Table of Contents

M-TIBA Privacy Policy

Date: October 2023

1. INTRODUCTION

Carepay Limited and its affiliates and representatives from time to time (together, and each of them as the context may require “CarePay”, the “CarePay Group”, “we” or “us”) have the mission to give everyone the power to care by enabling mobile access to healthcare through the M-TIBA Platform (accessible online, via USSD, and via connected providers of healthcare services) and by providing related services, including the distribution of  healthcare programs through various channels (such as the M-TIBA Marketplace and our agents and partners), in cooperation with medical insurance companies and other payers of healthcare, together the “Services”, to individuals, businesses and any other user of our Services (“Users” or “you”).  

This privacy policy is intended for individuals using our Services and provides information about the processing of personal data in connection with our Services. Additional information on the use of our Services is provided in our Terms of Service. Defined terms used in this statement have the same meaning as in the Terms of Service.  

Please refer to the relevant section(s) of this privacy policy to get the information applicable to the Services you are using – see the table of contents. By using our Services, you acknowledge and agree to have read, understood and accepted this statement. If you share personal data of other people with us, it is your responsibility to inform and share this statement with them. 

This statement does not cover the processing of your personal data by Payers, Providers or our other partners. For more information regarding data processing by our partners, please consult the privacy policies of the relevant partner. 

2. WHAT IS PERSONAL DATA?

Personal data is any information that can be traced back to an individual User who is a natural person. Examples include your name, address, fingerprint (where biometric identification is used at a Provider), medical information (which is considered sensitive data and is processed with extra care) national identification number, telephone number, location data, membership or policy number. This personal data may relate to you or anyone who can access healthcare via your Healthcare Program, including your spouse, child(ren) or any other so-called dependent under the program. To safeguard personal data, it may be pseudonymized or anonymized. Pseudonymized means that personally identifiable information fields are replaced with one or more artificial identifiers (or pseudonyms). Anonymization means that personally identifiable information is removed. 

3. CAREPAY’S COMMITMENT

We recognize that processing personal data comes with responsibilities on privacy, confidentiality, access and transparency, which we take seriously. CarePay endeavours to process your personal data carefully, securely, and confidentially. It is important to us that you have confidence in our organization regarding the processing of your personal data. 

CarePay endorses the Kenya Data Protection Act (KDPA) and further observes the principles of the European General Data Protection Regulation (GDPR) and other applicable data protection laws (together the “Data Protection Laws”) throughout the CarePay Group. We design our Services to be compliant with the Data Protection Laws by ensuring that we process personal data with a legal basis and in accordance with the purpose for processing, while respecting your right to privacy. CarePay enters into data processing agreements to govern its activities when processing personal data and to ensure that any (sub)processors it engages undertake their assignments in compliance with the Data Protection Laws. 

4. HOW DO WE PROTECT YOUR DATA?

Your personal data will be treated confidentially and will only be processed for the purpose of providing and improving our Services. We use industry standard technical and organizational measures to secure the information we store. We take the following measures to limit the impact of our data processing on your privacy: 

  • Where it is not important for us to know exactly who the User is, we process user data in anonymized or pseudonymized form. 
  • We store anonymised data in a data vault for historical records on use of our Services and at times to conduct analytical reviews and to enhance the Platform and impact of our Services.  
  • All CarePay entities are bound by a data protection policy and a data processing agreement with provisions safeguarding data privacy in line with Data Protection Laws. 
  • We use (sub)processors who have privacy/security policies and offer a data processing agreement with provisions safeguarding data privacy in line with Data Protection Laws. 
  • The (sub)processors may only process your personal data to support us in providing and improving our Services. 

While we implement safeguards designed to protect your information, no security system is impenetrable due to the inherent nature of the internet, we cannot guarantee that information, during transmission or while stored on our systems or otherwise in our care, is totally safe from intrusion by others. To mitigate the risk of intrusion, we encourage Users to take responsibility for securing storage and access to their information by not sharing their login credentials or other details with third parties and using private network services to access the Services.  

Please notify us should you have reason to believe that your account has been accessed by intruders or your privacy has been breached. We have systems in place to mitigate any further risks and enable you to have access to your account. 

 

The data is processed for up to seven (7) years or where applicable as agreed with the Payer to provide Services to you and/or the Payer in connection with the Healthcare Program or as long as necessary for legal compliance. You can contact us for specific further information.

