OMIG Group Digital Channels Privacy Policy
This policy sets out:
Introduction
Thank you for choosing Old Mutual Investment Group. We, as a data controller, respect your privacy and we are committed to protecting your personal data and the sensitive personal data that you provide to us. This Privacy Policy describes how we collect, use, disclose, transfer, store or otherwise process your personal data and tells you about your privacy rights and how the law protects you regarding your use of Old Mutual Investment Group’s digital channels (Old Mutual Invest app and Old Mutual Investment Group Self Service Portal). This Policy applies to all the products and services provided by Old Mutual Investment Group, including applications, mini-programs, websites, SDK for third-party websites or applications, APIs and other forms that may be available in the future. For the full version of the Old Mutual Privacy Policy, please visit oldmutual.co.ke or contact us for a copy.
Personal data means any information relating to you as an identified or identifiable natural person. In order for us to provide the services you have requested from us; it is necessary that we collect and process personal data from you.
The Types of Personal Data That We Collect
In our digital channels, we may collect and process additional personal data from relevant to the financial product we have with you. The types of data collected in order to provide this service include:
- Device Data: Device name, type, IMEI number, IP address
- Content Data: User Photo
- Profile Data: Name, Nationality, Gender, Marital Status, Age, ID or Passport number, KRA PIN, Occupation
- Contact detail: Mobile/Telephone Number, Email address, Postal Address, Location
- Usage Data: Logins, information entries
- Marketing and Communications Data: Communication and Marketing Preferences
- Next of Kin and Beneficiaries Data:(please ensure that they know you are doing so and are content with their information being provided to us)
- Statutory Required Data: PEP, Income/Funds Source, Disability status, Tax Exemption certification
- Biometric Data: Fingerprint, Facial Features
We also collect, use and share aggregated data such as statistical or demographic data for any purpose ("Aggregated Data"). Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Mobile Application feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
How Do We Collect Your Personal Data?
For most part, we will collect personal data directly from you and this may include personal data you provide when you apply for our products or services, make enquiries, register for our products offered through mobile and online platforms, request marketing information to be sent to you, give us feedback or contact us.
In some instances, we may collect and receive your personal data from third parties or publicly available sources including the Government of Kenya’s e-citizen portal, Integrated Population Registration Services platform and other Government platforms; or publicly available sources such as the Companies Registry and the Business Registration Service.
We will collect and process the following personal data about you:
Information that you give us
This is information (including Identity, Contact, Biometric, and Marketing and Communications Data) that you consent to giving us about you by providing information by corresponding with us directly (for example, by email) or through our third-party commercial partners like Financial Advisers. It includes information that you provide when you register to use Old Mutual Investment Group digital channels (the Old Mutual Invest app and Old Mutual Investment Group Self Service Portal), subscribe to any of our Services, as defined below, or enter a competition, promotion or survey and when you report a problem about our Services. If you contact us, we will keep a record of that correspondence.
Information that we collect about you and your device
Each time you use the Old Mutual Investment Group digital channels (the Old Mutual Invest app and Old Mutual Investment Group Self Service Portal) we will automatically collect personal data including Device, Content and Usage Data. We collect this data using cookies and other similar technologies. Please see the section on cookies below for further details.
Information that we receive from your use of your device
We also collect personal data including Identity Data, Contact Data, Location Data, and Biometric Data through your use of the Mobile Application or browser to provide you with access to our investment digital channels. When your device syncs with our servers (including through background syncs on your Mobile Application), the forms of Data recorded on your device and transferred from your device to our servers are as follows:
• Device Data;
• Usage Data;
• Location Data;
• Biometric Data.
Biometric Data may include facial data captured through your device’s front-facing camera using Apple’s TrueDepth API. This may include depth information, facial geometry, and other biometric identifiers, and is collected only with your explicit consent when you use features requiring identity verification or authentication. This data is used solely to verify your identity, enhance account security, and prevent fraud.
Information that we receive from other sources including third parties and publicly available sources
We will receive personal data about you from various third parties and public sources as set out below:
(i) Device Data, from the following parties:
(a) Our Services through unique application numbers, when they are installed or updated;
(b) Analytics providers, including Google and Apple that have operations globally;
(c) Biometric verification data collected and processed on our behalf by trusted identity verification service providers.
(ii) Contact Data, from providers of technical and delivery services;
(iii) Identity and Contact Data, from data brokers or aggregators that may be based globally; and
(iv) Identity and Contact Data, from publicly available sources.
Where biometric verification is required, facial data captured via the TrueDepth API may be securely transmitted to and processed by our third-party identity verification provider for the sole purpose of confirming your identity and preventing fraud. Such providers act on our behalf and are contractually obligated to process personal data only in accordance with our instructions and applicable data protection laws.
Use, Sharing, Storage, and Retention of Biometric Data
Facial data collected through the TrueDepth API is used strictly for identity verification, authentication, and fraud prevention. We do not sell, rent, or use this data for marketing or any unrelated purposes.
