Privacy Poilcy

Overview

Avvic Microfinance Bank (“Avvic MFB”, “the Bank”, “we”, “our”, or “us”) is committed to protecting the personal data of our customers, employees, partners, and stakeholders. This Data Privacy Policy outlines how we collect, process, store, disclose, and protect your personal information in compliance with the Nigeria Data Protection Act 2023, the NDPR, and other applicable laws and regulations.

Purpose

• Define how Avvic MFB ensures individual privacy regarding personal data.
• Guarantee transparency in the collection, use, and disclosure of personal data.
• Establish protocols for data subject rights and response to inquiries or concerns about personal data.

Scope

• All personal data (regardless of the format) collected, processed and stored by Avvic MFB through our digital banking platforms (mobile app, website, APIs), branches and customer service channels.
• All employees, contractors, and third-party service providers with access to personal data and with authorization to act on our behalf.
• All operations and business processes that involve data collection or processing.

Plan Objectives

These objectives are designed to promote transparency, trust, and compliance with privacy rights for individuals interacting with the organization externally.

• Promote Awareness of Privacy Rights: Educate clients, customers, and stakeholders about their privacy rights and how their personal data is handled in compliance with applicable laws such as GDPR.
• Ensure Transparency in Data Practices: Clearly communicate the types of personal information collected, the purposes for which it is used, and any third parties it may be shared with.
• Provide Options for Data Management: Empower users to access, update, or delete their personal data by outlining available mechanisms and processes.
• Build Trust Through Accountability: Demonstrate the organization’s commitment to safeguarding user data and upholding ethical standards in all data processing activities.
• Comply with Legal Requirements: Ensure adherence to relevant privacy laws, regulations, and industry standards to protect both the organization and its users.

These objectives focus on establishing robust internal processes to handle personal data responsibly and securely.

• Standardize Data Handling Procedures: Develop and implement clear guidelines for collecting, storing, and processing personal data across all departments to minimize risks.
• Enhance Employee Training on Privacy: Conduct regular training sessions to ensure employees understand their responsibilities in protecting client and organizational data.
• Strengthen Data Security Measures: Implement advanced security protocols, including encryption and access controls, to safeguard personal data from unauthorized access or breaches.
• Facilitate Internal Audits and Assessments: Regularly review and assess data protection practices to identify areas for improvement and ensure ongoing compliance with privacy policies.
• Foster a Culture of Privacy: Encourage a workplace environment where privacy is prioritized, and employees are motivated to uphold the highest standards of data protection.

Assumptions

• All users of Avvic MFB’s users personal data are aware of their responsibilities regarding privacy.
• The organization will provide adequate training and support to ensure that employees understand privacy policies and procedures.
• Avvic MFB is committed to adapting to changes in legal frameworks and evolving privacy concerns.

Key Components

• Governance: Establishment of roles and responsibilities to manage privacy issues effectively.
• Data Handling: Guidelines for collecting and processing personal data appropriately and ethically.
• Transparency: Commitment to inform data subjects about how their data is being used and their rights regarding it.
• Compliance Framework: Framework for adhering to applicable laws and regulations related to privacy.

Responsibilities

The Data Protection Officer oversees the implementation and management of this policy. Department heads and supervisors are responsible for ensuring that all staff understand and comply with their responsibilities under this policy.

Legal Basis for Processing Data

• Consent provided by the data subject for specific processing purposes.
• Processing necessary to fulfill contractual obligations with the data subject.
• Legal obligation and legitimate interest of the Bank (e.g., fraud prevention, service improvement).
• Compliance Framework: Framework for adhering to applicable laws and regulations related to privacy.

Collection

Full name, phone number, email address, BVN, NIN, residential address, date of birth, gender, ID documents.

Bank account details, transaction history, loan records, account balance, credit score.

IP address, device ID, browser type, operating system, log data, mobile app activity.

Facial recognition, fingerprint, or voice data for identity verification and fraud prevention.

