We take our customers’ privacy very seriously and ensure always to maintain the highest standards of confidentiality.
USERS’ PRIVACY RIGHTS
1.1. This Policy describes the User’s privacy rights regarding Eyowo’s collection, use, storage, sharing and protection of a User’s personal information on the Platforms and in respect of the Services.
Eyowo Microfinance Bank Limited
Data Protection Officer
8, Oduduwa Crescent,
Ikeja GRA, Lagos
1.4. You further acknowledge and agree that Eyowo is authorized to share any data which you enter on the Eyowo App, Eyowo Payroll, Eyowo for Business (the “Platform”) with Third Party Sites, subject to applicable laws of the Federal Republic of Nigeria. Provided always that Eyowo shall not bear any liability for data shared by Users with Third Party Sites or such other platforms accessed through the use of the Platform.
USERS’ PERSONAL INFORMATION
Personal Information that can be used to identify, contact or locate a User is “Personally Identifiable Information” (“PII”). Automatically provided information that uniquely identifies a device or browser is not personally identifiable information unless it is linked to a particular User “Personal Identifier Data” (“PID”). Eyowo collects PII and PID across three cardinal points.
- a). PII intentionally provided by a User;
- b). PID and PII provided by a third-party for the purpose of verifying and/or augmenting a User’s PII; and
- c). PID automatically provided as a result of User’s engagement with the Platform.
2.2 Personal Information Provided by a User
- 2.2.1 Personally identifiable information may include, but is not limited to: Email address, first name and last name, phone number, address, state, bank details, bank verification number (BVN) and ban account information.
2.3 Information Provided by Third-Party
Eyowo may need to verify a user’s identity for the purpose of meeting with regulatory compliance and/or fulfilling a contractual obligation and same shall be done by integrating with identity verification services, credit scoring services and such other platforms as may be necessary for verifying a User and/or augmenting the services provided by the Platform.
2.4 Automatically Provided Information (Cookies and Usage Data)
- 2.4.2 The Platform may automatically record certain information about or related to your use of the Platform that is made available through your computer or device.
- 2.4.3 We collects certain information from the User’s browser using small data files called “cookies”. The Platform may use session cookies to help recognize a User who visits multiple pages during the same session so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser.
- 2.4.4 We also use persistent cookies to collect, store and track information. The Platform uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only us can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Platform.
- 2.4.5 We may employ a software technology called clear gifs or web beacons that help us better manage content on the Platform as well as on the Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar function to cookies and are used to track the online movements of the Web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.
Eyowo will comply with the principles outlined below for the purpose of collecting, storing and using a User’s personal information.
- a). Data shall be collected and processed with a specific, legitimate and lawful purpose which shall be consented to by the User before collection and processing;
- b). Data may be further processed for archiving, scientific research, historical research and statistical purposes for public interest without the obtaining the consent of the User;
- c). Data collection and processing shall be adequate, accurate and with consideration for dignity of human person;
- d). Data shall only be stored for the period which is reasonably needed and as required by any written law; and
- e). Data shall be secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
PURPOSE OF COLLECTION
Eyowo collects Users’ personal information to provide an efficient and secure User experience and may retain such personal data for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law. Information gathered on the Platforms for each User may be used to:
- a). provide the Services to the Users;
- b). fulfill legal and contractual obligations to Users;
- c). develop, operate, support, maintain enhance and provide the services on the Platform;
- d). process payment transactions;
- e). provide receipts and reports on User’s account;
- f). resolve disputes arising from using the Platform;
- g). customize measure, and improve the Services offered on the Platform;
- h). protect the interests and rights of the Platforms;
- i). enforce our agreements on the Platforms as well as our Terms and Conditions;
- j). detect and prevent fraud and other potentially illegal activities;
- k). combine PII and PID from other sources using proprietary algorithms to calculate risk scores and fraudulent scores;
- l). for administrative, operational and reporting purposes;
- m). promote marketing communication (taking into consideration the option to opt out);
- n). manage and protect the Site’s information technology and physical infrastructure; and
- o). measure the performance of the Platform and improve content, technology and layout.
