Accion MFB Privacy Policy
Introduction
This Website privacy policy outlines your rights as a Data Subject, basis for collection of personal data from you on our website and Accion Microfinance Bank’s (“Accion”, “we”, “us”, “our”) personal data processing activities as a Data controller. Personal data means any information or details relating to you that we hold or collect whether directly or indirectly which comprises of name, identification number, address, your transactions, transactions you effect, financial information, interactions and dealings with us, including information received from third parties, the public domain, collected through use of our website and our electronic banking services etc. This policy covers the use, storage and dissemination of personal data we obtain from you or about you when you interact with us in the provision of the banking services you request, during your use of the website, and when you complete surveys or register for our webinars. This policy also describes our processing of the personal data of individuals representing our business partners and suppliers.
Policy Statement
The Bank will ensure security and protection of all data and utmost privacy of personal data in line with the requirements of NDPA. The Bank shall comply with all legislations and regulations applicable to its business and operations regarding data protection and privacy. All personal data shall be classified in line with Accion Microfinance Bank Information Classification Policy
Personal Data Collected & How It Is Used
Categories of Data Subjects
Personal Data Processed
Business/Commercial Purpose for Processing
Lawful Basis for Processing
Customers
Personal details such as your given name(s); preferred name(s); gender; date of birth / age; marital status; government issued number(s) such as tax identification number (TIN), bank verification number(s) and driving license number(s); nationality; lifestyle and social circumstances; photographs, images of passport data pages, driving licenses, and signatures; authentication data (including but not limited to, passwords, mother’s maiden name etc.)
Fulfilling our regulatory compliance obligations, including 'Know Your Client' checks, confirming and verifying individuals' identity; and screening against relevant sanctions lists and other legal restrictions other financial due diligence
Necessary step prior to entering into a contract or for the performance of a contract Necessary for compliance with a legal obligation for the performance of a contract
Family details such as names and contact details of family members and dependents. Contact details such as residential address; telephone number; email address; and social media profile details. Employment details such as business activities; names of current and former employers; work address; work telephone number; work email address
Provision of products and services to individuals: administering relationships and related services; performance of tasks necessary for the provision of the requested services i.e., (processing applications for products and services, processing transactions, disbursing loans, processing repayments); communicating with individuals concerning those services
Necessary step prior to entering into a contract or for the performance of a contract
Financial details such as billing address; bank account numbers; total assets and overall financial position, Debit/credit card numbers; instruction records; transaction details; and counterparty details.
Electronic marketing communications with individuals via any means (including via email, telephone)
Consent
Webinar Attendees
Personal and contact details i.e., name, age range, gender, email address, location, occupation
Communicating details of webinars with attendees
Consent
Survey Respondents
Personal details i.e., name, age range
Participation in survey/research purposes
Consent
Vendors
Name of contact personnel, telephone number, email address
To establish correspondence and to facilitate the provision of the goods and services for which the vendors are contracted.
Necessary step prior to entering into a contract or for the performance of a contract
Website Visitors
Name, Phone number, company, email, location
To address requests contained within the forms.
Consent
Customers
Unique ID, IP address, online activity
To generate statistics on website usage
Consent
CCTV
Physical appearance of individuals captured on video footage
This monitoring is conducted in the public interest toward ensuring a secure environment
Public interest
Sharing of Personal Data
When we disclose personal information for a business purpose to external third parties, the same standards of security and confidentiality described in this policy will be upheld. These third parties act as data processors, acting solely on our instructions and on our behalf, and we establish contracts with them to ensure personal data is adequately protected. These contracts prohibit them from retaining, using, or disclosing any personal data for any purpose other than performing services under our direct instructions and in line with the purposes set out in this policy. The following describes some scenarios for which we may share personal data with a third party:
Sharing for legal/regulatory purposes
We may share personal data with third parties such as appropriate security agencies and competent legal/regulatory authorities where disclosure is reasonably necessary to:
We may share personal data with third parties such as appropriate security agencies and competent legal/regulatory authorities where disclosure is reasonably necessary to: (a) comply with applicable legislation and regulation; (b) comply with legal process or a regulatory investigation (e.g., a subpoena or court order); (c) investigate potential violations; (d) detect, prevent or otherwise address fraud or security issues; (e) protect against harm to the rights, property, or safety of the Bank, our customers or the public, as required or permitted by law.
Sharing with service providers
We may share any personal data we collect with our service providers, which may include providers involved in cloud services payment processing, card development, conducting credit checks, or delivering advertising. We may also share personal data with service providers who otherwise assist us to manage the applications we process. We may also share personal data with external service providers who act as legal representatives or perform external audits.
Cross border personal data transfer
During business operations, personal data that we collect may be hosted, stored or otherwise processed in and transferred to third countries as we manage servers in various locations, and our processors operate worldwide. To ensure that these transfers are in line with permissible conditions outlined by the Nigerian Data Protection Regulation, we have taken appropriate and suitable safeguards to ensure that personal data will remain protected when cross-border transfers occur. These safeguards include transferring personal data to countries with adequate data protection regulations and ensuring that standard contractual clauses are in place to mandate that personal data is secured using best practices.