Only processed with consent and for specific legal/contractual obligations (e.g., health data for insurance).

Purpose of Data Collection

• Providing financial services to clients such as account creation, user verification, loan applications etc.
• Managing customer relationships and providing support.
• Detecting and preventing fraud or illegal activities.
• Sending account alerts, product updates, and service notifications.
• Conducting data analytics for service improvement.
• Complying with regulatory and legal obligations (e.g., CBN, NDPC, EFCC, NFIU).

Data Sharing and Disclosure

• Regulatory authorities (e.g., CBN, NDPC, EFCC).
• Credit bureaus and KYC/AML verification service providers.
• Third-party service providers and partners (under binding contracts and NDAs).
• Auditors, legal advisers, and consultants.
• Affiliates and subsidiaries within the same corporate group.

We do not sell your personal data to third parties.

Cross-Border Data Transfer

Where personal data is transferred outside Nigeria, we ensure such transfer complies with the Nigeria Data Protection Act and is subject to appropriate safeguards, including data protection agreements or standard contractual clauses.

Data Retention

• The purpose for which it was collected.
• Compliance with legal and regulatory obligations.
• Resolution of disputes and enforcement of our agreements.

Policy

This Privacy Policy describes your rights regarding the collection, usage, storage, sharing, and protection of your personal information. You are responsible for maintaining the confidentiality of your account information, including usernames and passwords.

By accessing our platforms or using our services, you consent to the terms outlined in this policy. This policy governs all interactions unless otherwise specified by a written contract.

Cookies are small files placed on your computer’s hard drive, enabling the website to identify your computer as you view different pages. Cookies allow websites and applications to store your preferences, and to present contents, options, or functions that are specific to you.

Like most interactive websites, our website uses cookies to enable the tracking of your activity for the duration of a session. Our website uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs out of the platform and closes the browser. Session cookies do not collect information from the user’s computer. They will typically store information in the form of a session identification that does not personally identify the user.

Cookies will be used to:

• Enhance user experience
• Track usage patterns and app performance
• Personalize content and offers

You may manage your cookie preferences through your browser settings.

Your information is confidential and will not be shared with third parties except as required by law. You have the right to the below listed in compliance with relevant laws.

• Access your personal data

• Request rectification of inaccurate data

• Withdraw consent at any time

• Object to processing under certain conditions

• Request deletion of your data (right to erasure)

• Lodge complaints with the Nigeria Data Protection Commission (NDPC)

To exercise any of these rights, contact us at: (Check “Contact Us” section)

Data Security Measures

• End-to-end data encryption (at rest and in transit).
• Secure authentication (2FA, biometric login).
• Firewalls and intrusion detection systems.
• Staff training on data protection and privacy.
• Regular vulnerability assessments and penetration testing.
• Incident response and breach notification protocols.

Avvic MFB has also taken measures to comply with global Information Security Management Systems (ISMS); we therefore have put in place digital and physical security measures to curb and eliminate possibilities of data privacy breach incidents.

Third-Party Links and Services

Our platforms may contain links to third-party sites or services. We are not responsible for the privacy practices or content of such third parties. Please review their privacy policies before interacting with them.

Breaches of Policy

Avvic MFB will take necessary measures to address any breaches of this policy, including disciplinary actions as appropriate.

Changes to This Policy

We may update this Policy periodically. When we do, we will revise the "Effective Date" and notify users through appropriate channels. Continued use of our services after updates indicates acceptance of the revised policy.

Governing Law

This policy is governed by the Nigeria Data Protection Act (2023) and other applicable laws. Any provision deemed inconsistent with relevant laws will be subject to those laws.

Contact Us

For inquiries, complaints, or to exercise your data rights, contact our Data Protection Officer (DPO):

• Name: Adaeze Emerike

• Email: Adaeze.Emerike@Avvicmfb.com

• Phone: +2348104355952

• Address: Rangers Avenue, Independence Layout, Enugu.