Privacy Policy

Document effective August 15, 2021

Introduction

This Privacy Policy reflects how Eyowo Microfinance Bank Limited and its affiliates (“We” or “Eyowo”) provides its banking services (the “Services”) to its end users (“Users” or “You”) and is applicable to all of the website, software applications (“Apps”) and/or payment platforms offered by Eyowo or its subsidiaries or affiliated companies unless such affiliates have adopted a separate privacy policy, collectively referred to as (the “Platform”). This Privacy Policy has been adopted by Eyowo, a private limited liability company duly established and licensed under the relevant Laws of the Federal Republic of Nigeria. The Privacy Policy has been adopted in compliance with the legal requirements of the Federal Republic of Nigeria and shall be applicable to all product offerings of Eyowo.

By accessing or using the Services or any other terms that incorporate this Privacy Policy by reference, you agree on behalf of yourself and any organization that you represent (together, “you”) that you have read and understood this Privacy Policy and that you consent to the collection, use, and sharing of information as discussed below. If you do not agree with this Privacy Policy, do not access or use the Services.

This Privacy Policy addresses how Eyowo handles all User information, including User information provided by You, User information provided by other platforms and User information obtained by Eyowo from third parties.

Eyowo’s Privacy Policy describes the ways we collect, use and share User information. We may amend this Privacy Policy at any time by posting a revised version. The revised version will be effective at the time we post it, unless we provide additional notice or an opportunity to “opt-in” because changes are material or retroactive. Eyowo is not responsible for the content or information practice of other platforms.

We take our customers’ privacy very seriously and ensure always to maintain the highest standards of confidentiality.

USERS’ PRIVACY RIGHTS

  1. 1.1. This Policy describes the User’s privacy rights regarding Eyowo’s collection, use, storage, sharing and protection of a User’s personal information on the Platforms and in respect of the Services.

  2. 1.2. If a User creates a username, login code, password or any other piece of information as part of the Platform’s access security measures, such information will be treated as confidential, and will not be disclosed to any third party. We reserve the right to disable any User login code or password at any time, if in Eyowo’s opinion a User has failed to comply with any of the Terms (including this Privacy Policy). If a User is aware or suspects that anyone other than his/herself is aware of a User’s security details, kindly notify Eyowo as soon as possible via the address below

  3. Eyowo Microfinance Bank Limited

  4. Data Protection Officer

  5. 8, Oduduwa Crescent,

  6. Ikeja GRA, Lagos

  7. dpo@eyowo.com

  8. 1.3. In the event that you use another platform which has been integrated with the Eyowo’s application programming interface (API) (the “Third Party Site”), you acknowledge and agree that you have carefully read and understood the terms of use (including the privacy policy) of the Third Party Site.

  9. 1.4. You further acknowledge and agree that Eyowo is authorized to share any data which you enter on the Eyowo App, Eyowo Payroll, Eyowo for Business (the “Platform”) with Third Party Sites, subject to applicable laws of the Federal Republic of Nigeria. Provided always that Eyowo shall not bear any liability for data shared by Users with Third Party Sites or such other platforms accessed through the use of the Platform.

USERS’ PERSONAL INFORMATION

Personal Information that can be used to identify, contact or locate a User is “Personally Identifiable Information” (“PII”). Automatically provided information that uniquely identifies a device or browser is not personally identifiable information unless it is linked to a particular User “Personal Identifier Data” (“PID”). Eyowo collects PII and PID across three cardinal points.

  1. a). PII intentionally provided by a User;
  2. b). PID and PII provided by a third-party for the purpose of verifying and/or augmenting a User’s PII; and
  3. c). PID automatically provided as a result of User’s engagement with the Platform.
2.2 Personal Information Provided by a User
  1. 2.2.1 Personally identifiable information may include, but is not limited to: Email address, first name and last name, phone number, address, state, bank details, bank verification number (BVN) and ban account information.
2.3 Information Provided by Third-Party

Eyowo may need to verify a user’s identity for the purpose of meeting with regulatory compliance and/or fulfilling a contractual obligation and same shall be done by integrating with identity verification services, credit scoring services and such other platforms as may be necessary for verifying a User and/or augmenting the services provided by the Platform.