5. M-TIBA’S PRODUCTS AND SERVICES

A. Websites
 

The M-TIBA website and CarePay website provides information on the Services offered by us and further information on access and utilization of such Services and provides a chat function that can be used to inquire about our Services or seek support on a User account. The website also lists available job vacancies and provides for the application processes.  

 I. CarePay role, the data we process and why?  

 

With respect to the website, CarePay is the controller of the personal data provided by a User. We process your personal data to enable and enhance your use of our website and to know whether our website can be visited properly, which pages are visited, and what errors occur. This way, we can provide website visitors with a seamless experience, update the website where necessary and expedite solving technical errors, while limiting the impact on your privacy. 

 II. What is the legal basis for processing personal data? 

 

The legal basis to process your personal data on the website is the legitimate interest of CarePay to run and improve its website.  

 III. Which parties process personal data for us? 

 

To process the pseudonymised data giving insights on how you use our websites, we use Google Analytics. CarePay may use other third-party tools to assist with the collection of information from users of our websites and for purposes of recruitment via our websites. The privacy policy applicable to each of these tools can be found on their respective websites.   

 IV. Use of cookies:  

 

On the M-Tiba website we use:

  • Necessary cookies: These cookies enable us to maintain our website and ensure you can effectively use website functionality. We therefore do not allow you to opt out of these cookies as that would affect the usability of our website.
  • Analytical cookies: These cookies help us track how visitors use our website and to  analyze the performance of our website. We collect data on the number of visitors, their source, the pages they visit, and to carry our usage analytics. We use google analytics to process this data in anonymized form to minimize the impact on your privacy and retain the data only for as long as is necessary. You can review and manage your cookie preferences by using the manage cookies option on the cookie banner provided on the website.

Once you turn off certain cookies, we cannot guarantee that your experience will be as good as it could be since that can affect some of features available on our website.

 V. Where are personal data processed and for how long? 

 

We host carepay.com on WebFlow and mtiba.com on Inmotion Hosting, which are both located in the United States of America. Google Analytics processes data on their servers in various locations, including the United States of America. In each case, all processing is only done for as long as necessary for the purpose of running and improving our website, or for legal compliance.    

B. Payer Healthcare Program  
 

We offer the M-TIBA Platform and related Services to Payers and their Provider networks. Payers use the Platform for digital administration of their Healthcare Programs. If you are on a Payer Healthcare Program made available to you under such Payer’s brand, this section 5.B applies to you. In this setting, the Payer and the available Providers interact with us and our Platform when registering you for our Service, enabling your requests for healthcare services, submitting and adjudicating claims and for payment processing. You may interact with us and our Platform (through USSD or our other applications) to access healthcare services and to check your benefits and other details of the Healthcare Program. 

I. What is the role of CarePay?  

 

In this setting, CarePay acts as a data processor on behalf of the Payer. The Payer is the controller of your data, and you should refer to their privacy statement and contact them for further information on how they process the data and for any questions in connection with the processing of your data, unless the Payer has appointed CarePay to perform customer service on their behalf.   

 II. Which data are processed and why?  

 
  • The following personal data may be processed by CarePay for the following purposes as necessary to provide the Services:
    • Registration and account data: To create an M-TIBA Account we obtain from the Payer your data, and where applicable your dependents data. This includes your name, date of birth, gender, mobile number, e-mail address, system identification numbers, national ID or passport, policy membership number, photo, staff identification number and Employer where applicable, location, address and tax identification number. In addition to creating your M-TIBA Account, this data ensures CAREPAY has sufficient information to provide the Services to entitled users only and to fulfil its KYC (know your customer) responsibilities.  This data will be retained by us for as long as your account is active and thereafter as agreed with the Payer. 
    • Biometrics: If required by the Payer, we will also collect your biometrics (fingerprint) for identification and fraud prevention purposes. The fingerprint will be collected by the healthcare provider during your first visit. For subsequent visits you will have to identify yourself using your fingerprint. This data will be retained while your policy is active and for a reasonable duration thereafter in case you decide to re-activate the Services. 
    • Treatment and health data: To enable you to access healthcare services via the M-TIBA Platform, CarePay needs to process your claim identification and invoice number as well as treatment data which includes items billed, symptoms, diagnoses, medical notes, medical history and other medical reports submitted by healthcare providers through the Platform. For the same purpose, CarePay processes the Providers you visit and the funds or benefits available in your account. This data will be retained while your policy is active and thereafter as agreed with the Payer. 

