Privacy Policy

1. Introduction

Richmond Finance Limited ("Richmond Finance", "we", "us", or "our") is a Zambian private company limited by shares, with its registered head office at 4th Floor Telecom House, Rhodes Park, Lusaka, Zambia. We are committed to protecting the privacy and security of your personal data in compliance with the Data Protection Act No. 3 of 2021 of the Republic of Zambia (the "DPA") and the Electronic Communications and Transactions Act No. 4 of 2021.

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal data when you use our website, client portal, and related services (collectively, the "Services"). It also explains your rights as a data subject under Zambian law.

2. Data Controller

Richmond Finance Limited is the data controller responsible for the processing of your personal data. For any enquiries regarding data protection, you may contact us at:

3. Personal Data We Collect

We collect and process the following categories of personal data, depending on the nature of your engagement with us:

3.1 Identity and Contact Information

Full name, date of birth, National Registration Card (NRC) number, gender, marital status, residential and postal address, telephone number, email address, and next-of-kin details.

3.2 Financial Information

Employment details, employer name, monthly income, bank account details, Taxpayer Identification Number (TPIN), NAPSA number, NHIMA number, existing loan obligations, and credit history.

3.3 Property Information

For clients applying for property-backed loans: property description, title deed number, property location (province, district, stand number), property valuation, and details of any existing encumbrances.

3.4 Technical and Usage Data

IP address, browser type and version, device information, pages visited, time and date of access, referring website, and other diagnostic data collected through cookies and similar technologies when you use our website and portal.

3.5 Communication Records

Records of correspondence and communications between you and Richmond Finance, including emails, telephone calls, and messages submitted through our contact forms.

4. How We Use Your Personal Data

We process your personal data for the following purposes:

• Loan Processing: To assess loan applications, conduct credit checks and due diligence, prepare loan agreements and security documents, and manage loan disbursement and repayment.
• Insurance Brokerage: To arrange insurance policies on your behalf, process claims, and communicate with underwriters.
• Advisory Services: To provide business advisory, company formation, and regulatory guidance services.
• Account Management: To create and manage your client portal account, provide account statements, and facilitate online transactions.
• Communication: To respond to your enquiries, send service-related notifications, and provide updates on your accounts and applications.
• Regulatory Compliance: To comply with applicable laws and regulations, including anti-money laundering (AML) and know-your-customer (KYC) requirements under the Banking and Financial Services Act.
• Internal Operations: To improve our Services, conduct internal audits, manage risk, and maintain the security of our systems.

5. Legal Basis for Processing

In accordance with the DPA, we process your personal data on the following lawful bases:

• Consent: Where you have given explicit consent for us to process your data for a specific purpose, such as receiving marketing communications.
• Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party, such as a Loan Agreement or insurance arrangement.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which Richmond Finance is subject, including regulatory reporting to the Bank of Zambia, Zambia Revenue Authority (ZRA), and other authorities.
• Legitimate Interest: Where processing is necessary for our legitimate interests, such as fraud prevention, risk management, and improving our Services, provided that such interests are not overridden by your rights and freedoms.

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

• Employers: For payroll-based loans, we may share relevant information with your employer to facilitate salary deductions in accordance with your loan agreement.
• Insurance Underwriters: To arrange and administer insurance policies on your behalf.
• Regulatory Authorities: As required by law, including the Bank of Zambia, ZRA, NAPSA, NHIMA, and the Data Protection Commissioner.
• Legal and Professional Advisors: Lawyers, auditors, and other professional advisors engaged by Richmond Finance.
• Service Providers: Third-party technology providers who assist in operating our Services, subject to appropriate data processing agreements.
• Credit Reference Bureaus: To conduct credit checks and report on loan performance, where permitted by law.

We do not sell your personal data to third parties. Any data sharing is conducted in accordance with the DPA and subject to appropriate safeguards.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. In accordance with the DPA, personal data shall be retained for a minimum of one (1) year beyond the need for processing.

For loan-related records, we retain data for the duration of the loan and for a minimum of seven (7) years following full repayment or settlement, in compliance with the Banking and Financial Services Act and tax regulations. Insurance records are retained for the policy term plus seven (7) years.

When personal data is no longer required, it will be securely deleted or anonymised in accordance with our data retention and disposal procedures.

8. Data Security

Richmond Finance implements appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest;
• Secure access controls and authentication mechanisms for our systems and portal;
• Regular security assessments and monitoring;
• Staff training on data protection and information security;
• Physical security measures at our offices and data storage facilities.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable standards.

9. Your Rights as a Data Subject

Under the Data Protection Act, 2021, you have the following rights in relation to your personal data:

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commissioner of Zambia.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and understand how our Services are used. Cookies are small text files stored on your device when you visit our website.

We use the following types of cookies:

• Essential Cookies: Required for the operation of our website and portal, including authentication and session management. These cannot be disabled.
• Analytics Cookies: Used to collect information about how visitors use our website, such as pages visited and time spent. This data is aggregated and anonymised.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.

11. Cross-Border Data Transfers

In certain circumstances, your personal data may be transferred to and processed in countries outside the Republic of Zambia, for example where our technology service providers operate internationally. Any such transfer will be conducted in compliance with the DPA and subject to appropriate safeguards, including ensuring that the receiving country provides an adequate level of data protection or that suitable contractual protections are in place.

12. Children's Data

Our Services are not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such data promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy periodically. Where significant changes are made, we will endeavour to notify you by email or through a prominent notice on our website.

14. Complaints

If you believe that your personal data has been processed in a manner that is inconsistent with this Privacy Policy or the DPA, you have the right to lodge a complaint with:

We encourage you to contact us first at [email protected] so that we may address your concerns directly.

15. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact: