SenChange Logo
Download

Privacy Policy

How we protect and use your personal data

Last updated: April 1, 2025

SenChange is committed to protecting your privacy. This policy explains how we collect, use, share and protect your personal information in accordance with GDPR and Senegalese data protection law.

1. Data Controller

SenChange SARL, a company registered in the Dakar RCCM under number SN.DKR.2023.B.7687, whose registered office is located in Dakar - Avenue Lamine Gueye, Senegal, is responsible for processing personal data collected via our platform.

Data Protection Officer (DPO)

Our Data Protection Officer is available to answer any questions regarding the protection of your personal data:

2. Data We Collect

We collect different categories of data to provide our services:

Category Examples Purpose
Identity Last name, first name Identity verification, KYC/AML compliance
Contact Details Address, email, phone Communication, customer support
Technical Data IP address, device type, connection logs Account security, service improvement
Browsing Data Pages visited, session duration, interactions Audience analysis, personalization

3. Processing Purposes

Your data is processed for the following purposes:

  • Execution of service contracts (exchanges, transfers)
  • Compliance with legal obligations (anti-fraud, anti-money laundering)
  • Improvement of our services and development of new features
  • Marketing communications (with your consent)
  • Security of our systems and prevention of fraudulent activities

Legal basis: Processing is based on (1) contract execution, (2) compliance with legal obligations, (3) your explicit consent for certain purposes, and (4) our legitimate interest in security and service improvement.

4. Data Recipients

Your data may be shared with:

  • Technical service providers: Hosts, payment solution providers
  • Regulatory authorities: ARTP, Centif, judicial police (upon legal request)
  • Fintech partners: For transaction execution
  • Customer service: Subcontractors for complaint management
  • Analysts: For data analysis (in anonymized data)

We require all our partners to respect high standards of data protection in accordance with GDPR.

5. International Transfers

Some of our subcontractors are located outside the African Union (particularly for cloud hosting). In this case:

  • We use standard contractual clauses approved by the Data Protection Commission
  • We perform a data protection impact assessment
  • We limit transferred data to strictly necessary

6. Retention Period

We retain your data according to the following periods:

Active Data

Duration 5 years after last activity

Examples User profile, transaction history

Archived Data

Duration 10 years for tax and accounting data

Examples Transaction evidence, KYC documents

7. Your Rights

In accordance with regulations, you have the following rights:

Right of Access

Obtain a copy of your personal data

Right of Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Object

Object to processing for legitimate reasons

How to exercise your rights? Send your written request to our DPO accompanied by a copy of your ID. We will respond within a maximum period of one month.

8. Data Security

We implement robust technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Strong authentication (2FA) for account access
  • Strict access controls based on the principle of least privilege
  • Regular security audits and penetration testing
  • Mandatory staff training on data protection

9. Policy Modifications

We may update this policy to reflect legal developments or changes in our practices. The current version is always the one available on our site.

Notification of changes: For substantial modifications, we will inform you by email and via a notification in your customer area at least 30 days before they take effect.

Contact and Complaints

For any questions regarding this policy or to file a complaint about the processing of your data:

  • dpo@senchange.com
  • +221 78 188 17 85
  • DPO Service - SenChange SARL, Dakar - Avenue Lamine Gueye, Senegal

You also have the right to lodge a complaint with the National Commission for the Protection of Personal Data (CDP) of Senegal if you believe your rights are not being respected.