Privacy Policy

1. This Policy describes the User’s privacy rights regarding Eyowo’s collection, use, storage, sharing and protection of a User’s personal information on the Platforms and in respect of the Services. 
2. The User’s rights in relation to the personal information provided to us includes:
   The basis of our processing of your Personal Information is your consent. You also have the choice at any time to withdraw consent which you have provided. If you wish to exercise any of the rights set above, please contact us at dpo@eyowo.com. Where we are unsure of your identity, we may ask you for proof of your identity for security reasons before dealing with your request.
   
   1. Right to be informed about your rights as it relates to your personal information.
   2. Right to request access or copies to your personal information by signing into your Account with us  or contacting us. 
   3. Right to request that Eyowo erase your personal information. This right is however limited to where the data is no longer required for us to provide our services to you, or the processing has no legal justification. Eyowo may be required to retain an archive of a core set of your personal information where the applicable law requires us to do so or where we retain a core set of your Personal Information to ensure we do not inadvertently contact you in future where you object to your data being used for marketing purposes.
   4. Right to correct or rectify any Personal Information that you provide which may be incorrect, out of date or inaccurate. You also have the right to ask us to complete information you think is incomplete.
   5. Right to object to the processing of your Personal Information for marketing purposes. You have a right to ask us not to contact you for marketing purposes by contacting us on the Platform.
   6. Right to object to processing: You have the right to object to the processing of your Personal Information in certain circumstances. Please note that where you object to us processing your Personal Information, we might be unable to provide the services to you.

1. If a User creates a username, login code, password or any other piece of information as part of the Platform’s access security measures, such information will be treated as confidential, and will not be disclosed to any third party. If a User is aware or suspects that anyone other than his/herself is aware of a User’s security details, kindly notify Eyowo as soon as possible via the address below.
   
   Eyowo Microfinance Bank Limited
   Data Protection Officer
   8, Oduduwa Crescent, 
   Ikeja GRA, Lagos.
   dpo@eyowo.com 

In the event that you use another platform which has been integrated with the Eyowo’s application programming interface (API) (the “Third Party Site”), you acknowledge and agree that you have carefully read and understood the terms of use (including the privacy policy) of the Third Party Site.

Personal Information that can be used to identify, contact or locate a User is “Personally Identifiable Information” (“PII”). Automatically provided information that uniquely identifies a device or browser is not personally identifiable information unless it is linked to a particular User “Personal Identifier Data” (“PID”). Eyowo collects PII and PID across three cardinal points.

1. PII intentionally provided by a User;
2. PID and PII provided by a third-party for the purpose of verifying and/or augmenting a User’s PII; and 
3. PID automatically provided as a result of User’s engagement with the Platform.

1. Personal Information Provided by a User
   Personally identifiable information may include, but is not limited to: Email address, first name and last name, phone number, address, state, bank details, bank verification number (BVN) and ban account information.
2. Information Provided by Third-Party
   Eyowo may need to verify a user’s identity for the purpose of meeting with regulatory compliance and/or fulfilling a contractual obligation and same shall be done by integrating with identity verification services, credit scoring services and such other platforms as may be necessary for verifying a User and/or augmenting the services provided by the Platform.
3. Automatically Provided Information (Cookies and Usage Data)
   
   1. The Platform may automatically record certain information about or related to your use of the Platform that is made available through your computer or device.
   2. We may collect internet protocol (IP) address, browser type, device ID, internet service provider (ISP), information about your computer and software, links materials You request, your approximate location, referring/exit pages, date/time stamp, and other metadata. Platforms may embed Javascript code into page loads, which instructs Users’ web browsers to make web requests back to our servers to collect information about the User page views and other activities.
   3. We collect certain information from the User’s browser using small data files called “cookies”. The Platform may use session cookies to help recognize a User who visits multiple pages during the same session so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser.
   4. We also use persistent cookies to collect, store and track information. The Platform uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only us can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Platform. 
   5. We may employ a software technology called clear gifs or web beacons that help us better manage content on the Platform as well as on the Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar function to cookies and are used to track the online movements of the Web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

Eyowo will comply with the principles outlined below for the purpose of collecting, storing and using a User’s personal information.

1. Data shall be collected and processed with a specific, legitimate and lawful purpose which shall be consented to by the User before collection and processing;
2. Data may be further processed for archiving, scientific research, historical research and statistical purposes for public interest without the obtaining the consent of the User;
3. Data collection and processing shall be adequate, accurate and with consideration for dignity of the human person;
4. Data shall only be stored for the period which is reasonably needed and as required by any written law; and 
5. Data shall be secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.

The lawful basis we rely on for processing your Personal Information are:

• Your consent; Where you agree to us collecting your Personal Information by using our Services.
• We have a contractual obligation: Without your Personal Information, we cannot provide our Services to you.

We have a legal obligation: To ensure we are fully compliant with all applicable Financial legislations such as Anti-Money Laundering and Counter Terrorist Financing Laws, we must collect and store your Personal Information. We protect against fraud by checking your identity with your Personal Information.

