Consent capture

KDPA s.30 requires a lawful basis for every processing activity. The Suite implements explicit consent as the default basis — captured the moment a member's data first enters the system, versioned against the active privacy notice, and reproducible on demand.

Privacy + incidents
Privacy controls + cyber incident register.

What the system stores

Three columns on res.partner + a related mfi.consent.log table.

FieldTypeSet whenEditable
consent_atdatetimeOn consent tick (member create or re-consent screen)No
consent_versioncharHardcoded version of the active privacy notice at consent_atNo
consent_marketingbooleanSeparate toggle for marketing opt-inYes via iBANK or branch
consent_channelcharbranch / ibank / ussd / whatsapp / agentNo
consent_witness_uidmany2oneUser who captured (operator side)No
consent_geocharBranch code or geolocation for proofNo

Channels that capture consent

  • Branch counter — operator ticks the consent box on the New Member form; cannot save without it
  • iBANK signup — member ticks a checkbox underneath a full-text privacy notice; signature image stored
  • USSD — *XYZ# session prompts 'Reply Y to accept'; reply stored as proof
  • WhatsApp — bot sends the notice URL + waits for explicit 'I AGREE' message
  • Agent app — fingerprint capture supplemented by photographed paper consent form

Privacy notice versioning

When the privacy notice changes materially (new processor, new processing purpose, new retention period), mfi.privacy.notice.version increments. Every new member-facing session checks the member's consent_version against the current version; mismatched members hit a re-consent gate before they can continue.

Warning — Marketing consent is independently revocable from service consent. Withdrawing service consent on an active loan is impossible — the system explains the regulatory reason and offers to close the loan early instead.

How a member withdraws consent

  1. Member logs into iBANK → Profile → Privacy
  2. Toggles 'Marketing communications' off → instant; suppression list updates within 24h
  3. Clicks 'Request data deletion' → opens an erasure request handled by the DPO (see Right to erasure)
  4. Clicks 'Withdraw all consent' → opens a closure ticket; cannot complete until loans cleared

Worked scenarios

Reference

Privacy notice version history (example tenant)

VersionEffectiveMaterial change
v1.02022-01-15Initial publication
v2.02023-03-01Added M-Pesa C2B processor
v3.02024-06-01Added cyber-incident notification disclosure
v3.22025-11-04Added CRB Africa as a credit bureau

Troubleshooting

SymptomLikely causeFix
Cannot save member; 'Consent is required'Privacy section consent box not tickedShow the member the notice, get consent, tick. If member refuses, do NOT save — explain that service requires consent under KDPA.
Member complains they're receiving promotional SMS despite opting outMarketing consent was inadvertently ticked, or a re-consent screen flipped the defaultiBANK → Profile → Privacy → Marketing toggle off. Suppression list updates within 24h. Add a chatter note acknowledging the complaint for the DPO.
Re-consent gate keeps showing for a member who just consentedconsent_version mismatch — they consented to v3.0, notice is now v3.2Have them re-read the changed sections in the gate screen and re-tick. Their accounts continue uninterrupted.
ODPC auditor asks for evidence of consent for member XStandard audit requestOpen the member, scroll to Privacy → consent_at + consent_version + witness recorded. Export the entry from mail.message audit trail.

See also

Was this page helpful?