Select Region/Country
  • Global
  • Nigeria
  • Kenya

Cookie Statement

Please note that we take your privacy seriously and only process your personal information following Nigeria Data Protection Act, 2023 and any applicable regulations. Your continued use of this platform indicates that you consent to the processing of your data by Moniepoint MFB.

Our site also uses cookies to enhance your experience on this platform. You can modify your preference using the option below. Please read our Cookie Policy for more information.

This website uses cookies to enhance your experience. Learn more here:

Privacy PolicyCookie Policy
moniepoint
BusinessPersonal
AboutContactBlog
Sign in
Global

Privacy Policy

This privacy policy (“Policy”) applies to the website(s) and mobile application(s) (hereinafter referred to as, the "Sites") provided by Moniepoint Microfinance Bank Limited (“Moniepoint MFB”, “we”, “us”, “our”) , and other products/services of Moniepoint MFB . This Policy discloses our data protection practices on our Sites, products and subscriber-based services (“Services”), inclusive of the type of personal data that we collect, our method of collection of personal data, use of personal data and procedures for sharing personal data with third parties.

The Sites covered by this Policy include our existing websites, mobile applications and all other additional websites and mobile applications produced and managed by Moniepoint MFB. Details of existing Sites include the following:

We are committed to protecting your personal data (i.e. any information you provide to us through which you can be identified) in accordance with the provisions of the Nigeria Data Protection Act 2023 and other applicable data protection laws (“Data Protection Laws”).

By visiting the Sites (including all websites and mobile applications which may be added or removed from time to time) you agree to this Privacy Policy. By continuing to visit our website and use our services you accept and consent to the practices contained in our privacy policy.

LAWFUL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA

In compliance with the provisions of Data Protection Laws, we process your personal data in line with the following legal basis: 

  • Consent: where you have consented to our processing of your personal data for one or more specific reasons. Such consent is given by you through your continuous use of the Services and the Sites.
  • Performance of a contract: in order to perform a contract we have with you or a contract to which you are a party to and in order to take necessary steps at your request prior to entering into such a contract.
  • Legal obligation: where processing of personal data is required by law. We are required by law to retain certain account opening information and personal data of our customers beyond the date such customers cease to carry on business with us.
  • Legitimate interest: in order to protect legitimate interests of data subjects, and in order to carry out the purposes of our business, such as account opening, and processing financial transactions. In addition to this, we have a legitimate interest to prevent fraud, money laundering and to verify identity of data subjects, in order to protect our customers and business, to understand how people interact with our Sites, to provide communication which we think will be of interest to you and to determine the effectiveness of promotional campaigns and advertising.
  • Vital interest: in order to process data for data subjects when they are in critical life threatening situations where they may not be able to provide consent for data processing, and which may be vital for the subjects survival.
  • Public interest: such processing is necessary for the performance of a task carried out in the interest of the public on in exercise of an official public mandate vested on us.

INFORMATION WE MAY COLLECT FROM YOU

When you use the Sites or Services, we collect and store your personal data which is provided by you from time to time. 

Personal data/ information in this context shall include all data such as: any means of information relating to an identified or identifiable natural person who can be identified by:

  • a name;
  • an identification number;
  • location data, an online identifier;
  • address, a photo, an email address;
  • facial recognition data;
  • bank details;
  • posts on social networking websites; and
  • other unique identifiers such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM.

For the purpose of accessing our Services, the personal data we may collect include: your full legal names, marital status, title, date of birth, gender, photo, facial recognition data, business name, email address, mailing address, telephone number, bank account number, payment card details, bank verification number, national identification number, international passport number, means of identification, guarantors contact details, bank statements, usernames, password, your preferences, interests, feedback and survey responses, preference in receiving marketing information from us and our third parties and your communication preferences, etc. 

Our primary goal in collecting the above stated personal data is to provide you with a safe, efficient, smooth and customised experience. This allows us to provide services and features that most likely meet your needs.  

HOW WE COLLECT INFORMATION

We collect information you provide directly to us, for example, we collect information when you register or log on to the Sites, create an account, subscribe to a Service, participate in any interactive features on our Services, fill out a form, take part in surveys, post on our message boards, upload any documentation, request customer support, make an enquiry, communicate with us by email, phone or post, interact with us on social media, etc.