 III. What is the legal basis for processing personal data? 

 

As the processor, we process personal data because it is necessary to perform the contracts you have with the Payer and we have with you and the Payer, to enable your access to our Service and healthcare services. This is the legal basis to process your personal data.  

 IV. For how long are personal data processed? 

 

The data are processed for as long as we provide Services to you and the Payer in connection with the Healthcare Program and for a reasonable duration thereafter as instructed by the Payer, or as long as necessary for legal compliance.  

C. M-TIBA Healthcare Programs 

 

The M-TIBA Platform and our Services are also used for Healthcare Programs under one of CarePay’s brands, like M-TIBA. This may be done in cooperation with Payers and/or other partners. Healthcare Programs of Payers may be embedded in products of our other partners. If you are on a Healthcare Program branded with one of CarePay’s brands, this section 5.C applies to you. In this setting, our Platform and Services may be used to register you for the Platform and the Healthcare Program, enable your requests for healthcare services, submitting and adjudicating claims and for payment processing. You may interact with us and our Platform (through USSD or our other applications) to access healthcare services and to check your benefits and other details of the Healthcare Program. 

 I. What is the role of CarePay?  

 In this setting, CarePay is a controller (together with any relevant Payer and/or other partner) of the data processed by CarePay in connection with the Healthcare Programs. You can contact us for any questions on our data processing. For information and questions on how our partners process your data, please refer to their privacy statement and contact them. 

 II. Which data are processed and why?

 The following personal data may be processed by CarePay for the following purposes as necessary to provide the Services:  

  • Registration and account data: To create an M-TIBA Account and where applicable your dependents data we may process Your name, date of birth, gender, mobile number, e-mail address, national ID, birth certificate or passport and tax identification number. In addition to creating your M-TIBA Account, this data ensures CAREPAY has sufficient information to provide the Services to entitled users only and to fulfil its KYC (know your customer) responsibilities.
  • Biometrics: Where required by the Payer, we may also collect your biometrics (fingerprint) for identification and fraud prevention purposes. The fingerprint will be collected by the Provider during your first visit. For subsequent visits you will have to identify yourself using your fingerprint. 
  • Treatment and health data: To enable you to access healthcare services via the M-TIBA Platform, CarePay needs to process your treatment data which includes items billed, diagnoses, medical notes, medical history and other medical reports submitted by Providers through the Platform. For the same purpose, CarePay processes the Providers you visit and the funds or benefits available in your account. 
  • Marketing: CarePay may use your email address and phone number to share any new product information and to get your customer experience. You can opt out of such use at any time.  

 III. What is the legal basis for processing personal data. 

 As the controller, we process personal data because it is necessary to perform the contracts, we have with you and, if applicable, the contracts between the Payer, you and/or us, to enable your access to our Service and healthcare services. This is the legal basis to process your personal data. 

IV. For how long are personal data processed? 

The data is processed for up to seven (7) years, or as agreed with the Payer to provide Services to you and/or the Payer in connection with the Healthcare Program, or as long as necessary for legal compliance. 

D. Distribution of Healthcare Programs

 

CarePay distributes Healthcare Programs, whether branded by one of our partner Payers or under a CarePay brand. This means you can acquire cover under such Healthcare Programs via our M-TIBA Marketplace or our agents and partners. You may also acquire a product from one of our partners with an embedded Healthcare Program distributed by CarePay. When you acquire a Healthcare Program via CarePay, the entity distributing the program is M-TIBA Agencies (a trade name of CSL Services Ltd., which is a subsidiary of CarePay Ltd. and licensed by the Insurance Regulatory Authority).  

 I. What is CarePay’s role?  

 M-TIBA Agencies (as well as the relevant Payer) controls the KYC (know-your-customer) data and contact information is processed as needed to distribute the Healthcare Programs and to stay in touch with you on the program. The Healthcare Program data is controlled by the Payer and other relevant partners. For information and questions on how our partners process your data, please refer to their privacy statement and contact them. 