SHARING INFORMATION WITH THIRD PARTIES
- 5.1. We may share User information with third-party service providers for the purpose of validating user credentials; securing data storage, marketing, customer service, and other applicable services and We require that these third-parties providers use PII and PID only in connection with the services they perform for Eyowo.
- 5.3. The Eyowo Risk Score is not personally identifiable information, and Eyowo may share it (and other similar information generated by Eyowo) with Platforms or other third parties. Eyowo claims ownership of Risk Scores and similar analytical results that we generate using User information, whether alone or in combination with other information. Eyowo may use, disclose, or sell Risk Scores in Eyowo's sole discretion.
- 5.5. Eyowo may share User information with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when Eyowo believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect Eyowo's property or legal rights (including, but not limited to, enforcement of Eyowo's Terms of Service, Merchant Agreement, and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.
- 5.7. We will share personally identifiable information with third parties only to best provide Eyowo's Services and in special situations, such as legal investigations and merger. We may also share non-identifiable information with third parties that help us prevent fraud and analyze website activity.
SECURITY OF USERS’ PERSONAL INFORMATION
- 6.1. Eyowo has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction.
- 6.2. Eyowo uses computer safeguards such as firewalls and data encryption and authorizes access to personally identifiable information only for those employees, contractors, and agents who require it to fulfill their job responsibilities.
- 6.3. Eyowo takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss, Eyowo encrypts such information and transmits it under Secure Socket Layer (SSL).
- 7.1. By virtue of hosting on AppleStore and GooglePlay, Eyowo stores and processes User information on dedicated servers located in secure data centers that may be located within the United States and in other jurisdictions.
- 7.3. You acknowledge and agree that the privacy and data security laws in place in the Federal Republic of Nigeria or other jurisdictions may be different from the privacy and data security laws in force in the country in which you reside.
DATA CONFIDENTIALITY RIGHTS
- 8.1. A User’s information is regarded and will be held as confidential.
- 8.2. A User has the right to request sight of, and copies of any and all personal information on the Platforms.
- 8.3. A User’s role in fulfilling confidentiality duties include, but are not limited to, adopting and enforcing appropriate security measures.
- 8.4. Eyowo will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.
REPORTING A PERSONAL DATA BREACH
- 9.1. Eyowo is required to comply with the Nigeria Data Protection Regulation 2019 (“NDPR”) and other relevant laws and regulations regarding reporting requirements in relation to data breaches and report any personal data breach where there is a risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, such a User also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.
- 9.2. Eyowo has placed procedures around the Site to deal with any suspected personal data breach and will notify a User or the relevant regulator (where legally required to do so). We shall aim to remedy any suspected breach of personal data of a User within one (1) month from the date of the report of the breach.
- 9.3. All evidence relating to a personal data breach should be preserved to enable Eyowo maintain a record of such breaches, as required by the data protection laws.
- 9.4. Eyowo will not be responsible for any personal data breach which occurs as a result of
- an event which is beyond the control of Eyowo;
- an act or threats of terrorism;
- an act of God (such as, but not limited to pandemics, fires, explosions, earthquakes, drought, tidal waves and floods) which compromises Eyowo’s data protection measures on the Site;
- war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo;
- rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises Eyowo’s data protection measures for the Site;
- the transfer of a User’s personal data to a third party on his/her instructions; and
- the use of a User’s personal data by a third party designated by a User.
- 10.1. Eyowo allows you to manage your account and information online and on the Platform at www.eyowo.com. Once you log in you may update your personal information, assuming your account is in good standing. In that case, we will retain only the personal information required by law or that we deem necessary.
- 10.3. Eyowo aims to provide you with access to your personal information at every point during the usage of our Service. In the event that the information is wrong, we have established channels that will assist in quickly changing or updating any of such information, however subject to proof as the need may be; and unless there is a legitimate legal or business reason to keep such information, we will strive to delete the information upon being aware.
- 10.3. For business and legal reasons, we aim to keep our services in a manner that protects personal information from incidental, accidental or malicious damage. Therefore, your deletion of personal information from our services does not immediately delete residual copies from our servers and we may not remove such personal information from our backup systems.
- Eyowo reserves the right to change this Policy at any time without notice to Users.
This Policy is made pursuant to the provisions NDPR and any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria.
Eyowo Microfinance Bank Limited