Privacy Policy

Moniepoint Microfinance Bank Limited (Moniepoint MFB) is a microfinance bank duly registered in Nigeria and authorized and regulated by the Central Bank of Nigeria to offer banking services.

This Privacy Policy (“Policy”) regulates how Moniepoint Microfinance Bank Limited (“Moniepoint MFB”, “we”, “us”, “our”) processes the personal information of our data subjects such as customers, staff, vendors, third parties and visitors to our website(s) and mobile application(s) (hereinafter referred to as, the "Sites", including existing websites [www.moniepoint.com/ng], mobile applications, and all other additional websites and mobile applications produced and/or managed by Moniepoint MFB from time to time). This Policy discloses our data protection practices on our Sites, products and subscriber-based services (“Services”), inclusive of what personal information we collect, what we do with it and how we protect it.

We are committed to protecting your personal data (i.e. any information you provide to us or that we collect from you, through which you can be identified) in accordance with the provisions of the Nigeria Data Protection Act 2023 and other applicable data protection laws (“Data Protection Laws”).

This policy sets out the basis on which your personal information will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By continuing to visit or use the Sites and other Moniepoint MFB customer touchpoints, you accept and consent to the practices described in this policy.

Moniepoint MFB’s mission is to safeguard your personal information and defend your privacy against evolving threats. We approach this responsibility with empathy, understanding the profound trust you place in us and the sensitivity of your data. We commit to transparently communicating our privacy practices, ensuring you are fully informed. Above all, we will always act in your best interest, upholding the highest ethical standards in handling your personal and financial data.

In processing your personal data, we adhere to the principles of data processing; our obligation in terms of the principle is to ensure that personal data is;

1. Processed in a fair, lawful and transparent manner;
2. Collected for specific and legitimate purpose, and not to be further processed in a manner that is incompatible with these purposes;
3. Adequate, relevant, and limited to the minimum necessary for the purposes for which the personal data was collected or further processed;
4. Accurate, complete and where necessary, kept up to date, having regards to the purposes for which the personal data is collected or is further processed; and
5. Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, access, loss, destruction, damage or any form of data breach.

We are also committed to ensuring accountability and upholding data confidentiality, integrity and availability.

In compliance with the provisions of Data Protection Laws, we process your personal data in line with the following legal basis:

1. Consent: where you have consented to our processing of your personal data for one or more specific reasons. Such consent is given by you through your continuous use of the Services and the Sites.
2. Performance of a contract: in order to perform a contract we have with you or a contract to which you are a party to or in order to take necessary steps at your request prior to entering into such a contract.
3. Legal obligation: where processing of personal data is required by law. We are required by law to retain certain account opening information and personal data of our customers beyond the date such customers cease to carry on business with us.
4. Legitimate interest: in order to protect legitimate interests of data subjects, and in order to carry out the purposes of our business, such as account opening, and processing financial transactions. In addition to this, we have a legitimate interest to prevent fraud, money laundering and to verify identity of data subjects, in order to protect our customers and business, to understand how people interact with our Sites, to provide communication which we think will be of interest to you and to determine the effectiveness of promotional campaigns and advertising.
5. Vital interest: in order to process data for data subjects when they are in critical life threatening situations where they may not be able to provide consent for data processing, and which may be vital for the subjects survival.
6. Public interest: such processing is necessary for the performance of a task carried out in the interest of the public in exercise of an official public mandate vested on us.

When you use the Sites or services, we collect and store your personal data which is provided by you (for example, when you apply for a new product or service) from time to time.

While using our services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal data”). Personally identifiable information in this context may include but is not limited to:

• Identity Data: Full Name, maiden name, marital status, title, biometric information, national identification number (NIN), international passport details, driver’s licence details, date of birth, gender, address, biometric, facial recognition data, and citizenship. We may also request for your next of kin’s details, such as name, phone number, email address and residential address;
• Contact Data: Address, Email Address and Telephone Numbers (Information received during contact with face-to-face meetings, phone calls, emails, letters and SMS);
• Financial Data: Bank account information and bank statements, Bank verification Number (BVN), income and outgoings, financial position, status, and credit history, payment card information and account number;
• Transaction Data: Information regarding the products and services a data subject may have benefited from by using Moniepoint MFB, transactional information in respect of products purchased and location data of transactions where a data subject may have used their debit card;
• Profile Data: This includes username and password;
• Technical and Usage Data: Internet protocol (IP) address, login data, details of browser and operating system, time zone setting, date and time of visit, location, browser plug-in types and versions, platforms and other technology such as unique device identifiers., geolocation, model and user agent on the devices used to access Moniepoint MFB’s website. For mobile devices, usage data may include geo-location information, mobile device access and tracking and cookies data
• Marketing and Communications Data: Information about data subject communications with Moniepoint MFB and communication preferences, including preferences in receiving marketing communications and consents given by data subject to Moniepoint MFB.
• Other Data: (CCTV / Video footage, telephone conversation made via calls to our contact centre lines, use of analytics to collect, monitor and/or analyze data, interests, feedback and survey responses.

Our primary goal in collecting the above stated personal data is to provide you with a safe, efficient, smooth and customised experience. This allows us to provide services and features that most likely meet your needs.

Moniepoint MFB will require the explicit consent of data subjects to process personal data. Irrespective of initial consent given, data subjects can withdraw their consent at any time by filling out our Consent Withdrawal Form here and sending it back to us at [email protected]. However, this will not affect the lawfulness of any processing carried out before the withdrawal of consent. Where consent is withdrawn, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

We collect information you provide directly to us, for example, we collect information when you register or log on to the Sites, create an account, subscribe to a Service, participate in any interactive features on our Services, fill out a form, take part in surveys, upload any documentation, request customer support, make an enquiry, communicate with us by email, phone or post, interact with us on social media, etc.

We will also collect your information where you partially complete and/or abandon any information inputted in the Sites and may use this information to contact you to remind you to complete any outstanding information.

Every computer connected to the internet is given a domain name and a set of numbers that serve as that computer’s internet protocol “IP address”. When you use the Sites, our web servers automatically recognise your domain name and IP address. The domain name and IP address reveals nothing personal about you other than the IP address from which you have accessed the Sites. We are able to see information relating to your browsing patterns and technical data about the equipment you use to access the website through the use of cookies, server logs and other similar technologies. You can select your preference from the cookies settings on any of our websites.

We may also collect technical data from third parties/ public sources such as analytics providers, identity verification providers, advertising networks, search information providers. We may obtain contact, financial and transaction data from providers of technical, payment, credit referencing and delivery services based both inside and outside Nigeria. We utilise third- party service providers to secure information related to financial crime, fraud, sanctions and politically exposed persons.

We do not own personal data provided and will only store such data for a period reasonably needed and we will do our best to ensure that such personal data is secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, unauthorised dissemination, manipulation of any kind, damage by rain, fire or exposure to other natural elements.

We will not sell, share, transfer or rent out any personal information to others in ways different from what is disclosed in this Policy, and our terms and conditions of use. We may share generic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers.

The purpose of collecting your personal data is to give you an efficient, enjoyable, secure and seamless customer experience.

We may use your personal data based on your consent for the following purposes:

• To provide and maintain our services;
• To respond to your enquiries and fulfil any of your requests for information;
• To process transactions and send you notices about your transactions;
• To verify your identity;
• To provide customer care and support services;
• To resolve disputes and troubleshoot problems;
• To improve our services by implementing aggregate customer preferences;
• To manage and protect our information technology infrastructure;
• To monitor and/or prevent fraud, and comply with applicable anti-money laundering laws;
• To monitor traffic patterns and usage of the Sites to help to improve the Sites design and layout;
• To record and store communications with customers by phone, emails, app and website chat function, etc;
• To personalise your experience on our Sites or communications;
• To send you important information regarding the services and/or other technical notices, updates, security alerts, support and administrative messages;
• To send you marketing, promotional communications and targeted advertising for our business purposes with your consent;
• To poll your opinions through surveys or questionnaires; and
• As Moniepoint MFB believes to be necessary or appropriate:
• To comply with a legal obligation. This applies where the processing is necessary for Moniepoint MFB to comply with the law;
• To protect Moniepoint MFB’s legitimate interests, privacy, property or safety, and/or those of a third party as long as it does not conflict with the requirements for the protection of your personal data.
• To protect your vital interests.

We may monitor and record our communications with you, including e-mails and phone conversations for training, quality assurance purposes, and to meet our legal and regulatory obligations in general.

Further to our commitment to protecting your personal data and in compliance with applicable data protection laws and regulations, Moniepoint MFB conducts Data Protection Impact Assessments (DPIAs) where data processing activities are likely to result in high risks to the rights and freedoms of data subjects. We maintain a record of DPIAs conducted and review them periodically or when significant changes occur in our processing operations.

Your personal data is protected by legal rights enshrined in Data Protection Laws. These rights include the following:

• Right to be informed about the processing of personal data;
• Right to access personal data held by us;
• Right to rectify inaccurate or incomplete information;
• Right to request erasure of personal data from the Bank’s systems/records under certain conditions;
• Right to withdraw consent for processing personal data at any time, in cases where consent has previously been given, to the extent our processing relies on your consent as the lawful basis for processing. This right may not apply if there are other legal justifications to continue processing or we need to retain certain personal data where required or permitted under applicable law;
• Right to object to the processing of personal data, for example, direct marketing;
• Right to object to the automated processing of your personal data or to object to any decisions based on the automated processing of personal data, including profiling. Where we use AI to make a decision that has a significant legal impact on you, you have the right to request human intervention or request a review of the decision. However, we may refuse your request where such automated decisions are permitted by applicable law.
• Right to data portability i.e., the right to request that personal data be sent to a third party;
• Right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

If you would like to exercise any of the above stated rights, you can fill out our Data Subject Request Form here specifying the right you wish to exercise. Please return the completed form to [email protected] with a copy to [email protected].

