close
B W a y

Privacy Policy

1.  INTRODUCTION

BWAY Microfinance Bank Limited is a Tier 1 Unit Microfinance Bank licensed by Central Bank of Nigeria (CBN) to carry out banking services to a wide variety of customers including individuals, small and medium enterprises, and large corporates. Our banking services are provided at our office and through e-channels including the Internet and our UberOne Mobile Application.

We understand customers provide certain personally identifiable information and this document details the policies of the Bank guiding the collection, usage, storage, destruction, disclosure and right of this personally identifiable Information.

BWAY acts as both a controller and a processor of personal data under the Nigeria Data Protection Regulation 2023. When we collect personal data directly from individuals, we act as a controller, determining the purposes and means of processing such data. In some instances, we also process personal data on behalf of our clients or partners, in which case we act as a processor, processing personal data according to their instructions.

As a controller, we are responsible for ensuring that your personal data is processed lawfully, fairly, and transparently. As a processor, we process personal data strictly in accordance with our clients' instructions and take appropriate technical and organizational measures to ensure the security of the data.

This Data Protection Policy describes the privacy rights regarding our collection, use, storage, sharing and protection of personal information. It applies to our website, our UberOne Mobile Application, services and tools regardless of how they are accessed or used. This Policy does not apply to services that are not owned or controlled by BWAY, including third-party websites and the services of other BWAY’s merchants that maybe accessible through links which are present on our website and all related sites, applications, services and tools. You are encouraged to review the privacy policy of such merchant or third party.

We conduct business in a responsible and sustainable manner and ensure customers information are securely collected, processed, and stored based on business requirements. In furtherance of this and compliance with industry regulations, we have provided appropriate documentation, which includes this policy. We therefore provide notice about this policy and applicable procedures.

Throughout this Data Protection Policy, we use the term “personal information or data” to describe information that can be associated with a specific person and can be used to identify that person. We do not consider personal information to include information that has been made anonymous such that it does not identify a specific user.

To use our website, our UberOne Mobile Application or any of our products or services, your consent is required for the use of your data as described in this Policy.

This Data Protection Policy is intended to set certain standards across the operations of BWAY Microfinance Bank Limited.

2.  PURPOSE

The purpose of this document (“BWAY MFB Data Protection Policy”) is to inform the public of how BWAY Microfinance Bank manages Personal Data (as defined below) which is subject to the Nigeria Data Protection Regulation 2023.

This data protection policy (the policy) will explain how the website, the UberOne Mobile Application uses the personal data we collect from our customers and related partners when they use our services. It describes our commitment to treat your information with the utmost care and confidentiality and explains your privacy rights regarding BWAY Microfinance Bank Limited’s (“BWAY”, “we”, “us” or “our”) collection, use, storage, sharing and protection of your personal information.

The public is expected to read this Data Protection Policy to know and understand the purposes for which we collect, use and disclose Personal Data.

3.  THE INFORMATION WE COLLECT

As part of our operations, BWAY may collect and processes certain types of personal identifiable information (such as Name, email address, phone number, contact address, limited financial information, location data, device data, etc.) of individuals which include current, past and prospective employees, merchants, suppliers/vendors, customers of merchants, Users and other individuals whom BWAY communicates or deals with, jointly and/or severally (“Data Subject(s)”). We use your Personal Information to:

  • Provide you with the required services.
  • Respond to your questions or requests.
  • Improve features, website content and analyse data to develop products and services
  • Provide personalized banking services on the UberOne Mobile Application.
  • Address inappropriate use of our website.
  • Prevent, detect and manage risk against fraud and illegal activities using internal and third-party screening tools.
  • Send you marketing content, newsletters and service updates created by BWAY, however, we will provide you with an option to unsubscribe if you do not want to hear from us;
  • Verify your identity and the information you provide in line with BWAY’s statutory obligations using internal and third party tools;
  • Maintain up to date records;
  • Resolve disputes that may arise, including investigations by law enforcement or regulatory bodies;
  • Any other purpose that we disclose to you while providing BWAY’s services to you.

