Terms of Use / Privacy Policy

BiodataBiographical information: Personal information with regard to gender, nationality, contact information, physical location, and any other
ControllerThis means the natural or legal person, authority, organization or other agency that makes decisions individually or together with other parties regarding the purposes and means for processing Personal Data.
VHSMeans Verona Huruma Sacco, a Non-WDT Sacco Limited started in 1994 as a self-help group that was one of its kind in the Archdiocese of Nairobi, under the guardianship of then Diocesan Development office of the Archdiocese of Nairobi.
GDPRMeans the General Data Protection Regulation((EU) 2016/679)
Personal Data/ Personal InformationThis means any information identifying you or information relating to you that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data excludes anonymous data or data that has had the identity of you as an individual permanently removed.
Sensitive Informationrefers to Personal Information (1) about an individual’s race, ethnic origin, marital status, age, colour, and religious, philosophical or political affiliations; (2) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offence committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (3) issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and (4) specifically established by executive order or other legislative act to be kept classified.
ProcessorThis means a natural or legal person, authority, organization or other agency that processes Personal Data on behalf of the Controller.
Register of SystemsThis means a register of all systems or contexts in which personal data is processed by Verona Sacco  
    1. VHS is a Verona Huruma Non-WDT Sacco Limited started in 1994 as a self-help group that was one of its kind in the Archdiocese of Nairobi, under the guardianship of the Diocesan Development office of the Archdiocese of Nairobi. Through our Mobile App, you can use our Services and apply for a consumer loan.
    2. VHS Mobile App greatly simplifies the process of obtaining a loan by allowing you to borrow an amount according to the internal credit policy that you qualify for, within the allowed limits. It uses the data provided by you and necessary algorithms as well as internal rules/policies to identify you, verify your identity, assess your creditworthiness, and credit risk, create a credit score for you and comply with applicable laws, regulations, and rules, such as those relating to KYC (know-your-customer) and anti-money laundering requirements, also to analyse your behaviour and to detect and prevent fraud and other illegal uses of our services.
    3. This Policy explains what personal information we collect, and how the data are shared, and you can inform us not to share certain information with certain third parties.
    4. Please read the following Policy. If you have any questions feel free to contact us in accordance with the Policy procedures.
  1. These Data Processing Terms and Conditions together with our Terms of Use and User Agreement as set out at https://www.veronahurumasacco.co.ke/terms/  and any additional terms of use apply to your use of
    1. Verona Huruma Sacco mobile application software (App) is available on our site OR hosted on the Google Play Store (App Site), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (Device); and
    2. Any of the services accessible through the App (Services) or those available on the App Site or other sites of ours or other third-party Sites (Service Sites).
    3. This Policy sets out the basis on which any personal data we collect from You, or that you provide to us, will be processed by us.

 Please be informed that by downloading VHS’s mobile App you consent to the following:

“By downloading the VHS Mobile App, I hereby give consent to the collection and processing of my personal information for legitimate business purposes, including but not limited to determining my credit score, my loan limit and providing a loan.
 I hereby certify that all the provided information is true and correct to the best of my knowledge and that I will immediately notify VHS of any inaccuracies in the data provided. At the same time, I authorize VHS to verify and investigate the above statements and provide information. For this purpose, I consent to the processing of any personal information and records relating to me that might be obtained from third parties, including government agencies, employers, credit bureaus, business associates and other entities you may deem proper and sufficient in the conduct of the proper verification process.”

  • You can withdraw your consent to our collection, processing or use of your personal information at any time by making a request on credit@veronahurumasacco.co.ke

We must receive or collect some information to operate, provide, improve, understand, customize, support, and market our Services. This also includes when you install, access, or use our Services. The types of information we receive and collect depend on how you use our Services.

