Data Protection Policy
This Data Protection Policy for Earn Mwachangu is drafted in compliance with the Data Protection Act, 2024 (Act No. 3 of 2024) of Malawi, which governs the processing and movement of personal data of natural persons. Earn Mwachangu is committed to protecting the privacy and security of the personal data we process.
Introduction and Scope
This Policy outlines how we collect, process, store, and share your personal information. It applies to all personal data processing activities conducted by Earn Mwachangu, where such activities fall under the jurisdiction of the Malawi Data Protection Act, 2024 (the Act).
Your personal information is collected, processed, stored, and used in accordance with our Privacy Policy, available at earnmwachangu.com/privacy, which is incorporated into our Terms of Service by reference.
Designation of Data Protection Authority
The Malawi Communications Regulatory Authority (MACRA) is designated as the Data Protection Authority (the Authority). The Authority is responsible for overseeing the implementation and enforcement of the Act.
Data Protection Principles
As a Data Controller and Data Processor, Earn Mwachangu adheres to the following principles when processing personal data:
| Principle | Requirement |
|---|---|
| Lawfulness, Fairness, and Transparency | Personal data is processed lawfully, fairly, and transparently, primarily based on the data subject's consent or necessity for the performance of the loan contract. |
| Purpose Limitation | Data is collected for specific, explicit, and legitimate purposes (e.g., loan application, disbursement, and repayment) and is not processed in a manner incompatible with those purposes. |
| Data Minimization | Data processed is adequate, relevant, and limited to what is necessary for the purpose for which it is processed. |
| Data Accuracy | Data is accurate and, where necessary, kept up-to-date. Inaccurate data is erased or rectified. |
| Storage Limitation | Data is not stored for longer than is necessary to achieve the purpose for which it is processed. |
| Data Integrity and Confidentiality | Appropriate technical and organizational security measures are implemented to protect personal data against unauthorized processing, accidental loss, destruction, or damage. |
Data Collected, Consent, and Purpose of Processing
Earn Mwachangu collects personal data for the purpose of providing, managing, and improving its financial services (instant loans).
Data Collected
The data we collect may include, but is not limited to:
- Personal and Employment Data
- Identification Data (e.g., National ID, age, citizenship)
- Contact Information (e.g., Phone Number, email)
- Financial Data (e.g., stable source of income, bank account, financial information for loan assessment)
- Location Data
Consent and Purpose of Processing
By using the Service, you provide consent to the collection and processing of your personal data for the following specific purposes:
(1) Collection of Personal and Employment Data; (2) Processing of data for Service operation, balance calculation, accrual tracking, risk assessment, fraud detection, and regulatory compliance; (3) Use of data for analytics, product improvement, and marketing (subject to your opt-out rights).
Data Sharing and Cross-Border Storage
The Company may share your data with the following recipients for the operation of the Service:
- The Employer
- Payment processors
- Third-party service providers
- Billers
Your data may be stored on servers located in Malawi or other jurisdictions. Where data is transferred from Malawi to another country or international organization, the Company ensures that the recipient is subject to a law or mechanism that affords an adequate level of protection in line with the Act, or the transfer is necessary for the performance of a contract (the loan) with you.
Data Subject Rights
Data subjects have the following rights under the Act, which Earn Mwachangu is committed to upholding:
Right to Access
The right to obtain confirmation and access to the personal data being processed.
Right to Data Portability
The right to receive personal data in a structured, commonly used, and machine-readable format.
Right to Rectification
The right to rectify any error or have incomplete personal data completed.
Right to Erasure (Right to be Forgotten)
The right to the erasure of personal data without undue delay when processing is no longer necessary or consent is withdrawn.
Right to Restriction of Processing
The right to restrict processing under certain conditions (e.g., data accuracy is contested).
Right to Object
The right to object to the processing of personal data where it is based on a legitimate interest causing substantial damage or distress.
Automated Decision-Making
The right not to be subject to a decision based solely on automated processing (e.g., profiling) that produces a legal or similarly significant effect, unless necessary for a contract or authorized by law.
Data Security, Breach Notification, and User Responsibilities
Security of Personal Data and Disclaimer
The Company implements reasonable technical and organizational security measures to protect your personal data, including pseudonymization and encryption, in line with the Act.
However, the Company cannot guarantee absolute security against unauthorized access, hacking, data loss, or breaches.
Notification of Personal Data Breach
In the case of a personal data breach, the Company shall:
- Notify the Authority (MACRA)Notify MACRA within seventy-two hours of becoming aware of the breach.
- Notify Data SubjectsNotify the affected data subject within seventy-two hours if the breach is likely to result in a high risk to their rights and freedoms.
User Responsibilities
You are responsible for safeguarding your Account credentials. You must notify us immediately of any suspected security breaches or unauthorized use of your account.
Contact Information
For questions about this Data Protection Policy or to exercise your data subject rights, please contact us at:
Earn Mwachangu Ltd
- Email: info@earnmwachangu.com
- Phone: +265 99 016 7497 / +265 99 848 4630
- Address: Plot 47/378, Area 47 Sector 1, Lilongwe, Malawi
- Website: earnmwachangu.com
Regulatory Authority
The Malawi Communications Regulatory Authority (MACRA) is the designated Data Protection Authority responsible for overseeing the implementation and enforcement of the Data Protection Act, 2024.
For regulatory inquiries or to report compliance concerns, you may contact MACRA or the Company directly.
Last Updated: November 19, 2024
Version: 1.0
Questions About This Policy?
If you have any questions or concerns about our data protection practices, please don't hesitate to contact our support team.