Privacy Policy

FLOURISH MICROFINANCE BANK PRIVACY POLICY OF THE WEBSITE AND GENERAL SERVICES

This Privacy Policy (“Policy”) sets out the basis, conditions and standards on which any personal data We collect from you, or that you provide Us, will be processed by Us. It also sets out the type of information being collected, method of collection, use of such information, protection of such information and our guiding principles in sharing of such information with third parties.

APPLICATION

The Policy applies to all of the products, subscriber based services, mobile applications, wallets (“Services”) and websites offered by FLOURISH MICROFINANCE BANK LIMITED ( “FLOURISH”, “Our”, “Us”, “We” ) or its numerous branches or affiliated companies.

Please read the following carefully to understand all our activities with respect to your personal data and how We will treat it. By continuing to visit our website and other FLOURISH customer platforms, you accept and consent to the practices described in this Policy. If you do not agree/accept, please do not use or access Services.

If you have any questions or concerns regarding this Policy, you should contact us on info@flourishmfb.com

INFORMATION WE COLLECT

When you use Our websites and Services, we collect and store your personal information which is provided by you from time to time. Personal information in this context shall include all data such as: full legal name, bank verification number, phone number, means of identification, identification number, mailing address, email address, tax ID, a photo, biometric information, occupation, assets, income, location data, an online identifier and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM.

We collect information when you create an account, subscribe, participate in any interactive features of Our Services, fill out a form, apply for a loan, use your credit or debit cards, request customer support or otherwise communicate with Us.

We may obtain information through Our mobile applications that you install on your mobile devices to access and use Our Services.

We may also collect other information such as video footages of you whenever you step into any of Our branches, telephone conversations when you call any of Our contact centre lines, geographic information.

We typically collect or obtain your personal information because you give itto us (for example, in a form on our website) or because other people give that information to us (for example, third party service providers that we use to help operate our website). We may also collect or obtain personal information from you because we observe or infer that information about you from the way you interact with us. In order to improve your experience when you use this website and to ensure that it is functioning effectively, we (or our service providers) also use cookies (small text files stored in a user’s browser) and web beacons (small graphic images that are placed on a website and used to monitor a user’s interaction with that website) which may collect personal information.

The types of personal information and ‘sensitive’ or ‘special categories’ of personal information that we collect will generally vary depending on the nature of the products and services that we provide to you and how you use our website. In some cases, the ‘sensitive’ or ‘special categories’ of personal information that we collect may include information collected as part of KYC and anti-money laundering checks that we must conduct before accepting you as a customer.In some rare circumstances, we will also gather other ‘special categories’ of personal information about you because you volunteer that data to us (for example, it appears in a copy of your resume/CV that you upload to our website).

In some other circumstances, the personal information we collect from you is needed to meet our legal or regulatory obligations or to provide you with the products or services requested by you.

In some cases, we may also collect personal information about you indirectly from third parties including but not limited to: (i) your employer; (ii) third parties such as providers of ‘know your client’ and anti-money laundering services which we use to help us meet our legal requirements in this area and to help us verify your identity where we provide you with products or services; (iii) background check providers which we sometimes use to verify your identity when you apply for a product of ours; (iv) third party service providers that help us to operate our website; and (v) your banks and financial institutions.

We are only in possession and hence, custodian of data on behalf of the users that use Our Services and We do not own data, users own their data. We will store data provided for only the period within which it is reasonably needed.

WHAT WE DO WITH YOUR INFORMATION

In addition to international best practices on Data Protection, we shall adhere to the principles set by the National Information Technology Development Agency (“NITDA”). These principles state that personal data should

• be processed fairly, lawfully and in a transparent manner;
• be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with such purposes;
• be adequate, relevant and limited to what is necessary to fulfill the purpose of processing;
• be accurate and where necessary, up-to-date. In the event data is inaccurate, steps should be taken to rectify or erase such data;
• not be kept for longer than necessary for the purpose of processing;
• be processed in accordance with the data subject’s rights; and
• be kept safe from unauthorised processing, and accidental loss, damage or destruction using adequate technical and organisational measures.