We will also collect your information where you partially complete and/or abandon any information inputted in the Sites and may use this information to contact you to remind you to complete any outstanding information.

Every computer connected to the internet is given a domain name and a set of numbers that serve as that computer’s internet protocol “IP address”. When you use the Sites, our web servers automatically recognize your domain name and IP address. The domain name and IP address reveals nothing personal about you other than the IP address from which you have accessed the Sites. We are able to see information relating to your browsing patterns and technical data about the equipment you use to access the website through the use of cookies, server logs and other similar technologies. You can select your preference from the cookies settings on any of our websites. 

We may also collect technical data from third parties/ public sources such as analytics providers, identity verification providers, advertising networks, search information providers. We may obtain contact, financial and transaction data from providers of technical, payment, credit referencing and delivery services based both inside and outside Nigeria. We utilise third-party service providers to secure information related to financial crime, fraud, sanctions and politically exposed persons.

We do not own personal data provided and will only store such data for a period reasonably needed and we will do our best to ensure that such personal data is secured against all foreseeable hazards and breaches such as theft, cyber-attack, viral attack, unauthorised dissemination, manipulation of any kind, damage by rain, fire or exposure to other natural elements. 

We will not sell, share, transfer or rent out any personal information to others in ways different from what is disclosed in this Policy, and our terms and conditions of use. We may share generic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers.

INFORMATION WE COLLECT FROM OTHER SOURCES

In order to provide you with access to the Services, or to provide you with better service in general, we may combine information obtained from other sources (for example, a third-party developer whose application you have authorised) and combine that with information we collect through the Sites.

HOW WE USE YOUR PERSONAL DATA

The purpose of collecting your personal data is to give you an efficient, enjoyable, secure and seamless customer experience.  

We may use your personal data based on your consent for the following purposes:

  • To respond to your enquiries and fulfil any of your requests for information;
  • To process transactions and send notices about your transactions to requisite parties;
  • To verify your identity; 
  • To resolve disputes and troubleshoot problems;
  • To improve our services by implementing aggregate customer preferences;
  • To manage and protect our information technology infrastructure;
  • To monitor traffic patterns and usage of the Sites to help to improve the Sites design and layout;
  • To record and store communications made via phone, skype or the website chat function;
  • To personalise your experience on our Sites or communications/advertising;
  • To send you important information regarding the services and/or other technical notices, updates, security alerts, support and administrative messages;
  • To poll your opinions through surveys or questionnaires; and
  • As Moniepoint MFB believes to be necessary or appropriate:
    • To comply with a legal obligation. This applies where the processing is necessary for Moniepoint MFB to comply with the law;
    • To protect Moniepoint MFB’s legitimate interests, privacy, property or safety, and/or those of a third party as long as your rights do not override those interests.
    • To protect your vital interests

We may monitor and record our communications with you, including e-mails and phone conversations for training, quality assurance purposes, and to meet our legal and regulatory obligations in general. 

Whenever we use your information for our legitimate interests, we will ensure that your information is processed on an anonymised basis and displayed at aggregated levels, which will not be linked back to you or to any living individual.

YOUR RIGHTS AS A DATA SUBJECT

Your personal data is protected by legal rights enshrined in Data Protection Laws. These rights include the following:

  • Right to be informed i.e. confirmation as to whether the data controller or a data processor operating on its behalf, is storing or otherwise processing personal data relating to the data subject;
  • Right to request a copy of data subject’s personal data in a commonly used electronic format, except to the extent that providing such data would impose unreasonable costs on the data controller, in which case the data subject may be required by the controller to bear some or all of the costs;
  • Right to have correction or, if correction is not feasible or suitable, deletion of the data subject’s personal data that is inaccurate, out of date, incomplete, or misleading;
  • Right for erasure of personal data concerning the data subject, without undue delay;
  • Right to withdraw, at any time, consent to the processing of personal data under the Nigeria Data Protection Act 2023;
  • Right to object to the processing of personal data concerning the data subject;
  • Right to object to any decisions based on the automated processing of your personal data, including profiling;
  • Right to data portability;
  • Right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Please note that if you request for a copy of your personal data, you may be required to pay a fee if the requests are considered manifestly unfounded or excessive.