  1. Information You Provide
  1. Personal Information/Sensitive Information
  • You may be asked to provide us information about yourself when you register for and/or use our App.
  • This includes but is not limited to:
  • Contact information, such as name, telephone number, profile picture, personal description, and postal and email address;
  • Login credentials, such as password and security questions and answers;
  • Account information, financial history and transaction information, such as account numbers and other unique customer identification numbers, debit transaction history, Invoices, LPOs, and income as well as expense information from your bank and/or Mpesa statements;
  • Demographic information, such as age, date of birth, employment information, marital status, sex, gender, and military or veteran status;
  • Government-issued identification information, such as tax identification number, National Identification Number (ID number), passport or driver’s license data, and other information related to government-issued identification;
  • Geographic location information based on services you request (e.g., helping you locate the nearest branches);
  • Telephone carrier information, such as your phone number
  • Other information you choose to provide, such as through our “Contact Us” feature, job application, emails or other communications, social media pages, surveys, registrations, and sign-up forms;
  • Publicly available information, such as from social media services.your name, surname, address, e-mail address, phone number, mobile phone number, ID data, password, personal description or photography, employer name and address, 
  1. Collateral Information
  • This includes information on the collateral that you will use/are using to get financing from us such as your car registration number, insurance details of your car, your car’s latest valuation report, your car make, model, Year of manufacture etc.
  1. Push Notifications
  • Please be informed that we may from time to time send you push/SMS notifications concerning your account, certain features of the App, marketing messages or other information related to our Services or transactions. 
  • You have the right to opt out from receiving this type of notification at any time by following the necessary prompts or by turning them off in your device’s settings.
  1. Payment Data
  1. We may collect data necessary to process your payment if you make payments for your loan facilities with us, such as the product you want to make payment for
  1. Customer Support (Communication Data)
  • You may provide us with information related to your use of our Services, including copies of your messages, and how to contact you so we can provide you with customer support. For example, you may send us an email with information relating to our service performance or other issues.
  • This information may be collected through any of the following mechanisms:
  • provided by filling in forms in the App or physically;
  • provided by corresponding with us (for example, by e-mail or chat);
  • provided by registering to use our App, downloading, or registering the App, subscribing to any of our Services (such as applying for a loan), sharing data via the App’s social media functions, entering a competition, promotion or survey, and reporting a problem with the App, our Services, our App Site or any of Our Service Sites.
  1. Automatically Collected Information
  1. Usage and Log Information
  • We collect information about your activity on our App, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our App, your App settings, how you interact with others using our App, as well as the time, frequency, and duration of your activities and interactions while using our App), log files and performance logs and reports.
  •  This also includes information about when you registered to use our App and the features you use in the App.
  1. Device and Connection Information 
  • We collect device and connection-specific information when you install, access, or use our App.
  • This includes information like hardware model, operating system information, app version, browser information, connection information including phone number, mobile operator or ISP, language, time zone, IP, device operations information, and identifiers like device identifiers (including identifiers unique to VHS products associated with the same device or account).
  1. Location Information 
  • We collect device location information if you use our location features, like viewing locations of our nearby branches, and the like, and for diagnostics and troubleshooting purposes such as if you are having trouble with our App’s location features. 
  • We use various technologies to determine location, including IP, GPS, Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.
  1. Third-Party Information
  1.  Third-Party Service Providers 
  • We work with third-party service providers to help us operate, provide, improve, understand, customize, support, market our services and fulfil our legal obligation.
  • To achieve this, we may obtain information concerning you from the following sources including but not limited to – Payment Company Providers, Banks, Identity Verification Companies, Credit Reference Agencies, Credit Analysis companies, Debt Collection Companies, Value Added Services Providers, Government Departments and Agencies, Marketing Agencies, Employers and Mobile Network Operators (“Third Party Providers”) and we may receive information about you from them.
  • We also work with companies to distribute our apps, provide our infrastructure, and delivery, help us understand how people use our App, market our Services, help you connect with businesses using our Services, conduct surveys and research for us, and help with customer service. These companies may provide us with information about you in certain circumstances; for example, app stores may provide us reports to help us diagnose and fix service issues.

The General Data Protection Regulation (GDPR) and the Kenyan Data Protection Act require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information: 

  1. Consent – We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
  2. Contractual Obligations (Loan Processing)

We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you Our contractual obligations include:

  • to verify your identity;
  • processing of payment and settlement instructions;
  • to assess credit risk;
  • to check our database for duplicate occurrences of your data (blacklist);
  • to process your transactions – loan requests, applications, payments etc
  • to provide you with personalized loans;
  • to disburse loans and collect payments related to the offered Services,
  • to build the credit models and perform credit scoring;
  • to analyze your behaviors including loan repayment behaviours;
  • to localize the technical issues with our App and Services;
  • to contact with you through distance communication channels like phones, SMS, WhatsApp or e-mail messages,
  • to present you with marketing content and promotional offers concerning our Services;
  • to check our database during logging into our App, whether used mobile phone number already exists in our database;
    • Lawful Obligations
  • collection of loans and any amount outstanding from you;
  • compliance with any risk, regulatory duty or lawful obligation including responding to regulators or supervisors, carrying out anti-money laundering investigations, record-keeping obligations, etc.;
  • to comply with applicable laws, regulations, guidelines, and rules such as those relating to “Know Your Customer” obligations;
  • to perform obligations concerning anti-money laundering checks,
  • compliance with codes of conduct or best practices; or
  • fraud detection and prevention of other illegal use of our Services and Service Sites in line with the laws of Kenya;
  1. Legitimate Interest

We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:

  • improving our Services to you and your experience with us;
  • offering rewards and other incentives to our customers;
  • collaborating with Third Parties to provide a Service or to improve our services to you;
  • educate you about Services or any other information that might be useful to you as our customer;
  • improving our business, processes, policies etc;
  • improve our data quality;
  • troubleshooting issues with our Services and Service Sites;
  • carry out research, experiments and tests; or
  • marketing, advertising and sensitisation of our Services.
  • communicating with you regarding requests about our App or Services provided to you.
  1. We may share Consumer Information with a limited number of our partners for research and development. We may also provide anonymous Consumer Information for our external partners for the purposes of compiling statistics relating to our user base, loan portfolio, and analysis.
  2. When you use our App you agree that we may as it is necessary and appropriate share, transfer and disclose Consumer Information to the following recipients:
    1. Any member of our Group, which means our subsidiaries, affiliates, our holding company, and its subsidiaries. The Group and its subsidiaries will not use your messages for any purpose other than to assist us in operating and providing our Services; – 
    2. Financial institutions such as payment companies, banks, credit reference bureaus, debt collection companies, investment companies, correspondent and agent banks, settlement and switch for the purpose of providing Services to you, for the settlement of financial transactions, repayment of loans, credit assessment, outsourcing delinquent and defaulted accounts to third-party debt collectors and reporting defaulters to any credit reference bureau;  
    3. Identity verification companies, mobile network operators, etc. provided that any of these entities have an obligation to comply with Data Protection Laws in Kenya or similar regulations;
    4.  to third-party service providers which has concluded relevant contracts/agreement with VHS that support us in our business operations in particularly in marketing, identification of your identity, fraud prevention, anti-money laundering and transaction processing, specialized in analytical tools or providers of information search services, hosting and website development, risk assessment, debt recovery and customer service. We will share the data only when it is necessary to appropriately perform our legal obligations and the proper performance of the Services;
    5. Agents, vendors, advisors, and third-party service providers for the purpose of providing and operating any of our Services to you at your request. When this happens, we will require third parties to handle your information using the same level of care that we apply. We will also require them to only use Your Information according to our instructions and directions. We will not otherwise disclose your information to third parties unless we have your permission, or we are under a contractual, legal or similar obligation.
    6. government officials, law enforcement or other third parties, but only in relation to a formal request, court order or a similar legal procedure or when we assume that the disclosure is necessary to comply with the law, prevent physical arms, financial losses, report suspected illegal activity or to investigate violations of our Services or any other legally permissible purposes;
    7. to persons acting on your behalf for example your lawyers if need be, beneficiaries, etc
    8. Regulators, supervisors, or anti-money laundering and fraud prevention agencies authorities; where we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or requests;
    9. In the event of a proposed merger, acquisition or transfer of our business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets on the condition that the recipient comply with the provisions of the Data Protection Act or similar provisions;
    10. Any third party that provides referrals, targeted marketing, or lead-generating services for us; 
    11. In order to enforce our Terms and Conditions and other agreements;  
    12. Cloud infrastructure such as Amazon Web Services or any other infrastructure provider that we may appoint from time to time towards the provision of our Services;
    13. For the purpose of publishing statistics relating to the use of the App, in which case all information will be aggregated and made anonymous;
    14. competent national authorities and non-governmental organizations, as well as other third parties to provide a full assessment of your creditworthiness;
    15. with external suppliers providing payment processing services when executing a direct debit or other payment due under the loan agreement you have entered into with you; then we may share your personal data;
    16. to debt collection companies, credit reference bureaus and companies providing legal services in the event of non-performance or improper performance of your obligations arising from the concluded loan agreement, we may transfer data regarding your overdue liabilities 
    17. to the analysts and service providers who provide App services to help us improve and optimize our application;
    18. during selling all or part of our business or transferring our receivables to a third party.
  3. Except as set forth in this section, VHS does not share, sell, or rent personal information it collects about you to or with any third parties.
  1. All information you provide to us is stored in our secure servers. If shared, it is shared via secure links https to ensure that data integrity and security is ensured
  2. We will store your information for a minimum of Seven (7) years as required by the Communication Act of Kenya.
  3. Information about you in our possession may be transferred or stored in other countries outside Kenya if this is necessary in order to perform our agreements with you. For example, we may use third parties such as Local Banks and Mobile Money Integrations to enable you to make payments. 
  4. We may share your data with other VHS Branches, its affiliates, any regulatory, supervisory, governmental or quasi-governmental authority with jurisdiction over VHS, any agent, contractor or third-party service provider, professional adviser or any other person under a duty of confidentiality to VHS, credit reference agencies and, in the event of default, debt collection agencies, any actual or potential participant or sub-participant in, assignee or transferee of VHS in countries outside Kenya. These third parties are subject to supervision by their regulators.
  5. If we transfer your data to other parties outside Kenya, we take additional measures to protect your data. VHS may leverage on technologies such as Cloud, which may result in your data being shared and stored in different jurisdictions. However, in such cases, the highest level of protection will always be embedded to safeguard your data
  6. When we, or our permitted third parties, transfer information outside Kenya, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the Kenya.
  7. We may also transfer your information where the transfer is to a country deemed to provide adequate protection of your information by the Data Commissioner or you have consented to the transfer.
  8. If we transfer your information outside Kenya in other circumstances (for example because we have to provide such information by law), we will use our best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.
  9.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
  10. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
  11. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