2.4 Automatically Provided Information (Cookies and Usage Data)
  1. 2.4.2 The Platform may automatically record certain information about or related to your use of the Platform that is made available through your computer or device.
  2. 2.4.2 We may collect internet protocol (IP) address browser type, device ID, internet service provider (ISP), information about your computer and software, links materials You request, your approximate location, referring/exit pages, date/time stamp, and other metadata. Platforms may embed Javascript code into page loads, which instructs Users’ web browsers to make web requests back to our servers to collect information about the User page views and other activities.
  3. 2.4.3 We collects certain information from the User’s browser using small data files called “cookies”. The Platform may use session cookies to help recognize a User who visits multiple pages during the same session so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser.
  4. 2.4.4 We also use persistent cookies to collect, store and track information. The Platform uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only us can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Platform.
  5. 2.4.5 We may employ a software technology called clear gifs or web beacons that help us better manage content on the Platform as well as on the Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar function to cookies and are used to track the online movements of the Web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

GOVERNING PRINCIPLES

Eyowo will comply with the principles outlined below for the purpose of collecting, storing and using a User’s personal information.

  1. a). Data shall be collected and processed with a specific, legitimate and lawful purpose which shall be consented to by the User before collection and processing;
  2. b). Data may be further processed for archiving, scientific research, historical research and statistical purposes for public interest without the obtaining the consent of the User;
  3. c). Data collection and processing shall be adequate, accurate and with consideration for dignity of human person;
  4. d). Data shall only be stored for the period which is reasonably needed and as required by any written law; and
  5. e). Data shall be secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.

PURPOSE OF COLLECTION

Eyowo collects Users’ personal information to provide an efficient and secure User experience and may retain such personal data for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law. Information gathered on the Platforms for each User may be used to:

  1. a). provide the Services to the Users;
  2. b). fulfill legal and contractual obligations to Users;
  3. c). develop, operate, support, maintain enhance and provide the services on the Platform;
  4. d). process payment transactions;
  5. e). provide receipts and reports on User’s account;
  6. f). resolve disputes arising from using the Platform;
  7. g). customize measure, and improve the Services offered on the Platform;
  8. h). protect the interests and rights of the Platforms;
  9. i). enforce our agreements on the Platforms as well as our Terms and Conditions;
  10. j). detect and prevent fraud and other potentially illegal activities;
  11. k). combine PII and PID from other sources using proprietary algorithms to calculate risk scores and fraudulent scores;
  12. l). for administrative, operational and reporting purposes;
  13. m). promote marketing communication (taking into consideration the option to opt out);
  14. n). manage and protect the Site’s information technology and physical infrastructure; and
  15. o). measure the performance of the Platform and improve content, technology and layout.

SHARING INFORMATION WITH THIRD PARTIES

  1. 5.1. We may share User information with third-party service providers for the purpose of validating user credentials; securing data storage, marketing, customer service, and other applicable services and We require that these third-parties providers use PII and PID only in connection with the services they perform for Eyowo.
  2. 5.2. Eyowo also may share non-personally identifiable User information with third parties that help us better understand how Users use our Service or help us detect and prevent fraud and other unauthorized or suspicious activity. These third parties may use cookies and other technologies to collect non-personally identifiable information about Users and combine it with similar information collected from others. They may use this information to help Eyowo to better understand our Users, and to help their other customers better understand the Users.
  3. 5.3. The Eyowo Risk Score is not personally identifiable information, and Eyowo may share it (and other similar information generated by Eyowo) with Platforms or other third parties. Eyowo claims ownership of Risk Scores and similar analytical results that we generate using User information, whether alone or in combination with other information. Eyowo may use, disclose, or sell Risk Scores in Eyowo's sole discretion.
  4. 5.4. Eyowo may share User information in the event of a merger, acquisition, debt financing, sale of all or a portion of our assets, or similar transaction, or in the event of insolvency, bankruptcy or receivership in which User information is transferred to one or more third parties as one of our business assets. Should such an event occur, Eyowo will endeavor to assure that the acquirer, successor, or assignee (as the case may be) follows this Privacy policy with respect to User information. If User information could be used contrary to this Privacy policy, Users will receive prior notice as well as the opportunity to opt out.
  5. 5.5. Eyowo may share User information with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when Eyowo believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect Eyowo's property or legal rights (including, but not limited to, enforcement of Eyowo's Terms of Service, Merchant Agreement, and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.
  6. 5.6. Except as expressly disclosed in this Privacy policy, Eyowo will not sell or disclose User information to third parties. Eyowo will not sell, rent, share, or trade personally identifiable information to third parties (other than the Platform through which Eyowo collected such information) for their promotional purposes. Eyowo may disclose aggregated or other types of non-personally identifiable information to third parties for various purposes.
  7. 5.7. We will share personally identifiable information with third parties only to best provide Eyowo's Services and in special situations, such as legal investigations and merger. We may also share non-identifiable information with third parties that help us prevent fraud and analyze website activity.

SECURITY OF USERS’ PERSONAL INFORMATION

  1. 6.1. Eyowo has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction.
  2. 6.2. Eyowo uses computer safeguards such as firewalls and data encryption and authorizes access to personally identifiable information only for those employees, contractors, and agents who require it to fulfill their job responsibilities.
  3. 6.3. Eyowo takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss, Eyowo encrypts such information and transmits it under Secure Socket Layer (SSL).

