TRA SACCOS we are a licensed microfinance institution registered under the Cooperative Societies Act No. 6 of 2013 of Tanzania. This Privacy Policy outlines how we collect, use, store, protect, and share customers’ personal information in compliance with:

The Tanzania Data Protection Act, 2022
The Cooperative Societies Act and Regulations
Bank of Tanzania's Microfinance Regulations
Financial Intelligence Act (Anti-Money Laundering requirements)
Other applicable Tanzanian laws

This policy applies to all members, loan applicants, guarantors, website visitors, mobile app users, and any individuals whose data we process in the course of our microfinance operations.

2. INFORMATION WE COLLECT

2.1 Membership Application Information

Full name, date of birth, gender
National Identification Number (NIDA), passport, or voter's ID
TRA employee number and department
Contact information (physical address, email, phone numbers)
Next of kin details
Employment and income information
Photograph and signature specimen

2.2 Financial Information

Bank account details
Salary/payroll information
Credit history and references
Loan application details (purpose, amount, duration)
Collateral information (title deeds, log books, etc.)
Transaction history (savings, loans, repayments)
Guarantor information

2.3 Operational Information

Biometric data (if collected for authentication)
Mobile banking and USSD transaction logs
Website and mobile app usage data
CCTV footage at our offices
Communication records (emails, SMS, call logs)
Credit reference bureau reports

2.4 Sensitive Personal Data

We may process special categories of data only when:

Required by law (AML/KYC regulations)
Necessary for loan assessment
With your explicit consent
For substantial public interest

3. PURPOSES OF DATA PROCESSING

We process your personal data for legitimate microfinance purposes:

3.1 Membership Management

Member registration and verification
Account maintenance and servicing
Dividend calculation and distribution
Meeting statutory reporting to cooperative authorities

3.2 Credit Operations

Loan application assessment and scoring
Credit risk evaluation
Guarantor verification
Loan disbursement and collection
Default management and recovery

3.3 Regulatory Compliance

Know Your Customer (KYC) requirements
Anti-Money Laundering (AML) monitoring
Reporting to Bank of Tanzania
Compliance with TRA requirements for staff members
Tax reporting as required by law

3.4 Service Improvement

Developing new financial products
Training and improving credit scoring models
Fraud prevention and detection
System security enhancement

3.5 Communication

Account statements and notices
Loan repayment reminders
New product information
Annual general meeting notices
Debt collection communications

4. LEGAL BASIS FOR PROCESSING

Under Tanzania Data Protection Act, we process your data based on:

Contractual necessity: To provide microfinance services
Legal obligation: Compliance with financial regulations
Legitimate interests: Credit risk management, fraud prevention
Consent: For marketing communications and specific processing activities
Public interest: As a financial service provider

5. DATA SHARING AND DISCLOSURE

5.1 Mandatory Sharing

We may share your information with:

Bank of Tanzania (regulatory reporting)
Tanzania Revenue Authority (for member verification and tax compliance)
Credit Reference Bureaus (as required by BOT regulations)
Financial Intelligence Unit (for AML reporting)
Cooperative Auditing and Supervision Department
Law enforcement agencies (with proper legal request)

5.2 Operational Sharing

Service Providers: IT vendors, SMS gateway providers, auditors
Payment Processors: Banks, mobile money providers (Airtel Money, M-Pesa, Tigo Pesa)
Legal and Recovery Agents: In case of default (with proper notice)
Guarantors: Limited information about loan status

5.3 Cross-border Transfers

We primarily store data within Tanzania. Any international transfer will comply with Tanzania Data Protection Act requirements and ensure adequate protection.

6. DATA SECURITY MEASURES

TRA SACCOS implements appropriate technical and organizational measures:

6.1 Physical Security

Secure premises with access control
Locked filing cabinets for physical records
CCTV surveillance at offices

6.2 Technical Security

Encryption of sensitive data in transit
Secure login with multi-factor authentication
Regular security updates and patches
Firewalls and intrusion detection systems
Secure mobile banking platform

6.3 Administrative Controls

Employee training on data protection
Need-to-know access principle
Confidentiality agreements for all staff
Regular security audits and assessments
Incident response plan

7. DATA RETENTION

We retain personal data as required by Tanzanian financial regulations:

Member records: 10 years after membership termination
Loan files: 10 years after loan closure
Transaction records: 10 years as per financial regulations
KYC documents: Duration of membership plus 10 years
Credit reports: As per credit reference bureau guidelines

After retention periods expire, we securely dispose of records through shredding (physical) or secure deletion (digital).