When we process your personal data, we are guided by the following principles, which require personal data to be:

  1. processed lawfully, fairly, in a transparent manner and with respect for the dignity of the human person;
  2. collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
  3. adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
  4.  accurate and where necessary kept up to date;
  5. removed or not kept in a form which permits identification of data subject for longer than is necessary for the purposes for which the personal data is processed;
  6. processed in a manner that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage
    1. Right to be informed
  2. We must provide you with certain information related to how we collect your personal data, how we use your personal data (and our legal basis for doing so), who we share your personal data with, where we obtained your personal data and your rights as a data subject. This information is provided within Our App and in this Privacy Policy in clear language.
    1. Right to access
  • You may ask for a copy of the personal data (as defined under applicable law) we hold concerning you (and your Information related to such personal data), as well as information on how such personal data has been processed unless providing some or all of it would adversely affect the rights and freedoms of others or applicable law requires that we do not comply with your request. 
  • The right to access does not apply to analyses made by the Company with respect to your personal data, such as inferred, derived, modelled, or business-generated data. 
  1. Right to rectification
  • You may ask us to correct any personal data which you believe to be inaccurate. We will promptly update any such personal data. In connection with your request, you may be required to provide supporting evidence or other documentation so that we may verify the accuracy of the request.
  1. Right to erasure

     You may ask us to erase your personal data (as defined under applicable law):

  • If you believe it’s no longer necessary for us to retain such personal data;
  • If you do not believe we have legitimate grounds for processing it;
  • If you think we are using such personal data unlawfully; and/or 
  • If you think applicable law requires that we do so.
  1. Right to restrict or object to processing.

Where the processing of your personal data is based on your consent or our legitimate interest, you may ask us to stop using your personal data (as defined under applicable law):

  • if you think such personal data is inaccurate; 
  • if you think it’s illegal for us to use such personal data;
  • if you don’t want us to destroy such personal data because you need it for legal proceedings.
  • if you’ve informed us that we don’t have a legitimate reason for using it and we’re considering your request.
    • Right to data portability
  • If we’re using your personal data on the basis of your consent or because we need it to carry out our contractual obligations to you, you can ask us to give you your personal data (as defined under applicable law) in a structured, commonly used and machine-readable format or have it transmitted to another data controller. 
  • The right to data portability is limited to data that you provided actively and knowingly, or that you provided by virtue of the use of our services.
    • Right to damages
  • You have a right to be indemnified if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as a data subject.
    • Right to file a complaint
  • You have the right to file a complaint with the relevant government agencies for any violation of your rights as a data subject, including the Data Commissioner of Kenya.
    • You agree to inform us promptly, and in any event, within 30 days, in writing if there are any changes to the Personal Information you supplied to us from time to time, and to respond promptly to any request from us.


  • You failed to provide us promptly with the correct personal, sensitive and customer Information that we reasonably requested, or
  • you withhold or withdraw any consents that we may need to process, transfer or disclose Customer Information for the Purposes (except for purposes connected with marketing or promoting products and services to you), or
  • We have suspicions regarding Financial Crime or an associated risk.

We may:

  • be unable to provide new, or continue to provide all or part of the, Services to you and reserve the right to terminate our relationship with you;
  • Take actions necessary for us to meet the Compliance Obligations; and/or
  • block, transfer or close your account(s) where permitted under local Laws.
    • In addition, if you fail to supply promptly your Tax Information and accompanying statements, waivers and consents, as may be requested, then we may make our own judgment with respect to your status, including whether you are reportable to a Tax Authority, and may require us or other persons to withhold amounts as may be legally required by any Tax Authority and paying such amounts to the appropriate Tax Authority
    • You agree that We shall not be liable for any loss or damage arising from or incidental to our use, collection, processing and sharing of Customer Information, and any action we have taken in relation to this Section.
  • Depending on your Android Operating System and the version of Our app installed on your device, the following device permissions may be accessed by the App. Keep your VHS Mobile App updated to make sure you can experience the latest and most secure features:
  • Location – This helps us to give you better services e.g by indicating which branch is nearest to your current location once to consent to share such information while using the App.
  2. We may modify this Privacy Policy from time to time. If we decide to make material changes to this Privacy Policy, you will be notified through our App, via text or by other available means and will have an opportunity to review the revised Privacy Policy. 
  3. By continuing to access or use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.
  2. This Data Privacy Policy shall be governed by the Laws of Kenya. 

The Data Protection Officer for Verona Huruma Sacco can be contacted at ict@ veronahurumasacco.co.ke.com