- We provide products or services to you or our client;
- You visit or use our website; and/or
- Performing any other activities that form part of our business.
Note that you can withdraw your consent at any time, however such withdrawal of consent would not affect the lawfulness of processing information based on consent given before its withdrawal.
What information we collect
In the course of providing products or services to you or our client and performing due diligence checks in connection with our products or services (or discussing the possible products or services we might provide), we generally collect personal information about you. We also typically collect personal information about you when you visit or use our website.
The personal information that we may collect depends on the specific services, activities or products we undertake but typically includes: your name; age; date of birth; gender; home address; email address; BVN; telephone number; other contact details; country of residence; passport number and other national ID numbers; employment details (for example, the organization you work for, your job title); family circumstances (for example, your marital status where you enter it in a form on our website or it appears in any documentation you provide to us) CAC documents; financial information (for example, your income, bank statements, where you enter such information in a form on our website or it appears in any documentation that you provide to us or authorize us to access from your bank and financial institutions); details of how you use any product or service provided by Nuflin; postings on any blogs, forums, wikis, and any other social media applications and services that we provide; IP address; browser and device type; username that is used by you for one of our products or services; language; access times and duration; details of how you like to use our website or the interactive products, tools, other technology or services we provide to you or our clients; websites that you visited before and after visiting our website; details of how you like to interact with us, and similar information.
The types of personal information and ‘sensitive’ or ‘special categories’ of personal information that we collect will generally vary depending on the nature of the products and services that we provide to you and how you use our website. In some cases, the ‘sensitive’ or ‘special categories’ of personal information that we collect may include information collected as part of KYC and anti-money laundering checks that we must conduct before accepting you as a customer.
In some rare circumstances, we will also gather other ‘special categories’ of personal information about you because you volunteer that data to us (for example, it appears in a copy of your resume/CV that you upload to our website).
In some other circumstances, the personal information we collect from you is needed to meet our legal or regulatory obligations or to provide you with the products or services requested by you.
In some cases, we may also collect personal information about you indirectly from third parties including but not limited to:
- A guarantor.
- Third parties such as providers of ‘know your client’ and anti-money laundering services which we use to help us meet our legal requirements in this area and to help us verify your identity where we provide you with products or services;
- Background check providers which we sometimes use to verify your identity when you apply for a product of ours;
- Third-party service providers that help us to operate our website; and (v) your banks and financial institutions.
How we use your information
We will use your personal information to provide you with products or services. As part of this, we may use your personal information in the course of correspondence relating to those products or services. Such correspondence may be with you, our customers, our service providers, or public or judicial authorities with the necessary authorization.
In many cases, we also use your personal information to conduct due diligence checks in advance of providing products or services to you and to process an application from you or a prospective client to receive products or services from us. If you are referred to us by an intermediary or similar third party, we also typically use your personal information to assess whether to accept or reject your referral to Nuflin by that intermediary or similar third party.
We generally use your personal information collected via this website:
- to manage and improve any services provided via our website.
- to manage and improve our website (including by drawing up statistics on the usage of our website) to tailor the content of our website.
- to provide you with a more personalized experience and draw your attention to information about products and services that may be of interest.
- to you to manage and respond to any request that you submit through our website to help us learn more about you, the products and services that you receive from Nuflin, and other products and services that you or your employer might be interested in receiving.
- to correspond with you in relation to the services you use on our website or information you provide via our website. This correspondence is usually with you, our service providers, or public or judicial authorities with the necessary authorization.
We generally also use your personal information collected via this website for the purposes of, or in connection with:
- Applicable legal or regulatory requirements.
- Requests and communications from public or judicial authorities with the necessary authorization.
- Financial accounting, invoicing, and risk analysis purposes.
- Prudent operational management (including credit and risk management, audit, training, and similar administrative purposes) client relationship purposes, which involve:
- contacting you to receive feedback on Nuflin products or services; and
- contacting you for other marketing or research purposes;
- Recruitment and business development purposes.
- Services we receive from our professional advisors, such as lawyers, accountants, and consultants.