We will endeavour to process all subject access requests within thirty (30) days and if any further extension is required, we will communicate same through existing consented channels – at no cost. However, please note that you may continue to receive existing communications for a transitional period whilst we update your preferences.

Please note that if you request for a copy of your personal data, you may be required to pay a fee if the requests are considered manifestly unfounded or excessive.

We will not retain your personal data for longer than is necessary for the purposes for which such personal data is processed. This means that your personal data will only be retained for as long as it is still required to provide you with the services or is necessary for legal reasons. When calculating the appropriate retention period of your personal data, we consider the nature and sensitivity of the personal data, the purposes for which we are processing such personal data, and any applicable statutory/regulatory retention periods.

As a regulated financial services institution, Moniepoint MFB will retain your personal data for a period of ten (10) years after the termination of the relationship by the data subject or as may be required by regulation; while transaction documents/data will be retained for a minimum period of five (5) years in line with CBN regulation.

Notwithstanding the foregoing and pursuant to the NDP Act 2023, we shall be entitled to retain and process personal data for archiving, scientific research, historical research or statistical purposes for public interest, while protecting your identity and privacy rights as the case may be.

It is important that the personal data Moniepoint MFB holds about you is accurate and current. Please keep Moniepoint MFB informed if any aspect of your personal data changes at any time during your relationship with us. On our customer-facing products, you can easily update your personal data yourself or alternatively contact our Data Protection Officer via [email protected] when you want to exercise your right of rectification.

In order to protect your personal data, we have implemented reasonable and effective organizational and technical security measures to protect your personal information from unauthorized access, data loss and misuse, alteration or destruction. These measures include storing data on a dedicated and secure server with at least 256-bit encryption, restricting access to your personal data to certain employees, ensuring that our internal information technology systems are suitably secure, and implementing procedures to deal with any suspected data breach. Additionally, our employees are trained to respect the confidentiality of any personal information that we hold. We also conduct security audits and vulnerability assessments (penetration tests), regularly.

Where we have provided you (or where you have chosen) a password which grants you access to specific areas on our site, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details (e.g. token generated codes) with anyone.

Despite our best efforts and intentions, we acknowledge that security cannot be absolutely guaranteed against all threat actors. Hence, you are encouraged to only access our Services within a secure environment and not share your passwords, as transmission of personal information to and from our Services is at your own risk.

In the unlikely event of a data breach, Moniepoint MFB will take steps to mitigate any loss or destruction of data and, where applicable, notify you and the Nigeria Data Protection Commission (NDPC) of such a breach.

Moniepoint MFB may be required to disclose personal data of individuals in accordance with a legal obligation in response to requests by government authorities, regulatory bodies, law enforcement agencies or law courts on matters involving public interest, national security or law enforcement requirements.

We may also need to pass your information to third party service providers which maintain, administer or develop the Sites on our behalf and the information will only be provided for such limited purposes and as detailed below. Where applicable, we execute compliant data-sharing agreements or data-processing agreements to provide an extra layer of protection for personal information shared in the process. Additionally, we may provide aggregate statistics about our customers, sales, traffic patterns and related website information to reputable third- parties, but these statistics will include no personally identifiable information.

Moniepoint MFB may share your personal data with the following third parties (“Third Party Providers”):

• Our affiliates within and outside Nigeria in furtherance or promotion of our services to you;
• Companies providing identity or financial validation services;
• Financial product providers;
• Payment services companies acting on your, or our behalf;
• Correspondent banks;
• Companies providing analytics services;
• Data, storage, service and software providers;
• External Auditors;
• Regulatory and law enforcement bodies.

in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

A few of our identity verification Third Party Providers collect your personal data via our Sites through the use of Apple Inc. 's (“Apple”) TrueDepth Application Programming Interface (“TrueDepth API”). As a result of the integration of our Sites with such Third Party Providers, our Sites make use of automatically collected information using the device camera on your Apple mobile device and the TrueDepth API provided by Apple.

The use of your personal data collected as a result of this is to track your facial features, and control the augmented reality (AR) experience. We use ARKit to capture your face 3D spatial orientation and facial expressions. In doing this, we use this data to ensure that the picture (selfie) being taken is of a live user for authentication and fraud reduction purposes. The ARKit information is processed entirely locally and the spatial orientation/facial expression data is not submitted to any third (or first) parties. None of the information collected by the TrueDepth API ever leaves your mobile device nor is it persistently stored on the device.

