Current as of 10th May, 2022

Privacy Policy

By accessing our website, you are agreeing to be bound by these terms of service, and agree that you are responsible for compliance with any applicable local laws.

This Data Protection Policy in conjunction with our Privacy Policy (https://creditchek.africa/privacy) expressed Creditchek which hereinafter may be referred to as (“our” “we” or “the Company”) assurance and commitment to treating the information of customers, stakeholders, partners, and other interested parties (“You or Your”) with the utmost care and confidentiality by the Nigeria Data Protection Regulations and each jurisdiction which data subject who we process data.

With the provisions of this data protection policy and our privacy policy, we acknowledge that we gather, store, and handle data fairly, transparently, and with utmost duty of care and respect towards individual rights

1.0 Scope

This document is prepared in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Nigerian Data Protection Regulation (NDPR). It sets out how CreditChek Technologies Nigeria Limited (CreditChek) applies and complies with the principles of the regulations in processing the personal data of individuals, clients, vendors, and even third parties that interact with CreditChek.

For personal data of individuals, this document also highlights their rights and covers the data subject(s) whose personal data is collected and processed in compliance with the GDPR/NDPR.

As part of CreditChek’s operation, we often obtain and process information which includes names, addresses, phone numbers, Emails, bank verification number, national identity number, loan/credit history, bank account credit and debit data. We collect this information securely and transparently and only with your full consent/cooperation and knowledge with an aim to enable assess and determine your credit worthiness.

To ensure the protection of this information, we apply the following rules.

  • Use for lawful purpose only
  • Protect against any unauthorized and illegal access
  • Only share with the third party to provide services

To exercise the provisions of data protection regulations and show our commitment to ensure our compliant and adhere to the provisions, We:

  • Restrict and monitor access to sensitive data
  • Develop transparent data collection procedures
  • Train employees in online privacy and security measures
  • Build secure networks to protect online data from cyberattacks
  • Establish clear procedures for reporting privacy breaches or data misuse
  • Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization, etc.)
2.0 How We Obtain Your Personal Data

2.1 Roles and responsibilities:

Data Protection Officer

  • To ensure that this notice is correct and up-to-date, and bring this notice to the awareness of data subjects prior to the collection and processing of personal data by the CreditChek, including on CreditChek’s website https://creditchek.africa

All Employees/Staff who interact with personal data

  • To follow the provisions of this policy document.
  • To seek the consent of data subject(s) for the secure processing of their personal data.
  • To ensure that this notice is brought to the attention of the data subject(s).

We obtain your personal data when you use our service through the registration process. In the process of signing up, we request data such as name, phone number, address, Email, Company name, Designation, and Country. Through a third-party source, in the process of funding your wallet, you will be directed to our payment institution platform where you will be required to input your card details for such funding. Please note that the data at this stage is not stored on the Creditchek platform but the third party. Likewise, while using our services, you may be required to fill in your details and/or your customer’s details during the use of our Phone book, Teams, Group, or Direct SMS services. In addition, when interacting with our customer service, you may be required to provide us with more personal data to provide quality services to you.

3.0 Policy Statement

3.1 Who We Are

CreditChek Technologies Nigeria Limited (CreditChek) uses structured, user-permissioned data from multiple sources to create powerful credit and financial data verification services that empower FinTech’s, banks, microfinance institutions, retail businesses and mobile money operators to build better financial products for the underserved. CreditChek is well positioned to provide the much-needed solutions that will drive financial inclusion across various sectors and industries in the region, and beyond.

The personal data we would collect and process, depending on the processing requirement are under the following categories:

Personal Data Type

Sources

General

Ordinary personal data may include personal identification details such as name and address, customer relationships, personal finances, tax-related matters, debts, work-related circumstances, family circumstances, residence, car, qualifications, applications, CV, date of employment, position, area of work, work phone, key data: name, address, date of birth, IP address or other similar non-sensitive information.