Cookies
Cookies are information often including unique identifiers that a website saves on your device or computer when you visit. Accion MFB uses cookies collected to remember you, your preferences to customize and improve your experience on our site.
S/N
Cookie Name
Cookie Type
Purpose
Cookie Expiration
1
CONSENT
Necessary
Used to detect if the visitor has accepted the marketing
category in the cookie banner.
2 years
2
_GA
Statistics
Registers a unique ID that is used to generate statistical data on how the visitor uses the website
2 years
3
_GAT
Statistics
Used by Google Analytics to throttle request rate
1 day
4
_GID
Statistics
Registers a unique ID that is used to generate statistical data on how the visitor uses the website
1 day
5
ADS/GA- AUDENCES
Marketing
Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitors online behavior across websites
Session
6
VISTOR_INFO1_ LIVE
Marketing
Tires to estimate the user’s bandwidth on pages with integrated YouTube videos.
7
YSC
Marketing
Registers a unique ID to keep statistics of what videos from YouTube the user has seen
Session
8
YT.INNERTUBE:: NEXTID
Marketing
Registers a unique ID to keep statistics of what videos from YouTube the user has seen
Persistent
9
YT.INNERTUBE:: REQUEST
Marketing
Registers a unique ID to keep statistics of what videos from YouTube the user has seen
Persistent
10
YTIDB::LAST_RE SULT_ENTRY_K EY
Marketing
Stores the users video player preferences using embedded YouTube video
Persistent
11
YT-REMOTE- CAST- AVAILABLE
Marketing
Stores the users video player preferences using embedded YouTube video
Session
12
YT-REMOTE- CAST- INSTALLED
Marketing
Stores the users video player preferences using embedded YouTube video
Session
13
YT-REMOTE- CONNECTED- DEVICES
Marketing
Stores the users video player preferences using embedded YouTube video
Persistent
14
YT-REMOTE- DEVICE-ID
Marketing
Stores the users video player preferences using embedded YouTube video
Persistent
15
YT-REMOTE- FAST-CHECK- PERIOD
Marketing
Stores the users video player preferences using embedded YouTube video
Session
16
YT-REMOTE- SESSION-APP
Marketing
Stores the users video player preferences using embedded YouTube video
Session
17
YT-REMOTE- SESSION-NAME
Marketing
Stores the users video player preferences using embedded YouTube video
Session
Data Retention
We will retain and use personal data for as long as is necessary, in any case until the purpose of data collection is achieved and subject to any requirements to retain information in order to comply with any applicable law, regulation, professional requirements or standards.
Data Security
The Bank will ensure security and protection of all data and utmost privacy of personal data in line with the requirements of NDPA. We have implemented appropriate technical measures on our website and organizational security controls & processes controls on our information systems which has been certified to ISO 27001 (Information Security Management System) to protect the personal data in our care, both during transmission and once we receive it. This includes measures to protect personal data from accidental or unauthorized destruction, loss, or alteration, and from unauthorized disclosure or access.
Personal Data Breach Management
Accion takes reasonable and practicable security measures to ensure privacy. In the event of a data breach, we shall report such breach to the relevant authority and if necessary, affected individuals of personal data breach (where the personal data breach will likely result in high risks to the freedoms and rights of the individual) within 72 hours of becoming aware of the breach or being notified by any processor of a personal data breach. We will take steps to investigate and recover personal data and will ensure security controls are improved to prevent a re-occurrence of the data breach. Personal data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.
Individual Privacy Rights
Depending on location and applicable data protection regulation, an individual may be able to exercise some of the following rights regarding their personal data. An individual may be able to:
Request further details about how we process personal data
Request for a copy of any personal data which we hold withdraw consent to process personal data, where we rely on consent as a legal basis to justify personal data processing
Restrict/object to the processing of personal data
Request to update or delete personal data which we hold
Request to transfer personal data to a third-party provider of services (data portability)
Please note that we may ask individuals to provide us with the information necessary to confirm their identity before responding. We will aim to acknowledge enquiries within 24 hours and respond within one month unless otherwise required by law. Where permitted to do so, complying with your request may be subject to a fee to meet our associated costs. We will consider all individual requests. However, we may not fulfil requests under circumstances where exemptions exist, which include a need to keep processing information to comply with a legal obligation. If such an exception applies, we will notify individuals when responding to their request.
Right to Amend the Privacy Notice
Accion may periodically change its privacy policy to reflect updates to personal data processing activities conducted. Changes will become effective as of the published effective date. Hence, the current version of our privacy policies will be published to reflect the recent update.
Contact Us
Accion is dedicated to protecting your privacy. If you have any questions or comments regarding this policy or any complaints concerning our compliance to it, please contact our Data Protection Officer at dataprotection@accionmfb.com or the Customer Experience by; Phone call: 07000ACCION (07000222466), WhatsApp: 07045222933 or Email: info@accionmfb.com
We will use reasonable efforts to respond promptly to requests, questions, or concerns.