As part of our operations, we may transfer your personal data to third-party service providers located in countries outside Nigeria for purposes such as secure storage provision, conducting fraud prevention, or other operational functions. We will ensure that your personal data is securely handled during cross-border transfers by ensuring adequate safeguards are in place such as implementing standard contractual clauses to ensure that your personal data is protected to the same standard as it would be within Nigeria. We further ensure that your personal data is securely protected during cross-border transfers through encryption, masking, and other safeguards designed to maintain its security and confidentiality. Additionally, we will ensure that crossborder transfers comply with applicable data protection and privacy laws, including the Nigeria Data Protection Act (NDPA) and any relevant international frameworks, such as the EU General Data Protection Regulation (GDPR), UK GDPR etc. By engaging with our services, you acknowledge our legitimate interest in transferring your personal data to other jurisdictions as described above. Should you have any concerns regarding these transfers, please contact our Data Protection Officer for further information.

All Personal Information you provide to us is stored on secured databases, servers and cloud infrastructure (where applicable) for the purposes of providing seamless services to you, including but not limited to ensuring business continuity; the data that we collect from you may be transferred to or stored in cloud locations at globally accepted vendors' data centres. Whenever your information is transferred to other locations, we will take all necessary steps to ensure that your data is handled securely and in accordance with this privacy policy.

As we embrace innovative technologies to enhance your banking experience, we are committed to protecting your privacy and handling your personal data with the utmost transparency and care.

We may utilize emerging technologies, such as artificial intelligence (AI), machine learning, and other data processing software, to improve our services, products, and processes. These technologies help us to:

• Enhance Security: Detect and prevent fraud, money laundering, and other financial crimes by analyzing transaction patterns and identifying anomalies.
• Personalize Your Experience: Offer you more relevant products, services, and financial advice tailored to your needs and preferences.
• Improve Customer Service: Provide faster and more efficient support through tools like chatbots and automated assistance.
• Streamline Operations: Automate repetitive tasks to improve our efficiency and serve you better.

Our use of AI is governed by strict ethical principles and a commitment to fairness. We use AI to:

• Assess Creditworthiness: In some instances, we may use AI-powered models to assist in credit scoring and loan application assessments. These models analyze various data points to provide a fair and consistent evaluation.
• Communicate with You: Our AI-powered chatbots may interact with you to answer your queries and provide basic support.
• Detect Fraud: AI algorithms help us to monitor your accounts for unusual activities in real-time, providing an additional layer of security.

By visiting or using our Sites and/or Services, you consent to our use of AI for the purpose(s) stated above.

Cookies are small text files stored on your device when you visit a website. These files contain information that helps enhance your browsing experience by remembering your preferences, enabling functionalities, and providing personalised services.

Moniepoint MFB may use the information obtained from use of our cookies to recognize a computer when a user visits Moniepoint’s website, track whoever navigates the website, improve the website’s usability, analyze the use of its website (such as how many people visit it each day), and manage the website.

Users can disable cookies and prevent the setting of cookies by adjusting the settings on their browser.

Further details can be found in our Cookie Policy.

We sometimes use automated systems and software to help us reach decisions about you, for example, to make credit decisions, to carry out security, fraud and money laundering checks, or to process your data when you apply for some of our products and services. This type of processing is carried out under lawful basis and you have a right to request a human review of such processing as indicated under the data subject rights provisions above.

Moniepoint MFB hosts free social events from time to time and there may be photos and videos taken while attending or participating in these events. By attending these events, you agree to be photographed or filmed as this forms part of such events. These pictures and videos may also be posted to our social media platforms and are subject to the applicable social media platforms' terms of use and privacy policy.

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Moniepoint may sometimes contact you with products or services that we think may be of interest to you. If you do not want to receive such promotional materials from us, you can opt out at any time by clicking on the "unsubscribe" link at the bottom of the email or by sending us an email at [email protected] with a copy to [email protected]

If you believe at any time that we have not handled your personal data in accordance with this Policy, or you suspect any violation of your right, you have a right to lodge your complaint directly with the Nigerian Data Protection Commission (NDPC), at [email protected]; additionally, your complaint can also be addressed to [email protected].

Please be informed that [email protected] is a designated email that addresses data privacy complaints, requests, and inquiries ONLY.

We are constantly trying to improve our Sites and services, so we may need to update this Policy from time to time. We will alert you of material changes by, for example, placing a notice on our websites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. We reserve the right to update this Policy as we deem fit, from time to time, without any intimation to you and your continued use of the Sites will signify your acceptance of any amendment to these terms.

Our updated policy will also be displayed on our websites (www.moniepoint.com/ng and www.atm.moniepoint.com/login/web ). It is your responsibility to check this Privacy Policy from time to time to verify such updates.