Privacy Policy

Privacy Policy

PRIVACY POLICY
SOMALI DEVELOPMENT AND RECONSTRUCTION BANK
Effective Date: 11 April 2025

SECTION 1: INTRODUCTION

The Somali Development and Reconstruction Bank (“the Bank”) is a governmental institution established to advance Somalia’s development and reconstruction priorities. The Bank is committed to protecting the privacy and security of personal data in compliance with Somali laws, including the Somali Data Protection Act (Law No. [005] of [2023]), and international best practices. This Privacy Policy outlines how the Bank collects, uses, retains, and safeguards personal data obtained through its digital platforms and service interactions.

SECTION 2: SCOPE

This Privacy Policy applies to:

  • All individuals and entities (“Users”) who interact with the Bank, including visitors to its website, applicants for services, partners, or representatives of governmental or non-governmental organizations.
  • All personal data processed by the Bank in the provision of its services, including data collected electronically, in writing, or verbally.

SECTION 3: DEFINITIONS

  • Personal Data: Any information relating to an identified or identifiable individual (e.g., name, identification number, contact details, or digital identifiers).
  • Data Subject: The individual to whom the personal data relates.
  • Data Controller: The Bank, which determines the purposes and means of processing personal data.
  • Data Processor: Third parties that process personal data on the Bank’s behalf.

SECTION 4: COLLECTION OF PERSONAL DATA

The Bank collects personal data through the following means:

  1. Directly from Users:
    • Information provided via applications, inquiries, or registrations for the Bank’s services (e.g., project proposals, partnership requests).
    • Communications with the Bank (e.g., email, phone calls, or in-person meetings).
  2. Automatically:
    • Technical data (e.g., IP addresses, device information) collected through the Bank’s website or digital platforms using cookies or analytics tools.
  3. From Third Parties:
    • Publicly available sources (e.g., government registries) or entities collaborating with the Bank on development initiatives.

SECTION 5: PURPOSES OF PROCESSING

The Bank processes personal data only for lawful purposes, including:

  1. Service Delivery:
    • Assessing and managing applications for the Bank’s services (e.g., funding requests, advisory engagements).
    • Communicating with Users regarding service updates or opportunities.
  2. Legal and Regulatory Compliance:
    • Fulfilling obligations under Somali laws, including anti-corruption, anti-terrorism financing, and public accountability frameworks.
  3. Operational Security:
    • Preventing fraud, cyber threats, or unauthorized access to the Bank’s systems.
  4. Public Interest Objectives:
    • Conducting research and analysis to inform national development strategies.

SECTION 6: LEGAL BASIS FOR PROCESSING

The Bank processes personal data based on one or more of the following legal grounds:

  • Consent: Freely given, specific, and informed consent from the Data Subject.
  • Public Task: Processing necessary for the performance of a task carried out in the public interest or under official authority.
  • Legal Obligation: Compliance with Somali laws or regulatory requirements.

SECTION 7: DATA MINIMIZATION AND RETENTION

  1. Minimization: The Bank collects only data strictly necessary to achieve the purposes outlined in this Policy.
  2. Retention:
    • Personal data is retained only for the period required to fulfill the purposes for which it was collected or as mandated by Somali law.
    • Specific retention periods:
      • Service-related data: Retained for 5 years after the completion of the service or project.
      • Technical/log data: Retained for 12 months unless required for security investigations.

SECTION 8: DATA SECURITY

The Bank employs stringent technical and organizational safeguards, including:

  • Encryption of sensitive data during storage and transmission.
  • Regular security audits and vulnerability assessments.
  • Restricted access to personal data based on role-based permissions.
  • Mandatory training for staff on data protection protocols.

SECTION 9: DATA SHARING AND DISCLOSURE

The Bank may share personal data with:

  1. Government Authorities: To comply with legal obligations or support national development initiatives.
  2. Service Providers: Third parties contracted for IT support, analytics, or administrative functions under strict confidentiality agreements.
  3. International Partners: Entities collaborating with the Bank on cross-border projects, provided safeguards under Somali law are ensured (e.g., binding contractual clauses).

SECTION 10: RIGHTS OF DATA SUBJECTS

Data Subjects have the right to:

  1. Access: Request a copy of their personal data held by the Bank.
  2. Correction: Request rectification of inaccurate or incomplete data.
  3. Deletion: Request erasure of data no longer necessary for processing (subject to legal exceptions).
  4. Consent Withdrawal: Withdraw consent for processing where applicable.
  5. Objection: Object to processing based on public interest or legitimate grounds.

Requests must be submitted in writing to the Data Protection Officer (contact details in Section 15).

SECTION 11: CROSS-BORDER DATA TRANSFERS

Personal data transferred outside Somalia is permitted only:

  • With explicit consent from the Data Subject.
  • Where the recipient country ensures an adequate level of protection as recognized under Somali law.
  • Under binding agreements that enforce Somali data protection standards.

SECTION 12: DATA BREACH NOTIFICATION

In the event of a breach compromising personal data:

  • The Bank will notify the Somali Data Protection Authority within 72 hours of discovery.
  • Affected Data Subjects will be informed if the breach poses a significant risk to their rights.

SECTION 13: COMPLAINTS AND ENFORCEMENT

Data Subjects may submit complaints to:

Data Protection Officer
Somali Development and Reconstruction Bank
11 Corso Somalia Ministry of
Finance Revenue Building,
Mogadishu-Somalia

info@sdrb.gov.so
+252 61 327 7757

Complaints will be acknowledged within 7 working days and resolved within 30 days.

SECTION 14: POLICY UPDATES

The Bank reserves the right to amend this Privacy Policy to reflect changes in legal requirements or operational practices. Updated versions will be published on the Bank’s website, with significant changes communicated via email or public notice.

SECTION 15: CONTACT INFORMATION

For inquiries related to this Privacy Policy or data protection:
contact@sdrb.gov.so

Whistle Blower Policy: The Somali Development and Reconstruction Bank operates a strict zero-tolerance policy on corruption, fraud, and
bribery. If you witness any misconduct or non-compliance, report it anonymously via email at: whistleblow@sdrb.gov.so