 Sensitive Information

In some cases, we may collect sensitive information such as:

• Health information (for insurance purposes)
• Biometric data (for identity verification)
• Criminal records (where legally required)

3. How We Collect Information

• Direct Interactions: When you fill out loan applications, contact forms, or communicate with us
• Automated Technologies: Through cookies and similar technologies when you visit our website
• Third Parties: From credit bureaus, references, and regulatory authorities
• Public Sources: From publicly available sources where permitted by law

4. How We Use Your Information

4.1 Primary Purposes

• Processing loan applications and determining eligibility
• Providing microfinance services and managing accounts
• Credit assessment and risk management
• Regulatory compliance and reporting
• Customer service and communication

4.2 Secondary Purposes

• Service improvement and product development
• Marketing and promotional communications (with consent)
• Statistical analysis and research
• Fraud prevention and security

4.3 Legal Basis for Processing

• Performance of contract (providing requested services)
• Legal obligation (regulatory compliance)
• Legitimate interests (business operations)
• Consent (for marketing communications)

5. Information Sharing and Disclosure

5.1 When We Share Your Information

We may share your information with:

• Credit Bureaus: For credit assessment and reporting
• Regulatory Authorities: As required by Tanzanian law
• Service Providers: Banks, IT providers, and professional advisors
• Business Partners: With your consent for additional services
• Legal Requirements: When required by court order or legal process

5.2 International Transfers

Your information is primarily processed within Tanzania. If transferred internationally, we ensure adequate protection through:

• Data protection agreements
• Standard contractual clauses
• Jurisdictions with adequate data protection laws

6. Data Security

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption of sensitive data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection
• Secure physical storage for paper records

6.2 Data Breach Procedures

• Immediate investigation of suspected breaches
• Notification to regulatory authorities where required
• Communication to affected individuals when necessary
• Implementation of corrective measures

7. Data Retention

7.1 Retention Periods

We retain your personal information only as long as necessary:

• Loan Applications: 7 years from application date
• Active Accounts: Duration of relationship plus 7 years
• Marketing Data: Until consent is withdrawn
• Website Analytics: 26 months from last interaction

7.2 Data Disposal

• Secure deletion of electronic records
• Shredding of physical documents
• Certified destruction processes

8. Your Rights

8.1 Access and Control

You have the following rights regarding your personal data:

• Right to Access: Request copies of your personal information
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (with limitations)
• Right to Restriction: Limit processing of your data
• Right to Object: Object to certain processing activities
• Right to Data Portability: Receive your data in a machine-readable format

8.2 Exercising Your Rights

• Submit written requests to our Data Protection Officer
• We will respond within 30 days of receipt
• No fee usually required for standard requests
• Identity verification required for security

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality
• Analytical Cookies: Help us understand how visitors use our site
• Marketing Cookies: Used to deliver relevant advertisements

9.2 Cookie Management

• You can control cookies through your browser settings
• Opt-out options available for marketing cookies
• Disabling cookies may affect website functionality

10. Third-Party Links

Our website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our platform

Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Information

13.1 Data Protection Officer

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:

13.2 Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the relevant data protection authority in Tanzania.