- Arrangements we have in place with intermediaries, brokers, and other individuals and entities that partner with us.
- Protecting our rights and those of our customers.
- Meeting our corporate and social responsibilities.
We generally use your personal information for the purposes outlined above because:
- It is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms;
- it is necessary for legal and/or regulatory obligations or requests that we are subject to, such as keeping records in accordance with applicable regulations or providing information to a public body or law enforcement agency;
- It is necessary to perform contractual obligations that we owe towards you, or to take pre-contractual steps at the request of you;
- In some cases, we have obtained your prior consent.
To the extent that we process any sensitive personal information relating to you for any of the purposes outlined above, we will do so because either:
- You have given us your explicit consent to process that information;
- The processing is necessary for reasons of substantial public interest on the basis of applicable law (for example where we are required by law or regulatory requirements to process that information in order to ensure we meet our KYC and ‘anti-money laundering’ obligations); or
- The processing is necessary for the establishment, exercise, or defense of legal claims. The legal grounds for processing sensitive personal information outlined above are contained in the EU’s General Data Protection Regulation and the Nigeria Data Protection Regulation 2019.
If you do not want to continue receiving any marketing materials from us, you may communicate this to us via recommended options.
To whom we disclose your information
We generally disclose details about you to professional advisors and third parties that provide services to us (such as IT systems providers, platform providers, financial advisors, consultants including lawyers and accountants) and other goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); competent authorities (including any national and/or international regulatory or enforcement body or court or other form of tribunal, where we are required to do so by applicable law or regulation at their request); a potential buyer, transferee, merger partner or seller and their advisers in connection with any actual or potential transfer or merger of part or all of Nuflin’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it; credit reference agencies or other organizations that help us detect criminal activity and incidence of fraud; and any federal, state or local government departments and other statutory or public bodies.
How long we keep your information
We will hold your personal information on Nuflin’s systems for as long as is necessary to fulfill the purpose for which it was collected or to comply with applicable legal, regulatory, or internal policy requirements.
Protection of your personal information
We use a range of physical, electronic, and managerial measures to ensure that we keep your personal information secure, accurate, and up to date. These measures include:
- education and training of relevant staff to ensure they are aware of our privacy obligations when handling personal information as well as training
- around social engineering, phishing, spear phishing, and password risks
- administrative and technical controls to restrict access to personal information on a ‘need to know’ basis
- technological security measures, including firewalls, encryption and anti-virus software
- physical security measures, such as staff security passes to access our premises.
- external technical assessments, security audits, and vendor due to diligence
- endpoint security: Anti-virus, portable storage device lockdown, restricted administrative privileges
- Real-time monitoring of data leakage controls
- Layered and comprehensive cybersecurity defenses
- Security incident reporting and management
Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal information, but we cannot guarantee the security of data transmitted to us or by us.
Storage of Your Data
We erase/delete personal data in the event of the following:
- The personal data is no longer necessary in relation to the purposes for which they were collected or processed;
- You withdraw your consent or object to the processing and there is no overriding lawful basis for the processing;
- The personal data was unlawfully collected or processed in the first place;
- In compliance with NITDA’s or any other lawful directive.
Your rights and how to contact us
You have various rights in relation to your personal information. In particular, you have a right to:
- object to the processing of your personal information
- request a copy of personal information we hold about you
- ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete
- ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information
- withdraw consent to our processing of your personal information (to the extent such processing is based on consent)
To exercise any of your rights, or if you have any other questions about our use of your personal information, please e-mail firstname.lastname@example.org You may also use these contact details if you wish to make a complaint to us relating to your privacy.
If you are unhappy with the way we handled your personal information or any privacy query or request that you have raised with us, you also have a right to complain to a data protection regulator in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.
What are Cookies?
Cookies are small text files. They are commonly downloaded to your computer or mobile device by websites that you visit. They enable the website to tag your device and recognize it as you move around the site (and potentially when you return at a later date) so that, for example, you do not have to re-enter your password each time you move between pages of the website.
Can I turn off cookies?