Legal · Data Protection

Privacy Policy

Effective Date 9 April 2026
Last Updated 9 April 2026
Entity Rezato Money Remittance Ltd.
This Privacy Policy explains how Rezato Money Remittance Limited (“Rezato”, “we”, “us”, or “our”) — a licensed payment service provider authorised by the Central Bank of Kenya (CBK) and the Bank of Tanzania (BoT), trading as RezatoPay in Tanzania — collects, uses, stores, shares, and protects your personal data when you visit our website, use our services, or interact with us.

01Introduction

Rezato Money Remittance Limited is a licensed payment service provider authorised by the Central Bank of Kenya (CBK) for foreign exchange and international money transfer services, and by the Bank of Tanzania (BoT) for international money transfer and payment service provider operations, trading as RezatoPay in Tanzania.

This Privacy Policy is issued in compliance with:

02Data Controller

The data controller responsible for your personal data is:

Entity NameRezato Money Remittance Limited
Trading AsRezato (Kenya) / RezatoPay (Tanzania)
Registered OfficesKisumu, Kenya & Dar es Salaam, Tanzania
Emailcustomercare@rezatoafrica.com
Websiterezatoafrica.com

03Personal Data We Collect

3.1 Data You Provide Directly

When you submit a demo request, contact us, or engage our services, we may collect:

3.2 Data Collected Automatically

When you visit our website, we may automatically collect:

We minimise automatic data collection in line with the data minimisation principles of both the Kenya DPA (Section 25(d)) and the Tanzania PDPA (Section 5).

3.3 Data from Third Parties

We may receive personal data from:

04How We Use Your Personal Data

We process personal data only for explicit, specified, and legitimate purposes:

Processing ActivityPurposeLegal Basis
Demo form submissionsRespond to enquiries and schedule demosConsent (Kenya DPA s.30; Tanzania PDPA s.11)
Service deliveryFacilitate payment transactions and settlementPerformance of contract; Legal obligation
KYC/AML complianceVerify identity, screen against sanctionsLegal obligation (POCAMLA 2009; Tanzania AML Act 2006)
Transaction recordsMaintain records as required by CBK and BoTLegal obligation
Website analyticsUnderstand usage to improve servicesLegitimate interest
CommunicationSend service updates, respond to queriesConsent; Legitimate interest
SecurityDetect, prevent, and investigate fraudLegitimate interest; Legal obligation

05Cookies and Tracking Technologies

Our website uses minimal cookies. We do not use third-party advertising trackers.

Cookie TypePurposeDuration
EssentialWebsite functionality and securitySession
Analytics (if enabled)Anonymous usage statisticsUp to 12 months
PreferenceRemember your settingsSession

You can control cookies through your browser settings. Where analytics cookies are used, we will obtain your consent before setting them, in accordance with both the Kenya DPA and Tanzania PDPA.

06Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

Service Providers

Regulatory and Legal

Business Partners

07Cross-Border Data Transfers

Under Section 48 of the Kenya DPA, cross-border transfers require proof of adequate data protection safeguards or the data subject’s explicit consent. Under Sections 31–32 of the Tanzania PDPA, transfers outside Tanzania are restricted to countries with adequate data protection laws or where appropriate safeguards are in place.

Where data is transferred outside Kenya or Tanzania, we ensure:

Kenya local storage requirement: In accordance with Section 50 of the Kenya DPA, we maintain at least one serving copy of personal data on servers or data centres located in Kenya.

08Data Retention

We retain personal data only as long as necessary:

Data TypeRetention PeriodBasis
Demo form enquiries12 months from submissionLegitimate interest; consent
KYC/AML recordsMinimum 7 years after end of relationshipPOCAMLA 2009; Tanzania AML Act 2006
Transaction recordsMinimum 7 yearsCBK Regulations; BoT requirements
Website analytics12 monthsLegitimate interest
Contractual records7 years after terminationLimitation of Actions Act (Kenya)

Upon expiry of the retention period, personal data is securely deleted or anonymised.

09Your Rights

Under the Kenya DPA and the Tanzania PDPA, you have the following rights:

RightDescriptionReference
AccessRequest confirmation and a copy of your dataKenya DPA s.26(a); Tanzania PDPA s.38
RectificationRequest correction of inaccurate dataKenya DPA s.26(c); Tanzania PDPA s.39
ErasureRequest deletion, subject to legal retentionKenya DPA s.26(d); Tanzania PDPA s.40
RestrictionRequest restriction of processingKenya DPA s.26(e)
Data PortabilityReceive data in a structured formatKenya DPA s.26(f)
ObjectObject to processing or direct marketingKenya DPA s.26(g); Tanzania PDPA s.41
Withdraw ConsentWithdraw consent at any timeKenya DPA s.32; Tanzania PDPA s.12
Automated DecisionsNot be subject to solely automated decisionsKenya DPA s.35; Tanzania PDPA s.42

How to exercise your rights: Send your request to customercare@rezatoafrica.com. We will respond within 30 days. We may request identity verification.

Right to complain: Lodge a complaint with the Office of the Data Protection Commissioner (Kenya) at complaints@odpc.go.ke, or the Personal Data Protection Commission (Tanzania).

10Data Security

We implement appropriate technical and organisational measures including:

Breach notification: We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach, and notify affected data subjects without undue delay where the breach poses high risk to their rights and freedoms.

11Children’s Data

Our website and services are not directed at children under 18. We do not knowingly collect data from children. If we discover we have collected a child’s data without appropriate consent, we will delete it in accordance with Section 33 of the Kenya DPA and the Tanzania PDPA.

Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

13Changes to This Policy

We may update this policy to reflect changes in practices, legal requirements, or regulatory guidance. Material changes will be communicated via our website.

14Contact Us

Email

customercare@rezatoafrica.com

Website

rezatoafrica.com

Kenya Office

Kisumu, Kenya

Tanzania Office

Dar es Salaam, Tanzania

Phone

+254 114 706 914