Information about national identification numbers

Identification and verification numbers as the BVN, NIN and related are used to validate the trueness and liveness of individuals being assessed for credit worthiness. This can be from the financial institution, credit organisation, and government agencies.

Cookies

We use cookies to improve your browsing experience on our website. By browsing on our website, you consent to our use of cookies in accordance with our privacy/cookie policy.

Ways in which we used the personal data provided to us include processing or delivering our services, notifying you of the status of the services, sending marketing or campaign affiliates to which you opt-in.

4.0 Why do we need the data?

CreditChek ensures that the personal data collected and processed is necessary for the purpose of collection, and CreditChek shall not collect or process more data than is reasonably required for a particular processing activity. In addition, every processing purpose has at least one lawful basis for processing to safeguard the rights of the data subjects, as listed below:

Purpose of processing

Lawful basis of processing

Identity verification and maintenance of records

Compliance with a legal obligation in which CreditChek is subject to (KYC/KYB).

Financial transactional analytics

Required by a credit service organisation to assess the credit worthiness of an applying borrower.

Credit history assessment

Required by a credit service organisation to assess the credit worthiness of an applying borrower.

Onboarding staff members

Contract.

Where Legitimate Interest is considered the legal basis for processing personal data, CreditChek shall follow the steps below in carrying out a Legitimate Interest Assessment.

1. Determine the Purpose for Processing

In carrying out the purpose test, CreditChek must establish the exact reason for the processing and how it benefits the organisation. Answers to the following shall be provided to determine the exact purpose for processing:

  • Description of the processing objective
  • The likelihood of meeting the objective and how to determine if the objective was met
  • The benefit of the processing and the significance to the organisation
  • Description of the possible impact of not processing and any other issues that might be relevant

2. Determine the Necessity of the Processing

CreditChek must establish why the processing must take place, how the processing relates to the expected benefits, and any other alternatives and why they were not considered.

3. Balance the identified interest with the Privacy Interest of the Data Subjects

The following questions will be addressed under the balance test:

  • Who are the data subjects (category)?
  • What is the relationship between CreditChek and the data subject
  • What personal data is to be processed
  • How will the processing impact the data subject
  • How will the data subject react to the processing

CreditChek records this information in line with this policy, data protection impact assessment, and data inventory.

5.0 Sharing Your Personal Data

We may share your data with our partners or suppliers to provide services to you. Such data may include your name, phone number, email address, and other general related data. We may also share your data with companies or organisations that we engage to provide services to us for the furtherance of your transaction or direct you to a third-party website that may provide services for you directly and/or on our behalf. An example is the funding of your wallet stage.

THE PRIVACY POLICIES OF THESE THIRD-PARTY SITES MAY BE DIFFERENT FROM OUR DATA PROTECTION AND PRIVACY POLICY. THUS, WILL GOVERN ANY TRANSACTIONS AND SERVICES PERFORMED ON THAT SITE. CREDITCHEK AND SUCH COMPANIES ARE EACH INDEPENDENT DATA CONTROLLERS AND NOT JOINT DATA CONTROLLERS. Hence, you are advised to read and consent to such third-party site data protection and privacy policy.

Notwithstanding the provision of this clause, Creditchek does not sell or trade customer personal data to anyone. We only use it to render our services to you.

6.0 Consent

CreditChek requires your explicit consent to process collected personal data. And by consenting to this privacy policy, you are giving us the permission to use/process your personal data specifically for the purpose identified before collection.

If, for any reason, CreditChek is requesting sensitive personal data from you, you will be rightly notified why and how the information will be used.

You may withdraw consent at any time by requesting for Withdrawal of Consent form, following the CreditChek Withdrawal of Consent Procedure.

7.0 Means of Securing Customer Personal Data

We secure your data by using a database with limited access and a secure server that encrypts all the data we collect. Hence protecting it from unauthorised third parties. We as well use multiple security control systems in layers to prevent access to information on our system.

