Privacy policy
This Privacy Policy explains how Pronto Capital handles personal information obtained through the website, calculators, forms, customer-support channels, and any linked application journey.
This Privacy Policy explains how Pronto Capital collects, uses, stores, shares, and protects personal data obtained through this website, online forms, calculators, customer-support channels, and any linked digital application process.
The final published production version should insert the confirmed physical address, principal email address, main phone number, and privacy or Data Protection Officer contact details.
This Privacy Policy applies to website visitors, prospective borrowers, customers, guarantors, referees, business representatives, service providers, and any other individuals whose personal data is collected or received through the website or in connection with a digital application journey.
This Privacy Policy should be read together with the Website Terms and Conditions, product pages, key facts documents, application forms, loan contracts, consent notices, and any cookie notice published on the site.
Depending on the interaction, Pronto Capital may collect identity data, contact data, demographic data, employment data, business data, financial information, transaction information, collateral information, guarantor information, complaint information, communications data, device and browser data, cookie identifiers, location data, and any documents or images submitted by or on behalf of a user.
Where calculators, contact forms, application forms, live chat, or customer-care channels are used, Pronto Capital may collect the information chosen for submission through those channels.
Personal data may be collected directly from users, from forms and uploads on the website, from telephone or messaging interactions, from branch or field interactions linked to a web-generated lead, from credit reference and fraud-prevention sources where lawful, from valuers or other service providers where relevant, and from publicly available or legally accessible sources where permitted.
If cookies, analytics, pixels, or similar technologies are used, those details should also be disclosed in a cookie notice or in the relevant privacy section.
Pronto Capital processes personal data to respond to enquiries, assess product suitability, onboard applicants, verify identity, assess affordability, evaluate collateral, prevent fraud, comply with legal and regulatory obligations, manage customer relationships, issue contracts and receipts, collect payments, handle complaints, conduct recoveries, maintain records, improve the website, and protect rights and systems.
Personal data may also be processed for marketing only where an appropriate legal basis exists and users are given the ability to opt out where required.
Personal data will be processed on one or more lawful bases recognised under applicable Uganda data-protection law, including performance of a contract or steps taken at a data subject’s request before entering a contract, compliance with a legal obligation, protection of a legitimate interest not overridden by the data subject’s rights, or consent where consent is required.
Where consent is used, it may be withdrawn subject to any lawful limitation and any processing already undertaken before withdrawal.
In connection with a lending transaction, Pronto Capital may verify the information provided and may use personal data for credit assessment, fraud prevention, anti-money-laundering compliance, sanctions screening, customer due diligence, tracing, and recovery where such processing is lawful.
Where positive or negative credit information is to be shared with a credit reference mechanism or bureau and consent is required, that consent should be obtained before sharing.
Personal data may be shared only with persons who need it for the purposes set out in this Privacy Policy, including staff, group entities if any, professional advisers, auditors, regulators, courts or law-enforcement bodies, hosting and technology providers, messaging providers, payment providers, customer-support providers, valuers, insurers, recovery agents, and other service providers, provided that such sharing is lawful and appropriately controlled.
Customer information should not be disclosed to a third party except where the law permits or requires it, where the disclosure is necessary for the transaction, or where the required consent has been given.
If any personal data is stored, accessed, backed up, supported, or processed outside Uganda, Pronto Capital should identify the countries involved and implement the safeguards required by law before the transfer takes place.
Personal data should be retained only for as long as necessary for the purpose for which it was collected, for performance of a contract, for complaint handling, for recovery and litigation, for audit and record-keeping, or as required or permitted by law.
Pronto Capital should maintain reasonable technical, organisational, and physical security measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, or misuse.
These measures may include access controls, role-based permissions, strong authentication, secure backups, logging, vendor controls, secure disposal, staff confidentiality obligations, and incident-management procedures appropriate to the sensitivity of the data handled.
Subject to applicable law, data subjects may have the right to request access to personal data held about them, request correction of inaccurate or incomplete information, request deletion where permissible, request restriction of processing in appropriate cases, object to certain processing, and request data portability where applicable.
Data subjects may also object to the use of their personal data for direct marketing. Identity may need to be verified before action is taken on a request.
If a person is dissatisfied with how personal data is handled, they may first complain to Pronto Capital using the privacy complaint channels published on the website.
If the matter is not resolved, the complaint may be escalated to the Personal Data Protection Office or any other competent authority using the current official contact details published by that authority.
Where the website uses cookies, analytics, pixels, software development kits, embedded videos, chatbot tools, or similar technologies, Pronto Capital should disclose what tools are used, what data they collect, the purpose, whether they are strictly necessary or optional, whether third parties receive data, how long they remain active, and how a user can manage preferences.
If the website is not intended for persons under eighteen years of age, that position should be clearly stated. If any service could involve minors, the lawful parental or guardian consent and verification wording required for the use case should be inserted.
Where Pronto Capital sends promotional messages by email, SMS, WhatsApp, or similar channels, the message should identify Pronto Capital and provide a simple way to opt out, except where the communication is strictly transactional or service-related.
If a personal data breach occurs, Pronto Capital should assess it promptly and notify affected individuals and relevant authorities where notification is required by law.
Pronto Capital may update this Privacy Policy from time to time. The latest version should be posted on the website with its effective date.
Privacy contact or Data Protection Officer details, email address, telephone number, and physical address should be inserted here in the final published version once confirmed.