Automated Processing

We sometimes use automated systems and software to help us reach decisions about you, for example, to make credit decisions, to carry out security, fraud and money laundering checks, or to process your data when you apply for some of our products and services. This type of processing is carried out under lawful basis and you can contact us to request that automated processing be reviewed by a human being if you detect any inaccuracies in your personal data.

CONSENT

Apart from when the law requires us, we will only use your information when you have provided your consent and We will use your information for the following:

• be processed fairly, lawfully and in a transparent manner;
• be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with such purposes;
• be adequate, relevant and limited to what is necessary to fulfill the purpose of processing;
• be accurate and where necessary, up-to-date. In the event data is inaccurate, steps should be taken to rectify or erase such data;
• not be kept for longer than necessary for the purpose of processing;
• be processed in accordance with the data subject’s rights; and
• be kept safe from unauthorized processing, and accidental loss,damage or destruction using adequate technical and organisational measures.

Privacy Of Children

We respect the privacy of children and reiterate that all our services are on the basis that users are above 18 or have the consent of their parents or care giver who are adults. We do not knowingly collect names, email addresses or any other personally identifiable information from children. We do not knowingly market to children nor do we allow children under 18 to open online accounts.

Promotional Messages

Flourish MFB or its affiliated companies may sometimes contact you with products or services that we think may be of interest to you. If you don’t want to receive such promotional materials from us, you can unsubscribe at any time by sending an email to info@flourishmfb.com

SECURITY OF INFORMATION

We adopt appropriate technical, data collection, storage and processing practices and security measures to protect against unauthorised access, misuse, alteration, disclosure or destruction of your personal information, username, password, transaction information and data under Our control.This may include the use of encryption, access controls and other forms of security to ensure that your data is protected.

We require all parties including Our staff and third-parties processing data onOur behalf to comply with relevant policies and guidelines to ensure confidentiality and that information is protected in use, when stored and during transmission. Our security controls and processes are also regularly updated to meet and exceed industry standards.

Where We have provided you (or where you have chosen) a password which grants you access to specific areas on Our site, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details (e.g. token generated codes) with anyone.

We also use a range of physical, electronic and managerial measures to ensure that we keep your personal information secure, accurate and up-to-date. These measures include:· education and training of relevant staff around social engineering, phishing, spear phishing, and password risks·administrative and technical controls to restrict access to personal information on a ‘need to know’ basis· technological security measures, including fire walls, encryption and anti-virus software· physical security measures, such as staff security passes to access our premises.· external technical assessments, security audits and vendor due diligence· endpoint security: Anti-virus, portable storage device lockdown, restricted administrative privileges·

Real-time monitoring of data leakage controls· Layered and comprehensive cybersecurity defense Security incident reporting and management. Although we use appropriate security measures once we have received your personal information, the transmission of data over the internet (including bye-mail) is never completely secure. We endeavour to protect personal information, but we cannot guarantee the security of data transmitted to us or by us.

NOTIFICATION OF CHANGES TO PRIVACY POLICY

This policy may be revised on an ad-hoc basis to reflect the legal, regulatory and operating environment and such revised versions will automatically become applicable to you. We will post any revisions we make to our Privacy Policy on this page and such revised policy becomes effective as at the time it is posted. We also encourage you to check this page from time to time for updates to this policy.

Should it be that you do not accept any of the modifications or amendments to the Policy, you may terminate your use of Our Services immediately. Unless stated otherwise, Our current Policy applies to all information that We have about you and your account

We may send you Applications and Service announcement updates. You will not be able to unsubscribe from Service announcements, which contain important information Our Services which you have subscribed to. We may communicate via e-mail or telephone to provide requested Services and to resolve issues relating to your account.

COOKIES

We use data collection devices such as “cookies” on Our website and applications. “Cookies” are small files stored on your hard drive that assist Us in providing Services customized to your requirements and tastes.