 II. Which data are processed and why?  

  • The following personal data may be processed by CarePay for the following purposes as necessary to provide the Services: 
    • KYC and contact information: KYC information may include your name, date of birth, gender, mobile number, email address, employer where applicable, national ID, birth certificate or passport and tax identification number. You may also be required to create an M-TIBA Account in which we store this information, and you can view and (request us to) change and/or delete this information. 
    • Program information: To facilitate your purchase of a Healthcare Program, we also process which product you purchase, which limit applies and how many dependents you cover (if any). If you share your dependents’ personal data with us as a result of purchase of a Healthcare Program, this statement will also apply to them. 
    • Payment information: any insurance premium or other payable amounts; payment recipient and payer account details; bank and/or mobile money.  
    • Marketing: CarePay may use your email address and phone number to share any new product information and to get your customer experience. You can opt out of such use at any time. 

  III. What is the legal basis for processing personal data? 

 We process these personal data to deliver our Services in accordance with the contracts we have with you and our partners.  

 IV. For how long are personal data processed?

 The data is processed for up to seven (7) years or where applicable as agreed with the Payer to provide Services to you and/or the Payer in connection with the Healthcare Program or as long as necessary for legal compliance. You can contact us for specific further information. 

E. Third-Party Administration of Healthcare Programs

 

For certain Healthcare Programs, CarePay takes care of the adjudication (approval or rejection) of claims made by Providers and of the settlement (payment) of the Provider claims. These are so-called third-party administration (TPA) services. You contact us or the relevant Payer to know whether we perform such services for your Healthcare Program.  

 I. What is the role of CarePay?  

 For TPA services for Payer branded Healthcare Programs, we are a processor of the personal data processed by us on behalf of the relevant Payer. For TPA services for CarePay branded Healthcare Programs, we are a controller of the personal data processed by us together with the relevant Payer. For information and questions on how the Payer processes your data, please refer to their privacy statement and contact them. 

 II. Which data are processed and why? 

 The following personal data may be processed by CarePay for the following purposes as necessary to provide the Services: 

  • KYC and contact information: KYC information may include your name, date of birth, gender, mobile number, email address, Employer & staff identity number where applicable, national ID, Birth certificate or passport, platform identification number and tax identification number. You may also be required to create an M-TIBA Account in which we store this information, and you can view and (request us to) change and/or delete this information. 
  • Program information: To facilitate your utilisation of a healthcare service, we also process which product you have enrolled for, which limit applies and how many dependents you cover (if any). If you share your dependents’ personal data with us as a result of purchase of a Healthcare Program, this statement will also apply to them. 
  • Financial data: any insurance premium or other payable amounts, payment recipient and payer account details; bank and/or mobile money. We also process provider visited, service charges and medical history to assess treatment appropriateness. 
  • Medical information: any individually identifiable information, in electronic or physical form, regarding the individual’s medical history or medical treatment, status or diagnosis by a health care professional 

 III. What is the legal basis for processing personal data? 

 The data are processed to perform the contract you have with the relevant Payer and/or us in connection with the relevant Healthcare Program. 

 IV. For how long are personal data processed? 

 For Payer branded Healthcare Programs, the data processed on behalf of the Payer is processed for as long as we provide Services to you and the Payer in connection with the Healthcare Program, or as long as necessary for legal compliance.  

For CarePay branded Healthcare Programs, the data is processed for up to seven (7) years or as agreed with the Payer to provide Services to you and the Payer in connection with the Healthcare Program, or as long as necessary for legal compliance. You can contact us for specific further information. 

F. Loans and Payments

 

As part of our Services, we may facilitate the provision of loans to Users (including individuals and Providers). We may further play a role in payments made to Providers (in connection with Provider loans), other Users or other partners. 

I. What is the role of CarePay?  

CarePay is the controller of the data, together with the relevant lender and/or other financial services provider we partner with. For information and questions on how our partners process your data, please refer to their privacy statement and contact them. 

II. Which data are processed why? 

The following personal data may be processed by CarePay for the following purposes as necessary to provide the Services: 

  • KYC data: Full name, National identification number, mobile phone number, address and email address.   
  • Financial and payment data: Policy details, payment amount; bank account or mobile money details. 

III.What is the legal basis for processing personal data? 

We process these personal data to deliver our Services in accordance with the contract we have with you and our partners. 