7.1 Disclosure

CreditChek will not pass on your personal data to third parties without first obtaining your consent.

Where there is a need for a third party to process the personal data of data subjects, CreditChek will enter into a Data Processing Agreement with the third party and be satisfied that the third party has adequate measures in place to protect the data against accidental or unauthorised access, use, disclosure, loss, or destruction.

In a case where the disclosure is to third parties outside the jurisdiction of the GDPR and NDPR, CreditChek will ensure that the third party meets the core regulatory standards prior to the transfer. This may include transferring the personal data to the third party where CreditChek has satisfied that:

  • the country of the recipient has adequate data protection controls established by legal or self-regulatory regime
  • CreditChek has a contract in place that uses existing or approved data protection clauses to ensure adequate protection
  • CreditChek is making the transfer under approved binding corporate rules
  • CreditChek is relying on approved codes of conduct or certification mechanisms, together with binding and enforceable commitments in the foreign country or international organisation to apply the appropriate safeguards in relation to data subject rights
  • Provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority.

7.2 Retention of Records

In compliance with the GDPR/NDPR data retention policy, CreditChek will process your personal data for about six (6) years and will retain the personal data for ten (10) years after processing.

This retention period has been established to enable us to use the personal data for the necessary legitimate purposes identified, in full compliance with the legal and regulatory requirements. When we no longer need to use your personal information, we will delete it from our systems and records, and/or take steps to encrypt/anonymise it to protect your identity.

8.0 Customers Compliance

It is the responsibility of you as Creditchek customer to ensure that you comply and continue to comply with Applicable Data Protection Laws and Regulation in your use of our services and in processing personal data. In addition, you will be responsible for the right to transfer, share and receive the consent of data subjects that you share with us to provide our service or usage of our service.

By using our service, you hereby undersigned and agree as follow:

You are complying and will continue to comply with applicable Data Protection Laws and Regulations that you processed through your use of our service.

Hereby indemnify Creditchek of any and/all liabilities, claims, legal actions, losses, and damages because of data violation and/or you are breaching any data protection laws and regulations.

You will not intentionally collect or process any special categories of Personal Data unless Creditchek includes such types of data in the content submitted to you

Taking into account the nature of processing and the information available to you, You shall provide Creditchek, insofar as this is possible and at Creditchek’s written request, with all information required for Creditchek to comply with statutory obligations under Applicable Data Protection Law (in particular, the obligations necessary to ensure the Creditchek’s compliance with security of processing, personal data breach notification, data protection impact assessment, and prior consultations with supervisory authorities), and will assist Creditchek, insofar as reasonable, in meeting these statutory obligations.

9.0 Customers Choices and Rights

9.1 Data Subject Rights

Data subjects, according to the provision of the GDPR/NDPR, have certain rights. At any point while CreditChek are in possession of or processing your personal data, you, the data subject, have the right to:

  • Request a copy of the information that we hold about you
  • Correct the data that we hold about you that is inaccurate or incomplete
  • Ask for the data we hold about you to be erased from our systems/record
  • Restrict processing of your personal data where certain conditions apply
  • Have the data we hold about you transferred to another organisation
  • Object to certain types of processing like direct marketing
  • Object to automated processing like profiling, as well as the right to be subject to the legal effects of automated processing or profiling
  • Judicial review. If CreditChek refuses your request under rights of access, we will provide you with a reason as to why. And you have the right to complain as outlined in clause 3.6 below.

All the above requests will be forwarded should there be a third party involved in the processing of your personal data.

You have the reserved right to decline the request of providing your personal information when requested by Creditchek or Creditchek’s authorised representatives. You also have the right to withdraw given consent to our data protection policy and privacy policy Please contact us at [email protected] if you wish to exercise any of your rights. It is however noteworthy to mention that certain services or all services may be unavailable to you afterward.

10.0 Privacy Statement

For more information on how we use your personal data and why, please visit https://creditchek.africa/privacy-policy