We may retrieve additional Personal Information about you from third parties and other identification/verification services such as your financial institution and payment processor. With your consent, we may also collect additional Personal Information in other ways including emails, surveys, and other forms of communication.

Once you begin to use our services (Website, UberOne Mobile Application amongst others) through your BWAY account, we will keep records of your transactions and collect information of your other activities related to our services. We will not share or disclose your Personal Information with a third party without your consent except as may be required for the purpose of providing you with our services or under applicable legislations.

Purpose Limitation

BWAY collects Personal Information only for identified purposes and for which consent has been obtained. Such Personal Information cannot be reused for another purpose that is incompatible with the original purpose, except consent is obtained for such purpose.

Data Minimization

BWAY limits Personal Information collection and usage to data that is relevant, adequate, and necessary for carrying out the purpose for which the data is processed. BWAY will evaluate whether and to what extent the processing of Personal Information is necessary and where the purpose allows, anonymized data will be used.

4. AGE RESTRICTION

Our website, UberOne Mobile Application and other services are not directed to children under 18. We do not knowingly collect information from children under 18. If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Data Protection Policy.

5. COOKIES

We use cookies to identify you as a User and make your user experience easier, customise our services, content and advertising, help you ensure that your account security is not compromised, mitigate risk and prevent fraud, and to promote trust and safety on our website. Cookies allow our servers to remember IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities.

Our cookies never store personal or sensitive information; they simply hold a unique random reference to you so that once you visit the site, we can recognize who you are and provide certain content to you.

If your browser or browser add-on permits, you have the choice to disable cookies on our website, however this may impact your experience using our website.

6.  HOW WE PROTECT YOUR INFORMATION

BWAY shall establish adequate controls to protect the integrity and confidentiality of Personal Information, both in digital and physical format, and to prevent Personal Information from being accidentally or deliberately compromised. BWAY is committed to managing your Personal Information in line with global industry best practices and in compliance with regulatory requirements. We store and process your personal information on our computers in Lagos, Nigeria, and anywhere else where our facilities are located. We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration.

Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centres, and information access authorization controls. We have also taken additional measures by ensuring our system complies with industry information security standards.

Employees may have access to Personal Information only as is appropriate for the type and scope of the task in question and are forbidden to use Personal Information for their own private or commercial purposes, to disclose them to unauthorized persons, or to make them available in any other way.

7. DISCLOSURE OF PERSONAL INFORMATION

BWAY does not sell, trade or rent personal information to anyone. However, to enable us to render our services to you on our website, we may share your information with trusted third parties, such third parties include financial institutions, payment processors, verification services, sanctions screening and identity verification services as well as any third parties that you have directly authorized to receive your Personal Information. Your Personal Information may be stored in locations outside the direct control of BWAY, for instance, on servers or databases co-located with hosting providers.

We may disclose your Personal Information in compliance with applicable law or a legal obligation to which we are bound. The use of your information by such third party will be subject to their applicable Data Protection policy, which you should carefully review.

8. PROCESSING OF PERSONAL INFORMATION

Processing of Personal Information by BWAY shall be lawful if at least one of the following applies, having regard to the purpose of processing

  • The data subject has given consent to the processing of his/her Personal Information for one or more specific purposes;
  • The processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which BWAY is subject;
  • Processing is necessary to protect the vital interests of the Data Subject or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in exercise of official public mandate vested in BWAY.

For the purpose of this Data Protection Policy, consent means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, through a statement or a clear affirmative action, signify their agreement to the processing of Personal Information relating to them.

9. YOUR RIGHTS

Individuals who have Personal Information held by BWAY are entitled to reach out to BWAY to exercise the following rights:

  • Right to request for and access their Personal Information collected and stored. Where data is held electronically in a structured form, such as in a Database, the Data Subject has a right to receive that data in a common electronic format;
  • Right to information on their personal information collected and stored;
  • Right to objection or request for restriction;
  • Right to object to automated decision making;
  • Right to request rectification and modification of Personal Information which BWAY keeps;
  • Right to request for deletion of their data;
  • Right to request the movement of data from BWAY to a third party; this is the right to the portability of data; and
  • Right to object to, and to request that BWAY restricts the processing of their information.

