Privacy Policy

DAYLIGHT MFB APP: PRIVACY POLICY

By accessing or using the Services, or by accepting our Terms and Conditions (the “Terms”) or any other terms that incorporate this Privacy Policy by reference, you agree on behalf of yourself and any organization that you represent (together, “you”) that you have read and understood this Privacy Policy and that you consent to the collection, use, and sharing of information as discussed below. If you do not agree with this Privacy Policy, do not access or use the Services or the Platforms. This Policy is incorporated into and made a part of our Terms and Conditions.

INTRODUCTION

We place utmost value in preserving the privacy of our customers and clients, which is why we have developed this privacy policy to help our customers understand why and how we collect user data, and with whom we share such data. This policy also contains information about when we share your personal information with third parties (such as our service providers and credit bureaus).

GOVERNING LAW

This document is prepared in accordance with the provisions of the Nigeria Data Protection Act (NDPA) 2023, and by extension, the EU General Data Protection Regulation (GDPR) EU (2016/679).

INFORMATION COLLECTED

Daylight MFB collects and uses any information you supply when you interact with the mobile app, you share personal details like your name, Bank Verification Number, Valid Identification, address and picture. By using the mobile app to transact, you also share details of your transactions with us. Additionally, we may request explicit permission to see other information like your address book, location, photos and data from your camera.

  • Details you give when you sign up on the Mobile App, like your BVN, name, date of birth, gender, phone number, residential address, and email address.
  • Images would also be collected for the purpose of KYC and other features like adding your profile picture.
  • Information you give us through the in-app chat so we can help you.
  • We shall also access your contact list information to enable you to perform certain functions like sending airtime and data to a person on your contact list.
  • We may collect internet protocol (IP) address, browser type, device ID, internet service provider (ISP), information about your computer and software, links materials You request, your approximate location, referring/exit pages, date/time stamp, and other metadata. Platforms may embed Javascript code into page loads, which instructs Users’ web browsers to make web requests back to our servers to collect information about the User page views and other activities.
  • We collect certain information from the User’s browser using small data files called “cookies”. The Platform may use session cookies to help recognize a User who visits multiple pages during the same session so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser. 
  • We also use persistent cookies to collect, store and track information. The Platform uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for the User to login when the User returns to the website. We encode our cookies so that only us can interpret the information stored in them. You can remove or block persistent cookies using the settings in your browser, but this may limit your ability to use our Platform.
  • We may employ a software technology called clear gifs or web beacons that help us better manage content on the Platform as well as on the Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar function to cookies and are used to track the online movements of the Web users. In contrast to cookies, which are stored on a User’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of a sentence.

HOW INFORMATION IS USED

We collect certain data from you to fulfill the contract we have with you, or to enter into a contract with you. We use this data to:
Give you the services we agreed to in line with our terms and conditions.
Send you messages about your account and other services you use if you get in touch, or we need to tell you about something.
We use this in managing, collecting and recovering money you owe us, investigate and resolve complaints and other issues.
We also have to ensure we are not breaking any laws by being your banker, thereby preventing illegal activities like money laundering, terrorism financing and fraud. To do this, we need your data to:


  • Confirm your identity when you sign up or get in touch.
  • Prevent illegal activities like money laundering, tax evasion and fraud.
  • Keep records of information we hold about you in line with legal requirements.
  • Adhere to banking laws and regulations (these mean we sometimes need to share customer details with regulators, tax authorities, law enforcement or other third parties).

We also use the information to help protect you against fraud by tracking the location of your phone if you’ve authorised it and also, view your contact list for airtime purchases for ease of usage.

SHARING AND PROTECTION OF USERS’ PERSONAL INFORMATION TO THIRD PARTIES

Daylight Microfinance Bank provides such information to our subsidiaries, affiliated companies or other trusted third-party service providers or persons for the purpose of processing personal information on our behalf, including validating user credentials, securing data storage, marketing, customer service, fraud detection and other applicable services. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures we consider essential and relevant subject to applicable law. Daylight Microfinance Bank requires that these third-party providers use PII and PID only in connection with the services they perform for Daylight Microfinance Bank.
Daylight Microfinance Bank may share User information with law enforcement agencies, government officials, or other third parties in the event of a court order or similar legal procedure, regulatory disclosure or when Daylight Microfinance Bank believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity or to protect Daylight Microfinance Bank’s property or legal rights. Except as expressly disclosed in this Privacy policy, Daylight Microfinance Bank will not sell or disclose User information to third parties. Daylight Microfinance Bank may disclose aggregated or other types of non-personally identifiable information to third parties for various purposes.

SECURITY OF USERS’ PERSONAL INFORMATION

Daylight Microfinance Bank has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction. Daylight Microfinance Bank uses computer safeguards such as firewalls and data encryption and authorizes access to personally identifiable information only for those employees, contractors, and agents who require it to fulfil their job responsibilities.
Daylight Microfinance Bank utilizes a higher duty of care to protect User information, such as credit card or bank account numbers, if disclosure of a particular type of User information could cause direct financial loss, Daylight Microfinance Bank further encrypts such information and transmits it under Secure Socket Layer (SSL).
Daylight Microfinance Bank shall only retain personal information reasonably required to keep providing Services to you. Where we no longer provide services to you, your information will be stored on our servers to the extent necessary to comply with regulatory obligations and for the purpose of fraud monitoring, detection and prevention. Where we retain your Personal Information, we do so in compliance with limitation periods under the applicable law. All Personal Information you provide to us is stored on our secure servers as well as secure physical locations and cloud infrastructure (where applicable) for the purposes of providing seamless services to you, including but not limited to ensuring business continuity, the data that we collect from you may be transferred to or stored in cloud locations at globally accepted vendors’ data centre. Whenever your information is transferred to other locations, we will take all necessary steps to ensure that your data is handled securely and in accordance with this privacy policy.

DATA CONFIDENTIALITY RIGHTS

REPORTING A PERSONAL DATA BREACH

Daylight Microfinance Bank is required to comply with the Nigeria Data Protection Regulation 2019 (“NDPR”) and other relevant laws and regulations regarding reporting requirements in relation to data breaches and report any personal data breach where there is a risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, such a User also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.

CHANGES TO THIS DOCUMENT

This document will be reviewed on a yearly basis, or more frequently if occasioned by changes or amendment to applicable data protection regulations. If we make any changes, we’ll add a note to this page and if there are significant changes we’ll let you know by email.

Copyright © 2024 The Project by Daylight . All Rights Reserved