Eyowo collects Users’ personal information to provide an efficient and secure User experience . Information gathered on the Platforms for each User may be used to: 

1. provide the Services to the Users;
2. fulfill legal and contractual obligations to Users;
3. develop, operate, support, maintain, enhance and provide the services on the Platform;
4. process payment transactions;
5. provide receipts and reports on the User’s account;
6. resolve disputes arising from using the Platform;
7. customize, measure, and improve the Services offered on the Platform;
8. protect the interests and rights of the Users on the Platforms;
9. enforce our agreements on the Platforms as well as our Terms and Conditions;
10. detect and prevent fraud and other potentially illegal activities;
11. combine PII and PID from other sources using proprietary algorithms to calculate risk scores and fraudulent scores;
12. for administrative, operational and reporting purposes;
13. promote marketing communication (taking into consideration the option to opt out);
14. manage and protect the Site’s information technology and physical infrastructure; and 
15. measure the performance of the Platform and improve content, technology and layout.

1. We provide such information to our subsidiaries, affiliated companies or other trusted third-party service providers or persons for the purpose of processing personal information on our behalf, including validating user credentials, securing data storage, marketing, customer service, fraud detection and other applicable services. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures we deem relevant subject to applicable law and We require that these third-parties providers use PII and PID only in connection with the services they perform for Eyowo.
2. Eyowo may share User information in the event of a merger, acquisition, debt financing, sale of all or a portion of our assets, or similar transaction, or in the event of insolvency, bankruptcy or receivership in which User information is transferred to one or more third parties as one of our business assets. Should such an event occur, Eyowo will endeavor to assure that the acquirer, successor, or assignee (as the case may be) follows this Privacy policy with respect to User information. If User information could be used contrary to this Privacy policy, Users will receive prior notice as well as the opportunity to opt out.
3. Eyowo may share User information with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when Eyowo believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect Eyowo's property or legal rights (including, but not limited to, enforcement of Eyowo's Terms of Service, Merchant Service Agreement, and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.
4. Except as expressly disclosed in this Privacy policy, Eyowo will not sell or disclose User information to third parties. Eyowo will not sell, rent, share, or trade personally identifiable information to third parties (other than the Platform through which Eyowo collected such information) for their promotional purposes. Eyowo may disclose aggregated or other types of non-personally identifiable information to third parties for various purposes.

1. Eyowo has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction. 
2. Eyowo uses computer safeguards such as firewalls and data encryption and authorizes access to personally identifiable information only for those employees, contractors, and agents who require it to fulfill their job responsibilities.
3. Eyowo takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss, Eyowo encrypts such information and transmits it under Secure Socket Layer (SSL).
4. Eyowo only retains personal information for as long as is reasonably necessary to keep providing Services to you. Where we no longer provide services to you, by virtue of you closing your account with us, your information is stored on our servers to the extent necessary to comply with regulatory obligations and for the purpose of fraud monitoring, detection and prevention. Where we retain your Personal Information, we do so in compliance with limitation periods under the applicable law.

1. By virtue of hosting on AppleStore and GooglePlay, Eyowo stores and processes User information on dedicated servers located in secure data centers that may be located within the United States and in other jurisdictions. 
2. If you use the Services from the European Union or other regions of the world with laws governing data collection and use that differ from laws of the Federal Republic of Nigeria, then you understand and consent to the transfer of your User information to the Federal Republic of Nigeria or other jurisdictions for the uses identified above in accordance with this Privacy policy. 
3. You acknowledge and agree that the privacy and data security laws in place in the Federal Republic of Nigeria or other jurisdictions may be different from the privacy and data security laws in force in the country in which you reside. 
4. By voluntarily providing User information, you hereby agree that you are consenting to our collection, use, storage, and disclosure of such User information in accordance with this Privacy policy.

1. Eyowo is required to comply with the Nigeria Data Protection Regulation 2019 (“NDPR”) and other relevant laws and regulations regarding reporting requirements in relation to data breaches and report any personal data breach where there is a risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, such a User  also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.
2. Eyowo has placed procedures around its Platforms to deal with any suspected personal data breach and will notify a User or the relevant regulator (where legally required to do so). We shall aim to remedy any suspected breach of personal data of a User within one (1) month from the date of the report of the breach.
3. All evidence relating to a personal data breach shall be preserved to enable Eyowo maintain a record of such breaches, as required by the data protection laws.
4.  Eyowo will not be responsible for any personal data breach which occurs as a result of:
   1. an event which is beyond the control of Eyowo;
   2. an act or threats of terrorism;
   3. an act of God (such as, but not limited to pandemics, fires, explosions, earthquakes, drought, tidal waves and floods) which compromises Eyowo’s data protection measures on the Site;
   4. war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo; 
   5. rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises Eyowo’s data protection measures for the Site;
   6. the transfer of a User’s personal data to a third party on his/her instructions; and
   7. the use of a User’s personal data by a third party designated by a User.

1. Eyowo allows you to manage your account and information online and on the Platform at www.eyowo.com. Once you log in you may update your personal information, assuming your account is in good standing. In that case, we will retain only the personal information required by law or that we deem necessary.
2. Eyowo aims to provide you with access to your personal information at every point during the usage of our Service. In the event that the information is wrong, we have established channels that will assist in quickly changing or updating any of such information, however subject to proof as the need may be; and unless there is a legitimate legal or business reason to keep such information, we will strive to delete the information upon being aware.

1. We may amend this Privacy Policy at any time by posting a revised version on this page. The revised version will be effective at the time we post it, unless we provide additional notice or an opportunity to “opt-in” because changes are material or retroactive. If you keep using our Services, you consent to all amendments of this Privacy Policy.
2. You can always see the most updated changes to this Privacy Policy on www.eyowo.com or by contacting Customer Service at support@eyowo.com  

This Policy is made pursuant to the provisions of NDPR and any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria.