This Policy discloses our data protection practices on our Sites, products and subscriber-based services (“Services”), inclusive of the type of personal data that we collect, our method of collection of personal data, use of personal data and procedures for sharing personal data with third parties. The Sites covered by this Policy include our existing websites, mobile applications and all other additional websites and mobile applications produced and managed by UNIABUJA MFB.
We value the trust you place in us and understand that your privacy is of utmost importance to you. In light of this, we make use of the highest standards to ensure secure transactions and the privacy of customer information.
We are committed to protecting your personal data (i.e. any information you provide to us through which you can be identified) in accordance with the provisions of the Nigeria Data Protection Act 2023 and other applicable data protection laws (“Data Protection Laws”).
By visiting the Sites (including all websites and mobile applications which may be added or removed from time to time) you agree to the terms and conditions of this Privacy Policy. If you do not want your personal data processed in accordance with this Policy, please do not use or access the Sites or the Services.
We reserve the right, at our sole discretion, to alter and update this Policy from time to time. We therefore invite you to review the current version of this Policy each time you return to the Sites.
The Sites and Services are intended solely for persons who, if they are natural persons, are eighteen (18) years of age or older, and any registration by, use of or access to the Sites and Services by any natural person under eighteen (18) is unauthorised, unlicensed and in violation of this Policy.
By using the Sites, Services and by providing your personal data, you consent to the collection and use of the information you disclose to us in accordance with this Policy, including but not limited to your consent for sharing your personal data in line with the terms contained in this Policy. If we decide to change this Policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. If you do not agree to give consent to the use of personal data as described in this Policy, please do not use or access the Sites or Services.
In accordance with the provisions of Data Protection Laws, prior to the processing of personal data there must be in existence a legal basis for such processing. In compliance with the provisions of Data Protection Laws, we process your personal data in line with the following legal basis:
When you use the Sites or Services, we collect and store your personal data which is provided by you from time to time.
Personal data/ information in this context shall include all data such as: any means of information relating to an identified or identifiable natural person who can be identified by:
This is also applies to personal data/ information regarded as sensitive which could include:
For the purpose of accessing our Services, the personal data we may collect include: your full legal names, marital status, title, date of birth, gender, photo, facial recognition data, business name, email address, mailing address, telephone number, bank account number, payment card details, bank verification number, national identification number, international passport number, means of identification, guarantors contact details, bank statements, usernames, password, your preferences, interests, feedback and survey responses, preference in receiving marketing information from us and our third parties and your communication preferences, etc.
Our primary goal in collecting the above stated personal data is to provide you with a safe, efficient, smooth and customized experience. This allows us to provide Services and features that most likely meet your needs, and to customize the Sites to make your experience safer and easier.
We collect information you provide directly to us, for example, we collect information when you register or log on to the Sites, create an account, subscribe to a Service, participate in any interactive features on our Services, fill out a form, take part in surveys, post on our message boards, upload any documentation, request customer support, make an enquiry, communicate with us by email, phone or post, interact with us on social media, etc.
We will also collect your information where you partially complete and/or abandon any information inputted in the Sites and may use this information to contact you to remind you to complete any outstanding information.
Every computer connected to the internet is given a domain name and a set of numbers that serve as that computer’s internet protocol “IP address”. When you use the Sites, our web servers automatically recognize your domain name and IP address. The domain name and IP address reveals nothing personal about you other than the IP address from which you have accessed the Sites. We are able to see information relating to your browsing patterns and technical data about the equipment you use to access the website through the use of cookies, server logs and other similar technologies. You can select your preference from the cookies settings on any of our websites.
We may also collect technical data from third parties/ public sources such as analytics providers, identity verification providers, advertising networks, search information providers. We may obtain contact, financial and transaction data from providers of technical, payment, credit referencing and delivery services based both inside and outside Nigeria. We utilise third-party service providers to secure information related to financial crime, fraud, sanctions and politically exposed persons.
We do not own personal data provided and will only store such data for a period reasonably needed and we will do our best to ensure that such personal data is secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, unauthorised dissemination, manipulation of any kind, damage by rain, fire or exposure to other natural elements.
We will not sell, share, transfer or rent out any personal information to others in ways different from what is disclosed in this Policy, and our terms and conditions of use. We may share generic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers.
If you provide us with personal data about someone else, you are responsible for ensuring that you have provided the required notices and have obtained the individual’s explicit consent to provide us with the personal data and that you explain to them how we collect, use, disclose and retain their personal data or direct them to read our Policy.
In order to provide you with access to the Services, or to provide you with better service in general, we may combine information obtained from other sources (for example, a third-party developer whose application you have authorised) and combine that with information we collect through the Sites.
The purpose of collecting your personal data is to give you an efficient, enjoyable, secure and seamless customer experience.
We may use your personal data for the following purposes:
As UNIABUJA MFB believes to be necessary or appropriate:
We may monitor and record our communications with you, including e-mails and phone conversations for training, quality assurance purposes, and to meet our legal and regulatory obligations in general.
We may process your personal data on the basis that we have a legitimate interest to prevent fraud and money laundering, and to verify your identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services you have requested.
We may carry out fraud prevention checks using a fraud prevention database. If false or inaccurate information is provided, and/or fraud is identified, details will be passed to the Central Bank of Nigeria and the Economic and Financial Crimes Commission. Additionally, law enforcement agencies may access and use this information.
This is also applies to personal data/ information regarded as sensitive which could include:
We may use information generated and stored during your use of our Services for our legitimate activities to enable us to give you the best service and/or solutions and the best experience. These purposes include to:
Whenever we use your information for our legitimate interests, we will ensure that your information is processed on a pseudonymised basis and displayed at aggregated levels, which will not be linked back to you or to any living individual.
You have the right to object to processing based on our legitimate activities but if you object, this may affect our ability to provide certain Services and/or solutions for your benefit.
Your personal data is protected by legal rights enshrined in Data Protection Laws. These rights include the following:
Please note that if you request for a copy of your personal data, you may be required to pay a fee.
If you would like to exercise any of the above stated rights, please follow the following procedures:
For more information or to exercise your data protection rights please, please contact our Data Protection Officer at dpo@uniabuja.com.
We will endeavour to process all subject access requests within thirty (30) days and if any further extension is required, we will communicate same through existing consented channels – at no cost. However, please note that you may continue to receive existing communications for a transitional period whilst we update your preferences.
We will not retain your personal data for longer than is necessary for the purposes for which such personal data is processed. This means that your personal data will only be retained for as long as it is still required to provide you with the Services or is necessary for legal reasons. When calculating the appropriate retention period of your personal data we consider the nature and sensitivity of the personal data, the purposes for which we are processing such personal data, and any applicable statutory/regulatory retention periods. Using these criteria, we regularly review the personal data that we hold and the purposes for which such is held and processed. Our Payment Card Industry Data Security Standard (“PCIDSS”) obligation means that we are obliged to retain personal data for a minimum of ten (10) years from the end date of our business relationship with you.
When we determine that personal data can no longer be retained (or where you request that we delete your personal data in accordance with your rights contained in Data Protection Laws) we ensure that such personal data is securely deleted, anonymized or destroyed. However, please note that, in some circumstances we may decide to retain your personal data as may be reasonably necessary in accordance with the provisions of Data Protection Laws. In such circumstances, we will anonymize your personal data before retaining same.
Please see details of our data retention and disposal process below:
Type of Data | Retention Period | Disposal Process |
---|---|---|
Electronic storage on database | 10 years (regulatory reasons) | Programmatic (automatic) process to remove, at least on a quarterly basis, personal data that exceeds business retention requirements/reviews conducted at least on a quarterly basis |
Hardcopy data (receipts/faxes) | 10 years | Cross-cut shredded/incinerated, pulped |
Hard drives (back-up) | 10 years | Secure wipe program/degauss |
Tape Media (back-up) | 10 years | Physically destroy |
System and network logs | 10 years |
On at least a quarterly basis, we systematically remove and destroy all cardholder data that has exceeded its retention period, and review and ensure the remaining stored cardholder data remains within the formal retention requirements.
Wherever the primary account number (“PAN”) is stored, whether electronically or on paper, it is masked. The first six and last four digits are the maximum number of digits that may be displayed. Certain members of the operations and Service delivery units have a legitimate business need when dealing with customer/cardholder enquiries to access the PAN. Wherever the PAN is stored (including in logs, removable media, etc.), it is made unreadable by means of one-way hashes. Cardholder data is never stored on removable media and when removable physical storage media (including documents, faxes, and electronic media) are no longer required (i.e. they have passed their retention periods), they are destroyed.
It is important that the personal data UNIABUJA MFB holds about you is accurate and current. Please keep UNIABUJA MFB informed if any aspect of your personal data changes at any time during your relationship with us. On our customer facing products, you can easily update your personal data yourself or alternatively contact our Data Protection Officer via dpo@uniabuja.com when you want to exercise your right of rectification.
In order to protect your personal data, we have put in place appropriate organizational and technical security measures. These measures include storing data on a dedicated and secure server with at least 256-bit encryption, restricting access to your personal data to certain employees, ensuring that our internal information technology systems are suitably secure, and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, UNIABUJA MFB will take steps to mitigate any loss or destruction of data and, if appropriate, will notify you and any applicable authority of such a breach.
Due to the fact that we operate in a regulated environment, we cannot ensure that all your private communications and other personally identifiable information will never be disclosed in ways not otherwise described in this Policy. By way of example (without limiting the foregoing), we may be forced to disclose information to the government, regulatory bodies, law enforcement agencies, and third parties for the performance of a task carried out in the interest of the public, for the protection of your vital interest, for the performance of a contract which you are a party to and also where you have expressly given us written consent to disclose same.
We may need to pass your information to third party service providers which maintain, administer or develop the Sites on our behalf and the information will only be provided for such limited purposes and as detailed below. Additionally, we may provide aggregate statistics about our customers, sales, traffic patterns and related website information to reputable third-parties, but these statistics will include no personally identifiable information.
UNIABUJA MFB may transfer your personal data to third parties (“Third Party Providers”) of the following types:
A few of our identity verification Third Party Providers collect your personal data via our Sites through the use of Apple Inc.'s (“Apple”) TrueDepth Application Programming Interface (“TrueDepth API”). As a result of the integration of our Sites with such Third Party Providers, our Sites make use of automatically collected information using the device camera on your Apple mobile device and the TrueDepth API provided by Apple.
The use of your personal data collected as a result of this is to track your facial features, and control the augmented reality (AR) experience. We use ARKit to capture your face 3D spatial orientation and facial expressions. In doing this, we use this data to ensure that the picture (selfie) being taken is of a live user for authentication and fraud reduction purposes. The ARKit information is processed entirely locally and the spatial orientation/facial expression data is not submitted to any third (or first) parties. None of the information collected by the TrueDepth API ever leaves your mobile device nor is it persistently stored on the device.
We will do our reasonable best to ensure personal data provided by you to us and shared with a Third Party Provider is done in accordance with the provisions of Data Protection Laws. We will also reasonably ensure that such Third Party Providers with whom we share your personal data will ensure the security of the same as provided by this Policy and in accordance with Data Protection Laws.
You further acknowledge that the Sites may contain information which is designated confidential by us and that you shall not disclose such information without our prior written consent. Your information is regarded as confidential and therefore will not be divulged to any third party, unless if legally required to do so to the appropriate authorities. We will not sell, share, or rent your personal data to any third party nor use your email address for unsolicited mail. Any emails sent by us will only be in connection with the provision of agreed Services.
We take all necessary precautions to protect your personal information both online and off-line. It is important for you to protect against unauthorised access to your password, your mobile phone or computer. Be sure to log off from the Sites when you are using a shared phone/computer. We also protect your personal data off-line. Access to your personal data is limited to employees, agents or partners and third parties with whom we are working who we reasonably believe will need that information to provide the Services to you.
We use data collection devices such as ‘cookies’ on certain pages of the Sites. Cookies are small files stored on your hard drive that assist us in providing Services customised to your requirements and tastes. We also offer certain features that are only available through the use of a ‘cookie’. Cookies can also help us provide information, which is targeted to your interests. Cookies may be used whether you choose to register with Us or not.
We also use cookies to allow you to enter your password less frequently during a session. Most cookies are ‘session cookies’, meaning that they are automatically deleted from your hard drive at the end of a session. You are always free to decline our cookies if your browser permits, although in that case you may not be able to use certain features on the Sites and you may be required to re-enter your password more frequently during a session. A cookie cannot read data off your hard disk or read cookie files created by other sites. Use of a cookie is in no way linked to any personally identifiable information while on the Sites. Once you close your browser, the cookie simply terminates. For instance, by setting a cookie on your browser, you would not have to log in a password more than once, thereby saving time while on the Sites.
You can choose whether to accept cookies by changing the settings of your browser. You can reset your browser to refuse all cookies or allow your browser to show you when a cookie is being sent. If you reject the cookies on the Sites, you may still be able to use the Sites, but it shall be limited to certain minimal functionality. The only drawback to this is that you may be limited to some areas of Sites or limited to certain functions of the Sites.
If you apply for a job at UNIABUJA MFB, you will be asked to submit information to UNIABUJA MFB such as your name, contact details, information about your education and work history and any other background information that might be relevant to your application or that you choose to share with us. If you do not provide this information to us, we might not be able to process your application.
We will use this information to assess your application and candidacy for the position you have applied for. Without limiting the generality of the foregoing, this may include:
We may also use your information when analysing our internal recruitment processes to determine:
The information you provide may also be used to communicate with you about UNIABUJA MFB’s events and to send you publications that we think may be of interest to you.
We might share your personal data with other companies in our group as well as with third parties such as recruitment service providers, background check providers and information technology system providers. These UNIABUJA MFB group companies and third parties might be located in a different country than your country of residence.
We will keep your application data for up to one (1) year. If you no longer wish for UNIABUJA MFB to process your personal data or if you wish to exercise any of your rights as a data subject, please contact dpo@uniabuja.com.
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage. We will do our best to protect your personal data, but we cannot guarantee the security of your personal data which is transmitted to other websites via an internet or similar connection. If we have given you (or you have chosen) a password to access certain areas of the Sites please keep this password safe, we will not share this password with anyone.
As a user of the Services, you understand and agree that you assume all responsibility and risk attached to safeguarding your account with us. You shall at no time whatsoever disclose your password to anyone, nor shall you allow anyone make use of your account.
We are constantly trying to improve our Sites and Services, so we may need to change this Policy from time to time as well. We will alert you of material changes by, for example, placing a notice on our websites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. We reserve the right to update this Policy as we deem fit, from time to time, without any intimation to you and your continued use of the Sites will signify your acceptance of any amendment to these terms.
Our updated terms will also be displayed on our website (www.uniabuja.com/ng ). It is your responsibility to check this Privacy Policy from time to time to verify such updates.
If you believe at any time that we have not handled your personal data in accordance with this Policy, please contact our Data Protection Officer.