If you would like to exercise any of the above stated rights, please follow the following procedures: 

  • put your request in writing and send it to us through your usual registered channel (e.g. by registered email) and specify the right you wish to exercise.
  • You can also access the Data Subject Access Request (DSAR) portal on our website.

For more information or to exercise your data protection rights please, please contact our Data Protection Officer at [email protected].

We will endeavour to process all subject access requests within thirty (30) days and if any further extension is required, we will communicate same through existing consented channels – at no cost. However, please note that you may continue to receive existing communications for a transitional period whilst we update your preferences.

RETENTION OF YOUR DATA

We will not retain your personal data for longer than is necessary for the purposes for which such personal data is processed. This means that your personal data will only be retained for as long as it is still required to provide you with the Services or is necessary for legal reasons. When calculating the appropriate retention period of your personal data we consider the nature and sensitivity of the personal data, the purposes for which we are processing such personal data, and any applicable statutory/regulatory retention periods. Using these criteria, we regularly review the personal data that we hold and the purposes for which such is held and processed. Our Payment Card Industry Data Security Standard (“PCIDSS”) obligation means that we are obliged to retain personal data for a minimum of ten (10) years from the end date of our business relationship with you. 

When we determine that personal data can no longer be retained (or where you request that we delete your personal data in accordance with your rights contained in Data Protection Laws) we ensure that such personal data is securely deleted, anonymised or destroyed.

Please see details of our data retention and disposal process below: 

Type of data

Retention Period

Disposal Process

Electronic storage on database 

10 years

(regulatory reasons)

Programmatic (automatic) process to remove, at least on a quarterly basis, personal data that exceeds business retention requirements/reviews conducted at least on a quarterly basis

Hardcopy data (receipts/faxes)

10 years

Cross-cut shredded/incinerated, pulped

Hard drives (back-up)

10 years 

Secure wipe program/degauss

Tape Media (back-up)

10 years 

Physically destroy

System and network logs

  1. 1 year 

On at least a quarterly basis, we systematically remove and destroy all cardholder data that has exceeded its retention period, and review and ensure the remaining stored cardholder data remains within the formal retention requirements. 

Wherever the primary account number (“PAN”) is stored, whether electronically or on paper, it is masked. The first six and last four digits are the maximum number of digits that may be displayed. Certain members of the operations and Service delivery units have a legitimate business need when dealing with customer/cardholder enquiries to access the PAN. Wherever the PAN is stored (including in logs, removable media, etc.), it is made unreadable by means of one-way hashes. Cardholder data is never stored on removable media and when removable physical storage media (including documents, faxes, and electronic media) are no longer required (i.e. they have passed their retention periods), they are destroyed. 




ACCURACY OF YOUR DATA

It is important that the personal data Moniepoint MFB holds about you is accurate and current. Please keep Moniepoint MFB informed if any aspect of your personal data changes at any time during your relationship with us. On our customer facing products, you can easily update your personal data yourself or alternatively contact our Data Protection Officer via [email protected] when you want to exercise your right of rectification.

SECURITY OF YOUR DATA

In order to protect your personal data, we have put in place appropriate organisational and technical security measures. These measures include storing data on a dedicated and secure server with at least 256-bit encryption, restricting access to your personal data to certain employees, ensuring that our internal information technology systems are suitably secure, and implementing procedures to deal with any suspected data breach.

In the unlikely event of a data breach, Moniepoint MFB will take steps to mitigate any loss or destruction of data and, if appropriate, will notify you and any applicable authority of such a breach.

We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage. We will do our best to protect your personal data, but we cannot guarantee the security of your personal data which is transmitted to other websites via an internet or similar connection. If we have given you (or you have chosen) a password to access certain areas of the Sites please keep this password safe, we will not share this password with anyone.

As a user of the Services, you understand and agree that you assume all responsibility and risk attached to safeguarding your account with us. You shall at no time whatsoever disclose your password to anyone, nor shall you allow anyone make use of your account.

