1. INTRODUCTION

Wesley Microfinance Bank Ltd (“Wesley” or “Us” or “We”) need to gather and use certain personal data in delivering its services and fulfilling its obligations to you. We respect the trust you repose in us in providing us with your data and we are committed to preserving, protecting and safeguarding your rights in accordance with the applicable principles of data privacy.

This General Privacy Policy (this “Privacy Policy” or “Policy”) is made in accordance with the Nigeria Data Protection Act, 2023 and the Nigeria Data Protection Regulation (NDPR) 2019 which we adhere to as a corporate. This Policy outlines the information we collect from you, why we collect such data, how we use the data, how you can control the data and how we manage, store, protect, share, retain or delete your data.

Please note that by using our website, platform or any of our services, you are deemed to be aware of the content of this Policy and has agreed to the terms of this Policy.

2. PURPOSE AND OBJECTIVES

The main purpose of the Policy is to establish the essential standards put in place by Wesley to ensure the personal data of individuals are used or processed in line with applicable regulation and to provide guidance on the standards of conduct and practice the Company follows in protecting such data.

3. DEFINITIONS AND INTERPRETATION

For the purpose of this Policy:

• Consent means giving permission for something to happen or an agreement to do something.
• Data Controller means the person or organisation who determines the purpose of the data i.e. how the data should be processed or used.
• Data Processor means any person or organisation who processes personal data.
• Data Protection means the process of safeguarding information from loss, corruption or compromise.
• Data Subject means an individual whose personal data is being processed.
• National Information Technology Agency (NITDA) refers to the national agency charged with developing national regulations for electronic governance, electronic data interchange, electronic communication transactions, data protection and data privacy in Nigeria.
• Nigeria Data Protection Act means the principal law in Nigeria governing the protection of personal data.
• Nigeria Data Protection Regulation (NDPR) means the regulation issued by NITDA to enable Nigeria citizens have more control over their data.
• Personal Data means any information that can enable an individual to be identified.
• Privacy Notices is a statement that discloses some or all the ways a party gathers, uses, discloses, and manages personal data to a relevant public.
• Processing means obtaining, recording, holding or adding to the information or data or performing any operation on the information or data.
• Special Category Data means sensitive information that relates to race, ethnic origin, political opinions, religious or philosophical beliefs, biometric data etc.
• Wesley means Wesley Investment Limited.

4. WHAT IS PERSONAL DATA?

Personal Data means any information in any form that pertains to an individual which can be used to identify such individual. Personal information does not include publicly available information, anonymous or non-personal information.

5. WHAT PERSONAL INFORMATION DO WE COLLECT?

Wesley collects personal data such as name, home address, mobile phone number, personal email address, date of birth, identification card number, financial details, employment details and any other information necessary to Wesley’s business purposes, which are voluntarily disclosed in the course of the course of interaction with Wesley.

As a general rule, Wesley collects personal information directly from you. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources.

6. USE OF PERSONAL DATA

Personal data is used for our business purposes, including establishing, managing or terminating your contractual relationship with us, should any exist.

On our website, we collect data to be able to communicate with you, provide further information to assist you (mail subscriptions), respond to questions or requests which you submit, process requests or applications which your make, and anticipate and resolve problems with any services we offer to you.

7. DATA MINIMISATION

Wesley would only collect such personal data which it directly requires for carrying out business. No personal would not be requested of you without a clear and communicated purpose and only as much data as essential would be required from you.

You are at liberty to request information about any data requested of you to ensure that it is limited to what is required. Wesley may not request data from you in cases where any activity for which such data is required, can be undertaken without this data to no detriment, unless such data is needed for record purposes.

8. DATA SHARING

Given the nature of Our operations, Wesley may disclose personal data with third parties in other to fully perform its obligations with you. Wesley is responsible for the management of your data in the course of such data transfers and shall ensure that maximum security is ensured for the safety of your data.

We may share personal data with such parties in and/or outside Nigeria, and as result, your personal data may be collected, used, processed, stored or disclosed in other countries. We only transfer data to an entity in another country where permitted under the Nigeria Data Protection Act and or the Nigeria Data Protection Regulation and only to countries with an adequate level of data protection. Where we are required to share your data with a country not listed by NITDA as having adequate levels of protection for personal, we will only do so with your consent.

We do not sell your personal data to third parties.

9. NOTIFICATION AND CONSENT

Where your consent is required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, request for you express consent to such collection, use or disclosure.

10. DATA SECURITY

Wesley endeavours to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure.

11. DATA RETENTION

Except as otherwise permitted or required by applicable law or regulatory requirements, Wesley endeavours to retain your personal information only for as long as it believes is necessary to fulfill the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations).

12. DATA ACCURACY

It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your interaction with us, please keep us informed of such changes. You can do this by contacting the Head of Human Resources or by contacting the company’s designated Data Protection Officer (“DPO”.)

13. ACCESS TO YOUR PERSONAL INFORMATION AND DELETION OF YOUR PERSONAL INFORMATION

Wesley recognizes that you can request access to your personal data or rectification/deletion of personal data that we hold about you. To make such a request, please contact the designated DPO using the contact information provided in of this Privacy Policy. Please note that any such communication must be in writing. In your request, please make clear what specific personal information you would like to have accessed, rectified, or deleted.

When requesting such access, rectification or deletion of your personal data, please note that we may request specific information from you to enable us to confirm and record your intention. If you require assistance in preparing your request, please contact the office of the designated DPO.

Your right to access, rectify, or delete the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.

If we cannot provide you with access to, or rectification or deletion of your personal information, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.

14. INQUIRIES OR CONCERNS?

If you have any questions about this Privacy Policy or concerns about how we manage your personal information, please contact the office of our Data protection officer by e-mail. We will endeavour to answer your questions and advise you of any steps taken to address the issues raised by you.

15. CONTACT

Wesley has a designated Data protection officer charged with overseeing compliance with this Privacy Policy. The contact information of our DPO is: dpo@wesleymfb.com

16. UPDATES TO THIS PRIVACY POLICY

Wesley may from time to time make changes to this Privacy Policy to reflect changes in its legal or regulatory obligations or in the manner in which we deal with your personal information. We will communicate any revised version of this Privacy Policy.