IV. For how long are personal data processed? 

The data is processed for up to seven (7) years or as agreed with the relevant business partner to provide Services to you and/or the business partner in connection with the loans and payments, or as long as necessary for legal compliance. You can contact us for specific further information. 

 

G. General Platform and Operational Processing

 

When you use our Services, we may offer you additional related services or contact you for customer satisfaction or other surveys. When you use our Platform, we monitor your use of the Platform. When this processing so requires, we will obtain your consent. Where this processing is not necessary to provide our Services, you may elect to opt out of such processing – see more information on your rights in section 7 below. 

I. What is the role of CarePay?  

CarePay as the operator of the M-TIBA Platform processes personal data to improve, avail and enhance your use, and for the support, of the Platform.   

II.Which data are processed why? 

The following personal data may further be processed for CarePay’s own following purposes: 

  • Platform access & Support: To allow you to access the platform we process your username (e-mail address or phone number), platform identification number and password. We also process your username when you make a request on the platform, for example to download or save information.  
  • Platform monitoring: To know whether our platform can be visited properly and to locate and address root causes of errors, we process user actions (using cookies), IP address, location information and device details, in each case in pseudonymised form. This way we can provide our users a seamless experience, update the platform functionalities where necessary and expedite solving technical errors, while limiting the impact on your privacy. 
  • Marketing & Surveys: To keep you informed about our services we may process your name, address including your email address and your telephone number. You may opt out of being contacted at any time. 
  • Other information: when you contact us through phone calls, the call may be recorded for quality assurance and to assist with training purposes. When necessary, we may ask for additional consent for certain processing activities such as conducting surveys on your user experience. 

 

III. Use of cookies 

On the M-TIBA Platform We use cookies, web beacons and other technologies to improve and customize our Platform and your experience and to allow you to access and use the Platform.  

On our platform we use:  

  • Necessary cookies: These cookies enable us to address platform efficiency and features like automatic filled text boxes, allowing access without re-entering your username or password, live web chat and platform security parameters like a single sign-on (SSO). We therefore do not allow you to opt out as that would affect the platform usability for you. These cookies remain on your device for up to 365 days from last use.  
  • Analytical cookies: These cookies are used to improve platform usage and performance. We use Heap analytics, Google analytics and Datadog to track the user journey to help us improve it and to offer you a better user experience. You can review and update your cookie preference by clicking on Manage Cookies.   

What is the legal basis for processing personal data? 

The legal basis to process the data is the legitimate interest of CarePay to run and improve our Platform and Services and your user experience. 

IV. For how long are personal data processed? 

 The data is processed for up to seven (7) years or as necessary to provide services to you and the Partners, or as long as necessary for legal compliance. You can contact us for specific further information. 

  • Utilization of the Services: if you deactivate or disable your account with us, some of your information such as how you utilized the Services may still be retained and shared with the Payer for the duration of the benefit package you had opted into. Where our Services are made available to you through an organization, we retain your information as long as required by the administrator of the account and this information will strictly be handled according to the agreement, we have entered into with the organization whose terms should be provided to you by the organization. 
  • Marketing information: where you have subscribed to or opted into receiving marketing content from us through email, SMS, USSD or other means, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services. Please note that you can unsubscribe or opt out of receiving marketing materials at any point. 

 

V. Which parties process personal data for us? 

CarePay engages various third-party processors for the processing of personal data on the web-portals, USSD service and online applications of our platform. This includes AWS (Amazon Web Services) as host of our Platform on their cloud servers, meaning AWS processes the Platform (personal) data. The Platform may also contain third-party tools to enable certain functionalities, and we may apply tools to develop, operate, support and monitor our platform as well as solve technical errors. This way we can provide our users a seamless user experience, update the platform functionalities where necessary and expedite solving technical errors. The third parties operating these tools may have access to the data processed by the tools. As the platform is under development, these parties may change from time to time, and you can contact us for an up-to-date overview and further information. 

 

6. WHERE ARE PLATFORM DATA PROCESSED?

CarePay hosts the Platform on AWS cloud servers as much as possible in the country where users are located. Where that is not possible, the Platform is hosted in the European Union. Similarly, we aim to have our third-party processors process data in the country where our users are based or in the European Union. Where that is not possible, these third-party tools may process data in other locations, subject always to putting measures in place safeguarding data privacy (such as contractual clauses). In order to support all our business partners effectively, data may also be processed in CarePay’s offices from which Platform support services are provided. As the platform is under development, the processing locations may change from time to time, and you can contact us for an up-to-date overview and further information. 

