Dush Finance logo

Dush

Finance

Your growth partner

Privacy Policy

Uganda Data Protection & Privacy Act, 2019

Who we are

Dush Finance provides microloans and related financial services in Uganda. For data protection enquiries contact our Data Protection Officer at dpo@dush-finance.com.

What we collect

Depending on the product you apply for, we may collect:

  • Identity data (name, National ID number, ID photos, biometrics via Smile ID)
  • Contact data (phone, email, address)
  • Employment and business data (employer, market, stall, salary, references)
  • Loan and repayment data (amounts, schedules, proofs of payment)
  • Collateral data for secured products (vehicle, logbook, SIMPO registry)
  • Device and usage data (IP address, user agent, optional GPS with consent)

Why we process your data

We process personal data to:

  • Assess creditworthiness and administer your loan
  • Meet KYC/AML obligations with regulators and licensed partners
  • Query and report to Credit Reference Bureaus where you have consented
  • Send service communications (SMS, WhatsApp, email, in-app)
  • Prevent fraud and protect our staff and borrowers

Legal basis

We rely on your consent (obtained before you start an application), contract (loan agreement), and legal obligation (Bank of Uganda, URA, NITA-U and other applicable law) as appropriate.

Sharing

We may share data with:

  • Licensed Credit Reference Bureaus (e.g. Metropol, CompuScan)
  • NIRA and identity verification providers (e.g. Smile ID)
  • SMS, email and cloud infrastructure providers under contract
  • Regulators, courts or law enforcement when required by law

We do not sell your personal data.

Retention

Loan and KYC records are retained per our Data Retention Policy (typically seven years after the loan is closed).

Your rights

Under the Uganda Data Protection and Privacy Act, 2019 you may request access, correction, erasure (where applicable), restriction, or object to certain processing. Contact the DPO to exercise these rights.

Security

Data is encrypted in transit (TLS) and at rest. Access is limited by role-based controls and Row Level Security.

Policy updates

We may update this policy. Material changes will require renewed consent in the app (policy version tracked in your consent record).

Last updated: May 2026 · Policy version consent-v1-2026-05