LOCATION

  1. 7.1. By virtue of hosting on AppleStore and GooglePlay, Eyowo stores and processes User information on dedicated servers located in secure data centers that may be located within the United States and in other jurisdictions.
  2. 7.2. If you use the Services from the European Union or other regions of the world with laws governing data collection and use that differ from laws of the Federal Republic of Nigeria, then you understand and consent to the transfer of your User information to the Federal Republic of Nigeria or other jurisdictions for the uses identified above in accordance with this Privacy policy.
  3. 7.3. You acknowledge and agree that the privacy and data security laws in place in the Federal Republic of Nigeria or other jurisdictions may be different from the privacy and data security laws in force in the country in which you reside.
  4. 7.4. By voluntarily providing User information, you hereby agree that you are consenting to our collection, use, storage, and disclosure of such User information in accordance with this Privacy policy.

DATA CONFIDENTIALITY RIGHTS

  1. 8.1. A User’s information is regarded and will be held as confidential.
  2. 8.2. A User has the right to request sight of, and copies of any and all personal information on the Platforms.
  3. 8.3. A User’s role in fulfilling confidentiality duties include, but are not limited to, adopting and enforcing appropriate security measures.
  4. 8.4. Eyowo will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.

REPORTING A PERSONAL DATA BREACH

  1. 9.1. Eyowo is required to comply with the Nigeria Data Protection Regulation 2019 (“NDPR”) and other relevant laws and regulations regarding reporting requirements in relation to data breaches and report any personal data breach where there is a risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, such a User also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.
  2. 9.2. Eyowo has placed procedures around the Site to deal with any suspected personal data breach and will notify a User or the relevant regulator (where legally required to do so). We shall aim to remedy any suspected breach of personal data of a User within one (1) month from the date of the report of the breach.
  3. 9.3. All evidence relating to a personal data breach should be preserved to enable Eyowo maintain a record of such breaches, as required by the data protection laws.
  4. 9.4. Eyowo will not be responsible for any personal data breach which occurs as a result of
  • an event which is beyond the control of Eyowo;
  • an act or threats of terrorism;
  • an act of God (such as, but not limited to pandemics, fires, explosions, earthquakes, drought, tidal waves and floods) which compromises Eyowo’s data protection measures on the Site;
  • war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilisation, requisition, or embargo;
  • rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises Eyowo’s data protection measures for the Site;
  • the transfer of a User’s personal data to a third party on his/her instructions; and
  • the use of a User’s personal data by a third party designated by a User.

CONTROL

  1. 10.1. Eyowo allows you to manage your account and information online and on the Platform at www.eyowo.com. Once you log in you may update your personal information, assuming your account is in good standing. In that case, we will retain only the personal information required by law or that we deem necessary.
  2. 10.3. Eyowo aims to provide you with access to your personal information at every point during the usage of our Service. In the event that the information is wrong, we have established channels that will assist in quickly changing or updating any of such information, however subject to proof as the need may be; and unless there is a legitimate legal or business reason to keep such information, we will strive to delete the information upon being aware.
  3. 10.3. For business and legal reasons, we aim to keep our services in a manner that protects personal information from incidental, accidental or malicious damage. Therefore, your deletion of personal information from our services does not immediately delete residual copies from our servers and we may not remove such personal information from our backup systems.

POLICY UPDATES

  1. Eyowo reserves the right to change this Policy at any time without notice to Users.
  2. You can always see the most updated changes to the this Privacy Policy on www.eyowo.com or by contacting Customer Service at support@eyowo.com In the event we modify our privacy policy, we may contact you via email and provide you with notice of the change and a link to review the new privacy policy.

GOVERNING LAW

This Policy is made pursuant to the provisions NDPR and any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria.

November 2021

Eyowo Microfinance Bank Limited

eyowo logo white

We protect your money with military-grade security and fraud systems. We’re PCI-DSS Level 1 Certified.

Good to Grow.

Good to Go.

Eyowo’s services are delivered by two regulated entities, Eyowo Integrated Payments Limited and Eyowo Microfinance Bank. Eyowo Integrated Payments Ltd (RC1512927) is licensed by the Central Bank of Nigeria as a Payments Solutions Provider. Registered address: 8, Oduduwa Crescent, Ikeja GRA, Lagos, Nigeria. Eyowo Microfinance Bank Ltd (RC838171) is licensed by the Central Bank of Nigeria as a Microfinance Bank. Registered address: 19 Araromi Street, Victoria Island, Lagos, Nigeria.

© 2021 Eyowo Ltd