8. YOUR RIGHTS AS A DATA SUBJECT

Under Tanzania Data Protection Act, you have the right to:

Access: Request copies of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion where legally permissible
Restriction: Request restriction of processing
Portability: Request data transfer where feasible
Objection: Object to certain processing activities
Consent Withdrawal: Withdraw consent at any time
Lodge Complaints: With the Data Protection Commission

To exercise these rights, contact:
Data Protection Officer
TRA SACCOS LTD
Email: 📧 info@trasaccos.co.tz
Phone: 📞Toll Free Number: 0800714111 💬WhatsApp: 0743600075
Hours: Monday-Friday, 8:00 AM - 4:00 PM

We will respond within 30 days as required by law.

9. MOBILE AND DIGITAL SERVICES

9.1 Mobile Banking/USSD

We collect mobile number, device information, and transaction logs
USSD sessions are encrypted
PIN/password protection required

9.2 Website and Cookies

Our website uses necessary cookies for functionality
We collect IP addresses for security monitoring
You can control cookies through browser settings

9.3 Third-Party Platforms

We are not responsible for privacy practices of linked sites
Mobile money providers have their own privacy policies

10. SPECIAL PROVISIONS

10.1 Guarantors

We collect guarantor information only with their consent and share only necessary loan status information.

10.2 Defaulting Members

We may share limited information with credit reference bureaus and recovery agents as permitted by law.

10.3 Deceased Members

We process estate information with proper legal documentation from next of kin.

11. CHILDREN'S DATA

We do not intentionally collect data from individuals under 18, except as dependents of members for beneficiary purposes, with parental consent.

12. POLICY UPDATES

We review this policy annually or as regulations change. Updates will be:

Posted on our website and notice boards
Communicated via email/SMS to members
Available at all TRA SACCOS offices

13. COMPLAINTS AND CONTACTS

Primary Contact:

Data Protection Officer
TRA SACCOS
Email: dpo@trasaccos.co.tz
Phone: [Office Number]

Alternative Contact:

Manager
TRA SACCOS
Email: info@trasaccos.co.tz

Regulatory Authority:

Data Protection Commission
Tanzania
Website: www.dataprotection.go.tz

ANNEX 1: CONSENT FORMS SUMMARY

We obtain explicit written consent for:

Credit reference bureau checks
Sharing information with guarantors
Marketing communications
Biometric data collection (if applicable)
Special category data processing

ANNEX 2: DATA PROTECTION OFFICER RESPONSIBILITIES

Our DPO is responsible for:

Monitoring compliance with data protection laws
Training staff on privacy matters
Handling data subject requests
Conducting privacy impact assessments
Liaising with regulatory authorities

Acknowledgment:

I, _________________________, Member Number __________, have read and understood the TRA SACCOS Data Privacy Policy.

Signature: _________________________
Date: _________________________

[For office use only:
Received by: _________________________
Employee ID: _________________________
Date: _________________________]

IMPLEMENTATION CHECKLIST FOR TRA SACCOS:

Immediate Actions:
- Appoint Data Protection Officer
- Register with Data Protection Commission
- Train all staff on this policy
- Update membership forms with consent clauses
- Secure all physical and digital records
Operational Integration:
- Include privacy notice in loan application process
- Implement secure data disposal procedures
- Create data subject request handling procedure
- Establish breach response protocol
- Document all data sharing agreements
Member Communication:
- Display policy in all offices
- Publish on website and mobile app
- Conduct member awareness sessions
- Include in new member orientation
- Translate to Kiswahili for accessibility
Regulatory Compliance:
- Align with Bank of Tanzania guidelines
- Coordinate with TRA's data protection measures
- Maintain records of processing activities
- Conduct regular compliance audits
- Update policy as laws evolve

Note: This policy shall be reviewed by TRA SACCOS's legal counsel to ensure full compliance with all Tanzanian financial regulations and the specific requirements of operating within the Tanzania Revenue Authority ecosystem.

Back to Home