You may decline to provide your personal Information when it is requested by BWAY, however, certain services or all the services may be unavailable to you. You may review your account settings and update your Personal Information directly or by contacting us.

10. DATA RETENTION

We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. In general, we will keep your personal data for between five (5) to ten (10) years (depending on the type of information, and in accordance with our internal policies) after your relationship with us is terminated. However, there may be circumstances that mean we must retain your personal information for longer. To determine how long it is necessary to retain your personal information, we calculate retention periods in accordance with the following criteria:

  • The currency of your relationship with us and the types of products or services you have with us;
  • The length of time it is reasonable to keep records to demonstrate that we have fulfilled our obligations to you and under the law;
  • Any limitation periods within which claims might be made;
  • Any retention periods prescribed by law or recommended by regulators, industry bodies or associations; and
  • The existence of any relevant proceedings.

11. TRANSFER OF PERSONAL INFORMATION

BWAY may engage the services of third parties to process the Personal Information of Data Subjects collected by the BWAY. The processing by such third parties shall be governed by a written contract with BWAY to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Information in accordance with the terms of this Data Protection Policy

Transfer of Personal Information to Foreign Country

Where Personal Information is to be transferred to a country outside Nigeria, the United States, the United Kingdom and the European Union, BWAY shall put adequate measures in place to ensure the security of such Personal Information. BWAY shall, among other things, confirm whether the country is on the National Information Technology Development Agency (“NITDA”) and General Data Protection Regulation (GDPR) Whitelist of Countries with adequate data protection laws.

Transfer of Personal Information out of Nigeria, the United States, the United Kingdom and the European Union would be in accordance with the provisions of the Nigeria Data Protection Regulation and General Data Protection Regulation. BWAY will therefore only transfer Personal Information out of Nigeria, the United States, the United Kingdom and the European Union on one of the following conditions:

  • a. The consent of the Data Subject has been obtained;
  • b. The transfer is necessary for the performance of a contract between BWAY, and the Data Subject or implementation of pre-contractual measures taken at the Data Subject’s request;
  • c. The transfer is necessary to conclude a contract between BWAY and a third party in the interest of the Data Subject;
  • d. The transfer is necessary for reason of public interest;
  • e. The transfer is for the establishment, exercise or defence of legal claims;
  • f. The transfer is necessary to protect the vital interests of the Data Subjects or other persons, where the Data Subject is physically or legally incapable of giving consent.

Provided, in all circumstances, that the Data Subject has been manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, this proviso shall not apply to any instance where the Data Subject is answerable in duly established legal action for any civil or criminal claim in a third country

The Bank will take all necessary steps to ensure that the Personal Data is transmitted in a safe and secure manner. Details of the protection given to your information when it is transferred outside Nigeria shall be provided upon the Data Subject’s request. Where the recipient country is not on the Whitelist and none of the conditions stipulated in this Privacy Policy are met, the Bank will engage with NITDA and the Office of the Honourable Attorney General of the Federation (HAGF) for approval with respect to such transfer.

12.  UPDATES, MODIFICATIONS & AMENDMENTS

We may need to update, modify or amend our Data Protection Policy as our technology evolves and as required by law. We reserve the right to make changes to this Data Protection Policy from time to time and notify Users of material changes. The Data Protection Policy will apply from the effective date provided on our website.

We advise that you check this page often, referring to the date of the last modification on the page. If a User objects to any of the changes to this Data Protection Policy, the User must cease using this Site or terminate their account in the event an account has been created.

13. BWAY’S DATA PROTECTION OFFICER (DPO)

If you have any questions relating to this Privacy Policy or would like to find out more about exercising your data protection rights, please reach out to our DPO via email at ayomide@myuberone.com

BWAY maintains a data breach procedure in order to deal with incidents concerning Personal Information or practices leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise processed.

You may contact our DPO upon becoming aware of any breach of Personal Information or if your access credentials have been compromised, to enable us to take the necessary steps towards ensuring the security of your Personal Information or account.