← Back to Home

GDPR Compliance

Last Updated: July 29, 2025

Our Commitment to GDPR

At SwahiliCard, we are committed to ensuring the security and protection of the personal data that we process, and to providing a compliant and consistent approach to data protection. We recognize our obligations under the General Data Protection Regulation (GDPR) and have established robust and comprehensive policies and procedures to ensure compliance.

How We Comply with GDPR

We have implemented the following measures to ensure compliance with GDPR principles:

  • Data Mapping: We have conducted a thorough audit of all personal data we process, including where it comes from, how it's processed, and who it's shared with.
  • Privacy by Design: We consider data protection at the initial design stages of any product, service, or process and throughout the development process.
  • Data Minimization: We only collect and process the personal data that is necessary for the specific purpose we have communicated to you.
  • Consent Management: We have clear consent mechanisms in place and maintain records of consent given by users for the processing of their personal data.
  • Data Protection Impact Assessments: We conduct DPIAs for high-risk processing activities.
  • Security Measures: We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Data Breach Procedures: We have processes in place to detect, report, and investigate personal data breaches.

Your Rights Under GDPR

Under GDPR, you have the following rights:

  • Right to Access: You have the right to request a copy of your personal data that we hold.
  • Right to Rectification: You have the right to request correction of your personal data if it is inaccurate or incomplete.
  • Right to Erasure (Right to be Forgotten): You have the right to request deletion or removal of your personal data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: You have the right to restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing.
  • Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing.

International Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses, adequacy decisions, or other appropriate safeguards as required by GDPR.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements.

For any GDPR-related inquiries or to exercise your rights, please contact our DPO at:

Email: dpo@swahilicard.com
Address: SwahiliCard Headquarters, Nairobi, Kenya

How to Exercise Your Rights

To exercise any of your rights regarding your personal data, please submit a request by email to our Data Protection Officer. We will respond to all legitimate requests within one month.

Return to Homepage