Introduction
Welcome to the Blinqpay's (the "Company" "We" "Our" "US") Privacy Policy. The Company respects your privacy and is committed to protecting your personal data. This privacy Policy is drafted in accordance with the Nigeria Data Protection Regulation (NDPR) 2019, the NDPR Implementation Framework and the Data Protection Act, 2023 (DPA).
This Privacy Policy describes who we are, how we collect, use, store and share your personal data and the rights available to you. This Privacy Policy applies to every data subject (clients, vendors, consultants amongst others) who interact with us.
Please read the entire Privacy Policy to understand how we process your personal data and the rights available to you.
Your Legal Rights
You have rights to access your personal data and to ask us to rectify, erase and restrict the use of, your personal data. You also have rights to object to your personal data being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. You may reach us via [email protected]
You may also send your complaints to the Nigeria Data Protection Commission (NDPC) or approach a competent court of law to enforce your data protection rights. However, we would appreciate that you contact us first and give us the chance to respond to your concerns before exploring these options.
The Information We Collect About You
Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
a. Identity Data includes name, username or similar identifier, marital status, Identification card title, date of birth and gender, professional background, employment history, tax status, job title.
b. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
c. Contact Data includes home address, country of residence, billing address, delivery address, email address and telephone numbers.
d. Financial Data includes bank account, payment card details, bank statement, income details.
e. Communication Data is your name and contact details, the means, place and time of communication and its content.
f. Contract or Business Data includes personal data collected in the course of providing services or contractual relationships such as information about the contracts such as date of conclusion, the type of contract, its duration and the services to be provided, complaints, feedback.
g. Other Data - we may collect data from you to be processed in relation to administrative or judicial proceedings.
Information About Other People
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their consent for you to disclose it to us and for you to allow us, and our outsourced service providers to use it
If You Fail to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a contract you have with us but we will notify you if this is the case at the time.
Sources We Collect Your Personal Data From
We use different methods to collect personal data from you and they include:
a. Direct interactions. You may give us your personal data by filling physical or online forms, visiting our offices, entering the visitors book or logging in, or by corresponding with us by post, phone, email, among others. If you wish to enter into a contract with us or use our services, you will have to provide us with certain personal information such as name, address, email, phone number, etc.
b. Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources available to us such as social media, public authorities, contractual partners, associations, credit agencies, amongst others.
c. Automated technologies or interactions. We collect these personal data as you interact with our website. These include personal data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our cookie policy for further details. We also collect your information using close-circuit television (CCTV) in our physical offices.
How We Use Your Personal Data
We process your personal information for several purposes and they include:
a. To provide communication with you with regards to inquiries and exercise of your rights and also to enable us contact you in case of queries or marketing of our products to you. The purposes of contacting you are for the performance of contract between you and us or for our or third-party legitimate interests. Where the purpose of our communication is solely for marketing purpose, you have an absolute right to object to the marketing. We will provide you with opt-in and opt-out consent in this regard.
b. To comply with our contractual obligation with you. We use contract or business data for this purpose. Our legal basis is performance of contract.
c. To undertake marketing activities regarding our services or products. We use technical data, communication, and contact data. We will obtain your consent (opt in) before sending you marketing emails. However, in certain circumstances such as where you have transacted with us, we may rely on our legitimate interests to send marketing emails to you without obtaining your prior consent. However, we will provide you with an option to “opt out” of the email if you object to it.
d. To improve our services and operations. We strive to improve our services and to respond to changing needs. To this end, we use technical data, communication data, customer surveys, and polls to achieve this aim. We may use pseudonymized data for this purpose and our legal basis is our legitimate interests.
e. To process and deliver services including processing payment. We use identity data, financial data, communication data for this purpose. We process these personal data based on the contract between us or the entity you represent and on our or third-party legitimate interests.
f. To investigate, defend and exercise our legal right. We will use other data, identity and contact details for this purpose. Our legal bases are legitimate interests and to exercise and defend our legal right.
g. To comply with the provisions of law such as maintaining records, compliance checks, tax compliance amongst others.
h. To perform Know Your Customer (KYC) or due diligence checks we use identity data, contact data, financial data, communication data to achieve this purpose. This is solely required for the purpose of complying with the provisions of the law on customer due diligence. In the event that your sensitive personal data will be required, your explicit consent will be sought and obtained before we can process it.
Further Purpose
We will only process your personal data for the particular purposes for which we collected it, unless we have reason to use it for another purpose. Please note that where this is the case and the further purpose is not compatible with the original purpose, we will notify you and obtain your consent before using it for such further purpose.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by the NDPR, the DPA and applicable laws.