You are always free to decline Our cookies if your browser permits, although in that case you may not be able to use certain features on Our website and application and you may be required to re-enter your password more frequently during a session. A cookie cannot read data off your external attached files and is in no way linked to any personally identifiable information.

If you do not wish to receive cookies, you can set your web browser to disable cookies. As explained above, cookies help you to get the most out of our website. If you decide to disable cookies, you may find that certain aspects of our website do not work as expected. Where you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies.

THIRD-PARTY SITES AND SERVICES

Our products and Services may also use or offer products or services from third parties. Information collected by third parties, which may include such things as location data or contact details is governed by their privacy practices and We will not be liable for any breach of confidentiality or privacyof your information on such sites. We encourage you to learn about the privacy practices of those third parties.

DISCLOSURE OF INFORMATION

We generally disclose details about you to professional advisors and third parties that provide services to us (such as IT systems providers, platform providers, financial advisors, consultants including lawyers and accountants) and other goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); competent authorities (including any national and/or international regulatory or enforcement body or court or other form of tribunal, where we are required to do so by applicable law or regulation at their request); a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of our business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it; credit reference agencies or other organizations that help us detect criminal activity and incidence of fraud; and any federal, state or local government departments and other statutory or public bodies.

Due to business realties and the regulatory environment, we may be required to to disclose information to the government, law enforcement agencies, Our parent and/or subsidiaries, third parties, for the performance of a task carried out in the interest of the public, for the protection of you vital interest, for the performance of a contract to which you are a party to and also where you have expressly given Us written consent to disclose same.

You hereby authorize us to do so and consent to such disclosures as may be required.

YOUR INFORMATION AND YOUR RIGHTS

You have the following rights:

• The right to be told how We use your information and obtain access to your information;
• The right to have your information rectified or erased or place restrictions on processing your information;
• The right to have any information you provided to Us on an automated basis returned to you in a structured, commonly used and machine-readable format, or sent directly to another organization, where technically feasible (“data portability”);
• Where the processing of your information is based on your consent, theright to withdraw that consent subject to legal or contractualrestrictions;
• The right to object to any decisions based on the automated processing of your personal data, including profiling; and
• The right to lodge a complaint with the supervisory authorityresponsible for data protection matters.

Please note that if you request a copy of your information you may be required to pay a statutory/administrative fee.

Change and update of information provided remains your responsibility and we shall not be held liable for not updating any change in your circumstance for which we have not been briefed.

Social Media Platforms

Flourish MFB may interact with registered users of various social media platforms, including Facebook, Twitter, Instagram, and YouTube. Please notethat any content you post to such social media platforms (e.g. pictures,information or opinions), as well as any personal information that you otherwise make available to users (e.g. your profile) is subject to theapplicable social media platform’s terms of use and privacy policies. We recommend that you review this information carefully in order to better understand your rights and obligations with regard to such content.

DURATION

We will retain your personal information for the duration of Our Services toyou and afterwards for as long as is necessary and relevant for Our purposesas permitted by applicable laws and regulations. Where We no longer needyour personal information, We will dispose of it in a secure manner (withoutfurther notice to you).

Storage Of Your Data

The data that we collect from you will be transferred to and stored at a destination within Nigeria. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All information you provide to us is stored on our secure cloud-based data storage as well as on premises, at an off-site based location and a network accessible storage which includes external drives only for authorized users.

The data that we collect from you may be transferred to and stored at a destination outside Nigeria or the European Economic Area (“EEA”).Whenever your information is transferred to another location, we will take all necessary steps to ensure that your data is handled securely and inaccordance with this privacy policy.

We Erase/Delete Personal Data In The Event Of Any Of The Following:

• The personal data is no longer necessary in relation to the purposes for which they were collected or processed;
• You withdraw your consent or object to the processing and there is no overriding lawful basis for the processing;
• The personal data was unlawfully collected or processed in the first place;
• In compliance with NITDA’s or any other lawful directive.

CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@flurishmfb.com