7. WHO DO WE SHARE DATA WITH?

Where we deliver our Service to you in cooperation with a partner, we may share data with the partner. CarePay also engages various third-party processors to support its business. Our Platform is supported by various IT tools and service providers as set out in section 5A-5F. above. We may further develop, and share insights based on anonymized (non-personal) data with our partners. 

Please note that CarePay or its partners may at times be obliged under laws and regulations to share data with regulators or other public authorities. 

8. WHAT RIGHTS DO YOU HAVE?

CarePay considers it important that you can properly exercise your rights under Data Protection Laws. Where we are the controller of the data, you can do so by contacting us. Where a Payer or other partner is the controller of the data (for example where the Services are delivered via another organization such as your employer), please contact them to assist with your request (unless CarePay was appointed to provide customer service, in which case you can contact us). For questions on the M-TIBA Platform and your M-TIBA Account you can always contact us. 

In summary, you have the following rights: 

  • The right of access: you can request access to your personal data. When you have an M-TIBA Account, you can access information (such as account details and Healthcare Program) via the account. 
  • The right of rectification: you have the right to update your personal data for the Services where the data are not correct or incomplete. You can update your M-TIBA Account information yourself in your account settings or contact us to do it on your behalf. 
  • The right of erasure: under certain circumstances, you may request for your personal data to be erased. This right is not absolute but applies for example if the processing is no longer necessary for the intended purpose or if the data were processed illegally. 
  • The right of restriction: under certain circumstances, you have the right to limit further use of  your personal data. This right is not absolute but applies for example where you contest the accuracy of data and the controller is validating or if processing by the controller is no longer necessary but you would like them to retain the data.  
  • The right to object / opt out: under certain circumstances, you have the right to object to / opt out from your data being processed. This right is not absolute and applies for example where the legal basis for your data being processed is the legitimate interest of the controller. In this case, a balancing between your interests and the controller’s interests will take place. You do have an absolute right to object to data processing for marketing purposes. CarePay enables you to opt out from its marketing messages via its various communication channels. 
  • The right to data portability: this right protects your ability to obtain some of your information in a structured, commonly used and machine-readable format. This right will apply to some of your information depending on the context. CarePay can provide your basic account information in an electronic file or a physical copy, subject to any production cost.  

You may request your rights verbally or in writing. Upon a request, some time may be needed to validate the request and you may be asked to complete a form to confirm the request and the data concerned. Your request should be handled within one month. 

Please note that CarePay and our partners need to process certain data to be able to deliver the services and that some information may have to be retained under applicable laws and regulations. 

9. CONTACT AND COMPLAINTS

Where CarePay is a controller of your data, the entities controlling the data are Carepay Limited and M-TIBA Agencies (a business name of CSL Services Limited). Where a Payer or other partner is the controller of your data, you should contact them for further information and any questions in connection with the processing of your data, unless such Payer has appointed CarePay to perform customer service on their behalf). For questions on the M-TIBA Platform and your M-TIBA Account you can always contact us. 

Our contact details are: 

   Carepay Limited / M-TIBA Agencies 

   P.O. Box 52887-00100,  

   114 Manyani East Road, Off James Gichuru Road Nairobi, Kenya  

   T: 0800721253 / +254709071000 

    E: privacy@carepay.com 

If you have any questions on the way we process your data or your rights in this respect, or have a complaint or other remarks related to your data and our Services, you can contact our customer support via 0800 721 253 and 0709 071 000 or on email via privacy@carepay.com. We will handle your queries together with the CarePay Data Protection Officer who is appointed to safeguard compliance with Data Protection Laws.  

When it comes to the protection of your personal data it is also possible to file a complaint with the supervisory authority, being the Office of the Kenya Data Commissioner (https://www.odpc.go.ke). We appreciate your help and would like the opportunity to address and solve any complaint regarding your personal data prior to filing such a complaint. 

10. UPDATES TO THIS POLICY

CarePay may from time to time make changes to its Services, functionalities and reserves the right to update this privacy statement accordingly. Where the changes impact the processing of your personal data, we will inform you of such updates via SMS or upon your next visit to our Platform. Your continued use of the Services constitutes your acknowledgement and acceptance of any updated version of this statement.