Legal Bases for Processing Your Personal Data
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Kindly contact us if you need further details or clarity about the specific legal ground we are relying on to process your personal data where more than one ground has been stated. We will rely on any of the legal bases listed below depending on the processing activities:
a. We will ask you for your consent in certain processing activities that involve sensitive personal data or marketing emails. Where we obtain your consent, kindly note that you can withdraw the consent at any time and we will comply.
b. We may process your personal data based on the contract you have entered with us or to take pre-contractual steps at your instruction.
c. We may also process your personal data in order to perform legal obligations entrusted on us by law.
d. We may also process your personal data for public interests or in the exercise of an official public mandate vested in us.
e. We may also process your personal data for protection of your vital interest or that of another natural person.
What Constitutes Consent
We rely on consent to process some of your personal data. Where we require your consent, ticking a [yes/no] box, endorsing your signature in a form or document, clicking [Accept] button on our website or mobile application will constitute consent.
Who We Share Your Personal Data with
a. Vendors, consultants, and other service providers.
b. Disclosures for national security or law enforcement.
Under certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements, or in compliance with other legal obligations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Do We Transfer Your Personal Data Outside Nigeria?
We may store your personal data in clouds some of which are located in foreign countries. We may also have the cause to transfer your personal data to our vendors or expert consultants in foreign countries. However, we will always ensure adequate protection of your data in these circumstances.
Whenever we are transferring your personal data outside Nigeria to countries deemed not to have adequate data protection law, we will comply with the appropriate safeguards that the law has provided such as standard contractual clauses, binding corporate rule or consent. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Nigeria.
Data Security
We have put appropriate security measures such as encryption, firewall, and locks in place to prevent accidental loss of personal data, and/or to ensure that personal data is not used, accessed, altered, or disclosed in an unauthorized manner. In addition, we limit access to your personal data to only necessary employees, agents, contractors, and other third parties with who we have business relationships. They will only process your personal data on our instructions and are strictly subject to a duty of confidentiality.
The Company also has in place a high availability cloud application infrastructure, primary and secondary data backup systems to ensure availability of your personal data. We have put in place some procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach within 72 hours where we are obligated to do so.
Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes they were collected and subject to limits set by the Law. We will only retain your personal data for as long as reasonably necessary to fulfill the purposes they were collected for, including legal or regulatory purposes, tax, and accounting or reporting requirements and where we are required to assert or defend against legal claims, pending the final adjudication of the claim.
Where necessary, we will anonymise your personal data so that it can no longer be associated with you for research or statistical purposes, in which case we may use this information indefinitely without further Policy to you. We also have paper shredders that enable us dispose personal data that its purpose has been met.
Principles of Data Protection
We are obligated to comply with data protection principles whenever we process your personal data and to inform you about these principles. These principles include:
a. We will inform you about the personal data we have about you, the lawful basis for processing it, and we must use it in a manner that ensures transparency, lawfulness, and fairness.
b. We will not use your personal data for more than one reason if not compatible with the reason we collected it in the first place, except we have informed you and relied on an appropriate lawful basis.
c. We will only collect personal data about you that is necessary to meet the required purpose and nothing more.
d. We will only use your correct personal data in the course of our processing activities.
e. We will not store or keep your personal data in our custody beyond the period necessary to fulfill the purpose for which it is collected.
f. We will ensure that your personal data in our custody is protected from unauthorized use, alteration, or corruption.
g. We will take measures to ensure and demonstrate compliance with these principles.
Your Legal Rights
You have certain rights under the law which we respect and comply with and which can be exercised by you anytime. However, please note that these rights are not absolute and apply in certain circumstances. They include:
a. Right to access your personal data.
b. Right to request correction of your personal data free of charge.
c. Right to request erasure of your personal data.
d. Right to object to processing of your personal data.
e. Right to request restriction of processing of your personal data.
f. Right to request transfer of your personal data.
g. Right to withdraw consent.
What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Updating Your Personal Data
Whenever there is a need to update or alter any personal information that you have provided to us, kindly contact us via email at [email protected]
Changes to Our Privacy Policy
This Privacy Policy will be updated from time to time and we will notify you when this happens
Contact Details
Please address questions, comments and requests regarding this Policy to our Privacy Team [email protected]. or send a letter to our office at No 1A Remi Olowude Street, Lekki-Epe Expressway, Lagos.