DATA TRANSFERS AND SHARING

Due to the fact that we operate in a regulated environment, we cannot ensure that all your private communications and other personally identifiable information will never be disclosed in ways not otherwise described in this Policy. By way of example (without limiting the foregoing), we may be required to disclose information to the government, regulatory bodies, law enforcement agencies, and third parties for the performance of a task carried out in the interest of the public interest.

We may need to pass your information to third party service providers which maintain, administer or develop the Sites on our behalf and the information will only be provided for such limited purposes and as detailed below. Additionally, we may provide aggregate statistics about our customers, sales, traffic patterns and related website information to reputable third-parties, but these statistics will include no personally identifiable information.

Moniepoint MFB may transfer your personal data to third parties (“Third Party Providers”) of the following types:

  • companies providing identity or financial validation services;
  • financial product providers;
  • payment services companies acting on your, or our behalf;
  • banks;
  • companies providing analytics services;
  • data, service and software providers;
  • Regulatory and law enforcement bodies.

A few of our identity verification Third Party Providers collect your personal data via our Sites through the use of Apple Inc.'s (“Apple”) TrueDepth Application Programming Interface (“TrueDepth API”). As a result of the integration of our Sites with such Third Party Providers, our Sites make use of automatically collected information using the device camera on your Apple mobile device and the TrueDepth API provided by Apple. 

The use of your personal data collected as a result of this is to track your facial features, and control the augmented reality (AR) experience. We use ARKit to capture your face 3D spatial orientation and facial expressions. In doing this, we use this data to ensure that the picture (selfie) being taken is of a live user for authentication and fraud reduction purposes. The ARKit information is processed entirely locally and the spatial orientation/facial expression data is not submitted to any third (or first) parties. None of the information collected by the TrueDepth API ever leaves your mobile device nor is it persistently stored on the device. 

We will do our reasonable best to ensure personal data provided by you to us and shared with a Third Party Provider is done in accordance with the provisions of Data Protection Laws. We will also reasonably ensure that such Third Party Providers with whom we share your personal data will ensure the security of the same as provided by this Policy and in accordance with Data Protection Laws. 

COOKIES

Cookies are small text files stored on your device when you visit a website. These files contain information that helps enhance your browsing experience by remembering your preferences, enabling functionalities, and providing personalised services. The types of cookies we use are:

  • Necessary Cookies: These are essential for the website to function properly and cannot be disabled.
  • Performance and Analytics Cookies: These cookies help us analyse site performance and improve its functionality.
  • Advertising and Targeting Cookies: These cookies are used to deliver relevant advertisements to you.

We use cookies for various purposes, including:

  • Personalisation: To provide tailored content and advertisements based on your preferences.
  • Security: To ensure safe and secure access to our website.
  • Analytics: To collect data about website traffic and user behaviour for continuous improvement.
  • Functionality: To remember your preferences and provide a seamless user experience.

You have the option to manage your cookie preferences. Most web browsers allow you to control cookies through their settings. You can:

  • Enabling or disabling the cookies.
  • Delete cookies stored on your device.
  • Adjust browser settings to notify you before accepting cookies.

UPDATES TO THE PRIVACY POLICY

We are constantly trying to improve our Sites and services, so we may need to change this Policy from time to time as well. We will alert you of material changes by, for example, placing a notice on our websites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law. We reserve the right to update this Policy as we deem fit, from time to time, without any intimation to you and your continued use of the Sites will signify your acceptance of any amendment to these terms.  

Our updated terms will also be displayed on our website (www.moniepoint.com/ng) and www.atm.moniepoint.com/login/web). It is your responsibility to check this Privacy Policy from time to time to verify such updates.

If you believe at any time that we have not handled your personal data in accordance with this Policy, please contact our Data Protection Officer.

We have appointed a Data Protection Officer (DPO) who is responsible for dealing with all such concerns, in addition to overseeing questions relating to this Policy and handling requests in relation to the exercise of your rights. If you have any concerns or questions, please contact the Data Protection Officer using the details set out below.

CONTACT

Data Protection Officer

Moniepoint Microfinance Bank Limited

The Post Square Adeola Odeku Street, Victoria Island, Lagos, Nigeria

[email protected]

If you have any questions, comments and requests regarding your privacy and rights, please let us know how we can help.

Last Updated: 2nd December 2024.