This data may be processed on your device using secure system frameworks or securely transmitted to authorized third-party service providers for verification. In all cases, data is protected using appropriate technical and organizational measures, including encryption in transit and at rest, to safeguard against unauthorized access, disclosure, or misuse.
We retain biometric data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal and regulatory obligations. Retention periods may vary depending on applicable requirements and our arrangements with our verification service providers. Once the data is no longer required, it is securely deleted or irreversibly anonymized.
Cookies
We use cookies and/or other tracking technologies to distinguish you from other users of Old Mutual Investment Group digital channels to remember your preferences. This helps us to provide you with a good experience when you use Old Mutual Investment Group digital channels and allows us to improve them.
Old Mutual generally uses such automatically collected information and data to estimate the audience size of the social section, gauge the popularity of various parts of the social section, track your usage/ traffic patterns and the number of sign-ups to the Old Mutual's promotional activities and special events and administer the social section.
The social section' server software will also record the domain name server address and track the pages you visit and store such information in cookies, and gather and store information such as internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data in log file
How Do We Use Your Personal Data and What Legal Basis Do We Have For Processing Your Personal Data?
We use your personal data, including sensitive personal data in certain instances, for the following purposes:
- To consider your application for our financial products and services and for initiating your contract in relation to the financial products and services;
- to provide you with our group’s products and services;
- To meet our legal and regulatory obligations;
- To maintain consistent practices and procedures across the Company and the Company’s group and affiliates;
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences;
- To provide you with optimised marketing analytics and information about the group’s products and services that we consider may be of interest to you and/or your family;
In this regard, we rely on the following lawful basis for processing your personal data:
- Performance of contract: Including setting up and administering a contract for our financial products and services;
- Legal and regulatory obligations: Compliance with our legal and regulatory obligations such as KYC obligations under different statutes including the Proceeds of Crime and Anti-Money Laundering Act (No.9 of 2009) and the Tax Procedures Act (No. 29 of 2015);
- Consent: We will also rely on your consent as a lawful basis for processing your personal data in the instances where we (a) process personal data relating to a child; (b) process sensitive personal data outside Kenya; and (c) provide you with marketing information; and
- Legitimate interests: for our legitimate business interests, including product and service improvement, prevention and detection of fraud.
In the event that you fail to provide us with your personal data when requested, we may not be able to perform the contract we have or that we wish to enter into with you. In that case, we may have to cancel a product or service you have with us.
You have the right to withdraw your consent to our processing of your personal data at any time but please note, that your withdrawal will not affect the lawfulness of our processing of your personal data which was based on prior consent before your withdrawal or which is based on other legal basis for processing of your personal data. Please further note we may not be able to provide you with our products and services if you withdraw your consent.
Who Do We Share Your Personal Data With?
In connection with the above purposes, we may share your personal data with third parties located within and outside Kenya such as our affiliates, public authorities or governments when required by law, our third-party service providers who help us manage our products and services including those service providers who maintain our IT and office systems, provide marketing and advertising services, provide application processing, fraud monitoring, call center and/or other customer services. In that connection, we will take adequate steps to protect your personal data including entering into agreements with third party recipients of your personal data (as applicable) governing protection of personal data.
Automated Decision Making
We may employ automated decision-making processes to enhance service delivery and investment recommendations. This includes profiling your investment data to assess your preferences, risk tolerance, and potential needs for tailored investment strategies. Automated assessments may influence suggestions for fund allocations or investment products. Clients can request not to rely solely on automated processes; however, this may limit the personalized investment options available to them.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention and Storage of Your Personal Data
We will only retain your personal data for as long as may be necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting obligations.
Your Legal Rights
You have the right to:
- be informed of the use to which your personal data is to be put as we have endeavoured to outline in this Privacy Notice and our Privacy Policy;
- request access to your personal data that we hold about you;
- object to the processing of all or part of your personal data;
- human review for a decision made solely by automated processing if it negatively impacts you.
- data portability by asking us to provide your personal data to another entity in a machine readable format;
- request correction of inaccurate, false or misleading data that we hold about you; and
- request deletion of false or misleading data that we hold about you.
Changes to this Privacy Policy
Old Mutual reserves the right to update, revise, modify, or amend this Privacy Policy at any time it deems necessary. This version was last updated on 14th April 2026. It may change and if it does, these changes will be posted on this page and where appropriate, notified to you by email OR when you next start Old Mutual Invest Mobile Application or log into the Old Mutual Self Service portal. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of Old Mutual digital channels.
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
Third Party Links
Old Mutual Investment Group may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that the Company does not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.
Contacting Us
If you have any concerns about the use of your personal data, questions about this Privacy Notice or our Privacy Policy including any requests to exercise your legal rights under the law, please contact us using the details set out below:
Email address: clientservice@oldmutual.co.ke
Postal address: P.O. Box 43013-00100, Nairobi
Physical address: Old Mutual Tower, Upperhill Road
Telephone number: +254 0711 065 100
We will respond to your questions or concerns in a timely manner and in compliance with the relevant laws.